[Stackless] segmentation fault in PyEval_EvalFrame_value

Péter Szabó ptspts+stackless at gmail.com
Tue May 11 17:43:42 CEST 2010 

Hi,

This is to report a possible bug in Stackless 2.6. I get a segfault when
running the following script:

import stackless
def F():
 print 'f-schedule-remove-reached'
 stackless.schedule_remove(None)
stackless.tasklet(F)()
stackless.schedule_remove(None)

Valgrind reveals the following stack trace:

==19749== Memcheck, a memory error detector
==19749== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==19749== Using Valgrind-3.6.0.SVN and LibVEX; rerun with -h for copyright
info
==19749== Command: ./w.py
==19749== Parent PID: 19748
==19749==
==19749== Invalid write of size 8
==19749==    at 0x49574C: PyEval_EvalFrame_value
/usr/local/google/python-2.65/Python/ceval.c:957
==19749==    by 0x49BA5F: slp_frame_dispatch_top
/usr/local/google/python-2.65/Stackless/core/stacklesseval.c:719
==19749==    by 0x49E925: slp_run_tasklet
/usr/local/google/python-2.65/Stackless/module/scheduling.c:1204
==19749==    by 0x49C957: slp_eval_frame
/usr/local/google/python-2.65/Stackless/core/stacklesseval.c:299
==19749==    by 0x49C9C5: climb_stack_and_eval_frame
/usr/local/google/python-2.65/Stackless/core/stacklesseval.c:266
==19749==    by 0x49C8D3: slp_eval_frame
/usr/local/google/python-2.65/Stackless/core/stacklesseval.c:294
==19749==    by 0x494581: PyEval_EvalCode
/usr/local/google/python-2.65/Python/ceval.c:543
==19749==    by 0x4C8998: PyRun_FileExFlags
/usr/local/google/python-2.65/Python/pythonrun.c:1379
==19749==    by 0x4C8C66: PyRun_SimpleFileExFlags
/usr/local/google/python-2.65/Python/pythonrun.c:952
==19749==    by 0x418123: Py_Main
/usr/local/google/python-2.65/Modules/main.c:572
==19749==    by 0x56EC1C3: (below main) in /lib/libc-2.7.so
==19749==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==19749==
==19749==
==19749== Process terminating with default action of signal 11 (SIGSEGV)
==19749==  Access not within mapped region at address 0x0
==19749==    at 0x49574C: PyEval_EvalFrame_value
/usr/local/google/python-2.65/Python/ceval.c:957
==19749==    by 0x49BA5F: slp_frame_dispatch_top
/usr/local/google/python-2.65/Stackless/core/stacklesseval.c:719
==19749==    by 0x49E925: slp_run_tasklet
/usr/local/google/python-2.65/Stackless/module/scheduling.c:1204
==19749==    by 0x49C957: slp_eval_frame
/usr/local/google/python-2.65/Stackless/core/stacklesseval.c:299
==19749==    by 0x49C9C5: climb_stack_and_eval_frame
/usr/local/google/python-2.65/Stackless/core/stacklesseval.c:266
==19749==    by 0x49C8D3: slp_eval_frame
/usr/local/google/python-2.65/Stackless/core/stacklesseval.c:294
==19749==    by 0x494581: PyEval_EvalCode
/usr/local/google/python-2.65/Python/ceval.c:543
==19749==    by 0x4C8998: PyRun_FileExFlags
/usr/local/google/python-2.65/Python/pythonrun.c:1379
==19749==    by 0x4C8C66: PyRun_SimpleFileExFlags
/usr/local/google/python-2.65/Python/pythonrun.c:952
==19749==    by 0x418123: Py_Main
/usr/local/google/python-2.65/Modules/main.c:572
==19749==    by 0x56EC1C3: (below main) in /lib/libc-2.7.so
==19749==  If you believe this happened as a result of a stack
==19749==  overflow in your program's main thread (unlikely but
==19749==  possible), you can try to increase the size of the
==19749==  main thread stack using the --main-stacksize= flag.
==19749==  The main thread stack size used in this run was 8388608.
==19749==
==19749== HEAP SUMMARY:
==19749==     in use at exit: 1,899,272 bytes in 12,359 blocks
==19749==   total heap usage: 33,505 allocs, 21,146 frees, 4,788,307 bytes
allocated
==19749==
==19749== LEAK SUMMARY:
==19749==    definitely lost: 0 bytes in 0 blocks
==19749==    indirectly lost: 0 bytes in 0 blocks
==19749==      possibly lost: 1,780,658 bytes in 11,518 blocks
==19749==    still reachable: 118,614 bytes in 841 blocks
==19749==         suppressed: 0 bytes in 0 blocks
==19749== Rerun with --leak-check=full to see details of leaked memory
==19749==
==19749== For counts of detected and suppressed errors, rerun with: -v
==19749== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 0)

It fails in PUSH(retval). The relevant C source lines are (from line 955 of
ceval.c):

        if (f->f_execute == PyEval_EvalFrame_value) {
        /* this is a return */
                PUSH(retval); /* we are back from a function call */
        }

I'm using the following version of Stackless Python 2.6:

  svn checkout http://svn.python.org/projects/stackless/tags/python-2.65/
  At revision 81084.
  Python 2.6.5 Stackless 3.1b3 060516 (python-2.65:81084M, May 11 2010,
16:52:04)
  [GCC 4.2.4 (Ubuntu 4.2.4-1ubuntu4)] on linux2

I could reproduce the segfault on both a 32-bit and a 64-bit system:

  Linux host1 2.6.31-20-generic-pae #57-Ubuntu SMP Mon Feb 8 10:23:59 UTC
2010 i686 GNU/Linux
  Linux host2 2.6.24-... #1 SMP Tue Mar 30 18:11:30 UTC 2010 x86_64
GNU/Linux

Is there a fix available?

Thanks,

Péter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stackless.com/pipermail/stackless/attachments/20100511/802aa42f/attachment.html>

More information about the Stackless mailing list