Hi Mariano,

On Sun, Feb 26, 2012 at 8:58 AM, Mariano Martinez Peck <marianopeck@gmail.com> wrote:

 
Hi. I have faced a VM crash while using Nautilus browser. It took me a while, but I finally could make a reproducible crash from image startup. You can find the image here:
https://gforge.inria.fr/frs/download.php/30280/Marea.104-Crash.1.image.zip

What the image is running at startup that causes the crash is:

| nautilus model ui|
Nautilus instVarNamed: 'groups' put: nil.
model := Nautilus open.
ui := model ui.
ui groupsButtonAction.

If you need more about the "domain", we can ask Ben, Nautilus developer.  From what I can see in GDB, it crashes in #mapStackPages  because it does a remap to an OOP that is 0 (zero)

while (theSP <= frameRcvrOffset) {
                    oop = longAt(theSP);
                    if (!((oop & 1))) {
                        longAtput(theSP, remap(oop));
                    }
                    theSP += BytesPerWord;
                }


Any ideas?

The image overflows the weakRoots table in scanning stack pages.  The weakRoots table registers weak objects for scanning at the end of a GC.  It is, unfortunately, fixed size (~2600 entries), and there are lots of WeakMessageSends and WeakAnnouncementSubscriptions on the stack.  

I found this using aDebug VM with assert enabled (i.e. compiled with NDEBUG /not/ defined).  I increased the table size to 3000 then 6000 before finding it no longer crashed with a weakRoots  table size of 12000.

a) Looks like weakRoots' size should be configurable either via a start-up flag or an image header constant (with e.g. vmParameter accessors).

b) overflowing the weakRoots table (and possibly other tables) should probably cause the VM to abort with a useful error message.

cheers,

Eliot

Thanks,

--
Mariano
http://marianopeck.wordpress.com

--
best,

Eliot