bug#71012: 30.0.50; tree-sitter crash

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#71012: 30.0.50; tree-sitter crash

From:	Yuan Fu
Subject:	bug#71012: 30.0.50; tree-sitter crash
Date:	Sat, 1 Jun 2024 10:15:20 -0700


> On May 29, 2024, at 5:28 AM, Eli Zaretskii <eliz@gnu.org> wrote:
> 
>> From: Yuan Fu <casouri@gmail.com>
>> Date: Tue, 28 May 2024 22:15:05 -0700
>> Cc: Helmut Eller <eller.helmut@gmail.com>,
>> 71012@debbugs.gnu.org
>> 
>> From what I can gather, the crash seems to be because the temp buffer is 
>> garbage collected—the inserted lisp.h is a large file, so the temp buffer is 
>> probably immediately collected, before Emacs tries to print the node in the 
>> next line. I replaced the insert-file-content with some smaller file and it 
>> didn’t crash.
> 
> It is unthinkable that a buffer is GC'ed while it is being used.
> 
>> But that theory has critical flaws: a) Emacs certainly doesn't collect the 
>> temp buffer before the with-temp-buffer form returns; b) I can’t crash Emacs 
>> in my non-debug build by inserting (garbage-collect) in front of the message 
>> line in the example; c) debug build Emacs still crashes even if I enlarge 
>> gc-cons-threshold.
>> 
>> Eli, is there anything different regarding temp buffers in debug builds?
> 
> No.
> 
> But note that there are _two_ temporary buffers involved here: one is
> created in ts-bug.el, and it remains intact and valid; the other is
> the temporary buffer created by treesit-parse-string.  That one is
> killed by the time treesit-parse-string returns, so treesit-node-start
> attempts to access positions of a killed buffer!
> 
> So I think this is a bug in treesit-parse-string: it cannot use
> with-temp-buffer; instead, it should make the buffer into which it
> inserts the string part of the parser, so that the buffer is killed
> and GC'ed only when the parser is no longer referenced.  Otherwise the
> syntax tree returned by treesit-parse-string is unsafe to use.

I see, you’re absolutely right, thanks for the analysis! On top of that I need 
to make sure all the treesit function checks for buffer liveness before 
accessing the buffer. I was under the impression that a killed buffer would 
keep its content around until it’s collected. Turns out that wasn’t the case.

Yuan

[Prev in Thread]

Current Thread

[Next in Thread]

bug#71012: 30.0.50; tree-sitter crash, Yuan Fu <=
- bug#71012: 30.0.50; tree-sitter crash, Yuan Fu, 2024/06/01
  - bug#71012: 30.0.50; tree-sitter crash, Yuan Fu, 2024/06/06
    - bug#71012: 30.0.50; tree-sitter crash, Basil L. Contovounesios, 2024/06/07
    - bug#71012: 30.0.50; tree-sitter crash, Basil L. Contovounesios, 2024/06/10
    - bug#71012: 30.0.50; tree-sitter crash, Eli Zaretskii, 2024/06/10
    - bug#71012: 30.0.50; tree-sitter crash, Yuan Fu, 2024/06/12
    - bug#71012: 30.0.50; tree-sitter crash, Yuan Fu, 2024/06/12
    - bug#71012: 30.0.50; tree-sitter crash, Basil L. Contovounesios, 2024/06/13
    - bug#71012: 30.0.50; tree-sitter crash, Basil L. Contovounesios, 2024/06/13

Prev by Date: bug#69952: [PATCH] Support pdumping compiled queries by dumping their source
Next by Date: bug#71264: 30.0.50; Dired deletion moves point under auto-revert
Previous by thread: bug#69952: [PATCH] Support pdumping compiled queries by dumping their source
Next by thread: bug#71012: 30.0.50; tree-sitter crash
Index(es):
- Date
- Thread