RE: [22.1.90]: Point before start of properties

[Marshall, Simon]

> As explained (sorry for not noticing this earlier), i1 is
> stack-allocated and not fully initialized, which is why it looks
> like garbage.  That's completely normal, we're wasting our time here.
> Better go back to your actual "point before start of properties"
error.
> I've removed the INT_LISPLIKE check.

Ok, thanks for the explanation.  Going back to without
-DENABLE_CHECKING, I've split up intervals.c.  Luckily, just moving
update_interval into a new file intervals2.c was enough.  Building all
with CFLAGS="-g -O1 -fno-unit-at-a-time -fno-crossjumping
-Wno-pointer-sign" allows me to reproduce the error call.  Building just
intervals2.c with -O0 rather than -O1 will not reproduce the error call.
With optimisation, when I stop, I see:

(gdb) b intervals2.c:34
Breakpoint 3 at 0x197c6c: file intervals2.c, line 34.
(gdb) r -Q
Starting program:
/homedev/marshals/ftp/emacs-22.2-pretests/gcc-4.2.3-g-O1/src/emacs -Q
warning: Temporarily disabling breakpoints for unloaded shared library
"/usr/lib/ld.so.1"
Breakpoint 4 at 0xc7580: file xterm.c, line 7866.

C-x C-f intervals.c RET

Breakpoint 3, update_interval (i=0x95eaf4, pos=1771) at intervals2.c:34
34                  error ("Point before start of properties");
(gdb) p *i
$1 = {
  total_length = 36, 
  position = 1782, 
  left = 0x95eb10, 
  right = 0x95e950, 
  up = {
    interval = 0x95e934, 
    obj = 9824564
  }, 
  up_obj = 0, 
  gcmarkbit = 0, 
  write_protect = 0, 
  visible = 0, 
  front_sticky = 0, 
  rear_sticky = 0, 
  plist = 9842845
}

Note that the condition that allows the call of error in:

          else if (NULL_PARENT (i))
            error ("Point before start of properties");

Expands to:

   else if (((i)->up_obj || (i)->up.interval == 0))
     error ("Point before start of properties");

Yet the condition should be false:

(gdb) p (((i)->up_obj || (i)->up.interval == 0))
$2 = 0

I guess it's perfectly possible that this is not due to miscompiled code
(as I reported on gcc's bugzilla), since I guess what gdb is reporting
may not be accurate either.  Does this sound reasonable?  Any thoughts?

It seems i's "up" interval is valid:

(gdb) p *i->up.interval
$3 = {
  total_length = 94, 
  position = 1817, 
  left = 0x95eaf4, 
  right = 0x95e988, 
  up = {
    interval = 0x95e9dc, 
    obj = 9824732
  }, 
  up_obj = 0, 
  gcmarkbit = 0, 
  write_protect = 0, 
  visible = 0, 
  front_sticky = 0, 
  rear_sticky = 0, 
  plist = 9845373
}

The backtrace might be illuminating - at least insomuch you might have
an idea what I could look at.  Is there something I can use to dump the
entire interval tree?  Perhaps I could use that to see when a bogus
interval arises.  Or perhaps the fact that it appears to happen from
fontification-functions might help.  Or scare.

(gdb) where
#0  update_interval (i=0x95daf4, pos=1771) at intervals2.c:34
#1  0x00172668 in update_syntax_table (charpos=1771, count=-1, init=0, 
    object=<value optimized out>) at syntax.c:180
#2  0x00139a98 in re_match_2_internal (bufp=0x465fb0, string1=0x0,
size1=0, 
    string2=0x96e7b0 "/* Code for doing intervals.\n   Copyright (C)
1993, 1994, 1995, 1997, 1998, 2001, 2002, 2003, 2004,\n", ' ' <repeats
17 times>, "2005, 2006, 2007, 2008  Free Software Foundation,
Inc.\n\nThis file is part of GNU Em"..., size2=1806, pos=1770, 
    regs=0x45aeb0, stop=1806) at regex.c:6087
#3  0x001350c4 in re_search_2 (bufp=0x465fb0, 
    str1=0x96e7b0 "/* Code for doing intervals.\n   Copyright (C) 1993,
1994, 1995, 1997, 1998, 2001, 2002, 2003, 2004,\n", ' ' <repeats 17
times>, "2005, 2006, 2007, 2008  Free Software Foundation, Inc.\n\nThis
file is part of GNU Em"..., size1=1806, 
    str2=0x9811f0 "", size2=0, startpos=1770, range=-1770,
regs=0x45aeb0, stop=1806)
    at regex.c:4434
#4  0x0012aa00 in search_buffer (string=<value optimized out>, pos=1807,
pos_byte=1807, 
    lim=1, lim_byte=1, n=-1, RE=1, trt=4675585, inverse_trt=4675585,
posix=0)
    at search.c:1144
#5  0x0012a42c in search_command (string=2502667, bound=4675585,
noerror=4779993, 
    count=<value optimized out>, direction=<value optimized out>, RE=1,
posix=0)
    at search.c:978
#6  0x0012cd44 in Fre_search_backward (regexp=2502667, bound=4675585,
noerror=4779993, 
    count=8) at search.c:2231
#7  0x00156b10 in Ffuncall (nargs=5, args=<value optimized out>) at
eval.c:3003
#8  0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=86) at bytecode.c:679
#9  0x00157094 in funcall_lambda (fun=2502404, nargs=1,
arg_vector=0xffbeaa14)
    at eval.c:3180
#10 0x00156bf4 in Ffuncall (nargs=2, args=<value optimized out>) at
eval.c:3039
#11 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=23) at bytecode.c:679
#12 0x00157094 in funcall_lambda (fun=2502228, nargs=0,
arg_vector=0xffbeabc4)
    at eval.c:3180
#13 0x00156bf4 in Ffuncall (nargs=1, args=<value optimized out>) at
eval.c:3039
#14 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=51) at bytecode.c:679
#15 0x00157094 in funcall_lambda (fun=8848228, nargs=1,
arg_vector=0xffbead74)
    at eval.c:3180
#16 0x00156bf4 in Ffuncall (nargs=2, args=<value optimized out>) at
eval.c:3039
#17 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=204) at bytecode.c:679
#18 0x00157094 in funcall_lambda (fun=7471364, nargs=0,
arg_vector=0xffbeaf34)
    at eval.c:3180
#19 0x00156bf4 in Ffuncall (nargs=1, args=<value optimized out>) at
eval.c:3039
#20 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=16) at bytecode.c:679
#21 0x00157094 in funcall_lambda (fun=8824484, nargs=0,
arg_vector=0xffbeb0e4)
    at eval.c:3180
#22 0x00156bf4 in Ffuncall (nargs=1, args=<value optimized out>) at
eval.c:3039
#23 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=214) at bytecode.c:679
#24 0x00157094 in funcall_lambda (fun=8835844, nargs=3,
arg_vector=0xffbeb2bc)
    at eval.c:3180
#25 0x00156bf4 in Ffuncall (nargs=4, args=<value optimized out>) at
eval.c:3039
#26 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=62) at bytecode.c:679
#27 0x00157094 in funcall_lambda (fun=7119588, nargs=2,
arg_vector=0xffbeb47c)
    at eval.c:3180
#28 0x00156bf4 in Ffuncall (nargs=3, args=<value optimized out>) at
eval.c:3039
#29 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
---Type <return> to continue, or q <return> to quit---
    vector=<value optimized out>, maxdepth=0) at bytecode.c:679
#30 0x00157094 in funcall_lambda (fun=7088452, nargs=4,
arg_vector=0xffbeb64c)
    at eval.c:3180
#31 0x00156bf4 in Ffuncall (nargs=5, args=<value optimized out>) at
eval.c:3039
#32 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=56) at bytecode.c:679
#33 0x00157094 in funcall_lambda (fun=7120292, nargs=1,
arg_vector=0xffbeb824)
    at eval.c:3180
#34 0x00156bf4 in Ffuncall (nargs=2, args=<value optimized out>) at
eval.c:3039
#35 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=96) at bytecode.c:679
#36 0x00157094 in funcall_lambda (fun=2425052, nargs=3,
arg_vector=0xffbeb9f4)
    at eval.c:3180
#37 0x00156bf4 in Ffuncall (nargs=4, args=<value optimized out>) at
eval.c:3039
#38 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=137) at bytecode.c:679
#39 0x00157094 in funcall_lambda (fun=2421692, nargs=3,
arg_vector=0xffbebbb4)
    at eval.c:3180
#40 0x00156bf4 in Ffuncall (nargs=4, args=<value optimized out>) at
eval.c:3039
#41 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=32) at bytecode.c:679
#42 0x00157094 in funcall_lambda (fun=2420508, nargs=2,
arg_vector=0xffbebee0)
    at eval.c:3180
#43 0x00156bf4 in Ffuncall (nargs=3, args=<value optimized out>) at
eval.c:3039
#44 0x00156504 in run_hook_with_args (nargs=3, args=0xffbebedc,
cond=to_completion)
    at eval.c:2652
#45 0x0015635c in Frun_hook_with_args (nargs=3, args=0xffbebedc) at
eval.c:2540
#46 0x00156a00 in Ffuncall (nargs=4, args=<value optimized out>) at
eval.c:2974
#47 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=32) at bytecode.c:679
#48 0x00155e58 in Feval (form=<value optimized out>) at eval.c:2330
#49 0x001549b0 in internal_lisp_condition_case (var=5069401,
bodyform=2435885, 
    handlers=2435957) at eval.c:1429
#50 0x00182dcc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=135) at bytecode.c:869
#51 0x00157094 in funcall_lambda (fun=2435508, nargs=2,
arg_vector=0xffbec2ec)
    at eval.c:3180
#52 0x00156bf4 in Ffuncall (nargs=3, args=<value optimized out>) at
eval.c:3039
#53 0x001824bc in Fbyte_code (bytestr=<value optimized out>, 
    vector=<value optimized out>, maxdepth=20) at bytecode.c:679
#54 0x00157094 in funcall_lambda (fun=2435204, nargs=1,
arg_vector=0xffbec60c)
    at eval.c:3180
#55 0x00156bf4 in Ffuncall (nargs=2, args=<value optimized out>) at
eval.c:3039
#56 0x00154d4c in internal_condition_case_2 (bfun=0x15679c <Ffuncall>,
nargs=2, 
    args=0xffbec608, handlers=4675633, hfun=0x5b110 <safe_eval_handler>)
at eval.c:1583
#57 0x0005b220 in safe_call (nargs=2, args=0xffbec608) at xdisp.c:2341
#58 0x0005b24c in safe_call1 (fn=7476585, arg=12728) at xdisp.c:2361
#59 0x0005c7d4 in handle_fontified_prop (it=<value optimized out>) at
xdisp.c:3296
#60 0x0005c1b4 in handle_stop (it=0xffbec8d8) at xdisp.c:3047
#61 0x00061120 in next_element_from_buffer (it=0xffbec8d8) at
xdisp.c:6320
#62 0x00060214 in get_next_display_element (it=0xffbec8d8) at
xdisp.c:5578
#63 0x00071a9c in display_line (it=0xffbec8d8) at xdisp.c:16066
#64 0x0006d6b8 in try_window (window=<value optimized out>, pos=
      {charpos = 7969796, bytepos = 7969792}, check_margins=1) at
xdisp.c:13645
#65 0x0006c898 in redisplay_window (window=7969796, just_this_one_p=0)
at xdisp.c:13266
#66 0x00069a28 in redisplay_window_0 (window=7969796) at xdisp.c:11871
#67 0x00154c10 in internal_condition_case_1 (bfun=0x699fc
<redisplay_window_0>, 
    arg=7969796, handlers=4659037, hfun=0x699dc
<redisplay_window_error>) at eval.c:1532
#68 0x000699c0 in redisplay_windows (window=7969796) at xdisp.c:11850
---Type <return> to continue, or q <return> to quit---
#69 0x00068e44 in redisplay_internal (preserve_echo_area=<value
optimized out>)
    at xdisp.c:11410
#70 0x000674f0 in redisplay () at xdisp.c:10626
#71 0x000ec6a0 in read_char (commandflag=1, nmaps=2, maps=0xffbedd40, 
    prev_event=4675585, used_mouse_menu=0xffbede00, end_time=0x0) at
keyboard.c:2675
#72 0x000f5aa0 in read_key_sequence (keybuf=0xffbedef0, bufsize=30,
prompt=4675585, 
    dont_downcase_last=0, can_return_switch_frame=1,
fix_current_buffer=1)
    at keyboard.c:9152
#73 0x000ea1a0 in command_loop_1 () at keyboard.c:1621
#74 0x00154adc in internal_condition_case (bfun=0xe9e10
<command_loop_1>, 
    handlers=4743841, hfun=0xe96d8 <cmd_error>) at eval.c:1484
#75 0x000e9acc in command_loop_2 () at keyboard.c:1330
#76 0x00154588 in internal_catch (tag=4733953, func=0xe9aa0
<command_loop_2>, 
    arg=4675585) at eval.c:1224
#77 0x000e9a48 in command_loop () at keyboard.c:1309
#78 0x000e9418 in recursive_edit_1 () at keyboard.c:1007
#79 0x000e9584 in Frecursive_edit () at keyboard.c:1068
#80 0x000e82a4 in main (argc=2, argv=0xffbee43c) at emacs.c:1770

Lisp Backtrace:
"re-search-backward" (0x26300b)
"beginning-of-defun-raw" (0x475801)
"beginning-of-defun" (0x475801)
"c-get-fallback-start-pos" (0x3878)
"c-parse-state" (0x3fc)
"c-at-toplevel-p" (0x140)
"c-font-lock-declarators" (0x41f8)
0x6ca2e4 PVEC_COMPILED
"c-find-decl-spots" (0x41f8)
"c-font-lock-declarations" (0x41f8)
"font-lock-fontify-keywords-region" (0x31b8)
"font-lock-default-fontify-region" (0x31b8)
"font-lock-fontify-region" (0x31b8)
"run-hook-with-args" (0x6d5fc1)
"byte-code" (0x252b3b)
"jit-lock-fontify-now" (0x31b8)
"jit-lock-function" (0x31b8)
(gdb) 


 "Misys" is the trade name for Misys plc (registered in England and Wales). 
Registration Number: 01360027. Registered office: Burleigh House, Chapel Oak, 
Salford Priors, Evesham WR11 8SP. For a list of Misys group operating companies 
please go to http://www.misys.com/html/about_us/group_operating_companies/. 
This email and any attachments have been scanned for known viruses using 
multiple scanners. 
 
We believe that this email and any attachments are virus free, however the 
recipient must take full responsibility for virus checking. This email message 
is intended for the named recipient only. It may be privileged and/or 
confidential. If you are not the named recipient of this email please notify us 
immediately and do not copy it or use it for any purpose, nor disclose its 
contents to any other person. This email does not constitute the commencement 
of legal relations between you and Misys plc. Please refer to the executed 
contract between you and the relevant member of the Misys group for the 
identity of the contracting party with which you are dealing.