GNU bug report logs -
#26542
guile 2.0.13
Previous Next
Reported by: romph <at> web.de
Date: Mon, 17 Apr 2017 15:03:02 UTC
Severity: normal
Done: Andy Wingo <wingo <at> igalia.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 26542 in the body.
You can then email your comments to 26542 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guile <at> gnu.org:
bug#26542; Package
guile.
(Mon, 17 Apr 2017 15:03:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
romph <at> web.de:
New bug report received and forwarded. Copy sent to
bug-guile <at> gnu.org.
(Mon, 17 Apr 2017 15:03:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello,
The attached simple test calls free functions with bad smob_tag.
I see the same stuff with 2.2.0
There are no errors using the stable 2.0.11 version.
my system is:
Linux linux8 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC
2017 x86_64 x86_64 x86_64 GNU/Linux
[box.c (text/x-csrc, attachment)]
[Makefile (text/plain, attachment)]
[test.scm (text/x-scheme, attachment)]
Information forwarded
to
bug-guile <at> gnu.org:
bug#26542; Package
guile.
(Tue, 18 Apr 2017 15:31:04 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello!
I can confirm now the same problem on Cygwin.
2.0.11 runs without errors
2.0.13 behaves identically as on linux. i.e. the function free_box(SCM box_smob)
is called with a bad smob identifier.
[Message part 2 (text/html, inline)]
Reply sent
to
Andy Wingo <wingo <at> igalia.com>:
You have taken responsibility.
(Wed, 19 Apr 2017 08:09:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
romph <at> web.de:
bug acknowledged by developer.
(Wed, 19 Apr 2017 08:09:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 26542-close <at> debbugs.gnu.org (full text, mbox):
Hi,
romph <at> web.de writes:
> Hello,
>
> The attached simple test calls free functions with bad smob_tag.
> I see the same stuff with 2.2.0
> There are no errors using the stable 2.0.11 version.
>
> static size_t
> free_box (SCM box_smob)
> {
> if (SCM_TYP16(box_smob) != scm_tc16_box) {
> // bad type, do not free it
> fprintf (stderr, "[free] error: bad smob 0x%x\n", (int)SCM_TYP16(box_smob));
> exit (-1);
> }
> return 0;
> }
I believe this is fallout from this bug fix in which markers and
finalizers could race each other:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19883
The basic issue is that finalizers run asynchronously on values that are
still live, yet they can invalidate invariants on those live values.
Concurrent markers can then see objects which are being concurrently
finalized, causing intermittent hard-to-debug crashes that couldn't be
properly fixed.
The fix was to "null out" the SMOB tag before calling the finalizer, in
such a way to prevent future GCs from invoking the SMOB mark function on
an object that was being finalized. So the new expectation is that
finalizers see the SMOB tag as being scm_tc7_smob + SMOB number 0,
indicating the "finalized" smob type.
I guess we weren't aware of how this might affect other users that check
the SMOB tag during the free function. Apologies for that undocumented
change. It was necessary though to fix 19883.
Andy
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 17 May 2017 11:24:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 8 years and 86 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.