GNU bug report logs - #46256
[feature/native-comp] AOT eln files ignored if run from build tree

Previous Next

Package: emacs;

Reported by: Andy Moreton <andrewjmoreton <at> gmail.com>

Date: Tue, 2 Feb 2021 11:12:02 UTC

Severity: normal

Done: Andrea Corallo <akrl <at> sdf.org>

Bug is archived. No further changes may be made.

Full log

Message #484 received at 46256 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Pip Cet <pipcet <at> gmail.com>
Cc: 46256 <at> debbugs.gnu.org, andrewjmoreton <at> gmail.com, akrl <at> sdf.org
Subject: Re: bug#46256: [feature/native-comp] AOT eln files ignored if run
 from build tree
Date: Tue, 09 Mar 2021 14:36:11 +0200

> From: Pip Cet <pipcet <at> gmail.com>
> Date: Mon, 8 Mar 2021 10:45:49 +0000
> Cc: Eli Zaretskii <eliz <at> gnu.org>, 46256 <at> debbugs.gnu.org, andrewjmoreton <at> gmail.com
> 
> > IIUC (and make sense to me) the issue is that we are leaving two pointer
> > pointing to the same handle: One is in the CU_2 allocated by
> > 'Fnative_elisp_load' and later discarded by 'load_comp_unit' when
> > reloading the same filename.  The other is the original CU_1 created the
> > first time this filename was loaded.
> >
> > When CU_2 will be GC'ed because discarded we'll get the problem because
> > we'll dlclose the handle.  Is this correct?
> 
> CU_1 is GC'ed first. CU_2, for whatever reason, isn't  GC'ed in the same cycle.
> 
> > In case isn't the attached curing the issue as well?
> 
> I don't think so. The problem is that we have an invalid Lisp_Object
> in the shared library, not that we're calling dlclose() too often..
> 
> Again, there's no real cost to fixing this: at best, we avoid a
> catastrophic use-after-free. At worst, we nulled out a word of memory
> only for it to be unmapped a moment later, no harm done.

Once again, you are discussing a scenario whose relation to Real Life
I'm not sure I understand.  When will a cu be GC'ed?  Isn't that when
a .eln file is unloaded?  And isn't it true that it can only be
unloaded if the user or some code calls unload-feature or something
similar?  If the above is true, then the probability of this scenario
to happen is very low, and in my particular case it is strictly zero.

Not that I object to making the code robust in those rare cases, but
we are discussing a particular crash.

> > PS I couldn't reproduce using the lisp reproducer both on my 64bit both
> > on my 32bit system (I left it looping for a while), is that reproducer
> > working for you?
> 
> Have you modified dynlib_open() to leak the shared object? That's what
> I think might be happening for Eli

What shared object is supposed to leak in my case, and why?
This bug report was last modified 4 years and 130 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.