From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Mathieu Othacehe Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 26 Feb 2021 14:15:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 46796@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.161434887622846 (code B ref -1); Fri, 26 Feb 2021 14:15:02 +0000 Received: (at submit) by debbugs.gnu.org; 26 Feb 2021 14:14:36 +0000 Received: from localhost ([127.0.0.1]:40496 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFdt5-0005wQ-OL for submit@debbugs.gnu.org; Fri, 26 Feb 2021 09:14:35 -0500 Received: from lists.gnu.org ([209.51.188.17]:55484) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFdt4-0005wJ-Oy for submit@debbugs.gnu.org; Fri, 26 Feb 2021 09:14:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:40606) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lFdt4-0003pd-Js for bug-guix@gnu.org; Fri, 26 Feb 2021 09:14:34 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33232) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lFdt4-0005xy-DR for bug-guix@gnu.org; Fri, 26 Feb 2021 09:14:34 -0500 Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=35758 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lFdt3-0007B1-Nl for bug-guix@gnu.org; Fri, 26 Feb 2021 09:14:34 -0500 From: Mathieu Othacehe Date: Fri, 26 Feb 2021 15:14:31 +0100 Message-ID: <8735xihq60.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, I'm trying to fix a memory corruption in the remote-server process of Cuirass since a few days. Even though I don't have a usable core dump file yet, I'm pretty sure the error comes from the "zmq-msg-init" procedure of Guile-Simple-ZMQ. This procedure creates a bytevector, call the C function zmq_msg_init to initialize it, adds zmq_msg_close as pointer finalizer and returns a wrapped pointer. My understanding is that the wrapped pointer that is passed around in Cuirass ensures that the underlying bytevector is not garbage collected until the pointer goes out of scope. However, some assertions failures such as this one: --8<---------------cut here---------------start------------->8--- Assertion failed: check () (src/msg.cpp:394) --8<---------------cut here---------------end--------------->8--- let me think that the bytevector is garbage collected, while ZMQ is still using it. Some help would be much appreciated here :). Thanks, Mathieu From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 26 Feb 2021 20:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mathieu Othacehe , 46796@debbugs.gnu.org Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.161437062518554 (code B ref 46796); Fri, 26 Feb 2021 20:18:02 +0000 Received: (at 46796) by debbugs.gnu.org; 26 Feb 2021 20:17:05 +0000 Received: from localhost ([127.0.0.1]:42596 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFjXs-0004pB-Rb for submit@debbugs.gnu.org; Fri, 26 Feb 2021 15:17:05 -0500 Received: from mail-wr1-f44.google.com ([209.85.221.44]:43813) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFjXr-0004oe-B6 for 46796@debbugs.gnu.org; Fri, 26 Feb 2021 15:17:03 -0500 Received: by mail-wr1-f44.google.com with SMTP id w11so9738688wrr.10 for <46796@debbugs.gnu.org>; Fri, 26 Feb 2021 12:17:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:in-reply-to:references:date:message-id:mime-version :content-transfer-encoding; bh=C2LM1sjD3BMs58uH8Rc/InEhq3fyVzzSJVuhmeuOV4A=; b=eqVto3sOnEyXoiwPCgDfOWa+OhELnYSG/KqmLlp7Tu2pqGp98BxfXTLbgz0fB7jX++ L4Z+y8sO2c94sdFtWBVR0jx38VmkUUDJPbL7YwKcnD8ons7nG9kzbzsv5zA44M+yZjAU 4gM5VCFML2IYQ0kE47ZHMqMaQwKXQzOIisMAbtyvPlkIXw7ymyV/3Lel/lkJeb6FiPw4 1rtbOUm2Mu8+Qr0MdJUP4gllUzyczS3bmR8lfMaPOM76emo6ArWCs9OAW/hF9lwMZJ6a G1lsCu40OGPJZHmaRc4CWOt8qoO9tacD8BZHALnWRc10lyxcTUb2ZI40bBdzhW+KVo/m xX/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=C2LM1sjD3BMs58uH8Rc/InEhq3fyVzzSJVuhmeuOV4A=; b=LXNoH5A+gWbiMo5t9J+89Nl5Nx5HmVFhRNoLtOf0b2N2Eyt4cyDPmU2oT3tkBUr8JU OqWT6i24F+9DLUudNiLVlFsTZJW1kcLlFyJl1+fdQW+WSrMLPgB03ArlXzjkqa00eekE EXZKxLVOiJOHyq40Ea7y8szawWxR11jtACxHBBT5Ud2rmun8YCZZ5wLc2TkODSWuOvWh qjhPRaLmC8UZqO31CrlV6iTU0rtkOAyrHYNZTRso1yFwThpY5kX7WJz3ysWPAHgPMZnu LvKt4XACgz6vS5VVJ4x/WUaU3urKGklAp6+JeZblC0brc05rbQFhtTDTa/124HD4jPfc mKOQ== X-Gm-Message-State: AOAM533opPeUKsDIUhapVMMQdjq3DFCtV2zh6I8shuI8YQigKXBBukk4 mBeSmkYWgOEpSyyJI1PLOOsCYMOx7Rw= X-Google-Smtp-Source: ABdhPJyiW/6Bnr2/SlKwcJa/B7Ujw+XOpCt61X7usApv/obVlNz3u6qDwdn72zRZfvwwhvflmpNF5A== X-Received: by 2002:a5d:6cab:: with SMTP id a11mr4980652wra.419.1614370617403; Fri, 26 Feb 2021 12:16:57 -0800 (PST) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id u4sm6503281wrm.24.2021.02.26.12.16.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Feb 2021 12:16:57 -0800 (PST) From: zimoun In-Reply-To: <8735xihq60.fsf@gnu.org> References: <8735xihq60.fsf@gnu.org> Date: Fri, 26 Feb 2021 21:12:56 +0100 Message-ID: <86im6e1tbr.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Mathieu, I know nothing about the topic and I probably out-of-scope. On Fri, 26 Feb 2021 at 15:14, Mathieu Othacehe wrote: > I'm trying to fix a memory corruption in the remote-server process of > Cuirass since a few days. Even though I don't have a usable core dump > file yet, I'm pretty sure the error comes from the "zmq-msg-init" > procedure of Guile-Simple-ZMQ. > > This procedure creates a bytevector, call the C function zmq_msg_init to > initialize it, adds zmq_msg_close as pointer finalizer and returns a > wrapped pointer. > > My understanding is that the wrapped pointer that is passed around in > Cuirass ensures that the underlying bytevector is not garbage collected > until the pointer goes out of scope. However, some assertions failures > such as this one: > > --8<---------------cut here---------------start------------->8--- > Assertion failed: check () (src/msg.cpp:394) > --8<---------------cut here---------------end--------------->8--- > > let me think that the bytevector is garbage collected, while ZMQ is > still using it. Some help would be much appreciated here :). >From =E2=80=99zmq-msg-init=E2=80=99 defined here: and why is =E2=80=99zmq-message-content=E2=80=99 used for? Since =E2=80=99= message=E2=80=99 is initialized with zero, I guess. Well, I am confused by: --8<---------------cut here---------------start------------->8--- (let ((content-ptr (zmq_msg_data (message->pointer message))) [...] (pointer->bytevector content-ptr size)))) =E2=80=A6 (let ((msg (pointer->message! msg-pointer))) (when content-bv (let ((target (zmq-message-content msg))) (bytevector-copy! content-bv 0 target 0 len))) msg)))) --8<---------------cut here---------------end--------------->8--- Is =E2=80=99target=E2=80=99 at the same address than =E2=80=99msg=E2=80=99?= Maybe =E2=80=99target=E2=80=99 creates somehow a dangling pointer. Cheers, simon From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Mathieu Othacehe Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 27 Feb 2021 12:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 46796@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.161443027129691 (code B ref 46796); Sat, 27 Feb 2021 12:52:02 +0000 Received: (at 46796) by debbugs.gnu.org; 27 Feb 2021 12:51:11 +0000 Received: from localhost ([127.0.0.1]:43358 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFz3u-0007io-O4 for submit@debbugs.gnu.org; Sat, 27 Feb 2021 07:51:11 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49352) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFz3r-0007ia-T7 for 46796@debbugs.gnu.org; Sat, 27 Feb 2021 07:51:08 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58920) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lFz3m-0004Bm-27; Sat, 27 Feb 2021 07:51:02 -0500 Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=45002 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lFz3l-0005Tg-DP; Sat, 27 Feb 2021 07:51:01 -0500 From: Mathieu Othacehe References: <8735xihq60.fsf@gnu.org> Date: Sat, 27 Feb 2021 13:50:59 +0100 In-Reply-To: <8735xihq60.fsf@gnu.org> (Mathieu Othacehe's message of "Fri, 26 Feb 2021 15:14:31 +0100") Message-ID: <87ft1hvfm4.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hey, Here's a Valgrind backtrace: --8<---------------cut here---------------start------------->8--- ==97844== Thread 17: ==97844== Invalid read of size 4 ==97844== at 0x114465B9: zmq::msg_t::close() (in /gnu/store/zd9lbfqa3170nsfd4177dnr38k1sjbnc-zeromq-4.3.4/lib/libzmq.so.5.2.4) ==97844== by 0x3A58E98F: ??? ==97844== by 0x489AC78: chained_finalizer (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== by 0x49A16EE: GC_invoke_finalizers (in /gnu/store/iycnpxxrg8m9wf9w58d6zvp9sdby6m9d-libgc-7.6.12/lib/libgc.so.1.3.6) ==97844== by 0x489AF08: scm_run_finalizers (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== by 0x489AF8C: finalization_thread_proc (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== by 0x488BB09: c_body (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== by 0x4913148: vm_regular_engine (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== by 0x49145B4: scm_call_n (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== by 0x4890BB9: scm_call_2 (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== by 0x48923B9: scm_c_with_exception_handler (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== by 0x4909C3C: scm_c_catch (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) ==97844== Address 0x7373313569316263 is not stack'd, malloc'd or (recently) free'd --8<---------------cut here---------------end--------------->8--- It looks like the finalizer is operating on a memory region that has already been free'd. The documentation associated with the finalization functions in says: --8<---------------cut here---------------start------------->8--- /* When obj is no longer accessible, invoke */ /* (*fn)(obj, cd). If a and b are inaccessible, and */ /* a points to b (after disappearing links have been */ /* made to disappear), then only a will be */ --8<---------------cut here---------------end--------------->8--- As far as I understand, OBJ is the wrapped pointer to the bytevector created in "zmq-msg-init". There's a weak reference between the pointer and the bytevector that is introduced by "register_weak_reference" in "bytevector->pointer". My interrogation is: do I have the guarantee that the pointer and its references are still readable from within the finalizer? The above snippet says that FN is invoked when OBJ is unaccessible, but does this mean its content may have already been collected? Cc'ing Ludo :) Thanks, Mathieu From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Mathieu Othacehe Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 27 Feb 2021 13:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: zimoun Cc: 46796@debbugs.gnu.org Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.161443079930432 (code B ref 46796); Sat, 27 Feb 2021 13:00:02 +0000 Received: (at 46796) by debbugs.gnu.org; 27 Feb 2021 12:59:59 +0000 Received: from localhost ([127.0.0.1]:43370 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFzCR-0007um-9V for submit@debbugs.gnu.org; Sat, 27 Feb 2021 07:59:59 -0500 Received: from eggs.gnu.org ([209.51.188.92]:50530) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFzCQ-0007uZ-7Q for 46796@debbugs.gnu.org; Sat, 27 Feb 2021 07:59:58 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58963) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lFzCK-00082q-Ud; Sat, 27 Feb 2021 07:59:52 -0500 Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=45062 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lFzCK-00044Q-86; Sat, 27 Feb 2021 07:59:52 -0500 From: Mathieu Othacehe References: <8735xihq60.fsf@gnu.org> <86im6e1tbr.fsf@gmail.com> Date: Sat, 27 Feb 2021 13:59:50 +0100 In-Reply-To: <86im6e1tbr.fsf@gmail.com> (zimoun's message of "Fri, 26 Feb 2021 21:12:56 +0100") Message-ID: <87blc5vf7d.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hello zimoun, > and why is =E2=80=99zmq-message-content=E2=80=99 used for? Since =E2=80= =99message=E2=80=99 is > initialized with zero, I guess. Well, I am confused by: > > (let ((content-ptr (zmq_msg_data (message->pointer message))) > [...] > (pointer->bytevector content-ptr size)))) > > =E2=80=A6 > > (let ((msg (pointer->message! msg-pointer))) > (when content-bv > (let ((target (zmq-message-content msg))) > (bytevector-copy! content-bv 0 target 0 len))) > msg)))) > > Is =E2=80=99target=E2=80=99 at the same address than =E2=80=99msg=E2=80= =99? Maybe =E2=80=99target=E2=80=99 creates > somehow a dangling pointer. No 'target' is not at the same address than 'msg', it's just a field of 'msg' that is allocated internally when "zmq_msg_init_size" is called. Allocating a message with "zmq_msg_init_size" and filling its content by memcpy'ing data to the memory region pointed by "zmq_msg_data" is the example given in "Man 3 zmq_msg_send", to I hope this is a valid use-case :). Thanks, Mathieu From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 01 Mar 2021 09:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mathieu Othacehe Cc: 46796@debbugs.gnu.org Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.161459146715325 (code B ref 46796); Mon, 01 Mar 2021 09:38:01 +0000 Received: (at 46796) by debbugs.gnu.org; 1 Mar 2021 09:37:47 +0000 Received: from localhost ([127.0.0.1]:48117 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGezq-0003z7-MA for submit@debbugs.gnu.org; Mon, 01 Mar 2021 04:37:46 -0500 Received: from eggs.gnu.org ([209.51.188.92]:41778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGezp-0003yr-DG for 46796@debbugs.gnu.org; Mon, 01 Mar 2021 04:37:45 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41757) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lGezj-0000Kd-VP for 46796@debbugs.gnu.org; Mon, 01 Mar 2021 04:37:40 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50118 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lGezf-0000u9-CI; Mon, 01 Mar 2021 04:37:35 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <8735xihq60.fsf@gnu.org> <87ft1hvfm4.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 11 =?UTF-8?Q?Vent=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 01 Mar 2021 10:37:33 +0100 In-Reply-To: <87ft1hvfm4.fsf@gnu.org> (Mathieu Othacehe's message of "Sat, 27 Feb 2021 13:50:59 +0100") Message-ID: <87k0qrusde.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi! Mathieu Othacehe skribis: > Here's a Valgrind backtrace: > > =3D=3D97844=3D=3D Thread 17: > =3D=3D97844=3D=3D Invalid read of size 4 > =3D=3D97844=3D=3D at 0x114465B9: zmq::msg_t::close() (in /gnu/store/zd= 9lbfqa3170nsfd4177dnr38k1sjbnc-zeromq-4.3.4/lib/libzmq.so.5.2.4) First, is this function idempotent? (Is it OK to close an msg_t multiple times.) Second, remember that finalizers can run in a separate thread. Thus, you must make sure there are no other threads, such as ZMQ=E2=80=99s intern= al threads, still operating on the object when it is freed. > =3D=3D97844=3D=3D by 0x3A58E98F: ???=20 > =3D=3D97844=3D=3D by 0x489AC78: chained_finalizer (in /gnu/store/q8brh= 7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x49A16EE: GC_invoke_finalizers (in /gnu/store/iy= cnpxxrg8m9wf9w58d6zvp9sdby6m9d-libgc-7.6.12/lib/libgc.so.1.3.6) > =3D=3D97844=3D=3D by 0x489AF08: scm_run_finalizers (in /gnu/store/q8br= h7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x489AF8C: finalization_thread_proc (in /gnu/stor= e/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x488BB09: c_body (in /gnu/store/q8brh7j5mwy0hbrl= y6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x4913148: vm_regular_engine (in /gnu/store/q8brh= 7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x49145B4: scm_call_n (in /gnu/store/q8brh7j5mwy0= hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x4890BB9: scm_call_2 (in /gnu/store/q8brh7j5mwy0= hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x48923B9: scm_c_with_exception_handler (in /gnu/= store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.= 0) > =3D=3D97844=3D=3D by 0x4909C3C: scm_c_catch (in /gnu/store/q8brh7j5mwy= 0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D Address 0x7373313569316263 is not stack'd, malloc'd or= (recently) free'd > > > It looks like the finalizer is operating on a memory region that has > already been free'd. The documentation associated with the > finalization functions in says: > > /* When obj is no longer accessible, invoke */ > /* (*fn)(obj, cd). If a and b are inaccessible, and */ > /* a points to b (after disappearing links have been */ > /* made to disappear), then only a will be */ > > > As far as I understand, OBJ is the wrapped pointer to the bytevector > created in "zmq-msg-init". There's a weak reference between the pointer > and the bytevector that is introduced by "register_weak_reference" in > "bytevector->pointer". There are (roughly) three objects here: the =E2=80=9Cmsg=E2=80=9D, the poin= ter object, and the bytevector that pointer refers to. The bytevector may be freed when the pointer object becomes unreachable. But you probably also need a weak link from the =E2=80=9Cmsg=E2=80=9D objec= t to the pointer object to ensure that the pointer object outlives the msg object. You also need to check the zmq::msg_t::close memory semantics: does it free the data associated with the message? If so, that=E2=80=99s redundant= with the pointer finalizer. > My interrogation is: do I have the guarantee that the pointer and its > references are still readable from within the finalizer? The above > snippet says that FN is invoked when OBJ is unaccessible, but does this > mean its content may have already been collected? Not sure, but most likely the problem is at a higher layer. :-) If you can get a reduced test case to run under =E2=80=98rr=E2=80=99, that = should allow you to see where the message was first freed. This is all pretty vague and general, but I HTH! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 01 09:14:53 2021 Received: (at control) by debbugs.gnu.org; 1 Mar 2021 14:14:53 +0000 Received: from localhost ([127.0.0.1]:48558 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGjK1-0006pk-EX for submit@debbugs.gnu.org; Mon, 01 Mar 2021 09:14:53 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49950) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGjJz-0006pU-Ba for control@debbugs.gnu.org; Mon, 01 Mar 2021 09:14:51 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45375) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lGjJu-0001B3-6J for control@debbugs.gnu.org; Mon, 01 Mar 2021 09:14:46 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54234 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lGjJr-00027n-T0 for control@debbugs.gnu.org; Mon, 01 Mar 2021 09:14:44 -0500 Date: Mon, 01 Mar 2021 15:14:42 +0100 Message-Id: <87ft1frmel.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #46796 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) severity 46796 important quit From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Mathieu Othacehe Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 02 Mar 2021 08:10:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 46796@debbugs.gnu.org Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.161467254825371 (code B ref 46796); Tue, 02 Mar 2021 08:10:02 +0000 Received: (at 46796) by debbugs.gnu.org; 2 Mar 2021 08:09:08 +0000 Received: from localhost ([127.0.0.1]:51626 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lH05c-0006b9-1Q for submit@debbugs.gnu.org; Tue, 02 Mar 2021 03:09:08 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52206) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lH05a-0006ad-Am for 46796@debbugs.gnu.org; Tue, 02 Mar 2021 03:09:06 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35545) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lH05U-00064t-QO; Tue, 02 Mar 2021 03:09:00 -0500 Received: from [2a01:e0a:19b:d9a0:8de0:390a:b2be:8c89] (port=56946 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lH05S-0005Bu-On; Tue, 02 Mar 2021 03:08:59 -0500 From: Mathieu Othacehe References: <8735xihq60.fsf@gnu.org> <87ft1hvfm4.fsf@gnu.org> <87k0qrusde.fsf@gnu.org> Date: Tue, 02 Mar 2021 09:08:56 +0100 In-Reply-To: <87k0qrusde.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Mon, 01 Mar 2021 10:37:33 +0100") Message-ID: <87mtvmnfjb.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hey Ludo, Many thanks for your help here, it feels great to have your support as always. > First, is this function idempotent? (Is it OK to close an msg_t > multiple times.) The zmq_msg_close function is mostly responsible of freeing the memory allocated by ZMQ to store the data associated with the message. I think it is safe to use it multiple times and from different threads. It is not responsible of freeing the zmq_msg_t structure itself which is allocated by the user, usually on the stack in C programs. I have written a small reproducer of the situation: --8<---------------cut here---------------start------------->8--- (use-modules (system foreign) (rnrs bytevectors)) (define close (dynamic-func "test_close" (dynamic-link "/home/mathieu/tmp/libtest"))) (let loop () (let* ((bv (make-bytevector 64)) (ptr (bytevector->pointer bv))) (set-pointer-finalizer! ptr close) (loop))) --8<---------------cut here---------------end--------------->8--- this program creates a bytevector of 64 bytes and attaches the C function "test_close" as a pointer finalizer to the bytevector pointer. This function looks like: --8<---------------cut here---------------start------------->8--- int test_close (void *x) { int i; char *v = x; for (i = 0; i < 64; i++) { v[i] = '1'; } return 0; } --8<---------------cut here---------------end--------------->8--- It overrides the bytevector content, that should cause a segmentation error if the bytevector is already freed. And it does indeed, which makes me think that despite the weak reference between the pointer object and the bytevector, the bytevector is already GC'd when the finalizer is called. I'm now using guardians in Guile-Simple-ZMQ instead of pointer finalizers, and do not experience crashes anymore, but I would really like to understand what's happening here. Any clues :)? Thanks, Mathieu From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 02 Mar 2021 13:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mathieu Othacehe Cc: 46796@debbugs.gnu.org Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.16146930123202 (code B ref 46796); Tue, 02 Mar 2021 13:51:02 +0000 Received: (at 46796) by debbugs.gnu.org; 2 Mar 2021 13:50:12 +0000 Received: from localhost ([127.0.0.1]:52107 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lH5Pg-0000pa-Fn for submit@debbugs.gnu.org; Tue, 02 Mar 2021 08:50:12 -0500 Received: from eggs.gnu.org ([209.51.188.92]:35834) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lH5Pe-0000pJ-MA for 46796@debbugs.gnu.org; Tue, 02 Mar 2021 08:50:11 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40426) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lH5PZ-0004dZ-FD for 46796@debbugs.gnu.org; Tue, 02 Mar 2021 08:50:05 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38900 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lH5PX-0006Iz-9e; Tue, 02 Mar 2021 08:50:03 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <8735xihq60.fsf@gnu.org> <87ft1hvfm4.fsf@gnu.org> <87k0qrusde.fsf@gnu.org> <87mtvmnfjb.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 12 =?UTF-8?Q?Vent=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 02 Mar 2021 14:50:01 +0100 In-Reply-To: <87mtvmnfjb.fsf@gnu.org> (Mathieu Othacehe's message of "Tue, 02 Mar 2021 09:08:56 +0100") Message-ID: <87blc1oeba.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi! Mathieu Othacehe skribis: > I have written a small reproducer of the situation: > > (use-modules (system foreign) > (rnrs bytevectors)) > > (define close > (dynamic-func "test_close" (dynamic-link "/home/mathieu/tmp/libtest"))) > > (let loop () > (let* ((bv (make-bytevector 64)) > (ptr (bytevector->pointer bv))) > (set-pointer-finalizer! ptr close) > (loop))) > > > this program creates a bytevector of 64 bytes and attaches the C > function "test_close" as a pointer finalizer to the bytevector pointer. > > This function looks like: > > int > test_close (void *x) > { > int i; > char *v =3D x; > > for (i =3D 0; i < 64; i++) { > v[i] =3D '1'; > } > > return 0; > } > > It overrides the bytevector content, that should cause a segmentation > error if the bytevector is already freed. > > And it does indeed, which makes me think that despite the weak reference > between the pointer object and the bytevector, the bytevector is already > GC'd when the finalizer is called. Hmm I think the bytevector and the pointer object can be finalized in the same GC cycle; when that happens, you have no guarantee as to the order in which they are finalized. IOW, I think you cannot assume, from the pointer finalizer, that the bytevector is still reachable. But=E2=80=A6 is it really similar to your ZMQ issue? There you had message object wrappers (as per =E2=80=98define-wrapped-pointer-type=E2=80=99) and = a pointer object to the underlying C object, right? > I'm now using guardians in Guile-Simple-ZMQ instead of pointer > finalizers, and do not experience crashes anymore, but I would really > like to understand what's happening here. Guardians are finalizers; it=E2=80=99s just a different interface. Ludo=E2=80=99. From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Mathieu Othacehe Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 02 Mar 2021 17:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 46796@debbugs.gnu.org Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.161470457522510 (code B ref 46796); Tue, 02 Mar 2021 17:03:02 +0000 Received: (at 46796) by debbugs.gnu.org; 2 Mar 2021 17:02:55 +0000 Received: from localhost ([127.0.0.1]:54096 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lH8QB-0005r0-2E for submit@debbugs.gnu.org; Tue, 02 Mar 2021 12:02:55 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55698) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lH8Q8-0005qn-Mm for 46796@debbugs.gnu.org; Tue, 02 Mar 2021 12:02:53 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:43718) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lH8Q1-0006bD-AN; Tue, 02 Mar 2021 12:02:46 -0500 Received: from [2a01:e0a:19b:d9a0:48b9:53dd:55a0:354a] (port=51904 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lH8Pz-0002sU-3P; Tue, 02 Mar 2021 12:02:45 -0500 From: Mathieu Othacehe References: <8735xihq60.fsf@gnu.org> <87ft1hvfm4.fsf@gnu.org> <87k0qrusde.fsf@gnu.org> <87mtvmnfjb.fsf@gnu.org> <87blc1oeba.fsf@gnu.org> Date: Tue, 02 Mar 2021 18:02:40 +0100 In-Reply-To: <87blc1oeba.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Tue, 02 Mar 2021 14:50:01 +0100") Message-ID: <87im69bia7.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hey, > Hmm I think the bytevector and the pointer object can be finalized in > the same GC cycle; when that happens, you have no guarantee as to the > order in which they are finalized. That would explain the crashes indeed. > But=E2=80=A6 is it really similar to your ZMQ issue? There you had messa= ge > object wrappers (as per =E2=80=98define-wrapped-pointer-type=E2=80=99) an= d a pointer > object to the underlying C object, right? I think the only difference is that the reproducer doesn't introduce the wrapped pointer object. Using ZMQ, the message creation looks like: zmq-msg-init Bytevector creation with make-bytevector at address P Bytevector initialization with zmq_msg_init(P) Install zmq_msg_close as finalizer on P Message wrapping using (pointer->message P) Return the wrapped message The user can then operate on the wrapped message by passing it to other message API procedures such as zmq-message-size. Those procedures will call ZMQ using the underlying pointer. The bytevector/pointer object undetermined GC order is really problematic then. I'm not sure why I'm not experiencing this crash using Guardians since they are also using finalizers. The ultimate work around would be to leave the message closing responsibility to the user but that would be sad. Do you know if there's another to prevent the bytevector from being collected before the pointer object? Thanks, Mathieu From unknown Wed Jun 25 03:57:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 08 Mar 2021 13:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mathieu Othacehe Cc: 46796@debbugs.gnu.org Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.16152111287938 (code B ref 46796); Mon, 08 Mar 2021 13:46:01 +0000 Received: (at 46796) by debbugs.gnu.org; 8 Mar 2021 13:45:28 +0000 Received: from localhost ([127.0.0.1]:42397 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lJGCO-00023y-5F for submit@debbugs.gnu.org; Mon, 08 Mar 2021 08:45:28 -0500 Received: from eggs.gnu.org ([209.51.188.92]:34120) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lJGCM-00023m-Op for 46796@debbugs.gnu.org; Mon, 08 Mar 2021 08:45:27 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47348) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lJGCF-0006yT-N0 for 46796@debbugs.gnu.org; Mon, 08 Mar 2021 08:45:21 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=41010 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lJGCC-00030c-AY; Mon, 08 Mar 2021 08:45:16 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <8735xihq60.fsf@gnu.org> <87ft1hvfm4.fsf@gnu.org> <87k0qrusde.fsf@gnu.org> <87mtvmnfjb.fsf@gnu.org> <87blc1oeba.fsf@gnu.org> <87im69bia7.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 =?UTF-8?Q?Vent=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 08 Mar 2021 14:45:14 +0100 In-Reply-To: <87im69bia7.fsf@gnu.org> (Mathieu Othacehe's message of "Tue, 02 Mar 2021 18:02:40 +0100") Message-ID: <87v9a1ep3p.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, Mathieu Othacehe skribis: >> Hmm I think the bytevector and the pointer object can be finalized in >> the same GC cycle; when that happens, you have no guarantee as to the >> order in which they are finalized. > > That would explain the crashes indeed. > >> But=E2=80=A6 is it really similar to your ZMQ issue? There you had mess= age >> object wrappers (as per =E2=80=98define-wrapped-pointer-type=E2=80=99) a= nd a pointer >> object to the underlying C object, right? > > I think the only difference is that the reproducer doesn't introduce the > wrapped pointer object. Using ZMQ, the message creation looks like: > > zmq-msg-init > Bytevector creation with make-bytevector at address P > Bytevector initialization with zmq_msg_init(P) > Install zmq_msg_close as finalizer on P > Message wrapping using (pointer->message P) > Return the wrapped message Shouldn=E2=80=99t the finalizer be on , then? > The user can then operate on the wrapped message by passing it to other > message API procedures such as zmq-message-size. Those procedures will > call ZMQ using the underlying pointer. > > The bytevector/pointer object undetermined GC order is really > problematic then. I'm not sure why I'm not experiencing this crash using > Guardians since they are also using finalizers. Guardians =E2=80=9Crevive=E2=80=9D objects: when you call the guardian, it = returns the object that _would have_ been GC=E2=80=99d. IOW, guardians delay =E2=80=9C= actual=E2=80=9D finalization. That may be the explanation. > The ultimate work around would be to leave the message closing > responsibility to the user but that would be sad. Yeah, don=E2=80=99t do that. :-) > Do you know if there's another to prevent the bytevector from being > collected before the pointer object? I=E2=80=99d really need to dive into the code but I=E2=80=99m confident the= re=E2=80=99s nothing special about this scenario; we=E2=80=99re probably just overlooking some pointer ownership rule. I see something risky: AIUI, =E2=80=98zmq-message-content=E2=80=99 returns = a bytevector that aliases a message=E2=80=99s buffer. The problem is that the bytevecto= r may still be used from Scheme after the message is destroyed, and then bad things can happen. Also, regarding the message API, my goal back then (but I never got around to it) was to not expose the msg API as such, and instead to have =E2=80=98zmq-send=E2=80=99, =E2=80=98zmq-receive=E2=80=99 etc. transpa= rently create msg_t objects. That simplifies things for users and perhaps also for the implementation. HTH, Ludo=E2=80=99. From unknown Wed Jun 25 03:57:54 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Mathieu Othacehe Subject: bug#46796: closed (Re: bug#46796: Cuirass & pointer finalization.) Message-ID: References: <87pm00d7gr.fsf@gnu.org> <8735xihq60.fsf@gnu.org> X-Gnu-PR-Message: they-closed 46796 X-Gnu-PR-Package: guix Reply-To: 46796@debbugs.gnu.org Date: Thu, 23 Nov 2023 11:40:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1700739602-8591-1" This is a multi-part message in MIME format... ------------=_1700739602-8591-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #46796: Cuirass & pointer finalization. which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 46796@debbugs.gnu.org. --=20 46796: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D46796 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1700739602-8591-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 46796-done) by debbugs.gnu.org; 23 Nov 2023 11:39:45 +0000 Received: from localhost ([127.0.0.1]:60779 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r683d-0002E0-A3 for submit@debbugs.gnu.org; Thu, 23 Nov 2023 06:39:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:46776) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r683b-0002Dn-QL for 46796-done@debbugs.gnu.org; Thu, 23 Nov 2023 06:39:44 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r683S-00040N-MR for 46796-done@debbugs.gnu.org; Thu, 23 Nov 2023 06:39:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=sDFVJmfo/0+ljQwIZ0aFoiDNlGwilMhBwG+ZktgR8fk=; b=Ck56G6Au7Qek+BWYV2bG PKRJ1Lx56Mqfkm70nSfDTwaU9yD5yz7puprgKBK2735MlnCdqdernjCU9JpxoO5Xq8VBaubvR8vDL AMo9+MMi9zBUlivuzgSk3eucTuPfg6gOuc8b5snqTQlulnx5gEUMTyLv5ikg1hEfmm7rEgXznjRJ3 9us112L6ENYCVeYzZwKGEelyCCfT0Se2b6BaTcI8xHusAqhsGnJKEhXNThkgyx3nNA6aW71fId9ZC nGPTqEeuZjeJSJzYHePW0sOu/XRdDtIUbWx90nGAqwlkpqUTh26R2bok9Mcc+8CaMFFFWyTokQeoK KRztRU+MdUs5oA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#46796: Cuirass & pointer finalization. In-Reply-To: <8735xihq60.fsf@gnu.org> (Mathieu Othacehe's message of "Fri, 26 Feb 2021 15:14:31 +0100") References: <8735xihq60.fsf@gnu.org> Date: Thu, 23 Nov 2023 12:39:32 +0100 Message-ID: <87pm00d7gr.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 46796-done Cc: 46796-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Mathieu Othacehe skribis: > I'm trying to fix a memory corruption in the remote-server process of > Cuirass since a few days. Even though I don't have a usable core dump > file yet, I'm pretty sure the error comes from the "zmq-msg-init" > procedure of Guile-Simple-ZMQ. I=E2=80=99m closing this old bug because it=E2=80=99s most likely been fixe= d with Cuirass commit 40f70d28aed55c404cca6a0760860fb4942e6bee and this: https://github.com/jerry40/guile-simple-zmq/commit/d25d1865e3378d93c44e2b= 4f5246a70b078a489d Ludo=E2=80=99. ------------=_1700739602-8591-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 26 Feb 2021 14:14:36 +0000 Received: from localhost ([127.0.0.1]:40496 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFdt5-0005wQ-OL for submit@debbugs.gnu.org; Fri, 26 Feb 2021 09:14:35 -0500 Received: from lists.gnu.org ([209.51.188.17]:55484) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFdt4-0005wJ-Oy for submit@debbugs.gnu.org; Fri, 26 Feb 2021 09:14:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:40606) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lFdt4-0003pd-Js for bug-guix@gnu.org; Fri, 26 Feb 2021 09:14:34 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33232) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lFdt4-0005xy-DR for bug-guix@gnu.org; Fri, 26 Feb 2021 09:14:34 -0500 Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=35758 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lFdt3-0007B1-Nl for bug-guix@gnu.org; Fri, 26 Feb 2021 09:14:34 -0500 From: Mathieu Othacehe To: bug-guix@gnu.org Subject: Cuirass & pointer finalization. Date: Fri, 26 Feb 2021 15:14:31 +0100 Message-ID: <8735xihq60.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, I'm trying to fix a memory corruption in the remote-server process of Cuirass since a few days. Even though I don't have a usable core dump file yet, I'm pretty sure the error comes from the "zmq-msg-init" procedure of Guile-Simple-ZMQ. This procedure creates a bytevector, call the C function zmq_msg_init to initialize it, adds zmq_msg_close as pointer finalizer and returns a wrapped pointer. My understanding is that the wrapped pointer that is passed around in Cuirass ensures that the underlying bytevector is not garbage collected until the pointer goes out of scope. However, some assertions failures such as this one: --8<---------------cut here---------------start------------->8--- Assertion failed: check () (src/msg.cpp:394) --8<---------------cut here---------------end--------------->8--- let me think that the bytevector is garbage collected, while ZMQ is still using it. Some help would be much appreciated here :). Thanks, Mathieu ------------=_1700739602-8591-1--