[Gc] Segfault in GC_mark_from in libgc 7.1 (released tarball)

Boehm, Hans hans.boehm at hp.com
Thu Aug 21 15:13:00 PDT 2008


Thank you again.  I committed the patch to the CVS tree.  Looking back at the code, I don't think this problem existed in 6.8.  Others running 7.1 may want to apply this ahead of a 7.2 release.

I believe the only failure modes are

a) segmentation fault in the collector as it tries to scan nonexistent memory.  Seems to be very rare.

b) unnecessary scanning of free blocks, possibly resulting in extra memory retention.  Also seems to be fairly infrequent.  I couldn't easily reproduce the failure, even with the assertion to specifically check for this condition.

Hans

> -----Original Message-----
> From: ktreichel at web.de [mailto:ktreichel at web.de]
> Sent: Thursday, August 21, 2008 12:46 AM
> To: Boehm, Hans
> Cc: Bruce Hoult; gc at napali.hpl.hp.com
> Subject: RE: [Gc] Segfault in GC_mark_from in libgc 7.1
> (released tarball)
>
> Am Mittwoch, den 20.08.2008, 20:27 +0000 schrieb Boehm, Hans:
> > Thank you!
> >
> > That indeed does seem to be a long-standing bug.  There are
> paths into GC_push_marked in which h is an unallocated block.
>  Unfortunately, that doesn't seem to happen much with the
> standard tests on my machine.  It probably requires some
> amount of uncollectable allocation incremental collection,
> and/or mark stack overflows to trigger the bug.
> >
> > I'll check in the assertion, since that doesn't cost
> anything with default builds, and might catch such things
> earlier in the future.
> >
> > Can you try the attached patch to mark.c?  (This is a patch
> against a
> > slight variant of the CVS trunk.  It may need minor
> tweaking for 7.1.) I've also pasted it here, in case the
> attachment doesn't make it:
> >
> > Index: mark.c
> > ===================================================================
> > RCS file: /cvsroot/bdwgc/bdwgc/mark.c,v retrieving revision
> 1.7 diff
> > -u -r1.7 mark.c
> > --- mark.c      26 Jul 2008 00:51:33 -0000      1.7
> > +++ mark.c      20 Aug 2008 20:16:17 -0000
> > @@ -1802,7 +1802,7 @@
> >  {
> >      hdr * hhdr = HDR(h);
> >
> > -    if (EXPECT(IS_FORWARDING_ADDR_OR_NIL(hhdr), FALSE)) {
> > +    if (EXPECT(IS_FORWARDING_ADDR_OR_NIL(hhdr) ||
> HBLK_IS_FREE(hhdr),
> > + FALSE)) {
> >        h = GC_next_used_block(h);
> >        if (h == 0) return(0);
> >        hhdr = GC_find_header((ptr_t)h); @@ -1819,7 +1819,8 @@
> >
> >      if (!GC_dirty_maintained) { ABORT("dirty bits not set up"); }
> >      for (;;) {
> > -       if (EXPECT(IS_FORWARDING_ADDR_OR_NIL(hhdr), FALSE)) {
> > +       if (EXPECT(IS_FORWARDING_ADDR_OR_NIL(hhdr)
> > +                  || HBLK_IS_FREE(hhdr), FALSE)) {
> >            h = GC_next_used_block(h);
> >            if (h == 0) return(0);
> >            hhdr = GC_find_header((ptr_t)h); @@ -1850,7 +1851,8 @@
> >      hdr * hhdr = HDR(h);
> >
> >      for (;;) {
> > -       if (EXPECT(IS_FORWARDING_ADDR_OR_NIL(hhdr), FALSE)) {
> > +       if (EXPECT(IS_FORWARDING_ADDR_OR_NIL(hhdr)
> > +                  || HBLK_IS_FREE(hhdr), FALSE)) {
> >            h = GC_next_used_block(h);
> >            if (h == 0) return(0);
> >            hhdr = GC_find_header((ptr_t)h);
> >
> > Hans
>
> Thank you, this patch fixes the segfault on my box.
>
> Klaus
>



More information about the Gc mailing list