[Gc] DONT_ADD_BYTE_AT_END and GC_malloc(0) (gc-7.1)

Shiro Kawai shiro at lava.net
Tue May 6 07:15:28 PDT 2008


(Note for the list adminstrator: I posted this from a different
address and it's being held for approval; please discard it.)

We found that gctest of gc-7.1 may abort or enter an infinite loop
if the gc code is compiled with -DDONT_ADD_BYTE_AT_END=1.
Specifically, it aborts on MacOSX Leopard and it randomly enters
infinite loop on Linux/x86 2.6.24 w/ gcc 4.1.2

We found that the problem occurs in a collection triggered
within this loop (tests/test.c line 1143):

        {
	   size_t i;
	   for (i = 0; i < 10000; ++i) {
	     GC_MALLOC(0);
	     GC_FREE(GC_MALLOC(0));
	     GC_MALLOC_ATOMIC(0);
	     GC_FREE(GC_MALLOC_ATOMIC(0));
	   }
	 }

Commenting out the two GC_FREE lines stops the abnormal behavior.

One possible explanation I came up is that, with DONT_ADD_BYTE_AT_END,
a pointer that points to just past an allocated object doesn't prevent
the object to be collected, and since the returned pointer of
GC_MALLOC(0) logically points to "just past" the imaginary zero-byte
object, so it may be reclaimed between GC_MALLOC(0)'s return and
the call of GC_FREE, causing already collected pointer to be passed
to GC_FREE, which eventually does harm to gc internals.

However, skimming at the code, it appears that GC_MALLOC(0) does
allocate something (since GC_size_map[0] is 1).  So my theory above
seems shaky.

Is it just GC_malloc(0) isn't supposed to be used with DONT_ADD_BYTE_AT_END,
or is there deeper problem with DONT_ADD_BYTE_AT_END?

--shiro


More information about the Gc mailing list