[Gc] Segfault in GC_mark_from

Klaus Treichel ktreichel at web.de
Mon Oct 27 11:37:54 PST 2008


Hi,

i've found an inconsistency between GC_malloc_explicitly_typed and
GC_generic_malloc.

The sizes of the blocks should be allocated in sizes of multiple
granules according to the docs.

That's changed in GC_malloc_explicitly_typed. In GC_generic_malloc the
size for large blocks is still rounded to words. (Line 166 in malloc.c).

I changed this line from 
	lw = ROUNDED_UP_WORDS(lb);
to
	lw = GRANULES_TO_WORDS(ROUNDED_UP_GRANULES(lb));

The problem is that lw is used to clear portions of the memory allocated
while holding the lock that might be used for type descriptors.
Rounding to size of word can cause lw being one word too small resulting
that the location of the type descripror is not cleared while holding
the lock. This can result in false memory being used as type descriptor
if a collection starts before the block is really cleared.

My testcase is running for a while now without segfaulting but i'll let
it run for some time to be sure.

Klaus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://napali.hpl.hp.com/pipermail/gc/attachments/20081027/ffc02bdb/attachment.pgp


More information about the Gc mailing list