From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Ken Raeburn Newsgroups: gmane.emacs.devel Subject: Re: Conservative GC isn't safe Date: Mon, 28 Nov 2016 04:36:56 -0500 Message-ID: <1CB11DFF-E6C2-4A1B-BE7E-8877DC38DB0A@raeburn.org> References: <66485157-00cd-4704-a421-cbfe84299cae@cs.ucla.edu> <805F5A19-BFAF-4CA4-AAD6-497C6D554830@raeburn.org> <6e5c928f-8130-08a6-d72d-1b64cc022846@cs.ucla.edu> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1480325865 16041 195.159.176.226 (28 Nov 2016 09:37:45 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 28 Nov 2016 09:37:45 +0000 (UTC) Cc: Stefan Monnier , emacs-devel@gnu.org To: Paul Eggert Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Nov 28 10:37:37 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cBINU-0002r0-RW for ged-emacs-devel@m.gmane.org; Mon, 28 Nov 2016 10:37:37 +0100 Original-Received: from localhost ([::1]:57544 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cBINY-0007ie-Gk for ged-emacs-devel@m.gmane.org; Mon, 28 Nov 2016 04:37:40 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40995) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cBIMy-0007Ox-Kh for emacs-devel@gnu.org; Mon, 28 Nov 2016 04:37:05 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cBIMu-00017c-2l for emacs-devel@gnu.org; Mon, 28 Nov 2016 04:37:04 -0500 Original-Received: from mail-qk0-x241.google.com ([2607:f8b0:400d:c09::241]:34380) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cBIMt-00017R-Ta for emacs-devel@gnu.org; Mon, 28 Nov 2016 04:37:00 -0500 Original-Received: by mail-qk0-x241.google.com with SMTP id y205so12474267qkb.1 for ; Mon, 28 Nov 2016 01:36:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raeburn-org.20150623.gappssmtp.com; s=20150623; h=subject:mime-version:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=tm6dw2de7Q/Fuy9oN7liKGtpz74ZBhQVMw5g2wzNWOg=; b=RNu6r/9RXzKdhx4WRx7joc2SDA2++mEerwOBTvmIr507CKtCjEyFQxerydH3hN5PMZ 0EvSimcr6j6SIS2EaI1e7Jzfty6ZHEU2+SftHUF/NBlOZRrzPZLEUCr2CUElFLK+sCma vCXebX8XYBpXKxCGUouhIuHVaX82umxWKMpneR4bkwSplzz8UQfnYOs23Smt/75YmqHZ CcHR3+ewuiq1dQPm+W88nbjFZmtBOocikVH9Y5bDItYRj93Xm8U9TZGH0GD4+ihgXW23 2zJ2Oy2UjFPAPwa1AxA/xxfbWwCAjwctXhodqVltTaS6EyO5B2ucCP7S0KHhHXmC4t11 SgTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=tm6dw2de7Q/Fuy9oN7liKGtpz74ZBhQVMw5g2wzNWOg=; b=bC6m9so5K7+aQ7UCUJdK51wfCKZS7+522hzBNM4IaIF/gF2AKHN6BKV8XxHLNvHeQe 08qXJxQntfTIKVCY8+p9MmNKc5wW3bga/najrVjxbk5jJwAJ1/8rZbCzX6ejX+cLYB1I aydxaFMl3NE9AmuvmaV9Xp5IjBrUASK6hD7xhpEgO6S9cErIfPqayQbT6N/JsoGo9aLA FHZ2yiQsj/bNNgl/k3PhATY01KgEj67tAZdM9DV8wdtuvwK0yQpzoy0DCcH7dLxGFpj7 iYVepskLOhdRW4Gvs9HrBNi/PeE0T331flBaRcfUzTgR4HxHjadOTxh0uu4CeiaUgcAy qzsw== X-Gm-Message-State: AKaTC00WTIX0yM0PkfOP8rTdvnywG0S6D3B4o/MnWtDuTMvWmdBdWw0PxFSguXfeGn6MrA== X-Received: by 10.55.92.195 with SMTP id q186mr16592337qkb.170.1480325819109; Mon, 28 Nov 2016 01:36:59 -0800 (PST) Original-Received: from [192.168.23.52] (c-50-138-183-136.hsd1.ma.comcast.net. [50.138.183.136]) by smtp.gmail.com with ESMTPSA id s89sm27912464qkl.27.2016.11.28.01.36.57 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 28 Nov 2016 01:36:58 -0800 (PST) In-Reply-To: <6e5c928f-8130-08a6-d72d-1b64cc022846@cs.ucla.edu> X-Mailer: Apple Mail (2.3124) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2607:f8b0:400d:c09::241 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:209644 Archived-At: On Nov 27, 2016, at 11:15, Paul Eggert wrote: >=20 > Ken Raeburn wrote: >>> > Indeed. Hans Boehm's done a fair bit of research in this issue, >>> > including discussing the underlying assumptions and arguing that >>> > compilers should (and usually do) guarantee those assumptions. >=20 >> I=E2=80=99d be surprised if that held reliably when the last use of a = Lisp_Object in some function extracts an object pointer and then never = references the Lisp_Object as such ever again. >=20 > That's not a problem for Emacs, since the Emacs GC marks the object = either way. Ah, sorry, I misunderstood the case Daniel was describing. Yes, the = case I was thinking of is in fact handled; stack slots holding either = Lisp_Object values or pointers to the start of the Lisp data structures = will be fine. But we do use interior pointers sometimes; looking at Fsubstring=E2=80=99s= handling of a vector object: else res =3D Fvector (ito - ifrom, aref_addr (string, ifrom)); return res; } =E2=80=A6 here we pass Fvector a pointer to somewhere within the = =E2=80=9Ccontents=E2=80=9D array of the vector passed as argument = =E2=80=9Cstring=E2=80=9D; it=E2=80=99s neither the Lisp_Object value, = nor the start of the allocated structure. Now, I don=E2=80=99t think = this is a case that can trigger GC at the critical time. But clearly = we=E2=80=99ve got at least one case where we keep an interior pointer = and =E2=80=94 locally, at least; the caller could be another matter =E2=80= =94 don=E2=80=99t keep a live handle on the object itself. And the compiler can do it too. For example, if we did something like = this: DEFUN (=E2=80=9Cfrob-array-elts", Ffrob_array_elts, Sfrob_array_elts, = 1, 1, 0, doc: /* Blah */ ) (Lisp_Object obj) { int i; for (i =3D 0; i < 30; i +=3D 3) { frob (AREF (obj, i)); } return Qnil; } I tried compiling this (=E2=80=9Cgcc version 4.9.2 (Debian 4.9.2-10)=E2=80= =9D on x86-64). The generated code computes obj+3 (vector tag is 5, = contents array starts at offset 8) and obj+0xf3 (end of the iteration), = and overwrites the register containing the original =E2=80=9Cobj=E2=80=9D = value with the argument to be passed to =E2=80=9Cfrob=E2=80=9D. If, in this case, =E2=80=9Cfrob=E2=80=9D were something that could = trigger GC, then stack scanning would not see =E2=80=9Cobj=E2=80=9D, at = least not in this stack frame. And if the caller is doing something = like: Ffrob_array_elts (get_vector_of_stuff ()); then the caller needn=E2=80=99t retain any other references to =E2=80=9Cob= j=E2=80=9D either. Ken=