From: Mathieu Othacehe <othacehe@gnu.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 58732@debbugs.gnu.org
Subject: bug#58732: installer: finalizers & device destroy segfault
Date: Mon, 07 Nov 2022 17:37:24 +0100 [thread overview]
Message-ID: <8735auwwjf.fsf@gnu.org> (raw)
In-Reply-To: <87iljquc3a.fsf@gnu.org> ("Ludovic Courtès"'s message of "Mon, 07 Nov 2022 14:29:45 +0100")
[-- Attachment #1: Type: text/plain, Size: 1882 bytes --]
Hola,
> Finalizers are set on pointer objects, so they’re invoked when the
> pointer object goes out of scope. But:
>
> (eq? (make-pointer 123) (make-pointer 123))
> => #f
I agree, but somehow this works:
--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> ,use (parted)
scheme@(guile-user)> (eq? (get-device "/tmp/test.img") (get-device "/tmp/test.img"))
$3 = #t
--8<---------------cut here---------------end--------------->8---
denoting that the "pointer->device!" procedure is working correctly and
the underlying pointer object returned by pointer->procedure is the
same.
> So a possible mistake is to add one finalizer on each pointer object and
> have several pointer objects aliasing the same C object; that’s how you
> can get the same “free” function called several times on the same C
> object.
I don't think that what's happening. I have monitored closely the
%devices weak hash table and it never exceeds the total device count.
We have multiple finalizers registered for the same C pointer but that's
because the weak hash table may be cleaned by (gc) calls, leaving the
opportunity for multiple finalizers registration on the same C pointer.
I attached a reproducer that exposes the double free issue.
--8<---------------cut here---------------start------------->8---
sudo -E guile ~/tmp/parted-bug.scm
double free or corruption (!prev)
Aborted
--8<---------------cut here---------------end--------------->8---
We could save up somewhere which pointers have registered finalizers but
that would prevent the devices garbage collection, in the same way as if
%device was a plain hash table and not a weak one.
That could well be a solution, as I cannot see at the moment how we
could preserve this mechanism and avoid multiple finalization.
Thanks,
Mathieu
[-- Attachment #2: parted-bug.scm --]
[-- Type: application/octet-stream, Size: 310 bytes --]
(use-modules (parted))
(define (probe)
(probe-all-devices!)
(get-device "/tmp/test.img")
(devices)
1)
(define (a)
(probe)
(probe)
(probe)
(let loop ((i 0))
(when (< i 5)
(sleep 1)
(gc)
(gc)
(probe)
(gc)
(loop (+ 1 i)))))
(a)
(sleep 4)
(gc)
(gc)
(gc)
next prev parent reply other threads:[~2022-11-07 16:38 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-23 9:07 bug#58732: installer: finalizers & device destroy segfault Mathieu Othacehe
2022-11-02 10:55 ` Ludovic Courtès
2022-11-03 11:09 ` Mathieu Othacehe
2022-11-03 11:25 ` Ludovic Courtès
2022-11-06 17:17 ` Mathieu Othacehe
2022-11-07 13:29 ` Ludovic Courtès
2022-11-07 16:37 ` Mathieu Othacehe [this message]
2022-11-09 15:25 ` Mathieu Othacehe
2022-11-10 11:42 ` Ludovic Courtès
2022-11-10 12:29 ` Mathieu Othacehe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8735auwwjf.fsf@gnu.org \
--to=othacehe@gnu.org \
--cc=58732@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.