all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Mathieu Othacehe <othacehe@gnu.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 58732@debbugs.gnu.org
Subject: bug#58732: installer: finalizers & device destroy segfault
Date: Mon, 07 Nov 2022 17:37:24 +0100	[thread overview]
Message-ID: <8735auwwjf.fsf@gnu.org> (raw)
In-Reply-To: <87iljquc3a.fsf@gnu.org> ("Ludovic Courtès"'s message of "Mon, 07 Nov 2022 14:29:45 +0100")

[-- Attachment #1: Type: text/plain, Size: 1882 bytes --]


Hola,

> Finalizers are set on pointer objects, so they’re invoked when the
> pointer object goes out of scope.  But:
>
>   (eq? (make-pointer 123) (make-pointer 123))
>   => #f

I agree, but somehow this works:

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> ,use (parted)
scheme@(guile-user)> (eq? (get-device "/tmp/test.img") (get-device "/tmp/test.img"))
$3 = #t
--8<---------------cut here---------------end--------------->8---

denoting that the "pointer->device!" procedure is working correctly and
the underlying pointer object returned by pointer->procedure is the
same.

> So a possible mistake is to add one finalizer on each pointer object and
> have several pointer objects aliasing the same C object; that’s how you
> can get the same “free” function called several times on the same C
> object.

I don't think that what's happening. I have monitored closely the
%devices weak hash table and it never exceeds the total device count.

We have multiple finalizers registered for the same C pointer but that's
because the weak hash table may be cleaned by (gc) calls, leaving the
opportunity for multiple finalizers registration on the same C pointer.

I attached a reproducer that exposes the double free issue.

--8<---------------cut here---------------start------------->8---
sudo -E guile ~/tmp/parted-bug.scm
double free or corruption (!prev)
Aborted
--8<---------------cut here---------------end--------------->8---

We could save up somewhere which pointers have registered finalizers but
that would prevent the devices garbage collection, in the same way as if
%device was a plain hash table and not a weak one.

That could well be a solution, as I cannot see at the moment how we
could preserve this mechanism and avoid multiple finalization.

Thanks,

Mathieu

[-- Attachment #2: parted-bug.scm --]
[-- Type: application/octet-stream, Size: 310 bytes --]

(use-modules (parted))

(define (probe)
  (probe-all-devices!)
  (get-device "/tmp/test.img")
  (devices)
  1)

(define (a)
  (probe)
  (probe)
  (probe)

  (let loop ((i 0))
    (when (< i 5)
      (sleep 1)
      (gc)
      (gc)
      (probe)
      (gc)
      (loop (+ 1 i)))))

(a)
(sleep 4)
(gc)
(gc)
(gc)

  reply	other threads:[~2022-11-07 16:38 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-23  9:07 bug#58732: installer: finalizers & device destroy segfault Mathieu Othacehe
2022-11-02 10:55 ` Ludovic Courtès
2022-11-03 11:09   ` Mathieu Othacehe
2022-11-03 11:25     ` Ludovic Courtès
2022-11-06 17:17       ` Mathieu Othacehe
2022-11-07 13:29         ` Ludovic Courtès
2022-11-07 16:37           ` Mathieu Othacehe [this message]
2022-11-09 15:25             ` Mathieu Othacehe
2022-11-10 11:42               ` Ludovic Courtès
2022-11-10 12:29                 ` Mathieu Othacehe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8735auwwjf.fsf@gnu.org \
    --to=othacehe@gnu.org \
    --cc=58732@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.