From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 8GOWMwq2PGAeYgAA0tVLHw (envelope-from ) for ; Mon, 01 Mar 2021 09:38:18 +0000 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id mGh/Lwq2PGD0CgAA1q6Kng (envelope-from ) for ; Mon, 01 Mar 2021 09:38:18 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id F35AA2602C for ; Mon, 1 Mar 2021 10:38:17 +0100 (CET) Received: from localhost ([::1]:51376 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lGf0J-0006c8-Sb for larch@yhetil.org; Mon, 01 Mar 2021 04:38:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:59710) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lGf06-0006bS-Af for bug-guix@gnu.org; Mon, 01 Mar 2021 04:38:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:36571) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lGf06-0000Tb-2L for bug-guix@gnu.org; Mon, 01 Mar 2021 04:38:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lGf06-0003zf-0J for bug-guix@gnu.org; Mon, 01 Mar 2021 04:38:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#46796: Cuirass & pointer finalization. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 01 Mar 2021 09:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46796 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mathieu Othacehe Received: via spool by 46796-submit@debbugs.gnu.org id=B46796.161459146715325 (code B ref 46796); Mon, 01 Mar 2021 09:38:01 +0000 Received: (at 46796) by debbugs.gnu.org; 1 Mar 2021 09:37:47 +0000 Received: from localhost ([127.0.0.1]:48117 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGezq-0003z7-MA for submit@debbugs.gnu.org; Mon, 01 Mar 2021 04:37:46 -0500 Received: from eggs.gnu.org ([209.51.188.92]:41778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGezp-0003yr-DG for 46796@debbugs.gnu.org; Mon, 01 Mar 2021 04:37:45 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41757) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lGezj-0000Kd-VP for 46796@debbugs.gnu.org; Mon, 01 Mar 2021 04:37:40 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50118 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lGezf-0000u9-CI; Mon, 01 Mar 2021 04:37:35 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <8735xihq60.fsf@gnu.org> <87ft1hvfm4.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 11 =?UTF-8?Q?Vent=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 01 Mar 2021 10:37:33 +0100 In-Reply-To: <87ft1hvfm4.fsf@gnu.org> (Mathieu Othacehe's message of "Sat, 27 Feb 2021 13:50:59 +0100") Message-ID: <87k0qrusde.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 46796@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1614591498; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=rc3j2I4VmMDYvphRSQkF3qIOCsl9ieE6rPZrHMOk58Q=; b=jaR8+KTs3vL65PGpv9AAIPfkZ+00vC5hiSVKtHxhq6fVGseL4t43ZitJpK5gYrDPGPkxIt OUKhgddPhlPpJmIwVjAQXTZQJgqCruZb4oiFacgYIugeCwzNohTqBJ4Yy9VCWCuxbwKceG UWdvwIg8U09w0NwacFgudGue7/nISTBtSZNpQbiJTnbYkw3f4QgiSlNxHRShk0PMP+4ucn CDN32X2sIo1oavaF7AXl3sG7RdEyDPi9AGIpRQe6tuugI8WB3yS6YqWb4IJ7wzG25/lH5+ VQ3dDmmpdz4RfOvP6j3o1fPI7+wkUGixTnDwFN6AZOZ/Ndzvc4wCsZDpGd3n7A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1614591498; a=rsa-sha256; cv=none; b=n6zjay/Y9KIe988gUXvLi56itkDNEQDCnBt1+sQL0j6Ww0hspJnozXySri44HJ/IvXSLGV 7/sr6U5ooAdlUVHub1dzV3k7f7M6udSmIjueiKKoJ276elODqt+MmacIa8iDq6PUIYEnlv awsKe4MjTHOAxdPctCVGXeA9uhqDIv0laGPTmF1ByKMJcEi2kdNM5r+apF+8FTfmhDkGeZ 6u+JNXu/GXhvFHFCju0kboAG2oRlM8Dk4j5V6ALL2MAH973NzTewNgsnlzv+WEcJt85e0S YmuaUVLyYQiWEtcdyjEtM+d3xuRlRnv2JL1K/YnFWctPpFyxiRcTje5TUYLOcQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -2.87 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: F35AA2602C X-Spam-Score: -2.87 X-Migadu-Scanner: scn0.migadu.com X-TUID: FyP6qwfP8Opl Hi! Mathieu Othacehe skribis: > Here's a Valgrind backtrace: > > =3D=3D97844=3D=3D Thread 17: > =3D=3D97844=3D=3D Invalid read of size 4 > =3D=3D97844=3D=3D at 0x114465B9: zmq::msg_t::close() (in /gnu/store/zd= 9lbfqa3170nsfd4177dnr38k1sjbnc-zeromq-4.3.4/lib/libzmq.so.5.2.4) First, is this function idempotent? (Is it OK to close an msg_t multiple times.) Second, remember that finalizers can run in a separate thread. Thus, you must make sure there are no other threads, such as ZMQ=E2=80=99s intern= al threads, still operating on the object when it is freed. > =3D=3D97844=3D=3D by 0x3A58E98F: ???=20 > =3D=3D97844=3D=3D by 0x489AC78: chained_finalizer (in /gnu/store/q8brh= 7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x49A16EE: GC_invoke_finalizers (in /gnu/store/iy= cnpxxrg8m9wf9w58d6zvp9sdby6m9d-libgc-7.6.12/lib/libgc.so.1.3.6) > =3D=3D97844=3D=3D by 0x489AF08: scm_run_finalizers (in /gnu/store/q8br= h7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x489AF8C: finalization_thread_proc (in /gnu/stor= e/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x488BB09: c_body (in /gnu/store/q8brh7j5mwy0hbrl= y6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x4913148: vm_regular_engine (in /gnu/store/q8brh= 7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x49145B4: scm_call_n (in /gnu/store/q8brh7j5mwy0= hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x4890BB9: scm_call_2 (in /gnu/store/q8brh7j5mwy0= hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x48923B9: scm_c_with_exception_handler (in /gnu/= store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.= 0) > =3D=3D97844=3D=3D by 0x4909C3C: scm_c_catch (in /gnu/store/q8brh7j5mwy= 0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D Address 0x7373313569316263 is not stack'd, malloc'd or= (recently) free'd > > > It looks like the finalizer is operating on a memory region that has > already been free'd. The documentation associated with the > finalization functions in says: > > /* When obj is no longer accessible, invoke */ > /* (*fn)(obj, cd). If a and b are inaccessible, and */ > /* a points to b (after disappearing links have been */ > /* made to disappear), then only a will be */ > > > As far as I understand, OBJ is the wrapped pointer to the bytevector > created in "zmq-msg-init". There's a weak reference between the pointer > and the bytevector that is introduced by "register_weak_reference" in > "bytevector->pointer". There are (roughly) three objects here: the =E2=80=9Cmsg=E2=80=9D, the poin= ter object, and the bytevector that pointer refers to. The bytevector may be freed when the pointer object becomes unreachable. But you probably also need a weak link from the =E2=80=9Cmsg=E2=80=9D objec= t to the pointer object to ensure that the pointer object outlives the msg object. You also need to check the zmq::msg_t::close memory semantics: does it free the data associated with the message? If so, that=E2=80=99s redundant= with the pointer finalizer. > My interrogation is: do I have the guarantee that the pointer and its > references are still readable from within the finalizer? The above > snippet says that FN is invoked when OBJ is unaccessible, but does this > mean its content may have already been collected? Not sure, but most likely the problem is at a higher layer. :-) If you can get a reduced test case to run under =E2=80=98rr=E2=80=99, that = should allow you to see where the message was first freed. This is all pretty vague and general, but I HTH! Ludo=E2=80=99.