--- Begin Message ---
Subject: |
guile 2.0.13 |
Date: |
Mon, 17 Apr 2017 15:15:10 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
Hello,
The attached simple test calls free functions with bad smob_tag.
I see the same stuff with 2.2.0
There are no errors using the stable 2.0.11 version.
my system is:
Linux linux8 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC
2017 x86_64 x86_64 x86_64 GNU/Linux
box.c
Description: Text Data
Makefile
Description: Text document
test.scm
Description: Text Data
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#26542: guile 2.0.13 |
Date: |
Wed, 19 Apr 2017 10:08:42 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hi,
address@hidden writes:
> Hello,
>
> The attached simple test calls free functions with bad smob_tag.
> I see the same stuff with 2.2.0
> There are no errors using the stable 2.0.11 version.
>
> static size_t
> free_box (SCM box_smob)
> {
> if (SCM_TYP16(box_smob) != scm_tc16_box) {
> // bad type, do not free it
> fprintf (stderr, "[free] error: bad smob 0x%x\n",
> (int)SCM_TYP16(box_smob));
> exit (-1);
> }
> return 0;
> }
I believe this is fallout from this bug fix in which markers and
finalizers could race each other:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19883
The basic issue is that finalizers run asynchronously on values that are
still live, yet they can invalidate invariants on those live values.
Concurrent markers can then see objects which are being concurrently
finalized, causing intermittent hard-to-debug crashes that couldn't be
properly fixed.
The fix was to "null out" the SMOB tag before calling the finalizer, in
such a way to prevent future GCs from invoking the SMOB mark function on
an object that was being finalized. So the new expectation is that
finalizers see the SMOB tag as being scm_tc7_smob + SMOB number 0,
indicating the "finalized" smob type.
I guess we weren't aware of how this might affect other users that check
the SMOB tag during the free function. Apologies for that undocumented
change. It was necessary though to fix 19883.
Andy
--- End Message ---