Opened 12 years ago
Closed 12 years ago
#723 closed defect (fixed)
using set-finalizer in this loop triggers a OOM panic / segfault
| Reported by: | Christian Kellermann | Owned by: | felix winkelmann |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | unknown | Version: | 4.7.x |
| Keywords: | Cc: | ||
| Estimated difficulty: |
Description
This innocent looking program crashes:
(use lolevel)
(define (make-stuff)
(let ((mem (allocate 100)))
(set-finalizer! mem free)
mem))
(let lp ((i 0))
(make-stuff)
(lp (add1 i)))
This has been confirmed by Peter on NetBSD, I have the situation that it works for me if I add a (print i) before (make-stuff). Peter cannot see the same behaviour on his machine.
I have tried 4.5.0 4.7.0 and master from last week. All show the same strange thing.
Am I misusing this? I stumbled upon it during some allocation in an egg for a FFI buffer...
Change History (12)
comment:1 Changed 12 years ago by
comment:2 Changed 12 years ago by
Does this happen with the current HEAD? I can't reproduce this right now (only tried on Windows). What is shown when the code is compiled and run with "-:d" ?
comment:3 Changed 12 years ago by
gah, this is weird...
(use lolevel)
(define (make-stuff)
(let ((mem (allocate 1000)))
(set-finalizer! mem free)
mem))
(let lp ((i 0))
(print i)
(make-stuff)
(lp (add1 i)))
either one of these version crashes for me now on OpenBSD 32 bit 4.7.0 (sorry I don't have a more recent version there)
The above program does crash with current master on 64 bit linux when adding -O3. With the print output sent to /dev/null I get this:
./bla -:d >/dev/null [debug] application startup... [debug] heap resized to 500000 bytes [debug] stack bottom is 0x7ffff803d090. [debug] entering toplevel toplevel... [debug] stack resized to 262144 bytes [debug] entering toplevel library_toplevel... [debug] entering toplevel build_2dversion_toplevel... [debug] resizing heap dynamically from 500k to 1032k ... [debug] entering toplevel eval_toplevel... [debug] entering toplevel expand_toplevel... [debug] entering toplevel modules_toplevel... [debug] entering toplevel lolevel_toplevel... [debug] entering toplevel srfi_2d69_toplevel... [debug] resizing heap dynamically from 1032k to 2196k ... [panic] out of memory - heap full while resizing - execution terminated ...more... bla.scm:6: set-finalizer! bla.scm:12: lp bla.scm:10: print bla.scm:11: make-stuff bla.scm:5: allocate bla.scm:6: set-finalizer! bla.scm:12: lp bla.scm:10: print bla.scm:11: make-stuff bla.scm:5: allocate bla.scm:6: set-finalizer! bla.scm:12: lp bla.scm:10: print bla.scm:11: make-stuff bla.scm:5: allocate bla.scm:6: set-finalizer! <--
comment:4 Changed 12 years ago by
Note that it only crashes when compiled! (the OP forgot to mention this)
comment:7 Changed 12 years ago by
I suggest to postpone investigating this to after the 4.8.0 release.
comment:8 Changed 12 years ago by
| Milestone: | 4.8.0 |
|---|
comment:11 Changed 12 years ago by
No longer crashes when the patch from here http://lists.nongnu.org/archive/html/chicken-hackers/2012-06/msg00080.html is applied
comment:12 Changed 12 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Yep, seems to do the right thing now. Thanks!
I managed to get a stacktrace from gdb:
Starting program: /home/ckeen/proj/chicken/doodle/small-test Program received signal SIGSEGV, Segmentation fault. [Switching to process 1287, thread 0x88518400] 0x0b075c74 in really_remark (x=0x7c5bd1e8) at runtime.c:3300 3300 h = p->header; (gdb) bt #0 0x0b075c74 in really_remark (x=0x7c5bd1e8) at runtime.c:3300 #1 0x0b075903 in C_rereclaim2 (size=516388, double_plus=0) at runtime.c:3211 #2 0x0b0b31a9 in allocate_vector_2 (dummy=0x2ae686c0) at runtime.c:7003 #3 0x0b0716b7 in CHICKEN_run (toplevel=0x0) at runtime.c:1312 #4 0x0b06f5c6 in CHICKEN_main (argc=1, argv=0xcfbefef8, toplevel=0x1c000df1) at runtime.c:532 #5 0x1c000db8 in main (argc=Cannot access memory at address 0x0 (gdb) p p->header Cannot access memory at address 0xa9a414 (gdb) p *(C_SCHEME_BLOCK*)h $5 = {header = 687865857, data = {-2114364416}}