| Anonymous | Login | Signup for a new account | 2013-05-25 21:20 CEST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0005233 | OCaml | OCaml general | public | 2011-03-01 22:51 | 2012-06-21 16:31 | |||
| Reporter | bobot | |||||||
| Assigned To | doligez | |||||||
| Priority | normal | Severity | crash | Reproducibility | always | |||
| Status | closed | Resolution | fixed | |||||
| Platform | OS | OS Version | ||||||
| Product Version | 3.13.0+dev | |||||||
| Target Version | 4.01.0+dev | Fixed in Version | 4.00.0+dev | |||||
| Summary | 0005233: Finaliser on weak pointers allows to acces invalid address | |||||||
| Description | In bytecode, if a weak pointer and the value it points are garbage collected at the same time, a finaliser which dereferences the weak pointer can access invalid memory. For example the following code produces a segmentation fault : =================== open Printf let target = ref [2;3] let t = ref (Weak.create 1) let () = Weak.set !t 0 (Some !target); Gc.finalise (fun w -> match Weak.get w 0 with | None -> printf "Consistent\n" | Some [] -> printf "How its possible?\n" | Some (i::_) -> printf "Value not garbage collected : %i\n" i) !t (** Force to grow the heap *) let b = ref (Array.create 10000000 1) let () = (** release the target and the weak array *) target := [2]; t := (Weak.create 1); (** Allow the heap to be reduced in order to point outside the heap *) b := Array.create 1 1; (** Start a whole Gc phase *) Gc.compact () ============== | |||||||
| Additional Information | Reproducible with bytecode in 3.11.2 In native code the segmentation code doesn't appear but the target seems not to be garbage collected. The example produces "Value not garbage collected : 2" | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0005899) doligez (manager) 2011-05-17 15:41 |
In fact, you get into trouble as soon as you finalise a weak array. This is a bit troublesome to fix, so it will not be fixed for 3.12.1. |
|
(0007596) doligez (manager) 2012-06-21 16:31 |
As far as I can tell, the "Value not garbage collected" message is consistent with the semantics of weak pointers. I have added a better test case in testsuite/tests/regression/pr5233 Fixed in 4.00 (commit 12625) and trunk (commit 12627). |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-03-01 22:51 | bobot | New Issue | |
| 2011-05-17 15:41 | doligez | Note Added: 0005899 | |
| 2011-05-17 15:41 | doligez | Assigned To | => doligez |
| 2011-05-17 15:41 | doligez | Status | new => assigned |
| 2011-05-17 15:41 | doligez | Target Version | => 3.13.0+dev |
| 2012-05-30 11:03 | doligez | Target Version | 3.13.0+dev => 4.01.0+dev |
| 2012-06-21 16:31 | doligez | Note Added: 0007596 | |
| 2012-06-21 16:31 | doligez | Status | assigned => closed |
| 2012-06-21 16:31 | doligez | Resolution | open => fixed |
| 2012-06-21 16:31 | doligez | Fixed in Version | => 4.00.0+dev |
|
Issue History |
| Copyright © 2000 - 2011 MantisBT Group |
 |