Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0006462OCamlOCaml runtime systempublic2014-06-18 21:262014-09-14 22:38
Assigned To 
Platformamd64OSLinuxOS VersionUbuntu 12.04
Product Version4.01.0 
Target Version4.02.2+devFixed in Version 
Summary0006462: Dynlinking duplicate module clobbers host program state
DescriptionIf you inadvertently duplicate a module between the executable and a dynamically loaded library, for example by adding an extraneous -linkpkg when building a .cmxs, loading the library will "re-initialize" the static data owned by the executable's copy of the module.

I've attached a tarball which demonstrates this. I would expect there to be a private copy of "myval" in lib2.cmxs, so that main continues to see 69105 instead of 42. (Alternatively, there could be an explicit treatment of symbol visibility and overriding, so that the user can control what happens, but that seems to be opening a can of worms.)

This is related to issue 0004839, but applies even if you have compatible signatures. It's not a type-correctness problem so much as a general semantic bug.

It seems worth mentioning that this also seems to make the GC corrupt the program . Perhaps the root set gets clobbered somehow? The smallest example I have is a null CIL plugin, which is also included in the tarball -- "make run-cilly". This segfaults on my machine. If you dig around in gdb using watchpoints, you find that the storage allocated by the second initializer (e.g. try watching Pretty.aligns, which for me is at &camlPretty + 0x190 bytes) gets silently re-used as if it were unreachable (e.g. I have seen it being updated to point to a function, not a list, which is clearly wrong). Since the old pointer is still live, this quickly crashes the program. I'll be happy to help anybody reproduce this.
Steps To ReproduceExtract tarball, run make.

To see the GC problem, make sure you have CIL installed and then make run-cilly.
Additional InformationI was hoping the simple test case would illustrate the GC problems too, which is why I made it run in a loop and keep allocating... but it doesn't crash for me.
TagsNo tags attached.
Attached Filesgz file icon ocaml-dynlink-clobber-bug.tar.gz [^] (1,126 bytes) 2014-06-18 21:26

- Relationships
related to 0004839acknowledged natdynlink reproducible segfault 

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2014-06-18 21:26 stephenrkell New Issue
2014-06-18 21:26 stephenrkell File Added: ocaml-dynlink-clobber-bug.tar.gz
2014-07-16 10:22 doligez Relationship added related to 0004839
2014-07-16 10:23 doligez Status new => acknowledged
2014-07-16 16:43 doligez Target Version => 4.02.1+dev
2014-09-04 00:25 doligez Target Version 4.02.1+dev => undecided
2014-09-14 22:38 doligez Target Version undecided => 4.02.2+dev

Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker