From: Goswin von Brederlow <goswin-v-b@web.de>
To: OCaml List <caml-list@inria.fr>
Subject: [Caml-list] memory corruption with Weak.t in Gc.finalise
Date: Tue, 8 Mar 2016 16:49:48 +0100 [thread overview]
Message-ID: <20160308154948.GA5919@frosties> (raw)
Hi,
I found a memory corruption in Gc.finalise when sharing a Waek.t with
C stubs. I made a small test case and it's gotten worse. The code now
segfaults:
https://github.com/mrvn/ocam-problems/tree/weak-finalise
The problem I had was the address of the obj stored in the Weak.t
changes (which might be the GC moving it?) and also the tag changes
from 248 (Object_tag) to 168 (random constructor).
With my smaller test case I further get:
Program received signal SIGSEGV, Segmentation fault.
0x000000000043c9f8 in caml_format_exception ()
(gdb) bt
#0 0x000000000043c9f8 in caml_format_exception ()
#1 0x000000000043cbc1 in caml_fatal_uncaught_exception ()
#2 0x000000000043b1a7 in caml_main ()
#3 0x000000000042c45d in main ()
Ideas what is going on there?
MfG
Goswin
------------------------------------------------------------------------
==> Makefile <==
all: test
./test
test: main.cmx stubs.o
ocamlopt -o $@ $+
%.cmx: %.ml
ocamlopt -g -c -o $@ $<
%.o: %.c
gcc -O2 -W -Wall -g -c -o $@ $<
clean:
rm -f test *.o *.cmx *.cmi *~
==> main.ml <==
external setup : 'a Weak.t -> unit = "setup"
external test : unit -> unit = "test"
let cleanup obj =
Printf.printf "cleanup\n%!";
test ()
class obj = object(self)
val weak = Weak.create 1
initializer Weak.set weak 0 (Some self)
initializer setup weak
initializer Gc.finalise cleanup self
end
let () =
Printf.printf "Creating object\n%!";
ignore (new obj);
test ()
let () =
Printf.printf "Garbage collection\n%!";
Gc.full_major ()
let () =
Printf.printf "checking after GC\n%!";
test ()
==> stubs.c <==
#include <stdio.h>
#include <caml/mlvalues.h>
#include <caml/memory.h>
value weak;
void setup(value ml_weak) {
CAMLparam1(ml_weak);
printf("%s(0x%lx)\n", __PRETTY_FUNCTION__, ml_weak);
weak = ml_weak;
caml_register_generational_global_root(&weak);
CAMLreturn0;
}
void test(void) {
CAMLparam0();
CAMLlocal1(obj);
printf("%s\n", __PRETTY_FUNCTION__);
printf(" weak = 0x%lx\n", weak);
if (weak != 0) {
obj = Field(weak, 1);
printf(" obj = 0x%lx\n", obj);
if (obj != 0) {
printf(" tag = %d\n", Tag_val(obj));
}
}
printf("%s done\n", __PRETTY_FUNCTION__);
CAMLreturn0;
}
next reply other threads:[~2016-03-08 15:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-08 15:49 Goswin von Brederlow [this message]
2016-03-08 16:00 ` Gabriel Scherer
2016-03-08 19:04 ` Goswin von Brederlow
2016-03-11 15:05 ` François Bobot
2016-03-14 10:32 ` Goswin von Brederlow
2016-03-14 16:44 ` François Bobot
2016-03-15 9:43 ` Goswin von Brederlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160308154948.GA5919@frosties \
--to=goswin-v-b@web.de \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox