From: David Allsopp <dra-news@metastack.com>
To: Alexey Rodriguez <alexey@vectorfabrics.com>,
"caml-list@inria.fr" <caml-list@inria.fr>
Subject: RE: [Caml-list] Exception values may crash GC when interfacing C and Caml
Date: Wed, 2 May 2012 11:28:06 +0000 [thread overview]
Message-ID: <E51C5B015DBD1348A1D85763337FB6D9C299E98C@Remus.metastack.local> (raw)
In-Reply-To: <CAHg28AXdDJdpMmziZx7UHt1AdC3xnkB63B1uX-5NNX9nqdeSsg@mail.gmail.com>
Alexey Rodriguez wrote:
> Dear all,
>
> We are experiencing crashes in Caml-calling C code. This happens if
> garbage collection runs after Caml code has raised an exception. We now
> understand why this happens but we are puzzled as to why the "Interfacing
> C with Ocaml" chapter of the Ocaml manual doesn't warn about this
> situation.
>
> Suppose you have C code that calls Caml code as follows:
>
> ...
> CAMLparam2(v1,v2);
> CAMLlocal2(...,res);
> res = callback2_exn(...,v1,v2);
> foobar();
> ...
>
> We have found that this code will crash with "Fatal error: out of memory."
> if the following two things happen:
> * the function called by [callback2_exn] raises an exception, and
> * [foobar] triggers a garbage collection through the allocation of values
> in the Caml heap. (just calling [caml_gc_full_major] is enough to cause
> the crash).
>
> The reason for this crash is that [res] will contain an invalid pointer if
> an exception is thrown. The GC follows this bogus pointer ([res] is
> registered as a root by [CAMLlocal2]) which ultimately causes a crash in
> the GC code. Why does [res] contain a bogus pointer?
> It's not really a bogus pointer, but the lower bits are tagged in order to
> denote a thrown exception. These bits are usually tested/cleared by
> [Is_exception_result] and [Extract_exception].
This is already in the manual, but I agree that the requirement to do so could be stated more clearly. Section 18.7.1[1], last paragraph states "The return v of the caml_callback*_exn function **must** be tested with the macro Is_exception_result(v)". It also clearly indicates that v is only a valid [value] if Is_exception_result(v) returns false so storing the return of caml_callback*_exn in a local root and allowing the Gc to run before you update that root with the result of Extract_exception is "obviously" a Gc violation.
David
[1] http://caml.inria.fr/pub/docs/manual-ocaml/manual032.html#htoc245
next prev parent reply other threads:[~2012-05-02 11:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-02 11:18 Alexey Rodriguez
2012-05-02 11:28 ` David Allsopp [this message]
2012-05-02 14:37 ` Alexey Rodriguez
2012-05-02 19:37 ` Wojciech Meyer
2012-05-03 9:21 ` Alexey Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E51C5B015DBD1348A1D85763337FB6D9C299E98C@Remus.metastack.local \
--to=dra-news@metastack.com \
--cc=alexey@vectorfabrics.com \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox