GNU bug report logs - #46796
Cuirass & pointer finalization.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Severity: important; Reported by: Mathieu Othacehe <othacehe@HIDDEN>; dated Fri, 26 Feb 2021 14:15:02 UTC; Maintainer for guix is bug-guix@HIDDEN.
Severity set to 'important' from 'normal' Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 46796 <at> debbugs.gnu.org:


Received: (at 46796) by debbugs.gnu.org; 1 Mar 2021 09:37:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 01 04:37:47 2021
Received: from localhost ([127.0.0.1]:48117 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lGezq-0003z7-MA
	for submit <at> debbugs.gnu.org; Mon, 01 Mar 2021 04:37:46 -0500
Received: from eggs.gnu.org ([209.51.188.92]:41778)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1lGezp-0003yr-DG
 for 46796 <at> debbugs.gnu.org; Mon, 01 Mar 2021 04:37:45 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:41757)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>) id 1lGezj-0000Kd-VP
 for 46796 <at> debbugs.gnu.org; Mon, 01 Mar 2021 04:37:40 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50118 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1lGezf-0000u9-CI; Mon, 01 Mar 2021 04:37:35 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Mathieu Othacehe <othacehe@HIDDEN>
Subject: Re: bug#46796: Cuirass & pointer finalization.
References: <8735xihq60.fsf@HIDDEN> <87ft1hvfm4.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 11 =?utf-8?Q?Vent=C3=B4se?= an 229 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 01 Mar 2021 10:37:33 +0100
In-Reply-To: <87ft1hvfm4.fsf@HIDDEN> (Mathieu Othacehe's message of "Sat, 27
 Feb 2021 13:50:59 +0100")
Message-ID: <87k0qrusde.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46796
Cc: 46796 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi!

Mathieu Othacehe <othacehe@HIDDEN> skribis:

> Here's a Valgrind backtrace:
>
> =3D=3D97844=3D=3D Thread 17:
> =3D=3D97844=3D=3D Invalid read of size 4
> =3D=3D97844=3D=3D    at 0x114465B9: zmq::msg_t::close() (in /gnu/store/zd=
9lbfqa3170nsfd4177dnr38k1sjbnc-zeromq-4.3.4/lib/libzmq.so.5.2.4)

First, is this function idempotent?  (Is it OK to close an msg_t
multiple times.)

Second, remember that finalizers can run in a separate thread.  Thus,
you must make sure there are no other threads, such as ZMQ=E2=80=99s intern=
al
threads, still operating on the object when it is freed.

> =3D=3D97844=3D=3D    by 0x3A58E98F: ???=20
> =3D=3D97844=3D=3D    by 0x489AC78: chained_finalizer (in /gnu/store/q8brh=
7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
> =3D=3D97844=3D=3D    by 0x49A16EE: GC_invoke_finalizers (in /gnu/store/iy=
cnpxxrg8m9wf9w58d6zvp9sdby6m9d-libgc-7.6.12/lib/libgc.so.1.3.6)
> =3D=3D97844=3D=3D    by 0x489AF08: scm_run_finalizers (in /gnu/store/q8br=
h7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
> =3D=3D97844=3D=3D    by 0x489AF8C: finalization_thread_proc (in /gnu/stor=
e/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
> =3D=3D97844=3D=3D    by 0x488BB09: c_body (in /gnu/store/q8brh7j5mwy0hbrl=
y6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
> =3D=3D97844=3D=3D    by 0x4913148: vm_regular_engine (in /gnu/store/q8brh=
7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
> =3D=3D97844=3D=3D    by 0x49145B4: scm_call_n (in /gnu/store/q8brh7j5mwy0=
hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
> =3D=3D97844=3D=3D    by 0x4890BB9: scm_call_2 (in /gnu/store/q8brh7j5mwy0=
hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
> =3D=3D97844=3D=3D    by 0x48923B9: scm_c_with_exception_handler (in /gnu/=
store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.=
0)
> =3D=3D97844=3D=3D    by 0x4909C3C: scm_c_catch (in /gnu/store/q8brh7j5mwy=
0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
> =3D=3D97844=3D=3D  Address 0x7373313569316263 is not stack'd, malloc'd or=
 (recently) free'd
>
>
> It looks like the finalizer is operating on a memory region that has
> already been free'd. The documentation associated with the
> finalization functions in <gc.h> says:
>
>         /* When obj is no longer accessible, invoke             */
>         /* (*fn)(obj, cd).  If a and b are inaccessible, and    */
>         /* a points to b (after disappearing links have been    */
>         /* made to disappear), then only a will be              */
>
>
> As far as I understand, OBJ is the wrapped pointer to the bytevector
> created in "zmq-msg-init". There's a weak reference between the pointer
> and the bytevector that is introduced by "register_weak_reference" in
> "bytevector->pointer".

There are (roughly) three objects here: the =E2=80=9Cmsg=E2=80=9D, the poin=
ter object,
and the bytevector that pointer refers to.

The bytevector may be freed when the pointer object becomes unreachable.

But you probably also need a weak link from the =E2=80=9Cmsg=E2=80=9D objec=
t to the
pointer object to ensure that the pointer object outlives the msg
object.

You also need to check the zmq::msg_t::close memory semantics: does it
free the data associated with the message?  If so, that=E2=80=99s redundant=
 with
the pointer finalizer.

> My interrogation is: do I have the guarantee that the pointer and its
> references are still readable from within the finalizer? The above
> snippet says that FN is invoked when OBJ is unaccessible, but does this
> mean its content may have already been collected?

Not sure, but most likely the problem is at a higher layer.  :-)

If you can get a reduced test case to run under =E2=80=98rr=E2=80=99, that =
should allow
you to see where the message was first freed.

This is all pretty vague and general, but I HTH!

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#46796; Package guix. Full text available.

Message received at 46796 <at> debbugs.gnu.org:


Received: (at 46796) by debbugs.gnu.org; 27 Feb 2021 12:59:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 27 07:59:59 2021
Received: from localhost ([127.0.0.1]:43370 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lFzCR-0007um-9V
	for submit <at> debbugs.gnu.org; Sat, 27 Feb 2021 07:59:59 -0500
Received: from eggs.gnu.org ([209.51.188.92]:50530)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <othacehe@HIDDEN>) id 1lFzCQ-0007uZ-7Q
 for 46796 <at> debbugs.gnu.org; Sat, 27 Feb 2021 07:59:58 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:58963)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <othacehe@HIDDEN>)
 id 1lFzCK-00082q-Ud; Sat, 27 Feb 2021 07:59:52 -0500
Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=45062 helo=cervin)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <othacehe@HIDDEN>)
 id 1lFzCK-00044Q-86; Sat, 27 Feb 2021 07:59:52 -0500
From: Mathieu Othacehe <othacehe@HIDDEN>
To: zimoun <zimon.toutoune@HIDDEN>
Subject: Re: bug#46796: Cuirass & pointer finalization.
References: <8735xihq60.fsf@HIDDEN> <86im6e1tbr.fsf@HIDDEN>
Date: Sat, 27 Feb 2021 13:59:50 +0100
In-Reply-To: <86im6e1tbr.fsf@HIDDEN> (zimoun's message of "Fri, 26 Feb 2021
 21:12:56 +0100")
Message-ID: <87blc5vf7d.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46796
Cc: 46796 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


Hello zimoun,

> and why is =E2=80=99zmq-message-content=E2=80=99 used for?  Since =E2=80=
=99message=E2=80=99 is
> initialized with zero, I guess.  Well, I am confused by:
>
>   (let ((content-ptr (zmq_msg_data (message->pointer message)))
> [...]
>         (pointer->bytevector content-ptr size))))
>
> =E2=80=A6
>
>         (let ((msg (pointer->message! msg-pointer)))
>           (when content-bv
>             (let ((target (zmq-message-content msg)))
>               (bytevector-copy! content-bv 0 target 0 len)))
>           msg))))
>
> Is =E2=80=99target=E2=80=99 at the same address than =E2=80=99msg=E2=80=
=99?  Maybe =E2=80=99target=E2=80=99 creates
> somehow a dangling pointer.

No 'target' is not at the same address than 'msg', it's just a field of
'msg' that is allocated internally when "zmq_msg_init_size" is called.

Allocating a message with "zmq_msg_init_size" and filling its content by
memcpy'ing data to the memory region pointed by "zmq_msg_data" is the
example given in "Man 3 zmq_msg_send", to I hope this is a valid
use-case :).

Thanks,

Mathieu




Information forwarded to bug-guix@HIDDEN:
bug#46796; Package guix. Full text available.

Message received at 46796 <at> debbugs.gnu.org:


Received: (at 46796) by debbugs.gnu.org; 27 Feb 2021 12:51:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 27 07:51:11 2021
Received: from localhost ([127.0.0.1]:43358 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lFz3u-0007io-O4
	for submit <at> debbugs.gnu.org; Sat, 27 Feb 2021 07:51:11 -0500
Received: from eggs.gnu.org ([209.51.188.92]:49352)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <othacehe@HIDDEN>) id 1lFz3r-0007ia-T7
 for 46796 <at> debbugs.gnu.org; Sat, 27 Feb 2021 07:51:08 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:58920)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <othacehe@HIDDEN>)
 id 1lFz3m-0004Bm-27; Sat, 27 Feb 2021 07:51:02 -0500
Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=45002 helo=cervin)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <othacehe@HIDDEN>)
 id 1lFz3l-0005Tg-DP; Sat, 27 Feb 2021 07:51:01 -0500
From: Mathieu Othacehe <othacehe@HIDDEN>
To: 46796 <at> debbugs.gnu.org
Subject: Re: bug#46796: Cuirass & pointer finalization.
References: <8735xihq60.fsf@HIDDEN>
Date: Sat, 27 Feb 2021 13:50:59 +0100
In-Reply-To: <8735xihq60.fsf@HIDDEN> (Mathieu Othacehe's message of "Fri, 26
 Feb 2021 15:14:31 +0100")
Message-ID: <87ft1hvfm4.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46796
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


Hey,

Here's a Valgrind backtrace:

--8<---------------cut here---------------start------------->8---
==97844== Thread 17:
==97844== Invalid read of size 4
==97844==    at 0x114465B9: zmq::msg_t::close() (in /gnu/store/zd9lbfqa3170nsfd4177dnr38k1sjbnc-zeromq-4.3.4/lib/libzmq.so.5.2.4)
==97844==    by 0x3A58E98F: ??? 
==97844==    by 0x489AC78: chained_finalizer (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==    by 0x49A16EE: GC_invoke_finalizers (in /gnu/store/iycnpxxrg8m9wf9w58d6zvp9sdby6m9d-libgc-7.6.12/lib/libgc.so.1.3.6)
==97844==    by 0x489AF08: scm_run_finalizers (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==    by 0x489AF8C: finalization_thread_proc (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==    by 0x488BB09: c_body (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==    by 0x4913148: vm_regular_engine (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==    by 0x49145B4: scm_call_n (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==    by 0x4890BB9: scm_call_2 (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==    by 0x48923B9: scm_c_with_exception_handler (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==    by 0x4909C3C: scm_c_catch (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844==  Address 0x7373313569316263 is not stack'd, malloc'd or (recently) free'd
--8<---------------cut here---------------end--------------->8---

It looks like the finalizer is operating on a memory region that has
already been free'd. The documentation associated with the
finalization functions in <gc.h> says:

--8<---------------cut here---------------start------------->8---
        /* When obj is no longer accessible, invoke             */
        /* (*fn)(obj, cd).  If a and b are inaccessible, and    */
        /* a points to b (after disappearing links have been    */
        /* made to disappear), then only a will be              */
--8<---------------cut here---------------end--------------->8---


As far as I understand, OBJ is the wrapped pointer to the bytevector
created in "zmq-msg-init". There's a weak reference between the pointer
and the bytevector that is introduced by "register_weak_reference" in
"bytevector->pointer".

My interrogation is: do I have the guarantee that the pointer and its
references are still readable from within the finalizer? The above
snippet says that FN is invoked when OBJ is unaccessible, but does this
mean its content may have already been collected?

Cc'ing Ludo :)

Thanks,

Mathieu




Information forwarded to bug-guix@HIDDEN:
bug#46796; Package guix. Full text available.

Message received at 46796 <at> debbugs.gnu.org:


Received: (at 46796) by debbugs.gnu.org; 26 Feb 2021 20:17:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 26 15:17:05 2021
Received: from localhost ([127.0.0.1]:42596 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lFjXs-0004pB-Rb
	for submit <at> debbugs.gnu.org; Fri, 26 Feb 2021 15:17:05 -0500
Received: from mail-wr1-f44.google.com ([209.85.221.44]:43813)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@HIDDEN>) id 1lFjXr-0004oe-B6
 for 46796 <at> debbugs.gnu.org; Fri, 26 Feb 2021 15:17:03 -0500
Received: by mail-wr1-f44.google.com with SMTP id w11so9738688wrr.10
 for <46796 <at> debbugs.gnu.org>; Fri, 26 Feb 2021 12:17:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:in-reply-to:references:date:message-id:mime-version
 :content-transfer-encoding;
 bh=C2LM1sjD3BMs58uH8Rc/InEhq3fyVzzSJVuhmeuOV4A=;
 b=eqVto3sOnEyXoiwPCgDfOWa+OhELnYSG/KqmLlp7Tu2pqGp98BxfXTLbgz0fB7jX++
 L4Z+y8sO2c94sdFtWBVR0jx38VmkUUDJPbL7YwKcnD8ons7nG9kzbzsv5zA44M+yZjAU
 4gM5VCFML2IYQ0kE47ZHMqMaQwKXQzOIisMAbtyvPlkIXw7ymyV/3Lel/lkJeb6FiPw4
 1rtbOUm2Mu8+Qr0MdJUP4gllUzyczS3bmR8lfMaPOM76emo6ArWCs9OAW/hF9lwMZJ6a
 G1lsCu40OGPJZHmaRc4CWOt8qoO9tacD8BZHALnWRc10lyxcTUb2ZI40bBdzhW+KVo/m
 xX/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:in-reply-to:references:date
 :message-id:mime-version:content-transfer-encoding;
 bh=C2LM1sjD3BMs58uH8Rc/InEhq3fyVzzSJVuhmeuOV4A=;
 b=LXNoH5A+gWbiMo5t9J+89Nl5Nx5HmVFhRNoLtOf0b2N2Eyt4cyDPmU2oT3tkBUr8JU
 OqWT6i24F+9DLUudNiLVlFsTZJW1kcLlFyJl1+fdQW+WSrMLPgB03ArlXzjkqa00eekE
 EXZKxLVOiJOHyq40Ea7y8szawWxR11jtACxHBBT5Ud2rmun8YCZZ5wLc2TkODSWuOvWh
 qjhPRaLmC8UZqO31CrlV6iTU0rtkOAyrHYNZTRso1yFwThpY5kX7WJz3ysWPAHgPMZnu
 LvKt4XACgz6vS5VVJ4x/WUaU3urKGklAp6+JeZblC0brc05rbQFhtTDTa/124HD4jPfc
 mKOQ==
X-Gm-Message-State: AOAM533opPeUKsDIUhapVMMQdjq3DFCtV2zh6I8shuI8YQigKXBBukk4
 mBeSmkYWgOEpSyyJI1PLOOsCYMOx7Rw=
X-Google-Smtp-Source: ABdhPJyiW/6Bnr2/SlKwcJa/B7Ujw+XOpCt61X7usApv/obVlNz3u6qDwdn72zRZfvwwhvflmpNF5A==
X-Received: by 2002:a5d:6cab:: with SMTP id a11mr4980652wra.419.1614370617403; 
 Fri, 26 Feb 2021 12:16:57 -0800 (PST)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
 by smtp.gmail.com with ESMTPSA id u4sm6503281wrm.24.2021.02.26.12.16.56
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 26 Feb 2021 12:16:57 -0800 (PST)
From: zimoun <zimon.toutoune@HIDDEN>
To: Mathieu Othacehe <othacehe@HIDDEN>, 46796 <at> debbugs.gnu.org
Subject: Re: bug#46796: Cuirass & pointer finalization.
In-Reply-To: <8735xihq60.fsf@HIDDEN>
References: <8735xihq60.fsf@HIDDEN>
Date: Fri, 26 Feb 2021 21:12:56 +0100
Message-ID: <86im6e1tbr.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 46796
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Mathieu,

I know nothing about the topic and I probably out-of-scope.

On Fri, 26 Feb 2021 at 15:14, Mathieu Othacehe <othacehe@HIDDEN> wrote:

> I'm trying to fix a memory corruption in the remote-server process of
> Cuirass since a few days. Even though I don't have a usable core dump
> file yet, I'm pretty sure the error comes from the "zmq-msg-init"
> procedure of Guile-Simple-ZMQ.
>
> This procedure creates a bytevector, call the C function zmq_msg_init to
> initialize it, adds zmq_msg_close as pointer finalizer and returns a
> wrapped pointer.
>
> My understanding is that the wrapped pointer that is passed around in
> Cuirass ensures that the underlying bytevector is not garbage collected
> until the pointer goes out of scope. However, some assertions failures
> such as this one:
>
> --8<---------------cut here---------------start------------->8---
> Assertion failed: check () (src/msg.cpp:394)
> --8<---------------cut here---------------end--------------->8---
>
> let me think that the bytevector is garbage collected, while ZMQ is
> still using it. Some help would be much appreciated here :).

From =E2=80=99zmq-msg-init=E2=80=99 defined here:

<https://github.com/jerry40/guile-simple-zmq/blob/master/simple-zmq.scm.in#=
L543>

and why is =E2=80=99zmq-message-content=E2=80=99 used for?  Since =E2=80=99=
message=E2=80=99 is
initialized with zero, I guess.  Well, I am confused by:

--8<---------------cut here---------------start------------->8---
  (let ((content-ptr (zmq_msg_data (message->pointer message)))
[...]
        (pointer->bytevector content-ptr size))))

=E2=80=A6

        (let ((msg (pointer->message! msg-pointer)))
          (when content-bv
            (let ((target (zmq-message-content msg)))
              (bytevector-copy! content-bv 0 target 0 len)))
          msg))))
--8<---------------cut here---------------end--------------->8---

Is =E2=80=99target=E2=80=99 at the same address than =E2=80=99msg=E2=80=99?=
  Maybe =E2=80=99target=E2=80=99 creates
somehow a dangling pointer.


Cheers,
simon




Information forwarded to bug-guix@HIDDEN:
bug#46796; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 26 Feb 2021 14:14:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 26 09:14:35 2021
Received: from localhost ([127.0.0.1]:40496 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lFdt5-0005wQ-OL
	for submit <at> debbugs.gnu.org; Fri, 26 Feb 2021 09:14:35 -0500
Received: from lists.gnu.org ([209.51.188.17]:55484)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <othacehe@HIDDEN>) id 1lFdt4-0005wJ-Oy
 for submit <at> debbugs.gnu.org; Fri, 26 Feb 2021 09:14:35 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:40606)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <othacehe@HIDDEN>) id 1lFdt4-0003pd-Js
 for bug-guix@HIDDEN; Fri, 26 Feb 2021 09:14:34 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:33232)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <othacehe@HIDDEN>) id 1lFdt4-0005xy-DR
 for bug-guix@HIDDEN; Fri, 26 Feb 2021 09:14:34 -0500
Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=35758 helo=cervin)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <othacehe@HIDDEN>) id 1lFdt3-0007B1-Nl
 for bug-guix@HIDDEN; Fri, 26 Feb 2021 09:14:34 -0500
From: Mathieu Othacehe <othacehe@HIDDEN>
To: bug-guix@HIDDEN
Subject: Cuirass & pointer finalization.
Date: Fri, 26 Feb 2021 15:14:31 +0100
Message-ID: <8735xihq60.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)


Hello,

I'm trying to fix a memory corruption in the remote-server process of
Cuirass since a few days. Even though I don't have a usable core dump
file yet, I'm pretty sure the error comes from the "zmq-msg-init"
procedure of Guile-Simple-ZMQ.

This procedure creates a bytevector, call the C function zmq_msg_init to
initialize it, adds zmq_msg_close as pointer finalizer and returns a
wrapped pointer.

My understanding is that the wrapped pointer that is passed around in
Cuirass ensures that the underlying bytevector is not garbage collected
until the pointer goes out of scope. However, some assertions failures
such as this one:

--8<---------------cut here---------------start------------->8---
Assertion failed: check () (src/msg.cpp:394)
--8<---------------cut here---------------end--------------->8---

let me think that the bytevector is garbage collected, while ZMQ is
still using it. Some help would be much appreciated here :).

Thanks,

Mathieu




Acknowledgement sent to Mathieu Othacehe <othacehe@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#46796; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 1 Mar 2021 14:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.