Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 46796) by debbugs.gnu.org; 1 Mar 2021 09:37:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 01 04:37:47 2021 Received: from localhost ([127.0.0.1]:48117 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lGezq-0003z7-MA for submit <at> debbugs.gnu.org; Mon, 01 Mar 2021 04:37:46 -0500 Received: from eggs.gnu.org ([209.51.188.92]:41778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1lGezp-0003yr-DG for 46796 <at> debbugs.gnu.org; Mon, 01 Mar 2021 04:37:45 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41757) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1lGezj-0000Kd-VP for 46796 <at> debbugs.gnu.org; Mon, 01 Mar 2021 04:37:40 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50118 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1lGezf-0000u9-CI; Mon, 01 Mar 2021 04:37:35 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Mathieu Othacehe <othacehe@HIDDEN> Subject: Re: bug#46796: Cuirass & pointer finalization. References: <8735xihq60.fsf@HIDDEN> <87ft1hvfm4.fsf@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 11 =?utf-8?Q?Vent=C3=B4se?= an 229 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 01 Mar 2021 10:37:33 +0100 In-Reply-To: <87ft1hvfm4.fsf@HIDDEN> (Mathieu Othacehe's message of "Sat, 27 Feb 2021 13:50:59 +0100") Message-ID: <87k0qrusde.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 46796 Cc: 46796 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hi! Mathieu Othacehe <othacehe@HIDDEN> skribis: > Here's a Valgrind backtrace: > > =3D=3D97844=3D=3D Thread 17: > =3D=3D97844=3D=3D Invalid read of size 4 > =3D=3D97844=3D=3D at 0x114465B9: zmq::msg_t::close() (in /gnu/store/zd= 9lbfqa3170nsfd4177dnr38k1sjbnc-zeromq-4.3.4/lib/libzmq.so.5.2.4) First, is this function idempotent? (Is it OK to close an msg_t multiple times.) Second, remember that finalizers can run in a separate thread. Thus, you must make sure there are no other threads, such as ZMQ=E2=80=99s intern= al threads, still operating on the object when it is freed. > =3D=3D97844=3D=3D by 0x3A58E98F: ???=20 > =3D=3D97844=3D=3D by 0x489AC78: chained_finalizer (in /gnu/store/q8brh= 7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x49A16EE: GC_invoke_finalizers (in /gnu/store/iy= cnpxxrg8m9wf9w58d6zvp9sdby6m9d-libgc-7.6.12/lib/libgc.so.1.3.6) > =3D=3D97844=3D=3D by 0x489AF08: scm_run_finalizers (in /gnu/store/q8br= h7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x489AF8C: finalization_thread_proc (in /gnu/stor= e/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x488BB09: c_body (in /gnu/store/q8brh7j5mwy0hbrl= y6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x4913148: vm_regular_engine (in /gnu/store/q8brh= 7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x49145B4: scm_call_n (in /gnu/store/q8brh7j5mwy0= hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x4890BB9: scm_call_2 (in /gnu/store/q8brh7j5mwy0= hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D by 0x48923B9: scm_c_with_exception_handler (in /gnu/= store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.= 0) > =3D=3D97844=3D=3D by 0x4909C3C: scm_c_catch (in /gnu/store/q8brh7j5mwy= 0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0) > =3D=3D97844=3D=3D Address 0x7373313569316263 is not stack'd, malloc'd or= (recently) free'd > > > It looks like the finalizer is operating on a memory region that has > already been free'd. The documentation associated with the > finalization functions in <gc.h> says: > > /* When obj is no longer accessible, invoke */ > /* (*fn)(obj, cd). If a and b are inaccessible, and */ > /* a points to b (after disappearing links have been */ > /* made to disappear), then only a will be */ > > > As far as I understand, OBJ is the wrapped pointer to the bytevector > created in "zmq-msg-init". There's a weak reference between the pointer > and the bytevector that is introduced by "register_weak_reference" in > "bytevector->pointer". There are (roughly) three objects here: the =E2=80=9Cmsg=E2=80=9D, the poin= ter object, and the bytevector that pointer refers to. The bytevector may be freed when the pointer object becomes unreachable. But you probably also need a weak link from the =E2=80=9Cmsg=E2=80=9D objec= t to the pointer object to ensure that the pointer object outlives the msg object. You also need to check the zmq::msg_t::close memory semantics: does it free the data associated with the message? If so, that=E2=80=99s redundant= with the pointer finalizer. > My interrogation is: do I have the guarantee that the pointer and its > references are still readable from within the finalizer? The above > snippet says that FN is invoked when OBJ is unaccessible, but does this > mean its content may have already been collected? Not sure, but most likely the problem is at a higher layer. :-) If you can get a reduced test case to run under =E2=80=98rr=E2=80=99, that = should allow you to see where the message was first freed. This is all pretty vague and general, but I HTH! Ludo=E2=80=99.
bug-guix@HIDDEN:bug#46796; Package guix.
Full text available.Received: (at 46796) by debbugs.gnu.org; 27 Feb 2021 12:59:59 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 27 07:59:59 2021 Received: from localhost ([127.0.0.1]:43370 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lFzCR-0007um-9V for submit <at> debbugs.gnu.org; Sat, 27 Feb 2021 07:59:59 -0500 Received: from eggs.gnu.org ([209.51.188.92]:50530) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <othacehe@HIDDEN>) id 1lFzCQ-0007uZ-7Q for 46796 <at> debbugs.gnu.org; Sat, 27 Feb 2021 07:59:58 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58963) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <othacehe@HIDDEN>) id 1lFzCK-00082q-Ud; Sat, 27 Feb 2021 07:59:52 -0500 Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=45062 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <othacehe@HIDDEN>) id 1lFzCK-00044Q-86; Sat, 27 Feb 2021 07:59:52 -0500 From: Mathieu Othacehe <othacehe@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#46796: Cuirass & pointer finalization. References: <8735xihq60.fsf@HIDDEN> <86im6e1tbr.fsf@HIDDEN> Date: Sat, 27 Feb 2021 13:59:50 +0100 In-Reply-To: <86im6e1tbr.fsf@HIDDEN> (zimoun's message of "Fri, 26 Feb 2021 21:12:56 +0100") Message-ID: <87blc5vf7d.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 46796 Cc: 46796 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hello zimoun, > and why is =E2=80=99zmq-message-content=E2=80=99 used for? Since =E2=80= =99message=E2=80=99 is > initialized with zero, I guess. Well, I am confused by: > > (let ((content-ptr (zmq_msg_data (message->pointer message))) > [...] > (pointer->bytevector content-ptr size)))) > > =E2=80=A6 > > (let ((msg (pointer->message! msg-pointer))) > (when content-bv > (let ((target (zmq-message-content msg))) > (bytevector-copy! content-bv 0 target 0 len))) > msg)))) > > Is =E2=80=99target=E2=80=99 at the same address than =E2=80=99msg=E2=80= =99? Maybe =E2=80=99target=E2=80=99 creates > somehow a dangling pointer. No 'target' is not at the same address than 'msg', it's just a field of 'msg' that is allocated internally when "zmq_msg_init_size" is called. Allocating a message with "zmq_msg_init_size" and filling its content by memcpy'ing data to the memory region pointed by "zmq_msg_data" is the example given in "Man 3 zmq_msg_send", to I hope this is a valid use-case :). Thanks, Mathieu
bug-guix@HIDDEN:bug#46796; Package guix.
Full text available.
Received: (at 46796) by debbugs.gnu.org; 27 Feb 2021 12:51:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 27 07:51:11 2021
Received: from localhost ([127.0.0.1]:43358 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lFz3u-0007io-O4
for submit <at> debbugs.gnu.org; Sat, 27 Feb 2021 07:51:11 -0500
Received: from eggs.gnu.org ([209.51.188.92]:49352)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <othacehe@HIDDEN>) id 1lFz3r-0007ia-T7
for 46796 <at> debbugs.gnu.org; Sat, 27 Feb 2021 07:51:08 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:58920)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <othacehe@HIDDEN>)
id 1lFz3m-0004Bm-27; Sat, 27 Feb 2021 07:51:02 -0500
Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=45002 helo=cervin)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <othacehe@HIDDEN>)
id 1lFz3l-0005Tg-DP; Sat, 27 Feb 2021 07:51:01 -0500
From: Mathieu Othacehe <othacehe@HIDDEN>
To: 46796 <at> debbugs.gnu.org
Subject: Re: bug#46796: Cuirass & pointer finalization.
References: <8735xihq60.fsf@HIDDEN>
Date: Sat, 27 Feb 2021 13:50:59 +0100
In-Reply-To: <8735xihq60.fsf@HIDDEN> (Mathieu Othacehe's message of "Fri, 26
Feb 2021 15:14:31 +0100")
Message-ID: <87ft1hvfm4.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46796
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Hey,
Here's a Valgrind backtrace:
--8<---------------cut here---------------start------------->8---
==97844== Thread 17:
==97844== Invalid read of size 4
==97844== at 0x114465B9: zmq::msg_t::close() (in /gnu/store/zd9lbfqa3170nsfd4177dnr38k1sjbnc-zeromq-4.3.4/lib/libzmq.so.5.2.4)
==97844== by 0x3A58E98F: ???
==97844== by 0x489AC78: chained_finalizer (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== by 0x49A16EE: GC_invoke_finalizers (in /gnu/store/iycnpxxrg8m9wf9w58d6zvp9sdby6m9d-libgc-7.6.12/lib/libgc.so.1.3.6)
==97844== by 0x489AF08: scm_run_finalizers (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== by 0x489AF8C: finalization_thread_proc (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== by 0x488BB09: c_body (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== by 0x4913148: vm_regular_engine (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== by 0x49145B4: scm_call_n (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== by 0x4890BB9: scm_call_2 (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== by 0x48923B9: scm_c_with_exception_handler (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== by 0x4909C3C: scm_c_catch (in /gnu/store/q8brh7j5mwy0hbrly6hjb1m3wwndxqc8-guile-3.0.5/lib/libguile-3.0.so.1.3.0)
==97844== Address 0x7373313569316263 is not stack'd, malloc'd or (recently) free'd
--8<---------------cut here---------------end--------------->8---
It looks like the finalizer is operating on a memory region that has
already been free'd. The documentation associated with the
finalization functions in <gc.h> says:
--8<---------------cut here---------------start------------->8---
/* When obj is no longer accessible, invoke */
/* (*fn)(obj, cd). If a and b are inaccessible, and */
/* a points to b (after disappearing links have been */
/* made to disappear), then only a will be */
--8<---------------cut here---------------end--------------->8---
As far as I understand, OBJ is the wrapped pointer to the bytevector
created in "zmq-msg-init". There's a weak reference between the pointer
and the bytevector that is introduced by "register_weak_reference" in
"bytevector->pointer".
My interrogation is: do I have the guarantee that the pointer and its
references are still readable from within the finalizer? The above
snippet says that FN is invoked when OBJ is unaccessible, but does this
mean its content may have already been collected?
Cc'ing Ludo :)
Thanks,
Mathieu
bug-guix@HIDDEN:bug#46796; Package guix.
Full text available.
Received: (at 46796) by debbugs.gnu.org; 26 Feb 2021 20:17:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 26 15:17:05 2021
Received: from localhost ([127.0.0.1]:42596 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lFjXs-0004pB-Rb
for submit <at> debbugs.gnu.org; Fri, 26 Feb 2021 15:17:05 -0500
Received: from mail-wr1-f44.google.com ([209.85.221.44]:43813)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <zimon.toutoune@HIDDEN>) id 1lFjXr-0004oe-B6
for 46796 <at> debbugs.gnu.org; Fri, 26 Feb 2021 15:17:03 -0500
Received: by mail-wr1-f44.google.com with SMTP id w11so9738688wrr.10
for <46796 <at> debbugs.gnu.org>; Fri, 26 Feb 2021 12:17:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:subject:in-reply-to:references:date:message-id:mime-version
:content-transfer-encoding;
bh=C2LM1sjD3BMs58uH8Rc/InEhq3fyVzzSJVuhmeuOV4A=;
b=eqVto3sOnEyXoiwPCgDfOWa+OhELnYSG/KqmLlp7Tu2pqGp98BxfXTLbgz0fB7jX++
L4Z+y8sO2c94sdFtWBVR0jx38VmkUUDJPbL7YwKcnD8ons7nG9kzbzsv5zA44M+yZjAU
4gM5VCFML2IYQ0kE47ZHMqMaQwKXQzOIisMAbtyvPlkIXw7ymyV/3Lel/lkJeb6FiPw4
1rtbOUm2Mu8+Qr0MdJUP4gllUzyczS3bmR8lfMaPOM76emo6ArWCs9OAW/hF9lwMZJ6a
G1lsCu40OGPJZHmaRc4CWOt8qoO9tacD8BZHALnWRc10lyxcTUb2ZI40bBdzhW+KVo/m
xX/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:subject:in-reply-to:references:date
:message-id:mime-version:content-transfer-encoding;
bh=C2LM1sjD3BMs58uH8Rc/InEhq3fyVzzSJVuhmeuOV4A=;
b=LXNoH5A+gWbiMo5t9J+89Nl5Nx5HmVFhRNoLtOf0b2N2Eyt4cyDPmU2oT3tkBUr8JU
OqWT6i24F+9DLUudNiLVlFsTZJW1kcLlFyJl1+fdQW+WSrMLPgB03ArlXzjkqa00eekE
EXZKxLVOiJOHyq40Ea7y8szawWxR11jtACxHBBT5Ud2rmun8YCZZ5wLc2TkODSWuOvWh
qjhPRaLmC8UZqO31CrlV6iTU0rtkOAyrHYNZTRso1yFwThpY5kX7WJz3ysWPAHgPMZnu
LvKt4XACgz6vS5VVJ4x/WUaU3urKGklAp6+JeZblC0brc05rbQFhtTDTa/124HD4jPfc
mKOQ==
X-Gm-Message-State: AOAM533opPeUKsDIUhapVMMQdjq3DFCtV2zh6I8shuI8YQigKXBBukk4
mBeSmkYWgOEpSyyJI1PLOOsCYMOx7Rw=
X-Google-Smtp-Source: ABdhPJyiW/6Bnr2/SlKwcJa/B7Ujw+XOpCt61X7usApv/obVlNz3u6qDwdn72zRZfvwwhvflmpNF5A==
X-Received: by 2002:a5d:6cab:: with SMTP id a11mr4980652wra.419.1614370617403;
Fri, 26 Feb 2021 12:16:57 -0800 (PST)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
by smtp.gmail.com with ESMTPSA id u4sm6503281wrm.24.2021.02.26.12.16.56
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 26 Feb 2021 12:16:57 -0800 (PST)
From: zimoun <zimon.toutoune@HIDDEN>
To: Mathieu Othacehe <othacehe@HIDDEN>, 46796 <at> debbugs.gnu.org
Subject: Re: bug#46796: Cuirass & pointer finalization.
In-Reply-To: <8735xihq60.fsf@HIDDEN>
References: <8735xihq60.fsf@HIDDEN>
Date: Fri, 26 Feb 2021 21:12:56 +0100
Message-ID: <86im6e1tbr.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 46796
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Mathieu,
I know nothing about the topic and I probably out-of-scope.
On Fri, 26 Feb 2021 at 15:14, Mathieu Othacehe <othacehe@HIDDEN> wrote:
> I'm trying to fix a memory corruption in the remote-server process of
> Cuirass since a few days. Even though I don't have a usable core dump
> file yet, I'm pretty sure the error comes from the "zmq-msg-init"
> procedure of Guile-Simple-ZMQ.
>
> This procedure creates a bytevector, call the C function zmq_msg_init to
> initialize it, adds zmq_msg_close as pointer finalizer and returns a
> wrapped pointer.
>
> My understanding is that the wrapped pointer that is passed around in
> Cuirass ensures that the underlying bytevector is not garbage collected
> until the pointer goes out of scope. However, some assertions failures
> such as this one:
>
> --8<---------------cut here---------------start------------->8---
> Assertion failed: check () (src/msg.cpp:394)
> --8<---------------cut here---------------end--------------->8---
>
> let me think that the bytevector is garbage collected, while ZMQ is
> still using it. Some help would be much appreciated here :).
From =E2=80=99zmq-msg-init=E2=80=99 defined here:
<https://github.com/jerry40/guile-simple-zmq/blob/master/simple-zmq.scm.in#=
L543>
and why is =E2=80=99zmq-message-content=E2=80=99 used for? Since =E2=80=99=
message=E2=80=99 is
initialized with zero, I guess. Well, I am confused by:
--8<---------------cut here---------------start------------->8---
(let ((content-ptr (zmq_msg_data (message->pointer message)))
[...]
(pointer->bytevector content-ptr size))))
=E2=80=A6
(let ((msg (pointer->message! msg-pointer)))
(when content-bv
(let ((target (zmq-message-content msg)))
(bytevector-copy! content-bv 0 target 0 len)))
msg))))
--8<---------------cut here---------------end--------------->8---
Is =E2=80=99target=E2=80=99 at the same address than =E2=80=99msg=E2=80=99?=
Maybe =E2=80=99target=E2=80=99 creates
somehow a dangling pointer.
Cheers,
simon
bug-guix@HIDDEN:bug#46796; Package guix.
Full text available.Received: (at submit) by debbugs.gnu.org; 26 Feb 2021 14:14:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 26 09:14:35 2021 Received: from localhost ([127.0.0.1]:40496 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lFdt5-0005wQ-OL for submit <at> debbugs.gnu.org; Fri, 26 Feb 2021 09:14:35 -0500 Received: from lists.gnu.org ([209.51.188.17]:55484) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <othacehe@HIDDEN>) id 1lFdt4-0005wJ-Oy for submit <at> debbugs.gnu.org; Fri, 26 Feb 2021 09:14:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:40606) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <othacehe@HIDDEN>) id 1lFdt4-0003pd-Js for bug-guix@HIDDEN; Fri, 26 Feb 2021 09:14:34 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33232) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <othacehe@HIDDEN>) id 1lFdt4-0005xy-DR for bug-guix@HIDDEN; Fri, 26 Feb 2021 09:14:34 -0500 Received: from [2a01:e0a:19b:d9a0:98e:5d4:fa52:995a] (port=35758 helo=cervin) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <othacehe@HIDDEN>) id 1lFdt3-0007B1-Nl for bug-guix@HIDDEN; Fri, 26 Feb 2021 09:14:34 -0500 From: Mathieu Othacehe <othacehe@HIDDEN> To: bug-guix@HIDDEN Subject: Cuirass & pointer finalization. Date: Fri, 26 Feb 2021 15:14:31 +0100 Message-ID: <8735xihq60.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hello, I'm trying to fix a memory corruption in the remote-server process of Cuirass since a few days. Even though I don't have a usable core dump file yet, I'm pretty sure the error comes from the "zmq-msg-init" procedure of Guile-Simple-ZMQ. This procedure creates a bytevector, call the C function zmq_msg_init to initialize it, adds zmq_msg_close as pointer finalizer and returns a wrapped pointer. My understanding is that the wrapped pointer that is passed around in Cuirass ensures that the underlying bytevector is not garbage collected until the pointer goes out of scope. However, some assertions failures such as this one: --8<---------------cut here---------------start------------->8--- Assertion failed: check () (src/msg.cpp:394) --8<---------------cut here---------------end--------------->8--- let me think that the bytevector is garbage collected, while ZMQ is still using it. Some help would be much appreciated here :). Thanks, Mathieu
Mathieu Othacehe <othacehe@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#46796; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.