Re: [Caml-list] memory corruption with Weak.t in Gc.finalise

[Gabriel Scherer <gabriel.scherer@gmail.com>]

It's great that you have a minimal reproduction example. Could you
create an issue on the issue tracker?
  http://caml.inria.fr/mantis/

Issues on the bugtracker are easier to keep track of than mails on the
caml-list.


On Tue, Mar 8, 2016 at 10:49 AM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
> Hi,
>
> I found a memory corruption in Gc.finalise when sharing a Waek.t with
> C stubs. I made a small test case and it's gotten worse. The code now
> segfaults:
>
>   https://github.com/mrvn/ocam-problems/tree/weak-finalise
>
> The problem I had was the address of the obj stored in the Weak.t
> changes (which might be the GC moving it?) and also the tag changes
> from 248 (Object_tag) to 168 (random constructor).
>
> With my smaller test case I further get:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x000000000043c9f8 in caml_format_exception ()
> (gdb) bt
> #0  0x000000000043c9f8 in caml_format_exception ()
> #1  0x000000000043cbc1 in caml_fatal_uncaught_exception ()
> #2  0x000000000043b1a7 in caml_main ()
> #3  0x000000000042c45d in main ()
>
> Ideas what is going on there?
>
> MfG
>         Goswin
>
> ------------------------------------------------------------------------
> ==> Makefile <==
> all: test
>         ./test
>
> test: main.cmx stubs.o
>         ocamlopt -o $@ $+
>
> %.cmx: %.ml
>         ocamlopt -g -c -o $@ $<
>
> %.o: %.c
>         gcc -O2 -W -Wall -g -c -o $@ $<
>
> clean:
>         rm -f test *.o *.cmx *.cmi *~
>
> ==> main.ml <==
> external setup : 'a Weak.t -> unit = "setup"
> external test : unit -> unit = "test"
>
> let cleanup obj =
>   Printf.printf "cleanup\n%!";
>   test ()
>
> class obj = object(self)
>   val weak = Weak.create 1
>   initializer Weak.set weak 0 (Some self)
>   initializer setup weak
>   initializer Gc.finalise cleanup self
> end
>
> let () =
>   Printf.printf "Creating object\n%!";
>   ignore (new obj);
>   test ()
>
> let () =
>   Printf.printf "Garbage collection\n%!";
>   Gc.full_major ()
>
> let () =
>   Printf.printf "checking after GC\n%!";
>   test ()
>
> ==> stubs.c <==
> #include <stdio.h>
> #include <caml/mlvalues.h>
> #include <caml/memory.h>
>
> value weak;
>
> void setup(value ml_weak) {
>     CAMLparam1(ml_weak);
>     printf("%s(0x%lx)\n", __PRETTY_FUNCTION__, ml_weak);
>     weak = ml_weak;
>     caml_register_generational_global_root(&weak);
>     CAMLreturn0;
> }
>
> void test(void) {
>     CAMLparam0();
>     CAMLlocal1(obj);
>     printf("%s\n", __PRETTY_FUNCTION__);
>     printf("  weak = 0x%lx\n", weak);
>     if (weak != 0) {
>         obj = Field(weak, 1);
>         printf("  obj = 0x%lx\n", obj);
>         if (obj != 0) {
>             printf("  tag = %d\n", Tag_val(obj));
>         }
>     }
>     printf("%s done\n", __PRETTY_FUNCTION__);
>     CAMLreturn0;
> }
>
> --
> Caml-list mailing list.  Subscription management and archives:
> https://sympa.inria.fr/sympa/arc/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs