Ticket #3940 (closed bug: fixed)
Propagate bug fix into new code generator
|Reported by:||simonpj||Owned by:|
|Type of failure:||None/Unknown||Difficulty:||Unknown|
|Test Case:||Blocked By:|
We must not forget to propagate this fix into the new code generator pipeline:
Thu Mar 25 04:03:28 PDT 2010 Simon Marlow <firstname.lastname@example.org> * do_checks: do not set HpAlloc if the stack check fails This fixes a very rare heap corruption bug, whereby - a context switch is requested, which sets HpLim to zero (contextSwitchCapability(), called by the timer signal or another Capability). - simultaneously a stack check fails, in a code fragment that has both a stack and a heap check. The RTS then assumes that a heap-check failure has occurred and subtracts HpAlloc from Hp, although in fact it was a stack-check failure and retreating Hp will overwrite valid heap objects. The bug is that HpAlloc should only be set when Hp has been incremented by the heap check. See comments in rts/HeapStackCheck.cmm for more details. This bug is probably incredibly rare in practice, but I happened to be working on a test that triggers it reliably: concurrent/should_run/throwto001, compiled with -O -threaded, args 30 300 +RTS -N2, run repeatedly in a loop. M ./compiler/codeGen/CgHeapery.lhs -6 +16
Note: See TracTickets for help on using tickets.