Ticket #3940 (closed bug: fixed)
Propagate bug fix into new code generator
| Reported by: | simonpj | Owned by: | |
|---|---|---|---|
| Priority: | low | Milestone: | 7.6.1 |
| Component: | Compiler | Version: | |
| Keywords: | Cc: | ||
| Operating System: | Unknown/Multiple | Architecture: | Unknown/Multiple |
| Type of failure: | None/Unknown | Difficulty: | Unknown |
| Test Case: | Blocked By: | ||
| Blocking: | Related Tickets: |
Description
We must not forget to propagate this fix into the new code generator pipeline:
Thu Mar 25 04:03:28 PDT 2010 Simon Marlow <marlowsd@gmail.com>
* do_checks: do not set HpAlloc if the stack check fails
This fixes a very rare heap corruption bug, whereby
- a context switch is requested, which sets HpLim to zero
(contextSwitchCapability(), called by the timer signal or
another Capability).
- simultaneously a stack check fails, in a code fragment that has
both a stack and a heap check.
The RTS then assumes that a heap-check failure has occurred and
subtracts HpAlloc from Hp, although in fact it was a stack-check
failure and retreating Hp will overwrite valid heap objects. The bug
is that HpAlloc should only be set when Hp has been incremented by the
heap check. See comments in rts/HeapStackCheck.cmm for more details.
This bug is probably incredibly rare in practice, but I happened to be
working on a test that triggers it reliably:
concurrent/should_run/throwto001, compiled with -O -threaded, args 30
300 +RTS -N2, run repeatedly in a loop.
M ./compiler/codeGen/CgHeapery.lhs -6 +16
Change History
Note: See
TracTickets for help on using
tickets.
