Closed Bug 504777 Opened 15 years ago Closed 15 years ago

Large-object management can make large blocks uncollectable

Categories

(Tamarin Graveyard :: Garbage Collection (mmGC), defect)

Product:
Tamarin Graveyard
Component:
Garbage Collection (mmGC)
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: lhansen, Assigned: lhansen)

Details

Attachments

(1 file)

Fix
1.65 KB, patch
treilly
: review+
Details | Diff | Splinter Review 
There is a problem with the handling of finalization of large objects that can cause large blocks to be dropped from the large object list.  This can manifest itself as a storage leak and as finalizers of manifestly unreachable objects not being run, ever.

The problem occurs if the first large block on the large block list has a finalizer that allocates another large block.  The allocation will insert the large block at the beginning of the large block list, but when the finalizer returns the finalization logic will overwrite the pointer to the new block with the pointer to the successor of the block that was just finalized.
There's also an amusing problem with finalizers for large blocks explicitly freeing other large blocks (or indeed the block being finalized), but a test in GC::Free stops this from being much of an an immediate problem.
Attached patch FixSplinter Review 

        Attachment #389756 -
        Flags: review?(treilly)

    
    

    
  
Comment on attachment 389756 [details] [diff] [review]
Fix

The code in Free seems little strong given that GC::Free guards against it, I would have just rolled an assert to keep GC::Free honest.

        Attachment #389756 -
        Flags: review?(treilly) → review+

    
    

    
  
redux changeset:   2185:358852a96169
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
    

    
  
(In reply to comment #3)
> (From update of attachment 389756 [details] [diff] [review])
> The code in Free seems little strong given that GC::Free guards against it, I
> would have just rolled an assert to keep GC::Free honest.

BTW, fixed that.

    
  
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: