Closed Bug 503304 Opened 15 years ago Closed 15 years ago

using delete on a new (GC*) object where object doesn't inherit from GCObject results in hard to debug crashes

Categories

(Tamarin Graveyard :: Garbage Collection (mmGC), defect, P5)

Product:
Tamarin Graveyard
Component:
Garbage Collection (mmGC)
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
flash10.1

People

(Reporter: treilly, Assigned: lhansen)

References

Details

(Whiteboard: Has patch)

Attachments

(1 file, 1 obsolete file)

Fall back on non-allocation if AVMPLUS_SAMPLER is defined
3.34 KB, patch
treilly
: review+
Details | Diff | Splinter Review 
Should be easy to assert that the address passed to FixedMalloc free didn't come from FixedMalloc::Alloc.
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
(poaching)
Assignee: treilly → lhansen
Priority: -- → P5
Target Milestone: --- → flash10.1
Flags: flashplayer-qrb? → flashplayer-qrb+
Attached patch Patch (obsolete) — Splinter Review 
Here's a basic solution.

Two refinements are easily imagined:

 - a more sophisticated data structure to track large blocks to make it less
   likely that the linear scan will make debug builds really slow

 - we could assert that the small-object pointer points to and object (not just
   into one) and that that object is not free, not simply that it points into
   a block's memory area.
Attachment #414274 - Flags: review?(treilly)
Whiteboard: Has patch
Attachment #414274 - Flags: review?(treilly) → review+
Comment on attachment 414274 [details] [diff] [review]
Patch

My plan for large blocks was to just assert that the GCHeap had a HeapBlock inUse at that address that was the right size, much simpler, almost as effective.  This technique is a little better as it guards against coincidental positives from other GCHeap clients.
redux changeset 3229:6e00ccd98704
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Reopening because it probably needs a tweak so as not to upset the sampler.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #414274 - Attachment is obsolete: true
Blocks: 528338
Attachment #416912 - Flags: review?(treilly) → review+
redux changeset:   3329:d7162814f1f5
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
Engineering work item.  Marking as verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: