Large-object management can make large blocks uncollectable

VERIFIED FIXED

Status

VERIFIED FIXED
9 years ago
9 years ago

People

(Reporter: lhansen, Assigned: lhansen)

Tracking

Details

Attachments

(1 attachment)

(Assignee)

Description

9 years ago
There is a problem with the handling of finalization of large objects that can cause large blocks to be dropped from the large object list.  This can manifest itself as a storage leak and as finalizers of manifestly unreachable objects not being run, ever.

The problem occurs if the first large block on the large block list has a finalizer that allocates another large block.  The allocation will insert the large block at the beginning of the large block list, but when the finalizer returns the finalization logic will overwrite the pointer to the new block with the pointer to the successor of the block that was just finalized.
(Assignee)

Comment 1

9 years ago
There's also an amusing problem with finalizers for large blocks explicitly freeing other large blocks (or indeed the block being finalized), but a test in GC::Free stops this from being much of an an immediate problem.
(Assignee)

Comment 2

9 years ago
Created attachment 389756 [details] [diff] [review]
Fix
Attachment #389756 - Flags: review?(treilly)

Comment 3

9 years ago
Comment on attachment 389756 [details] [diff] [review]
Fix

The code in Free seems little strong given that GC::Free guards against it, I would have just rolled an assert to keep GC::Free honest.
Attachment #389756 - Flags: review?(treilly) → review+
(Assignee)

Comment 4

9 years ago
redux changeset:   2185:358852a96169
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
(Assignee)

Comment 5

9 years ago
(In reply to comment #3)
> (From update of attachment 389756 [details] [diff] [review])
> The code in Free seems little strong given that GC::Free guards against it, I
> would have just rolled an assert to keep GC::Free honest.

BTW, fixed that.

Updated

9 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.