chicken-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-hackers] [PATCH] Flow-analysis enhancement for assigned var

From: Felix
Subject: Re: [Chicken-hackers] [PATCH] Flow-analysis enhancement for assigned variables
Date: Mon, 30 Jan 2012 12:37:30 +0100 (CET) 
>> If they're not tracked, could this cause the scrutinizer to make
>> invalid type inferences and code replacements?
> 
> May I expand: Felix, assuming you have at least seen the results
> of some mistaken type tag, what would be the resulting effect
> to the running chicken program?

I don't understand completely: do you mean an incorrect specialization
done by the compiler? In that case necessary type checks may be
omitted, resulting in incorrect data references (and thus crashes,
most likely).

> 
> 
> I'm asking this because I'm trying for several weeks to track
> down a certain segfault.  As it happens I can observe that
> one only on ARM, never on AMD64.  It occurs randomly and rare
> enough to make a full call trace a no-go. (Still often enough
> to be grave.)
> 
> The segfault always happens in the garbage collector either here
> 
>  scavenge:
>    *x = (C_word)p2;
>    p2->header = h;
>    p->header = ptr_to_fptr((C_uword)p2);
>    C_16_memcpy(p2->data, p->data, bytes);  <<<
>  }
> 
> or at the and of "really_mark"
> 
>  p2->header = h;
>  assert(!is_fptr(h));
>  p->header = ptr_to_fptr((C_word)p2);
>  C_17_memcpy(p2->data, p->data, bytes); <<<<
> }
> 
> 
> I guess something damages a type tag, subsequently having
> the gc scan and fail on arbitrary addresses.
> However I lack a theory how that would be possible.

The type-tag is in the header, the first word of a data object. Off-by-one
errors or modifying data beyond its true size may certainly damage the header
of the object following the former object in memory.


cheers,
felix
reply via email to
[Prev in Thread] Current Thread [Next in Thread]