From fd56a734ea4249db9f41f9c8296e4434d12a325f Mon Sep 17 00:00:00 2001 From: Peter Bex Date: Wed, 24 Aug 2016 21:04:37 +0200 Subject: [PATCH] Fix symbol GC: add wep lookup after fptr chasing Sometimes, with symbol GC enabled, a major GC might "drop" symbols which were still being referenced, resulting in weird errors like (eq? x 'foo) returning #f even if x holds the symbol 'foo. If, during marking in major GC, we encounter the bucket before we encounter the symbol, the bucket still refers to the symbol in its original location (the fromspace). This pointer is added to the weak table with a counter of 0. Then, the symbol itself is scanned, and the item is found in the weak table, the counter is updated and the symbol is moved to the heap. The header at the symbol's original location in the fromspace becomes a forwarding pointer. Then, when we encounter a _second_ reference to the symbol, it still refers to the symbol's pointer in the fromspace, but the header will be a forwarding pointer, so it won't match the symbol type (which we look for right at the start of the mark function). This means the code code to update the weak entry's count won't be triggered. Instead, we should chase the forwarded pointer and *then* check if it's a symbol. If it is, look up the *original* location's pointer in the weak table. Note: We don't need to look up the new location, because that can only be the case if the symbol was marked before we encountered the bucket, in which case it will already saturate the pointer immediately upon insertion of the weak table entry. Note 2: Before a reallocing GC, we reset the weak table and we never consult it during the reallocing GC, so all symbols will be copied. A minor GC also doesn't handle symbols specially, so they'll be copied there too. This fixes #1173 --- NEWS | 1 + runtime.c | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/NEWS b/NEWS index d64c818..0481245 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,7 @@ which is faster because it is inlined (#1260, thanks to Kooda). - The default error handler now truncates very long condition messages (thanks to Lemonboy). + - Weak symbol GC (-:w) no longer drops random symbols (#1173). - Syntax expander - DSSSL lambda lists have improved hygiene, so they don't need diff --git a/runtime.c b/runtime.c index cdaaa0e..56379ff 100644 --- a/runtime.c +++ b/runtime.c @@ -3267,6 +3267,15 @@ C_regparm void C_fcall really_mark(C_word *x) if(is_fptr(h)) { val = fptr_to_ptr(h); + /* When we marked the bucket, it may have already referred to + * the moved symbol instead of its original location. Re-check: + */ + if(C_enable_gcweak && + (C_block_header(val) & C_HEADER_TYPE_BITS) == C_SYMBOL_TYPE && + (wep = lookup_weak_table_entry(*x, 0)) != NULL) { + if((wep->container & WEAK_COUNTER_MAX) == 0) ++wep->container; + } + if((C_uword)val >= (C_uword)tospace_start && (C_uword)val < (C_uword)tospace_top) { *x = val; return; @@ -3280,6 +3289,15 @@ C_regparm void C_fcall really_mark(C_word *x) /* Link points into fromspace and into a link which points into from- or tospace: */ val = fptr_to_ptr(h); + /* See above: might happen twice */ + if(C_enable_gcweak && + (C_block_header(val) & C_HEADER_TYPE_BITS) == C_SYMBOL_TYPE && + /* Check both the original and intermediate location: */ + ((wep = lookup_weak_table_entry((C_word)p, 0)) != NULL || + (wep = lookup_weak_table_entry(*x, 0)) != NULL)) { + if((wep->container & WEAK_COUNTER_MAX) == 0) ++wep->container; + } + if((C_uword)val >= (C_uword)tospace_start && (C_uword)val < (C_uword)tospace_top) { *x = val; return; -- 2.1.4