-
Notifications
You must be signed in to change notification settings - Fork 637
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make sure accumulators do not exceed the minor heap (partly fix #11170). #13431
Conversation
…1170). Accumulators can grow arbitrarily large, even when well-typed. So, this commit makes sure they are allocated on the major heap when they are too large. If so, fields need to be filled with caml_initialize, in case they point to the minor heap.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. I made two readings of the diff, but this is tricky code, so another reading by another pair of eyes would be good.
Bench running at https://gitlab.com/coq/coq/-/jobs/863754892. |
Even with letting my imagination running wild, I cannot see how it could cause any noticeable change to performances. But perhaps someone out there is intensively building accumulators with more than 250 arguments. |
Could you please add a test file which used to segfault, but does no more? |
It is a bit complicated. We would have to create an accumulator with millions of arguments, as we have to overflow the whole minor heap. We can workaround the issue by severely reducing the size of the minor heap, but I am not quite sure how to do that with the testsuite. That said, with a minimal minor heap (which causes Coq to take ages to execute), I can trigger a buffer overflow with Require Import BinNat.
Fixpoint T n := match n with O => nat | S n => nat -> T n end.
Fixpoint app n : T n -> nat :=
match n with O => fun x => x | S n => fun f => app n (f 0) end.
Definition n := N.to_nat 5000.
Axiom f : T n.
Eval vm_compute in let t := (app n f, 0) in snd t. Unfortunately, the invalid access does not immediately crash Coq. It takes some time before an actual segfault occurs (in |
You can write a misc test with a script that sets OCAMLRUNPARAM before invoking coqc. |
test-suite/misc/aux11170.v
Outdated
@@ -0,0 +1,7 @@ | |||
Require Import BinNat. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this has a lot of dependencies, it might be better to write a self-contained function that generates a big integer without relying on N.
(Ideally, even redefining nat so as to compile with -noinit.)
I have removed the dependency on
|
Bench:
So, fourcolor does seem to be very mildly affected by the patch. It might be noise, but it's unlikely because it's also reflected in the CPU cycles. |
I just tried. This is actually noise, since Fourcolor does not exercise these code paths. Or rather, the change of code presumably led the compiler to select a different optimization strategy for the whole interpreter. Nothing we can do about it. |
@coqbot merge now |
… heap (partly fix coq#11170).
Accumulators can grow arbitrarily large, even when well-typed. So, this commit makes sure they are allocated on the major heap when they are too large. If so, fields need to be filled with
caml_initialize
, in case they point to the minor heap.@xavierleroy