Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
double free corruption with bytecode system threads and stack reallocation #5188
Original bug ID: 5188
Hi, the following code randomly but most often leads to a double free corruption.
let rec f x = if x = 0 then 0 else 1 + f (x-1)
(compiled with "ocamlc -thread unix.cma threads.cma bug.ml").
A valgrind analysis showed that the second illegal free is raised by the instruction "stat_free(th->stack_low);" at line 449 of posix.c: a reallocation of the stack happened but the th and th->stack_low did not get a chance to be updated yet (no entering in a blocking section). The attached patch seems to solve the problem in 3.11.
Apparently, thread implementation has been revised in 3.12 but the problem remains.
Incidentally, with a large system such as Coq, if we link it with the thread library, even though we might not make any use of the functions of the library, we randomly experiment out of memory errors at startup (in native code). Any ideas how to debug this?
Best regards. Hugo.
Comment author: @xavierleroy
Well spotted, thanks a lot. I adapted your fix to 3.12 and "committed" it in the 3.12 bugfix branch, for release in 3.12.1. I don't feel this bug warrants a new release of 3.11 but will let our esteemed release manager decide.
As to the random out-of-memory errors at startup, I have no clue, but if you have a (semi-) repro case to suggest, I'll look into it.