-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't exit while a domain is still running. #13190
base: trunk
Are you sure you want to change the base?
Conversation
See also commit 78fd956
I'm lost. I think that the code of this test is erroneous, it is invalid for two threads to try to force the same lazy thunk concurrently. But of course such erroneous code should still be memory-safe.
|
The crash indicates a bug. Even with unsynchronized access to lazy, the program shouldn't crash. From https://v2.ocaml.org/api/Stdlib.Lazy.html,
Independently, the |
Also, the title of the PR is making me curious
Is that a recommendation that we will provide when using cleanup-at-exit mode? Even if the programmer doesn't follow that recommendation, the worst that should happen is that resources are not cleaned up (degenerate to the standard "no cleanup at exit" mode), and not a segfault. |
My vague guess as what is going on:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wish there were two comments in the test:
- Point out that this test is intentionally creating a forcing race between domains, to check that we remain memory-safe in that case.
- Point out that the option-wrapping is done to ensure that
Domain.join
is always called.
In my experiments the segfault comes from the domain still running, not from |
Well |
That's completly right. Sorry I didn't think of writing down a detailed explanation. Note that the underlying bug is being worked on in #12964 and #13010. It just happens that our CI is testing cleanup-at-exit while it's not completely implemented yet. @gasche I've added the comments you suggested. |
should not crash. Currently, the implementation raises Undefined, | ||
and that's what we test here. | ||
|
||
Note: due to a bug in the current implementation of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment is likely to go out of sync. When we fix this bug, it is likely that we will not fix this comment as the existing tools (such as running the testsuite) won't help catch this.
My preference should be to remove this Note altogether, with the idea that memory cleanup at exit feature will have a recommendation something to the effect of "When used in a multi-domain program, it is undefined behaviour not to join all the spawned domain before the main domain terminates. Undefined behaviour here includes crashes.".
Additionally, It is not clear what this bug is. If we are keeping this comment in some form, it would be useful to link to the bug report somewhere (or the wip PR #12964).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense, so I removed the merge-me
label for now. (I am not patient enough to wait for @damiendoligez to update his PR, but then I am not motivated enough to fix the comment myself, so for now let's just wait.)
See also commit 78fd956
This test segfaults on my machine in cleanup-at-exit mode.