-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[core] kNotDeleted mechanism is broken on some platforms #11330
Comments
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 8, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 8, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 9, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 9, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 9, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 9, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 13, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 21, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 21, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
to pcanal/root
that referenced
this issue
Sep 27, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
pcanal
added a commit
that referenced
this issue
Sep 28, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes #11330
pcanal
added a commit
that referenced
this issue
Sep 28, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes #11330
vgvassilev
pushed a commit
to vgvassilev/root
that referenced
this issue
Oct 1, 2022
On some platform operator delete taints the memory, so even right after the deletion the information stored by ~TObject is already erased. On those platform we no longer rely on the kNotDelete bit hack and rely on the system (which has tainted the memory assumingly for a reason) to detect the use-after-delete problems. Introduce 2 new functions. TObject::IsDestructed (used by TClonesArray) that detects that the destructor has been run and is active in all configuration. This should be used if the code knows that the memory has not been freed/deleted. ROOT::Detail::HasBeenDeleted(TObject*) with returns true if the platform does not taint the memory and if the kNotDeleted is not set (in all other case, it returns false) This fixes root-project#11330
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Full discussion at root-project/roottest#880 .
Taking a look with
gdb
it looks likekNotDeleted
is reset, but then those bits are immediately modified again by_int_free
:where the line that accidentally sets the bit again is 3181 here:
and this version of the test circumvents that behavior of
_int_free
so it does not crash (at least on my laptop):If my understanding is correct, this also means that the test failure is real in the sense that the
kNotDeleted
mechanism does not correctly work on platforms wherefree
has that behavior.From Philippe (root-project/roottest#880 (comment)):
The text was updated successfully, but these errors were encountered: