This is a multi-part message in MIME format.
--------------070402080607070809020606
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Calling all cRuby core wizards!
If you run the attached example inside valgrind, among
the usual rash of uninitialized data complaints caused
by Ruby's conservative GC, you'll
note a couple invalid reads from an already freed memory block.
What appears to be happening is that the struct BLOCK allocated
at the beginning of rb_thread_start_0() is referenced by
the continuation (assigned $c4 in nestedthreadbug.rb).
After the thread ends. rb_thread_0() frees the struct BLOCK
it malloc'ed causing the invalid memory references
to occur on the next GC mark cycle.
The example .rb file runs for about 30 seconds.
I can prevent the errors by removing the free of the struct BLOCK
malloc'ed in rb_thread_0(), but then I have a memory leak.
Can anyone replicate this bug?
Better yet, does anyone have any suggestions on how to fix it?
I tried marking struct BLOCKs referenced by Continuations
with a special "BLOCK_KEEP" (analogous to
BLOCK_DYNAMIC) flag to allow rb_thread_0()
to free only those not so marked. This works, but it
still leaves a small memory leak. I've got to believe
there is a fundamentally better way...
Example valgrind complaint:
�0327�Invalid read of size 4
�0327� at 0x8067C72: thread_mark (eval.c:10205)
�0327� by 0x80735CC: gc_mark_children (gc.c:998)
�0327� by 0x80731FF: gc_mark (gc.c:787)
�0327� by 0x8073141: rb_gc_mark_maybe (gc.c:756)
�0327� by 0x80D4FAF: val_marker (variable.c:420)
�0327� by 0x80D5042: mark_global_entry (variable.c:465)
�0327� by 0x80C5285: st_foreach (st.c:487)
�0327� by 0x80D50A7: rb_gc_mark_global_tbl (variable.c:478)
�0327� by 0x8074227: garbage_collect (gc.c:1440)
�0327� by 0x8074289: rb_gc (gc.c:1469)
�0327� by 0x807429B: rb_gc_start (gc.c:1486)
�0327� by 0x805F620: call_cfunc (eval.c:5697)
�0327� Address 0x426CB08 is 104 bytes inside a block of size 108 free'd
�0327� at 0x40212AC: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
�0327� by 0x8064388: blk_free (eval.c:8255)
�0327� by 0x806AB31: rb_thread_start_0 (eval.c:12108)
�0327� by 0x806AEC9: rb_thread_initialize (eval.c:12252)
�0327� by 0x805F5E6: call_cfunc (eval.c:5691)
�0327� by 0x805EB74: rb_call0 (eval.c:5850)
�0327� by 0x8060126: rb_call (eval.c:6097)
�0327� by 0x80604C4: rb_funcall2 (eval.c:6233)
�0327� by 0x806301A: rb_obj_call_init (eval.c:7629)
�0327� by 0x806ADD8: rb_thread_s_new (eval.c:12206)
�0327� by 0x805F60A: call_cfunc (eval.c:5694)
�0327� by 0x805EB74: rb_call0 (eval.c:5850)
--
Brent Roman
mailto:brent / mbari.org http://www.mbari.org/~brent
--------------070402080607070809020606
Content-Type: application/x-extension-rb;
name�estedthreadbug.rb"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename�estedthreadbug.rb"
IyEvdXNyL2Jpbi9lbnYgcnVieQojICBSdW4gdGhpcyB3aXRoIHZhbGdyaW5kIHRvIGRlbW9u
c3RyYXRlIHRoYXQKIyBDb250aW51YXRpb25zIHRoYXQgaW5jbHVkZSBkZWFkIHRocmVhZHMg
aW4gdGhlaXIgYmxvY2sKIyBjaGFpbiByZXVsdCBpbiB0aHJlYWRfbWFyaygpIG1hcmtpbmcg
YSBzdHJ1Y3QgQkxPQ0sgdGhhdCAKIyByYl90aHJlYWRfc3RhcnRfMCgpIGhhZCBhbHJlYWR5
IGZyZWVkIHdoZW4gdGhlIGlubmVyIHRocmVhZCBkaWVkLgojCiNXaXRob3V0IHZhbGdyaW5k
LCB0aGlzIG1heSBjYXVzZSBhIHNlZ21lbnQgdmlvbGF0aW9uCiNkdXJpbmcgaGUgbmV4dCBH
QyBjeWNsZS4KIwojICBUaGlzIGJ1ZyBvY2N1cnMgaW4gYm90aCBSdWJ5IDEuOC42IGFuZCAx
LjYuOAojCgpkZWYgbmVzdGVkVGhyZWFkQnVnIGFueU9sZFBhcmFtZXRlciwgcGFybTIKICBp
bm5lciA9IG5pbAogIG91dGVyID0gVGhyZWFkLm5ldyhUaHJlYWQuY3VycmVudCkgZG8gfHBh
c3NlZFRocmVhZHwKICAkYzQgPSBjYWxsY2Mge3xjfCBjfQogICAgc2xlZXAgNQogICAgcHV0
cyAoIk91dGVyIHRocmVhZCB0ZXJtaW5hdGluZy4iKQogICAgaW5uZXIgPSBUaHJlYWQubmV3
IHBhc3NlZFRocmVhZCBkbwogICAgICBzbGVlcCAxMAogICAgICBwdXRzICgiSW5uZXIgdGhy
ZWFkIHRlcm1pbmF0aW5nIikKICAgIGVuZAogIGVuZAogIHlpZWxkKG91dGVyKQogIG91dGVy
LnZhbHVlCiAgaW5uZXIKZW5kCgppbm5lciA9IG5lc3RlZFRocmVhZEJ1ZyAiZHVtbXkiLCAi
ZHVtbXkyIiBkbyB8dGhyZWFkfAogIHNsZWVwIDEyCiAgR0Muc3RhcnQKICB0aHJlYWQudmFs
dWUKZW5kCmlubmVyLmpvaW4KcHV0cyAiTUFJTiB0aHJlYWQgbm9ybWFsIHRlcm1pbmF0aW9u
IgpHQy5zdGFydAo--------------070402080607070809020606--