| Title | MVT attempts to free a segment with a buffer attached |
| Status | closed |
| Priority | optional |
| Assigned user | Richard Brooksby |
| Organization | Ravenbrook |
| Description | The MVT pool fails with an assertion when running the djbench benchmark test. In release build this leads to a segmentation violation. In //info.ravenbrook.com/project/mps/master/...@184125 on 64-bit Mac OS X. $ xcodebuild -config Debug -target djbench $ xc/Debug/djbench --seed 1078153831 --sshift 14 mvt seed: 1078153831 /Volumes/Silverbird-HD/Local/Users/rb/p4/ravenbrook/mps/master/code/seg.c:1176: MPS ASSERTION FAILED: gcseg->buffer == NULL Abort trap: 6 |
| Analysis | The djbench is holding a single allocation point, but it's currently committed and at the limit of a segment. It has also freed everything in that segment. So, in spite of being attached to a buffer, it's free. The MVT pool has put the segment (possibly within a coalesced block) on its available block queue. Later, another free pushes that block out of the ABQ, and the MVT pool attempts to return it to the arena. MVT is not doing anything fundamentally unsafe. The whole segment has been freed by the client program, and the allocation point is going to trip on the next reserve anyway. MVT should detect that this case before freeing the segment and detach/trip the buffer. |
| How found | manual_test |
| Evidence | <https://info.ravenbrook.com/mail/2014/01/24/15-37-46/0/> |
| Created by | Richard Brooksby |
| Created on | 2014-01-31 12:38:25 |
| Last modified by | Richard Brooksby |
| Last modified on | 2014-02-19 13:58:37 |
| History | 2014-01-31 RB Created. |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 184389 | closed | 2014-02-19 13:58:37 | Richard Brooksby | Detaching buffers from segments before freeing them in MVT. |