| Title | mpsicv failures |
| Status | closed |
| Priority | essential |
| Assigned user | Gareth Rees |
| Organization | Ravenbrook |
| Description | See [1] and [2]: lii6ll/hot/mpsicv: randomize(): choosing initial state (v3): 1584619597. locus.c:193: MPS ASSERTION FAILED: SigCheck Chain: chain lii6gc/cool/mpsicv: randomize(): choosing initial state (v3): 52883471. trace.c:193: MPS ASSERTION FAILED: SigCheck Chain: trace->chain |
| Analysis | The assertions are caused by the following sequence of events: 1. TracePoll detects that a chain is over-capacity and creates a trace. The Trace object contains a reference to the chain. (This is used to call ChainEndGC so that the chain has an accurate record in chain->activeTraces of which traces are collecting it, and this is used by ChainDeferral to avoid recommending a chain for collection if it is already being collected.) 2. The client program destroys the chain but continues running (for example, it creates a new chain for the next test). 3. Some more tracing happens via TraceQuantum and eventually TraceCheck or ChainCheck is called, but the chain has been destroyed and so the signature check fails. Several problems contribute to this, so we need the following fixes: 1. ChainDestroy should assert that there are no active traces using the chain, so that we discover the problem reliably at step (2) above rather than having to wait for more tracing, if any. 2. TraceQuantum should check its argument so that invalid traces are detected as soon as possible. 3. Test cases should park the arena before destroying their chains. 4. mps_arena_destroy should park the arena before destroying itself, so that it can delete the default chain safely. 5. The manual should explain this requirement in the documentation for mps_chain_destroy and the assertion we added in ChainDestroy should be added to the "common assertions" section. |
| How found | automated_test |
| Evidence | [1] <https://travis-ci.org/Ravenbrook/mps-temporary/jobs/23812452>[2] < https://travis-ci.org/Ravenbrook/mps-temporary/jobs/23812453> |
| Created by | Gareth Rees |
| Created on | 2014-04-11 20:52:51 |
| Last modified by | Gareth Rees |
| Last modified on | 2014-05-12 21:16:23 |
| History | 2014-04-11 GDR Created. |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 186027 | closed | 2014-05-12 13:35:21 | Gareth Rees | Check the Trace argument to TraceQuantum. |
| 186024 | open | 2014-05-12 12:53:46 | Gareth Rees | Park the arena before calling mps_chain_destroy. Speed up mpsicv by reducing number of objects and by only running the test once (there's no inlined mps_tramp any more). |
| 186021 | open | 2014-05-12 11:19:57 | Gareth Rees | Park the arena before destroying the default chain, to ensure that there are no traces using that chain. Fix test cases that used automatic collection, but destroyed data structures without parking the arena. Document the requirement on mps_chain_destroy and add the assertion to "common assertions and their causes". |
| 186013 | open | 2014-05-11 21:47:20 | Gareth Rees | It is an error to destroy a chain if there is an active trace using the chain. |