MPS issue job003525

TitlePointers from MPS stack pin down user objects
Assigned userRichard Brooksby
DescriptionWhen the MPS scans the stack of the mutator thread that calls the MPS (the only thread in single-threaded uses) it starts at the current stack pointer and register contents. This means that it scans its own stack as well as the mutator's. We know that the MPS stack is not part of the mutator's graph of objects, but it is very likely to contain pointers to base addresses of pages and segments, causing them to be pinned down. This causes zone pollution. We know this really happens, as it has been observed in a commercial customisation of the MPS.
AnalysisThe MPS should scan the mutator's registers and stack only. That is, the stack above the entry point to the MPS, and the register contents that the mutator had on call. We can get at these in a semi-portable manner by calling setjmp at any entry point to the MPS that might scan the stack, and scanning the jmp_buf and the stack it refers to.

Adapt sc.h (stack context) for the open source MPS (needs platform-specific research). Apply it on those entry points at least. Possibly on every ArenaEnter.

See orginal e-mail thread [1] [2] [3] [4] [5] [6] [7] and review thread [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19].

GDR 2014-05-01: Note that if we implement this then we will be in a position to fix job003780.

Here's some analysis of which entry points might call StackScan (and so need the stack context to have been recorded at ArenaEnter). StackScan is called by ThreadScan ← mps_stack_scan_ambig ← RootScan ← traceScanRootRes ← traceScanRoot ← rootFlip ← traceFlip ← TraceStart ← TracePoll, and then:

    - TracePoll
      - ArenaPoll
        - mps_alloc
        - mps_ap_fill
        - mps_ap_fill_with_reservoir_permit
        - mps_ap_alloc_pattern_end
        - mps_ap_alloc_pattern_reset
        - ArenaRelease
          - mps_arena_release
          - ArenaStartCollect
            - mps_arena_start_collect
            - ArenaCollect
              - mps_arena_collect
      - ArenaStep
        - mps_arena_step
    - TraceStartCollectAll
      - ArenaStep.
      - ArenaStartCollect.
      - TracePoll.

so only these nine entry points might flip, and so need the stack context. This kind of analysis is delicate, though -- it will be a good idea to assert in StackScan that we have the stack context, but if we don't, then get it anyway.
How foundinspection
Evidence[1] <>
[2] <>
[3] <>
[4] <>
[5] <>
[6] <>
[7] <>
[8] <>
[9] <>
[10] <>
[11] <>
[12] <>
[13] <>
[14] <>
[15] <>
[16] <>
[17] <>
[18] <>
[19] <>
Observed in1.109.0
Created byRichard Brooksby
Created on2013-06-20 17:05:19
Last modified byGareth Rees
Last modified on2018-07-11 15:21:33
History2013-06-20 RB Created.


Change Effect Date User Description
194595 closed 2018-07-11 15:20:49 Gareth Rees Merge branch/2014-10-26/sc into the master sources.
187412 open 2014-10-26 22:18:57 Gareth Rees Save mutator context on entry to the MPS.