MPS issue job003672

TitleMVT attempts to free a segment with a buffer attached
Statusclosed
Priorityoptional
Assigned userRichard Brooksby
OrganizationRavenbrook
DescriptionThe MVT pool fails with an assertion when running the djbench benchmark test. In release build this leads to a segmentation violation.

In //info.ravenbrook.com/project/mps/master/...@184125 on 64-bit Mac OS X.
$ xcodebuild -config Debug -target djbench
$ xc/Debug/djbench --seed 1078153831 --sshift 14 mvt
seed: 1078153831
/Volumes/Silverbird-HD/Local/Users/rb/p4/ravenbrook/mps/master/code/seg.c:1176: MPS ASSERTION FAILED: gcseg->buffer == NULL
Abort trap: 6
AnalysisThe djbench is holding a single allocation point, but it's currently committed and at the limit of a segment. It has also freed everything in that segment. So, in spite of being attached to a buffer, it's free. The MVT pool has put the segment (possibly within a coalesced block) on its available block queue. Later, another free pushes that block out of the ABQ, and the MVT pool attempts to return it to the arena.

MVT is not doing anything fundamentally unsafe. The whole segment has been freed by the client program, and the allocation point is going to trip on the next reserve anyway. MVT should detect that this case before freeing the segment and detach/trip the buffer.
How foundmanual_test
Evidence<https://info.ravenbrook.com/mail/2014/01/24/15-37-46/0/>
Created byRichard Brooksby
Created on2014-01-31 12:38:25
Last modified byRichard Brooksby
Last modified on2014-02-19 13:58:37
History2014-01-31 RB Created.

Fixes

Change Effect Date User Description
184389 closed 2014-02-19 13:58:37 Richard Brooksby Detaching buffers from segments before freeing them in MVT.