MPS issue job003760

Titlempsicv failures
Statusclosed
Priorityessential
Assigned userGareth Rees
OrganizationRavenbrook
DescriptionSee [1] and [2]:

lii6ll/hot/mpsicv: randomize(): choosing initial state (v3): 1584619597.
locus.c:193: MPS ASSERTION FAILED: SigCheck Chain: chain

lii6gc/cool/mpsicv: randomize(): choosing initial state (v3): 52883471.
trace.c:193: MPS ASSERTION FAILED: SigCheck Chain: trace->chain
AnalysisThe assertions are caused by the following sequence of events:

1. TracePoll detects that a chain is over-capacity and creates a trace. The Trace object contains a reference to the chain. (This is used to call ChainEndGC so that the chain has an accurate record in chain->activeTraces of which traces are collecting it, and this is used by ChainDeferral to avoid recommending a chain for collection if it is already being collected.)

2. The client program destroys the chain but continues running (for example, it creates a new chain for the next test).

3. Some more tracing happens via TraceQuantum and eventually TraceCheck or ChainCheck is called, but the chain has been destroyed and so the signature check fails.

Several problems contribute to this, so we need the following fixes:

1. ChainDestroy should assert that there are no active traces using the chain, so that we discover the problem reliably at step (2) above rather than having to wait for more tracing, if any.

2. TraceQuantum should check its argument so that invalid traces are detected as soon as possible.

3. Test cases should park the arena before destroying their chains.

4. mps_arena_destroy should park the arena before destroying itself, so that it can delete the default chain safely.

5. The manual should explain this requirement in the documentation for mps_chain_destroy and the assertion we added in ChainDestroy should be added to the "common assertions" section.
How foundautomated_test
Evidence[1] <https://travis-ci.org/Ravenbrook/mps-temporary/jobs/23812452>
[2] <https://travis-ci.org/Ravenbrook/mps-temporary/jobs/23812453>
Created byGareth Rees
Created on2014-04-11 20:52:51
Last modified byGareth Rees
Last modified on2014-05-12 21:16:23
History2014-04-11 GDR Created.

Fixes

Change Effect Date User Description
186027 closed 2014-05-12 13:35:21 Gareth Rees Check the Trace argument to TraceQuantum.
186024 open 2014-05-12 12:53:46 Gareth Rees Park the arena before calling mps_chain_destroy.
Speed up mpsicv by reducing number of objects and by only running the test once (there's no inlined mps_tramp any more).
186021 open 2014-05-12 11:19:57 Gareth Rees Park the arena before destroying the default chain, to ensure that there are no traces using that chain.
Fix test cases that used automatic collection, but destroyed data structures without parking the arena.
Document the requirement on mps_chain_destroy and add the assertion to "common assertions and their causes".
186013 open 2014-05-11 21:47:20 Gareth Rees It is an error to destroy a chain if there is an active trace using the chain.