| Title | sncss test failure |
| Status | closed |
| Priority | optional |
| Assigned user | Gareth Rees |
| Organization | Ravenbrook |
| Description | sncss fails on xci6ll with seed 1817331918 with this assertion: poolsnc.c:317: MPS ASSERTION FAILED: free != NULL |
| Analysis | The assertion is triggered when an allocation frame is popped from an buffer, but SNC cannot find the segment to pop to in the chain of segments attached to the buffer. That's because SNC records the address to pop to using this logic in SNCFramePush [1]: /* Use the scan limit as the lightweight frame pointer */ *frameReturn = (AllocFrame)BufferScanLimit(buf); (and similarly in mps_alloc_frame_push [2]) and then when the frame is popped SNC finds the segment to pop to by calling SegOfAddr on this address. But this fails when BufferScanLimit(buf) is the limit of the segment: then SegOfAddr will, if it succeeds, get the next segment in memory. |
| How found | automated_test |
| Evidence | [1] https://info.ravenbrook.com/project/mps/master/code/poolsnc.c#line-562[2] https://info.ravenbrook.com/project/mps/master/code/mpsi.c#line-954 |
| Test procedure | sncss |
| Created by | Gareth Rees |
| Created on | 2014-10-12 11:18:37 |
| Last modified by | Gareth Rees |
| Last modified on | 2014-10-20 17:06:34 |
| History | 2014-10-12 GDR Created. |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 187220 | closed | 2014-10-12 11:58:13 | Gareth Rees | Don't set a frame pointer at the limit of a segment, as this is ambiguous: is it at the limit of the segment, or at the base of the segment that's adjacent in memory? |