MPS issue job003883

TitleSNC walks and scans dead objects
Statusclosed
Priorityoptional
Assigned userGareth Rees
OrganizationRavenbrook
DescriptionIf you do some allocation in an SNC pool, free some objects (by popping an allocation frame) and then call mps_arena_formatted_objects_walk, the visitor function gets called on dead objects as well as live objects.
AnalysisThere are two problems:

1. SNCWalk walks all segments that are not grey, and this includes free segments.

2. SNCWalk and SNCScan consider objects up to ap->init, but this is invalid if there is a pop pending.

Fixing problem (1) is straightforward (we can pad out freed segments), but problem (2) is hard. What do we do when there's a pop pending from segment A to an address in segment B? When looking at segment B there's no way to know that some of its objects are dead.
How foundautomated_test
EvidenceNone
Test procedurewalkt0
Created byGareth Rees
Created on2014-10-12 12:38:40
Last modified byGareth Rees
Last modified on2014-10-20 17:06:13
History2014-10-12 GDR Created.

Fixes

Change Effect Date User Description
187224 closed 2014-10-12 15:20:57 Gareth Rees Fix scanning/walking for SNC:
Record which segments are free and don't walk them (objects in these segments are dead).
If a buffered segment has a pending pop, don't scan or walk objects beyond the address that's going to be popped to (these objects are also dead).
Don't try to do a lightweight pop to an address that's not in the segment attached to the buffer -- the segment being popped to (and any other segments on the stack in between) are now dead, and the only way to mark them as being dead is to do a heavyweight pop.