|Title||SNC walks and scans dead objects|
|Assigned user||Gareth Rees|
|Description||If you do some allocation in an SNC pool, free some objects (by popping an allocation frame) and then call mps_arena_formatted_objects_walk, the visitor function gets called on dead objects as well as live objects.|
|Analysis||There are two problems:|
1. SNCWalk walks all segments that are not grey, and this includes free segments.
2. SNCWalk and SNCScan consider objects up to ap->init, but this is invalid if there is a pop pending.
Fixing problem (1) is straightforward (we can pad out freed segments), but problem (2) is hard. What do we do when there's a pop pending from segment A to an address in segment B? When looking at segment B there's no way to know that some of its objects are dead.
|Created by||Gareth Rees|
|Created on||2014-10-12 12:38:40|
|Last modified by||Gareth Rees|
|Last modified on||2014-10-20 17:06:13|
|History||2014-10-12 GDR Created.|
|187224||closed||2014-10-12 15:20:57||Gareth Rees||Fix scanning/walking for SNC:
Record which segments are free and don't walk them (objects in these segments are dead).
If a buffered segment has a pending pop, don't scan or walk objects beyond the address that's going to be popped to (these objects are also dead).
Don't try to do a lightweight pop to an address that's not in the segment attached to the buffer -- the segment being popped to (and any other segments on the stack in between) are now dead, and the only way to mark them as being dead is to do a heavyweight pop.