 |
lua-l archive |
|
|
||
|
On 09.11.2011 17:31, Benoit Germain wrote:
2011/11/9 Philipp Janda<siffiejoe@gmx.net>:Hi!I've submitted the Makefile fix and (hopefully) the last warnings.
Works now.
The glibc memory corruption is gone, but now I get an assertion failure on 'make test' (not always on the first test, but I don't get far): lua5.1: lanes.c:1018: selfdestruct_remove: Assertion `found' failed. Aborted (core dumped)Just inspecting the code leaves me stumped. This assertion means that the lane structure 's' thinks itself inside the self-destruct chain, but when looking for it we don't find it. The strange thing is, all insertions and removals happen under lock, so there must be something I do wrong, but I don't know what yet... and that leaves me wondering why I don't ever raise it with win32 builds.
A quick and dirty fix is to remove the 'free( s)' at lanes.c:1156. The problem is a race condition between the actual thread killing in selfdestruct_atexit and selfdestruct_remove and accessing free'd memory. pthread_cancel - which is used for thread killing under Linux - only sends cancellation requests, but the thread runs until it reaches a cancellation point which is one of about 60 functions defined by POSIX. In this case the thread reads from a Linda structure that has been free'd after the pthread_cancel call and finds something in the selfdestruct_next pointer that has been left there by the heap manager.
A proper solution would probably involve using pthread_cleanup_push to free the Lane's memory on actual cancellation.
Now I get a SIGSEGV in tests/atexit.lua :-) Philipp