[Issue 14336] Invalid memory access in struct destructor in std.uni

Sep 08, 2017

Dmitry Olshansky

Sep 08, 2017

Dmitry Olshansky

Sep 12, 2017

Sep 13, 2017

Jan 23, 2018

Feb 06, 2018

Feb 06, 2018

Mar 03, 2018

Dec 17, 2022

https://issues.dlang.org/show_bug.cgi?id=14336 Dmitry Olshansky <dmitry.olsh@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |critical --

https://issues.dlang.org/show_bug.cgi?id=14336 --- Comment #1 from Dmitry Olshansky <dmitry.olsh@gmail.com> --- (In reply to Vladimir Panteleev from comment #0) > Created attachment 1495 [details] > Valgrind log > > Valgrind (with my Valgrind branch [1]) reports an incorrect memory access in > std.uni.CowArray destructors (see attachment). > > It looks like the following happens: > > - The destructor is finalizing a heap-allocated array of > InversionList!GcPolicy structs. > - InversionList doesn't have a destructor, but it has a CowArray field > ("data"). CowArray has a destructor, so one is automatically generated for > InversionList. > - CowArray!GcPolicy.~this calls the refCount @property. > - The refCount @property attempts to refer to the heap-allocated (via > GcPolicy) uint[] data field, which has already been destroyed by the GC. As > I understand, this is an invalid memory access. > Do you know a way to see if we are in GC finalizer vs normal destructor? --

https://issues.dlang.org/show_bug.cgi?id=14336 safety0ff.bugz <safety0ff.bugz@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |safety0ff.bugz@gmail.com --- Comment #2 from safety0ff.bugz <safety0ff.bugz@gmail.com> --- (In reply to Dmitry Olshansky from comment #1) > > Do you know a way to see if we are in GC finalizer vs normal destructor? gc_inFinalizer discussion here: https://issues.dlang.org/show_bug.cgi?id=17563 --

https://issues.dlang.org/show_bug.cgi?id=14336 Carsten Blüggel <chilli@posteo.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chilli@posteo.net --- Comment #3 from Carsten Blüggel <chilli@posteo.net> --- Maybe the following PR is related (or close to) this issue? It jail's previously possible (as per dmd analysis) escaping this.data pointer through InversionList.byInterval() with -dip1000. https://github.com/dlang/phobos/pull/6041 --

https://issues.dlang.org/show_bug.cgi?id=14336 --- Comment #4 from Carsten Blüggel <chilli@posteo.net> --- (In reply to Vladimir Panteleev from comment #0) > Valgrind (with my Valgrind branch [1]) reports an incorrect memory access in > std.uni.CowArray destructors (see attachment). I submitted https://github.com/dlang/phobos/pull/6041 to fix a std.uni.d -dip1000 issue (there is no @trusted in InversionList!GcPolicy, CowArray or GcPolicy any more (only ReallocPolicy currently still has @trusted), thus theoretically it should be memory safe for GcPolicy) and want to check, whether Your issue is fixed as well. I assume, current druntime code doesn't cover memcheck, thus Your valgrind branch is still required. Due to my current lack of sufficient druntime knowledge, I failed to merge Your valgrind branch (conflicts in src/gc/impl/conservative/gc.d). Will You please update Your valgrind branch or at least conservative/gc.d to be mergable with current druntime/master, or give me a hint how to do that? Thanks :-) --

February 06, 2018

[Issue 14336] Invalid memory access in struct destructor in std.uni

Posted by Dmitry Olshansky

Permalink

Dmitry Olshansky

Permalink

https://issues.dlang.org/show_bug.cgi?id=14336

--- Comment #5 from Dmitry Olshansky <dmitry.olsh@gmail.com> ---
(In reply to Carsten Blüggel from comment #4)
> (In reply to Vladimir Panteleev from comment #0)
> > Valgrind (with my Valgrind branch [1]) reports an incorrect memory access in
> > std.uni.CowArray destructors (see attachment).
> 
> I submitted https://github.com/dlang/phobos/pull/6041 to fix a std.uni.d
> -dip1000 issue (there is no @trusted in InversionList!GcPolicy, CowArray or
> GcPolicy any more (only ReallocPolicy currently still has @trusted), thus
> theoretically it should be memory safe for GcPolicy) and want to check,
> whether Your issue is fixed as well.
> I assume, current druntime code doesn't cover memcheck, thus Your valgrind
> branch is still required. Due to my current lack of sufficient druntime
> knowledge, I failed to merge Your valgrind branch (conflicts in
> src/gc/impl/conservative/gc.d).
> 


Sadly it won't fix low-level detail of using the data allocated from GC during finalization.

On the other hand that makes Finalizers in GC pretty much useless as you can't touch any memory.

--

https://issues.dlang.org/show_bug.cgi?id=14336 Walter Bright <bugzilla@digitalmars.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |safe CC| |bugzilla@digitalmars.com --

https://issues.dlang.org/show_bug.cgi?id=14336 Iain Buclaw <ibuclaw@gdcproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P1 |P2 --

Forums