Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Probabilistic crash on zsh 5.9 on x86_64

X-seq: zsh-workers 51647
From: Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: Probabilistic crash on zsh 5.9 on x86_64
Date: Thu, 13 Apr 2023 14:19:21 +0100 (BST)
Archived-at: <https://zsh.org/workers/51647>
Importance: Normal
In-reply-to: <78EBC2C7-5645-4D35-B285-F140228D444C@kba.biglobe.ne.jp>
List-id: <zsh-workers.zsh.org>
References: <tBWb5KtvEqjlaLFHtCcVrAmwPrj7aqaF50nYi_P69Xa6TiBh0ybu3JumnENwN5dGJJHi-unfO4E8igE27tXgSefdlNpUmOoAZ5fyBKSv2SU=@proton.me> <CAHYJk3QaY_ejw2gCw5d1BzyvB4W3EyU7cb1TWtZpRhx=QSpw+w@mail.gmail.com> <48A7DCE2-AEC1-4777-949C-50917EDCECB1@kba.biglobe.ne.jp> <5C4788C8-4E40-4565-AFE8-84D57949BC8C@ntlworld.com> <267594676.4158370.1681382869709@mail.virginmedia.com> <1621107110.4161180.1681384345108@mail.virginmedia.com> <78EBC2C7-5645-4D35-B285-F140228D444C@kba.biglobe.ne.jp>

> On 13/04/2023 14:02 Jun. T <takimoto-j@xxxxxxxxxxxxxxxxx> wrote:
> > 2023/04/13 20:12、Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>のメール:
> > "watch" says the real culprit is this unsettrap() in starttrapscope().
> > I guess the save and restore action here needs a corresponding
> > useeprog / freeprog, not sure the best way of doing that yet.
> 
> As I wrote before, the entire 'struct shfunc' is freed by
> shfunctab->freenode(shf) (signals.c:982), or freeshfuncnode(shf).
> I think it is not just the problem of the reference count of Eprog
> (shfnc.funcdef.nref).
> Or maybe I misunderstood your post.

"Freeing" really means reducing the reference count and then actually
freeing the structure only when the reference count hits zero.  So
because we want to keep this structure, the reference count shouldn't
be zero at this point (it shouldn't ever be allowed to go to zero
for a permanently allocated structure visible to user code, hence the
DPUTS test), and if it isn't then the problem goes away --- this
becomes just a normal function call.

However, it's not trivial because of the way we save and restore
TRAPEXIT (and possibly other traps).  We do this because the
TRAPEXIT shouldn't be running from within a nested function call.
So what we should logically do is take the code chunk out of the
trap list but marked in such a way that it won't get actually freed,
because we're going to put it back again later, and because someone
may access the same structure meanwhile (as it's permanently
allocated --- the whole point of reference counts being that it's
hard to know for sure who's referring to which code chunk at any
given time).

Unfortunately, it looks like this process is more complicated than
that, involving actual copies, so finding a place to bump the
reference count and then later reduce it again (which would free
the structure if it actually wasn't needed any more at that second
point) isn't trivial, and it's quite possible there is another solution
not involving reference counts.

Hope that's clearer but I'm not sure it is...

pws

Follow-Ups:
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson

References:
- Probabilistic crash on zsh 5.9 on x86_64
  - From: zsh bug report throwaway email thing
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Mikael Magnusson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Jun. T
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Jun. T

Messages sorted by: Reverse Date, Date, Thread, Author