[GHC] #7919: Heap corruption (segfault) from large 'let' expression
GHC
cvs-ghc at haskell.org
Fri May 17 23:27:30 CEST 2013
#7919: Heap corruption (segfault) from large 'let' expression
-------------------------------+--------------------------------------------
Reporter: duncan | Owner:
Type: bug | Status: patch
Priority: normal | Milestone:
Component: Runtime System | Version: 7.6.3
Keywords: | Os: Linux
Architecture: x86_64 (amd64) | Failure: Runtime crash
Difficulty: Unknown | Testcase:
Blockedby: | Blocking:
Related: |
-------------------------------+--------------------------------------------
Changes (by igloo):
* status: new => patch
* difficulty: => Unknown
Comment:
The program works with this patch:
{{{
diff --git a/rts/sm/GCUtils.c b/rts/sm/GCUtils.c
index 996b5f6..97d07ea 100644
--- a/rts/sm/GCUtils.c
+++ b/rts/sm/GCUtils.c
@@ -180,7 +180,7 @@ todo_block_full (nat size, gen_workspace *ws)
// the limit.
if (!looksEmptyWSDeque(ws->todo_q) ||
(ws->todo_free - bd->u.scan < WORK_UNIT_WORDS / 2)) {
- if (ws->todo_free + size < bd->start + bd->blocks * BLOCK_SIZE_W)
{
+ if (ws->todo_free + size <= bd->start + bd->blocks *
BLOCK_SIZE_W) {
ws->todo_lim = stg_min(bd->start + bd->blocks * BLOCK_SIZE_W,
ws->todo_lim +
stg_max(WORK_UNIT_WORDS,size));
debugTrace(DEBUG_gc, "increasing limit for %p to %p",
bd->start, ws->todo_lim);
}}}
(note that the comment says "It cannot be empty, because then there would
be enough room to copy the current object", but the comment and this guard
don't agree when the size exactly fills the available space).
I haven't looked at what exactly is going on, so want to check that this
really looks right before committing, though.
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/7919#comment:2>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list