[GHC] #11500: C finalizer of a finalized ForeignPtr may be called again when RTS shuts down

GHC ghc-devs at haskell.org
Wed Jan 27 09:32:20 UTC 2016 

#11500: C finalizer of a finalized ForeignPtr may be called again when RTS shuts
down
-------------------------------------+-------------------------------------
           Reporter:  skydust        |             Owner:
               Type:  bug            |            Status:  new
           Priority:  normal         |         Milestone:
          Component:  Runtime        |           Version:  7.8.3
  System                             |
           Keywords:                 |  Operating System:  Unknown/Multiple
       Architecture:                 |   Type of failure:  None/Unknown
  Unknown/Multiple                   |
          Test Case:                 |        Blocked By:
           Blocking:                 |   Related Tickets:
Differential Rev(s):                 |         Wiki Page:
-------------------------------------+-------------------------------------
 The C finalizer of a ForeignPtr that was explicitly finalized
 (finalizeForeignPtr) is sometimes called again when the RTS shuts down.

 Expected behaviour:
  - The test script (./test.sh) below never stops

 Observed behaviour:
  - After a while, the test script stops with an error message indicating
 double free or memory corruption

 {{{#!sh
 $ ./test.sh
 }}}
 {{{
 [1 of 1] Compiling Main             ( finalizer_hs.hs, finalizer_hs.o )
 Linking finalizer_hs ...
 *** Error in `./finalizer_hs': double free or corruption (!prev):
 0x00000000010b85e0 ***
 ./test.sh: line 3: 20482 Aborted                 (core dumped)
 ./finalizer_hs +RTS -N
 178
 }}}

 File finalizer_hs.hs
 {{{#!hs
 {-# LANGUAGE ForeignFunctionInterface #-}

 import Foreign (Ptr, FunPtr, malloc)
 import Foreign.ForeignPtr (newForeignPtr, finalizeForeignPtr)
 import Control.Monad (forM, forM_)

 foreign import ccall "stdlib.h &free" p_free :: FunPtr (Ptr a -> IO ())

 main :: IO ()
 main = do
     fps <- forM [1 .. 10000] $ \_ -> do
         p <- malloc
         newForeignPtr p_free (p :: Ptr Int)
     forM_ fps finalizeForeignPtr
 }}}

 File test.sh:
 {{{#!sh
 ghc finalizer_hs.hs -threaded
 CNT=0
 while ./finalizer_hs +RTS -N; do CNT=$((CNT+1)); done
 echo $CNT
 }}}

 Note: running several instances of ./test.sh concurrently triggers the
 problem faster

 Issue detected on following tested setups:
  - Linux 32bit GHC 7.10.2
  - Linux 64bit GHC 7.8.3
  - Linux 64bit GHC 7.8.4

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/11500>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list