[GHC] #15508: concprog001 fails with various errors when compiled with -prof

GHC ghc-devs at haskell.org
Wed Aug 22 09:18:41 UTC 2018 

#15508: concprog001 fails with various errors when compiled with -prof
-------------------------------------+-------------------------------------
        Reporter:  osa1              |                Owner:  (none)
            Type:  bug               |               Status:  new
        Priority:  high              |            Milestone:  8.6.1
       Component:  Profiling         |              Version:  8.5
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  Runtime crash     |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:                    |  Differential Rev(s):  Phab:D5051
       Wiki Page:                    |
-------------------------------------+-------------------------------------

Comment (by osa1):

 So, as shown in the description this program crashes in many ways. I
 started
 debugging with one of those errors, and found out that at some point
 `cap->r.rCCCS` (a capability's "current cost centre" stack) actually
 points to
 a heap closure instead of a cost centre stack:

 {{{
 >>> print cap->r.rCCCS
 $13 = (struct CostCentreStack_ *) 0x4200213000

 >>> call printClosure(cap->r.rCCCS)
 integer-gmp:GHC.Integer.Type.S#((nil)#)
 }}}

 Then when this capability does allocation `accountAllocation` overwrites a
 info table pointer in this line

 {{{
 CCS_ALLOC(cap->r.rCCCS,n); // Storage.c:802
 }}}

 CCS_ALLOC defined as:

 {{{
 #define CCS_ALLOC(ccs, size) (ccs)->mem_alloc +=
 ((size)-sizeofW(StgProfHeader))
 }}}

 mem_alloc is at this address:

 {{{
 >>> print &cap->r.rCCCS->mem_alloc
 $15 = (StgWord64 *) 0x4200213048
 }}}


 Which is also the info ptr of another closure:

 {{{
 >>> print &((StgClosure*)0x4200213048)->header.info
 $20 = (const StgInfoTable **) 0x4200213048
 }}}

 Originally this closure is;

 {{{
 >>> call printClosure(0x4200213048)
 BLACKHOLE(0x42000dfa40)
 }}}

 So this assignment causes a memory corruption.

 Note that I'm using `+RTS -DS` during all this so any heap location that
 is not filled with 0 are actually in use. (collected space is filled with
 0s with `-DS`)

-- 
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/15508#comment:8>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list