Bug in GC at Communicator::destroy()
acbell
Member Andrew BellOrganization: Iowa State UniversityProject: National Resources Inventory ✭✭
in Bug Reports
Hi,
I am running 3.0.1 with the 3.0.1 GC patch installed.
The problem is that if an object pointer on stack/global space is the only reference to a GC object, GC::collectGarbage thinks that the GC object should be reclaimed, and deletes it. When the stack unwinds/global space cleans up, another attempt is made to delete the pointed to object and bad things happen (TM).
The problem looks to me to be the line:
counts.insert(pos, ObjectCounts::value_type(*i, (*i)->__getRefUnsafe() - 1));
I'm not sure why the "-1" is here, but then I'm not sure I totally understand the exact thinking.
I've attached a test case. I get a segfault when I hit CTRL-C to exit the program.
Thanks,
I am running 3.0.1 with the 3.0.1 GC patch installed.
The problem is that if an object pointer on stack/global space is the only reference to a GC object, GC::collectGarbage thinks that the GC object should be reclaimed, and deletes it. When the stack unwinds/global space cleans up, another attempt is made to delete the pointed to object and bad things happen (TM).
The problem looks to me to be the line:
counts.insert(pos, ObjectCounts::value_type(*i, (*i)->__getRefUnsafe() - 1));
I'm not sure why the "-1" is here, but then I'm not sure I totally understand the exact thinking.
I've attached a test case. I get a segfault when I hit CTRL-C to exit the program.
Thanks,
0
Comments
Cheers,
Michi.
I have updated both the GC patch against 3.0.0 and the GC patch against 3.0.1.
You can apply these patches against the original 3.0.0 or 3.0.1 source, respectively. Alternatively, you can use the attached src/Ice/GC.cpp and test/Ice/gc/Client.cpp files. If you have previously applied the original 3.0.0 or 3.0.1 patch, you can simply copy these files over the previously patched ones.
Cheers,
Michi.