Bug 14336 – Invalid memory access in struct destructor in std.uni

Created attachment 1495 Valgrind log Valgrind (with my Valgrind branch [1]) reports an incorrect memory access in std.uni.CowArray destructors (see attachment). It looks like the following happens: - The destructor is finalizing a heap-allocated array of InversionList!GcPolicy structs. - InversionList doesn't have a destructor, but it has a CowArray field ("data"). CowArray has a destructor, so one is automatically generated for InversionList. - CowArray!GcPolicy.~this calls the refCount @property. - The refCount @property attempts to refer to the heap-allocated (via GcPolicy) uint[] data field, which has already been destroyed by the GC. As I understand, this is an invalid memory access. [1]: https://github.com/CyberShadow/druntime/compare/pull-20150323-233811-gc-debug...valgrind

(In reply to Vladimir Panteleev from comment #0) > Created attachment 1495 [details] > Valgrind log > > Valgrind (with my Valgrind branch [1]) reports an incorrect memory access in > std.uni.CowArray destructors (see attachment). > > It looks like the following happens: > > - The destructor is finalizing a heap-allocated array of > InversionList!GcPolicy structs. > - InversionList doesn't have a destructor, but it has a CowArray field > ("data"). CowArray has a destructor, so one is automatically generated for > InversionList. > - CowArray!GcPolicy.~this calls the refCount @property. > - The refCount @property attempts to refer to the heap-allocated (via > GcPolicy) uint[] data field, which has already been destroyed by the GC. As > I understand, this is an invalid memory access. > Do you know a way to see if we are in GC finalizer vs normal destructor?

(In reply to Dmitry Olshansky from comment #1) > > Do you know a way to see if we are in GC finalizer vs normal destructor? gc_inFinalizer discussion here: https://issues.dlang.org/show_bug.cgi?id=17563

Maybe the following PR is related (or close to) this issue? It jail's previously possible (as per dmd analysis) escaping this.data pointer through InversionList.byInterval() with -dip1000. https://github.com/dlang/phobos/pull/6041

(In reply to Vladimir Panteleev from comment #0) > Valgrind (with my Valgrind branch [1]) reports an incorrect memory access in > std.uni.CowArray destructors (see attachment). I submitted https://github.com/dlang/phobos/pull/6041 to fix a std.uni.d -dip1000 issue (there is no @trusted in InversionList!GcPolicy, CowArray or GcPolicy any more (only ReallocPolicy currently still has @trusted), thus theoretically it should be memory safe for GcPolicy) and want to check, whether Your issue is fixed as well. I assume, current druntime code doesn't cover memcheck, thus Your valgrind branch is still required. Due to my current lack of sufficient druntime knowledge, I failed to merge Your valgrind branch (conflicts in src/gc/impl/conservative/gc.d). Will You please update Your valgrind branch or at least conservative/gc.d to be mergable with current druntime/master, or give me a hint how to do that? Thanks :-)

(In reply to Carsten Blüggel from comment #4) > (In reply to Vladimir Panteleev from comment #0) > > Valgrind (with my Valgrind branch [1]) reports an incorrect memory access in > > std.uni.CowArray destructors (see attachment). > > I submitted https://github.com/dlang/phobos/pull/6041 to fix a std.uni.d > -dip1000 issue (there is no @trusted in InversionList!GcPolicy, CowArray or > GcPolicy any more (only ReallocPolicy currently still has @trusted), thus > theoretically it should be memory safe for GcPolicy) and want to check, > whether Your issue is fixed as well. > I assume, current druntime code doesn't cover memcheck, thus Your valgrind > branch is still required. Due to my current lack of sufficient druntime > knowledge, I failed to merge Your valgrind branch (conflicts in > src/gc/impl/conservative/gc.d). > Sadly it won't fix low-level detail of using the data allocated from GC during finalization. On the other hand that makes Finalizers in GC pretty much useless as you can't touch any memory.

THIS ISSUE HAS BEEN MOVED TO GITHUB https://github.com/dlang/phobos/issues/9656 DO NOT COMMENT HERE ANYMORE, NOBODY WILL SEE IT, THIS ISSUE HAS BEEN MOVED TO GITHUB