-
Notifications
You must be signed in to change notification settings - Fork 214
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix liveslots double-free of virtual object/collection
When A and B are any combination of virtual objects or collections, and A holds a reference to B, and no other vdata/export references exist to either, and both A and B's Representatives are dropped, and both drops are noticed in the same BOYD, and A's vref is lexicographically earlier than B's, then liveslots would attempt to free B twice. The cause was using `vrm.possibleVirtualObjectDeath()`, which combines a remaining-pillar check with the deletion code. Deleting a virtual object or collection necessarily examines the contents (to decrement their refcounts), and will add vrefs to possiblyDeadSet in the process. For our example, deleting A caused B to get added back to possiblyDeadSet, which caused a second deletion attempt as scanForDeadObjects looped back around to pick up second-level dead objects, even though B was deleted during the first pass, a moment after A. If B's vref sorted earlier than A, possibleVirtualObjectDeath would have not deleted B on the first pass, leaving it for the second, and only trying to delete it once. In earlier versions of the code, this double free was silently ignored. But since the introduction of dataCache and schemaCache, this causes an assertion to fail, causing a crash. The fix is to filter possiblyDeadSet through a new `vrm.isVirtualObjectReachable()` predicate to generate deadSet, and *then* delete the objects with a new `vrm.deleteVirtualObject`. closes #7353
- Loading branch information
Showing
4 changed files
with
90 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters