fix random failure in Marshal.from_{string,bytes} (PR#12056) by damiendoligez · Pull Request #12064 · ocaml/ocaml

damiendoligez · 2023-03-02T14:30:24Z

The problem is pretty basic after all: a minor GC occurs while caml_input_val_from_bytes is holding an infix pointer into a string located in the minor heap.

The fix involves moving the call to intern_decompress_input after intern_alloc_storage and removing the comment that says not to do that. The comment was misleading because intern_alloc_storage only allocates in the minor heap while intern_decompress_input frees memory in malloc land, so they can't interact anyway.

Fixes (one part of) #12056

gasche · 2023-03-02T16:24:17Z

The comment was misleading because intern_alloc_storage only allocates in the minor heap while intern_decompress_input frees memory in malloc land, so they can't interact anyway.

I read the comment as not being about memory safety, but rather about concerns on the maximal memory usage of the process (so more like OOM conditions, etc.). If I take a large compressed payload that decompresses into an even larger uncompressed payload, I don't want to have to hold the two alive at the same time in my memory (irrespectively of whether they are GG- or malloc-owned).

My proposal for the fix:

change intern_decompress_input to return a boolean that is true if decompression happened
(if that boolean is true in the current function, then intern_src is not inside a GC-owned block anymore)
after intern_alloc_storage, refresh intern_src if no decompression happened

Note: the bug that you are fixing was introduced by the decompression PR. The test was already flaky before that, but it failed much less often. There are probably other bugs still lurking.

damiendoligez · 2023-03-02T16:36:08Z

I read the comment as not being about memory safety, but rather about concerns on the maximal memory usage of the process (so more like OOM conditions, etc.). If I take a large compressed payload that decompresses into an even larger uncompressed payload, I don't want to have to hold the two alive at the same time in my memory (irrespectively of whether they are GG- or malloc-owned).

That's exactly how I read it too, and it's still misleading because intern_alloc_storage doesn't allocate anything when the payload is large.

Note: the bug that you are fixing was introduced by the decompression PR. The test was already flaky before that, but it failed much less often. There are probably other bugs still lurking.

Yes, I forgot to mention that. I tried a bit, but failed to reproduce it.

xavierleroy · 2023-03-02T16:39:23Z

OK, so it was my fault after all, sorry for having introduced this bug in #12006.

For intern_alloc_storage, we're both right / both wrong : it does allocate in the OCaml heap, which I missed completely, but it also allocates the shared object table using caml_stat_alloc. That's why I was tempted to decompress before doing this allocation, so that the block of compressed data allocated (using caml_stat_alloc too) in caml_input_val can be freed and its space reused. There's nothing "misleading" in that, just premature optimization, maybe.

gasche · 2023-03-02T16:47:54Z

(We get to blame the flaky test. It's its fault if we didn't trust it when it failed on the PR. Maybe.)

xavierleroy

Good fix, thanks. I still like the comment you removed, but won't fight for it.

xavierleroy · 2023-03-02T16:47:48Z

Changes

+- #12056, #12057, #??: Random failure in Marshal.from_{string,bytes}
+  (Damien Doligez, review by ??)


I'll let the Changelog police tell you if you need a separate entry for these or if they should be merged with #12006 .

police heree: it's as Damien prefers.

xavierleroy · 2023-03-02T16:49:11Z

runtime/intern.c

  intern_alloc_storage(s, h.whsize, h.num_objects);
+  s->intern_src = &Byte_u(str, ofs + h.header_len); /* If a GC occurred */
+  /* Decompress if needed */
+  intern_decompress_input(s, "input_val_from_string", &h);


Yes, this is obviously more correct :-) and there's no regrets w.r.t. memory usage, since str is in the OCaml heap (it's not malloc-ed) and live throughout the function, so intern_decompress_input has no chance to free it.

gasche

(I also believe that the change is correct.)

damiendoligez · 2023-03-02T22:28:09Z

For intern_alloc_storage, we're both right / both wrong : it does allocate in the OCaml heap, which I missed completely, but it also allocates the shared object table using caml_stat_alloc. That's why I was tempted to decompress before doing this allocation, so that the block of compressed data allocated (using caml_stat_alloc too) in caml_input_val can be freed and its space reused. There's nothing "misleading" in that, just premature optimization, maybe.

Oh that's right, I missed the shared object table. I'll restore the comment and update Changes, then I'll merge.

…#12056)

xavierleroy · 2023-03-04T16:03:10Z

Looks great, thanks! Now merging...

damiendoligez requested a review from xavierleroy March 2, 2023 14:30

xavierleroy approved these changes Mar 2, 2023

View reviewed changes

gasche approved these changes Mar 2, 2023

View reviewed changes

fix random failure in Marshal.from_{string,bytes} (partial fix for PR…

27aa297

…#12056)

damiendoligez force-pushed the fix-pr12056 branch from 0b912cb to 27aa297 Compare March 3, 2023 14:20

damiendoligez added the merge-me label Mar 3, 2023

xavierleroy merged commit 0492b9a into ocaml:trunk Mar 4, 2023

damiendoligez deleted the fix-pr12056 branch March 8, 2023 10:36

Octachron mentioned this pull request Mar 24, 2023

tracking intext_par.ml failures #12056

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix random failure in Marshal.from_{string,bytes} (PR#12056)#12064

fix random failure in Marshal.from_{string,bytes} (PR#12056)#12064
xavierleroy merged 1 commit intoocaml:trunkfrom
damiendoligez:fix-pr12056

damiendoligez commented Mar 2, 2023 •

edited

Loading

Uh oh!

gasche commented Mar 2, 2023

Uh oh!

damiendoligez commented Mar 2, 2023

Uh oh!

xavierleroy commented Mar 2, 2023

Uh oh!

gasche commented Mar 2, 2023

Uh oh!

xavierleroy left a comment

Uh oh!

xavierleroy Mar 2, 2023 •

edited

Loading

Uh oh!

gasche Mar 2, 2023

Uh oh!

xavierleroy Mar 2, 2023

Uh oh!

gasche left a comment

Uh oh!

damiendoligez commented Mar 2, 2023

Uh oh!

xavierleroy commented Mar 4, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

		- #12056, #12057, #??: Random failure in Marshal.from_{string,bytes}
		(Damien Doligez, review by ??)

Conversation

damiendoligez commented Mar 2, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

gasche commented Mar 2, 2023

Uh oh!

damiendoligez commented Mar 2, 2023

Uh oh!

xavierleroy commented Mar 2, 2023

Uh oh!

gasche commented Mar 2, 2023

Uh oh!

xavierleroy left a comment

Choose a reason for hiding this comment

Uh oh!

xavierleroy Mar 2, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

gasche Mar 2, 2023

Choose a reason for hiding this comment

Uh oh!

xavierleroy Mar 2, 2023

Choose a reason for hiding this comment

Uh oh!

gasche left a comment

Choose a reason for hiding this comment

Uh oh!

damiendoligez commented Mar 2, 2023

Uh oh!

xavierleroy commented Mar 4, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

damiendoligez commented Mar 2, 2023 •

edited

Loading

xavierleroy Mar 2, 2023 •

edited

Loading