Letting the gmp library use uncollectable allocations leads to
leaks, if the bignums are not freed with mpz_clear. Since this
can't be done without a finalizer, we have to use the standard
allocation mechanism. Fixes#433.
Local variables were not declared volatile, so they could be
changed by the setjmp call in ECL_UNWIND_PROTECT_BEGIN. This could
lead to execution of the cleanup statements even though the thread
creation was successfull and thus to segmentation faults.
Thread handles were never closed. Also fixed the ugly hack in
process->thread, where a pthread_t object was used on windows instead
of the correct HANDLE object.
ecl_unlist_process is called in thread_cleanup after interrupts have
been disabled, however it uses unwind-protect, which will disenable and
then reenable interrupts. Since on windows, we don't have an equivalent
of sigmask, we can't use unwind-protect and instead rely on disabled
interrupts to make sure, that the spinlock is always released.
ecl_check_pending_interrupts is used in ecl_enable_interrupts_env,
which may not always be in a place where we can handle signals without
safety measures. _ecl_w32_exception_filter needs to be protected too. Here,
the switch statement could also fall through to EXCEPTION_INT_DIVIDE_BY_ZERO,
leading to wrong errors being displayed.
The garbage collector can call stacks_scanner in a thread before
pthread_setspecific, leading to a wrong error message. The
solution is simply not to mark the environment, if
pthread_setspecific has not yet been called.
If a thread is interrupted after a call to fill_spec_vector, but
before it can call ecl_search_cache, the cache may change during
the interrupt, leading to crashes. We can't use
env->disable_interrupts since fill_spec_vector calls methods which
write in the thread-local environment. Disabling interrupts in
ecl_search_cache and clear_list_from_cache is now redundant and
has been removed.
The pending interrupts list may be modified after we have checked
whether it is nil, but before we aquire the spinlock, leading to
segmentation faults.
If we don't do this, execution of the cleanup forms may be
interrupted or they may not be executed at all. This behaviour
would probably be acceptable for external code, however the
unwind-protect mechanism is also used internally to protect
against deadlocks (e.g. in ECL_WITH_(SPIN)LOCK).
We can't use ecl_disable_interrupts, because often writes in the
thread local environment happen while we hold the locks (e.g.
env->packages_to_be_created is written in find_pending_package
while the lock is held in ecl_make_package). Therefore we use the
lisp interrupt blocking mechanism. For this, the order of
operations in cl_boot has to be modified a bit.
Checking process.phase without holding the start_stop_spinlock
looks dangerous, the thread may exit after the check but before we
interrupt it. Also, we can't call mp_process_kill while interrupts
are disabled, so we have to use the lower level ecl_interrupt_process.
Previously, the dummy tag was written behind the stack
boundary. Also added race condition protection to non-inlined
ecl_bds_bind/push. The memory barriers have been reworked,
too. AO_store_full has been replaced by AO_full_nop. This is
sufficient to insert the required memory barrier instructions and
is implemented in a simpler way by libatomic_ops in some cases.
Due to the use of mprotect() for fast interrupt dispatch it is
not possible to write in the thread local environment when
interrupts are disabled. We need to use sigprocmask to block
interrupts in this case.
In both bytecmp and c compiler we use si:function-boundary and
si:unwind-protect-boundary where appropriate. Previously bytecmp used an ad-hoc
special variable for function-boundary and didn't mark unwind-protect at all.
Remove recently-introduced ECI package (maybe we will reintroduce it later when
we'll have a common frontend for compilers).
If ecl_unwind is interrupted with another call to ecl_unwind
before it has decremented env->frs_top, the second call of
ecl_unwind may stop too early with its unwinding, leading to
potential segfaults.
bc-compile is more conforming now (we validate definition and name, also our
closure compilation is a bit better, still broken though).
Also improve some error messages and add periods at the end.
We have created empty closure for instance when flet was in null lexenv. Check
for Null in close_over and create t_bclosure only for non-null lexical
environments.
We don't need to save/restore outside of signal handlers. Also,
bignum_registers were not saved. Allocation of the values array
has been changed to heap allocation, since this array is quite
large and we may overflow the C stack, if we allocate it there.
If ecl_bds_push or ecl_bds_bind were interrupted by a call to
ecl_bds_unwind, segementation faults could occur, because
env->bds_top->symbol may not have pointed to a valid symbol.
Also, memory corruption was possible if the functions were
interrupted after setting slot->symbol but before setting
slot->value.
Interrupting a thread during setjmp with a call to ecl_unwind
leads to segmentation faults, since we try to call longjmp
before the corresponding setjmp has finished. Thus, we also need
to wait until setjmp has finished before we can set frs_val of
the frame.
Code was previously written with an assumption, that we know whenever function
crosses lexical for closure boundaries before it is compiled (and env-mark for
such boundries was LB and CB appropriately). Later it has changed, but code was
ready to work with LB and CB marks.
Fix these parts of code and replace it with a single mark ECI:FUNCTION. Also
replace CL:UNWIND-PROTECT boundry mark with ECI:UNWIND-PROTECT so we are less
dependent on use-ing CL package. Adjust comments to have this change.
If by chance env->frs_top->frs_val has the value ECL_PROTECT_TAG,
ecl_unwind will stop and call longjmp. However, at this point
setjmp has not yet been called, leading to a segmentation fault.
We have dummy variable for that, so we refere to
(var-ref-ccb (tag-var blk))
(var-ref-clb (tag-var blk))
Brokeness comes from the fact that closures are computed after function
compilation pass-1 (and tagbody is inside). Analogous change to the previous
commit in cmpblock.
Also improve comments in cmptypes to make it clear that these parts are not
used. Further refactor could make tag inherit from variable - then we wouldn't
have a dummy variable and unnecessary fields whatsoever.
We have dummy variable for that, so we refere to
(var-ref-ccb (blk-var blk))
(var-ref-clb (blk-var blk))
Brokeness comes from the fact that closures are computed after function
compilation pass-1 (and block is inside). Fixes#374.
Also improve comments in cmptypes to make it clear that these parts are not
used. Further refactor could make blk inherit from variable - then we wouldn't
have a dummy variable and unnecessary fields whatsoever.
