[New LWP 15651] [New LWP 15621] [New LWP 13738] [New LWP 15642] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/local/bin/pike /home/spike.git/spike -n background'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. [Current thread is 1 (Thread 0x7f85113ec700 (LWP 15651))] (gdb) where #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f85140e055b in __GI_abort () at abort.c:79 #2 0x0000561705dfb6b9 in debug_va_fatal ( fmt=0x561706087bc8 "Stdio.Buffer already destructed.\n", args=args@entry=0x7f85113eb1b8) at /home/srb/pike/src/error.c:575 #3 0x0000561705df9339 in debug_fatal ( fmt=fmt@entry=0x561706087bc8 "Stdio.Buffer already destructed.\n") at /home/srb/pike/src/error.c:583 #4 0x0000561706009062 in already_destructed () at /home/srb/pike/src/modules/_Stdio/buffer.cmod:891 #5 0x000056170600f7ed in f_Buffer_add (args=<optimized out>) at /home/srb/pike/src/modules/_Stdio/buffer.cmod:1227 #6 0x0000561705d639a6 in lower_mega_apply (args=args@entry=1, o=o@entry=0x561706e266e0, fun=11) at /home/srb/pike/src/interpret.c:2506 #7 0x0000561705d6fd91 in eval_instruction_without_debug ( pc=0x561706d776c8 "\035\232\337\030-\n\022\336\031\070\n]\177W\001\001\070", pc@entry=0x561706d776ac "O") at /home/srb/pike/src/interpret_functions.h:2424 #8 0x0000561705da18d3 in eval_instruction (pc=0x561706d776ac "O") at /home/srb/pike/src/interpret.c:2012 #9 catching_eval_instruction (pc=pc@entry=0x561706d776ac "O") at /home/srb/pike/src/interpret.c:3082 #10 0x0000561705d6be17 in eval_instruction_without_debug (pc=<optimized out>) at /home/srb/pike/src/interpret_functions.h:1502 #11 0x0000561705d73039 in eval_instruction (pc=<optimized out>) at /home/srb/pike/src/interpret.c:2012 --Type <RET> for more, q to quit, c to continue without paging-- #12 mega_apply (type=type@entry=APPLY_STACK, args=args@entry=1, arg1=arg1@entry=0x0, arg2=arg2@entry=0x0) at /home/srb/pike/src/interpret.c:3023 #13 0x0000561705da270d in f_call_function (args=args@entry=1) at /home/srb/pike/src/interpret.c:3103 #14 0x0000561705efe12d in new_thread_func (data=<optimized out>) at /home/srb/pike/src/threads.c:1832 #15 0x00007f8514288f27 in start_thread (arg=<optimized out>) at pthread_create.c:479 #16 0x00007f85141b831f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
It calls add() on a destructed Buffer object.
Am I reading those correctly that both are upon thread creation?
First, nice backtrace. I think it's more that any thread started ever will have been started by thread creation, and that's what we're seeing here, not that this necessarily immediately follows thread creation.
Second, if we have a look at lower_mega_apply (#6), we find that it looks up the identifier in the object first, then does
#ifdef PIKE_USE_MACHINE_CODE call_check_threads_etc(); #endif
I assume you have machine code enabled. call_check_threads_etc() indeed may schedule other threads and stuff and we may return from it with the object we just looked up the identifier in destructed. When we then call the identifier, we will indeed call into a destructed object.
I am unsure about how exactly not that great that is, maybe grubba has some thoughts on this...
So, before calling call_check_threads_etc() we set up our new stackframe, meaning we keep a reference on both the object and program in question. This means our storage, i.e. CVAR Buffer b; aka Buffer *io; will not be freed even though the object is destructed, and *keeps being valid*, except in so far as our actions in EXIT contradict this notion (especially io_unlink_external_storage( io ); and free( io->buffer ); probaly indeed make it really unsafe to execute our PIKEFUNs after destruction).
Now, what to do about it... indeed check at every function entry that we're not destructed? I don't know, but that just doesn't feel cool. Prevent functions being called in destructed objects more/better?