Age | Commit message (Collapse) | Author |
|
* ms/inet-socket-domain-error:
inet: error if fd does not match socket domain
OTP-9455
|
|
* pg/fix-hibernate-scheduling-with-hipe:
Fix bug related to hibernate and HiPE (clear F_HIBERNATE_SCHED flag)
OTP-9452
|
|
Constructing binaries using the bit syntax with literals sizes
that would not fit in an Uint will either cause an emulator crash
or the loading to be aborted.
Use the new TAG_o tag introduced in the previous commit to make sure
that the attempt to create huge binary literals will generate a
system_limit exception at run-time.
|
|
The handling of large values for other tags than TAG_i (integer) is
buggy. Any tag value equal to or greater than 2^40 (5 bytes) will
abort loading. Tag values fitting in 5 bytes will be truncated to 4
bytes values.
Those bugs cause real problems because the bs_init2/6 and
bs_init_bits/6 instructions unfortunately use TAG_u to encode literal
sizes (using TAG_i would have been a better choice, but it is too late
to change that now). Any binary size that cannot fit in an Uint
should cause a system_limit exception at run-time, but instead the
buggy handling will either cause an emulator crash (for values in the
range 2^32 to 2^40-1) or abort loading.
In this commit, implement overflow checking of tag values as a
preparation for fixing the binary construction instructions. If any
tag value cannot fit in an Uint (except for TAG_i), change the
tag to the special TAG_o overflow tag.
|
|
We want to make sure that a tag/type name is not defined more than
once and that we don't define too many primitive tags. Primitive
tags must be named with lowercase letters (or they will be confused
with variable names in transformations in the ops.tab file).
|
|
Attempting to construct <<0:((1 bsl 32)-1)>>, the largest bitstring
allowed in a 32 bit emulator, would cause an emulator crash because
of integer overflow.
Fix the problem by using an Uint64 to avoid integer overflow.
Do not attempt to handle construction of <<0:((1 bsl 64)-1>> in
a 64-bit emulator, because that will certainly cause the emulator
to terminate anyway because of insufficient memory.
|
|
* sverker/allocator-aoff/OTP-9424:
New allocator: Address order first fit (aoff)
|
|
* sverker/fun_SUITE-refc_dist-gcfix:
Fix test case fun_SUITE:refc_dist
|
|
* sverker/testcase/OTP-9422:
Test case for OTP-9422
|
|
It failed sometimes depending on GC invocation.
|
|
|
|
alloc_no of sbmbc_low_alloc was set to ERTS_ALC_A_STANDARD_LOW
|
|
|
|
* sverker/enif_make_int64-halfword/OTP-9394:
Fix halfword bug in enif_make_int64
|
|
* rickard/sbmbc/OTP-9339:
Use separate memory carriers for small blocks
|
|
* sverker/ets_delete-deadlock-race/OTP-9423:
Fix bug in ets:delete for write_concurrency that could lead to deadlock
|
|
|
|
A trace matchspec with 'enable_trace' or 'disable_trace' in body could
cause an emulator crash if a concurrent process altered the trace
setting of the traced function by calling erlang:trace_pattern.
The effect was a deallocation of the binary holding the matchspec
program while it was running. Fixed by increasing reference count of
ms-binary in the cases when 'enable_trace' or 'disable_trace' may
cause a system block that may alter the ongoing trace.
The paradox here is that db_prog_match() is using erts_smp_block_system()
to do 'enable_trace' and 'disable_trace' in a safe (atomic) way. But that
also have the (non-atomic) effect that racing thread might block the
system and change the trace settings with erlang:trace_pattern.
|
|
Relocking in ets_delete_1() and remove_named_tab() was done by
unlocking the table without clearing the is_thread_safe flag. A racing
thread could then read-lock the table and then incorrectly
write-unlock the table as db_unlock() looked at is_thread_safe to
determine which kind of lock to unlock.
Several fixes:
1. Make db_unlock() use argument 'kind' instead of is_thread_safe to
determine lock type.
2. Make relock logic use db_lock() and db_unlock() instead of directly
accessing lock primitives.
3. Do ownership transfer earlier in ets_delete_1 to avoid racing owner
process to also start deleting the same table.
|
|
The bug was creating an invalid bignum instead of a small integer,
causing strange comparing behavior (=:= failed but == succeeded).
|
|
If an IPv4 fd is opened as an IPv6 socket, unexpected behaviour can
occur. For example, if an IPv4 UDP socket is opened and passed into
Erlang as an IPv6 socket, the first 3 bytes (corresponding to 1 byte
representing the protocol family, 2 bytes set to the port) are stripped
from the payload. The cause of the UDP payload truncation happens in
inet_drv.c:packet_inet_input when a call to inet_get_address fails
silently because the family is set to PF_INET6 but the buffer len is
the size of an IPv4 struct sockaddr_in.
Prevent this behaviour by checking that the protocol family of the file
descriptor matches the family of the requested Erlang socket.
{ok, S1} = gen_udp:open(0, [binary, inet]),
{ok, FD} = inet:getfd(S1),
{ok, Port} = inet:port(S1),
{ok, S} = gen_udp:open(Port, [binary, {fd, FD}, inet6]),
{ok, C} = gen_udp:open(0, [binary]),
Msg = <<1,2,3,4,5>>,
gen_udp:send(C, "127.0.0.1", Port, Msg),
receive
{udp, S, _, _, Msg} -> ok;
{udp, S, _, _, NewMsg} -> {error, Msg, NewMsg}
end.
This test results in: {error,<<1,2,3,4,5>>,<<4,5>>}
Thanks to Andrew Tunnell-Jones for finding the bug and the test case!
|
|
F_HIBERNATE_SCHED flag that was introduced in b7ecdcd1ae9e11b8f75e must
be cleared in hipe_mode_switch as well. Otherwise, processes running
HiPE code that hibernate, wake up and then trap into a BIF will not be
rescheduled.
|
|
|
|
* rickard/driver_async_cancel/OTP-9302:
Fix testcase
|
|
|
|
* rickard/driver_async_cancel/OTP-9302:
Fix driver_async_cancel()
|
|
|
|
|
|
* sverker/hipe-misc-fixing/OTP-9298:
hipe_mkliterals print argv[0] in generated files
Fix code:is_module_native segv on deleted module
lock checking fix in hipe_bif2.c
|
|
* rickard/barriers/OTP-9281:
Silence warnings
Fix build with hipe on amd64
Reduce number of atomic ops
Use 32-bit atomic for port snapshot
Remove pointless erts_ports_alive variable
Ensure quick break
Ensure that all rehashing information are seen when done
Ensure that stack updates are seen when stack is released
Add needed barriers for write_concurrency tables
Homogenize memory barriers on atomics
|
|
|
|
|
|
Counters for active, and used schedulers have been coalesced in
order to reduce the amount of atomic operations needed.
Some currently not strictly necessary barriers have also been added
in order to be future proof.
|
|
|
|
|
|
Make sure that we don't have to wait in poll before break
handling is done.
|
|
This is not a bugfix. The change is done in order to avoid a
future bug.
|
|
Ets tables using ordered_set could potentially get into an
internally inconsistent state.
|
|
* bjorn/fix-warnings/OTP-9250:
Eliminate alias warning in gcc 4.5.2
erl_trace: Eliminate alias warning
|
|
* bjorn/fix-binary-overflow/OTP-9118:
Fix overflow in list_to_bitstring/1
Replace io_list_len() with erts_iolist_size()
Make port_command/2 reject non-byte sized bitstrings
io.c: Make io_list_vec_len() less general
iolist_size/1: Fix truncation of result
Test iolist_size/1 with bad arguments
binary_SUITE: Remove workaround for avoiding stack overflow
|
|
Ets tables using the write_concurrency option could potentially get
into an internally inconsistent state.
|
|
* sverker/halfword-printf-relative-terms/OTP-9292:
ETS usage of erts_printf %R
erts_printf %R for relative ets-terms in halfword-vm
Another halfword is_same-bug for ETS ordered_set
|
|
* sverker/halfword-high-alloc/OTP-9291:
Present 'low' memory count for halfword-vm with erlang:memory()
Fix faulty values from erlang:memory() on halfword-vm
Allow allocator disable for high memory (better valgrind for halfword)
Expand the use of high memory allocation in halfword emulator
|
|
|
|
|
|
|
|
* rickard/gc-other/OTP-9211:
Fix bad assertions
Avoid scheduling of processes being garbage collected by others
|
|
|
|
|
|
Avoid creating two variable names referring to the same memory
area, because that can cause aliasing warnings in some versions of
gcc.
|