[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 11/28] libxl: ocaml: propagate the libxl return error code in exceptions

To: Rob Hoes <rob.hoes@xxxxxxxxxx>
From: David Scott <dave.scott@xxxxxxxxxxxxx>
Date: Tue, 26 Mar 2013 11:33:47 +0000
Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Tue, 26 Mar 2013 11:35:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 25/03/13 14:45, Rob Hoes wrote:

+static void failwith_xl(int error, char *fname)
+{
+       CAMLlocal1(arg);
         value *exc = caml_named_value("Xenlight.Error");
+
         if (!exc)
                 caml_invalid_argument("Exception Xenlight.Error not initialized, 
please link xl.cma");
-       caml_raise_with_string(*exc, fname);
+
+       arg = caml_alloc_small(2, 0);
+
+       Field(arg, 0) = Val_error(error);
+       Field(arg, 1) = caml_copy_string(fname);

I think this violates Rule 5 in the OCaml FFI manual[*]. In thelow-level interface when you allocate a block with "caml_alloc_small"all the fields contain random values. The assignment:


  Field(arg, 1) = caml_copy_string(fname);

will first call "caml_copy_string" which performs an allocation beforesetting the field to a valid value. Any function which performs anallocation can trigger a GC which will segfault if it sees the randomdata in field 1.


I strongly recommend using the "simple interface" i.e.

  caml_alloc()
  caml_alloc_tuple()
  Store_field()

If you look in the definition of "caml_alloc" [**] it does this:

  CAMLexport value caml_alloc (mlsize_t wosize, tag_t tag)
  {
    value result;
    mlsize_t i;

    Assert (tag < 256);
    Assert (tag != Infix_tag);
    if (wosize == 0){
      result = Atom (tag);
    }else if (wosize <= Max_young_wosize){
      Alloc_small (result, wosize, tag);
      if (tag < No_scan_tag){
        for (i = 0; i < wosize; i++) Field (result, i) = 0;
      }

^^^^^ -- it sets the fields to 0 preventing the GC seeing arandom value


Whereas "caml_alloc_small" just does the "Alloc_small".

+
+       caml_raise_with_arg(*exc, arg);
+}


[*] http://caml.inria.fr/pub/docs/manual-ocaml-4.00/manual033.html
[**] https://github.com/ocaml/ocaml/blob/trunk/byterun/alloc.c

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 00/28] libxl: ocaml: improve the bindings
  - From: Rob Hoes
- [Xen-devel] [PATCH 11/28] libxl: ocaml: propagate the libxl return error code in exceptions
  - From: Rob Hoes

Prev by Date: Re: [Xen-devel] [PATCH 5/6] xen-netback: coalesce slots before copying
Next by Date: Re: [Xen-devel] [PATCH 5/6] xen-netback: coalesce slots before copying
Previous by thread: [Xen-devel] [PATCH 11/28] libxl: ocaml: propagate the libxl return error code in exceptions
Next by thread: [Xen-devel] [PATCH 14/28] libxl: ocaml: fix the META file
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.