Commit 17c89bd8 authored by Tim Peters's avatar Tim Peters

Extreme sanction for collector #1350.

In ghostify() and unghostify(), trigger a fatal error if the
object is insane.  This prevents a segfault (or, worse, arbitrary
memory corruption) later.

The test suite isn't bothered by this, and neither is bringing
up a Zope and playing around with it.  The only known cause
appears to be threading problems related to Transience.py,
partly explained in issue #1350.  It should be impossible for
these fatal errors to trigger via thread-correct use of ZODB.

I don't expect to keep these fatal errors in the code; indeed,
I'm checking this in only in Zope's *copy* of ZODB.  The intent
is to help whoever can make time for 1350 know whether that
problem still exists, until that problem goes away.  Unfortunately,
it's not even possible to raise an exception from ghostify()
(it's a void routine that "can't fail"), so it takes an extreme
measure to catch the problem as soon as it's visible.
parent a8ae0ee2
......@@ -58,6 +58,20 @@ init_strings(void)
return 0;
}
static void
fatal(cPersistentObject *self, const char *caller, const char *detail)
{
char buf[1000];
PyOS_snprintf(buf, sizeof(buf),
"cPersistence.c %s(): object at %p with type %.200s\n"
"%s.\n"
"The only known cause is multiple threads trying to ghost and\n"
"unghost the object simultaneously.\n"
"That's not legal, but ZODB can't stop it.\n"
"See Collector #1350.\n",
caller, self, self->ob_type->tp_name, detail);
Py_FatalError(buf);
}
static void ghostify(cPersistentObject*);
/* Load the state of the object, unghostifying it. Upon success, return 1.
......@@ -88,6 +102,11 @@ unghostify(cPersistentObject *self)
}
self->state = cPersistent_UPTODATE_STATE;
Py_DECREF(r);
if (self->cache && self->ring.r_next == NULL) {
fatal(self, "unghostify",
"is not in the cache despite that we just "
"unghostified it");
}
}
return 1;
}
......@@ -134,6 +153,11 @@ ghostify(cPersistentObject *self)
return;
}
if (! self->ring.r_next) {
fatal(self, "ghostify", "claims to be in a cache but isn't");
}
/* XXX The next comment is nonsense. */
/* If the cache is still active, we must unlink the object. */
if (self->ring.r_next) {
/* if we're ghostifying an object, we better have some non-ghosts */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment