Another 'use-after-free' bug report

I just filed Use-after-free bug in `trace` · Issue #1245 · SWI-Prolog/swipl-devel · GitHub. Swipl crashes when tracing is enabled and I think it’s a use-after-free bug. See the GitHub issue for the details.


Thanks. To me it looks like a module handling issue in the trace/1,2 generated wrappers. It calls

 ERROR:   [20] prolog_trace:my_plus(1,0,_344)

Note the prolog_trace. The <garbage_collected> is possibly a bit misleading. There is an issue that entering the debugger from normal execution mode tends to trigger a GC. That is safe, but GC sets all the variables in the environment that are bound to a term on the stack and are no longer accessible to the atom <garbage_collected>. This remove the reference to this term.

For short, there is a bug in trace/1,2 wrappers for meta-predicates and it might be worthwhile to see whether we can avoid the GC just before entering the debugger. The GC happens because we want to reduce GC during debugging and thus change the GC policy :slight_smile: We want to reduce GC because the debugger prints its variables as _NNN. The NNN is a stack offset and GC thus changes these numbers, making the debug output hard to interpret …

Thanks for the technical details. Good to know that those anonymous variable names, _NNN, are stack offsets. So if GC does occur during trace, those names can be misleading…

Given that this has been there already, I wonder why this started to show up now. I’ve never seen this with 9.2.0.

Anyway, thanks for taking a look!