From f29d897a344095299580beea94c227286f07c92b Mon Sep 17 00:00:00 2001
From: Ben Gamari <ben@smart-cactus.org>
Date: Mon, 24 Jun 2019 15:37:12 -0400
Subject: rts: Clear bd->free in the DEBUG RTS

In the non-DEBUG RTS we initialize `bd->free` lazily (e.g. when
the mutator starts allocating into the block in stg_gc_noregs).
However, in the past we have had bugs where code looked at
the `free` field of blocks that the mutator never allocated into.
We set the free pointer to NULL to catch this.

This would help to catch #16862.
---
 includes/rts/storage/Block.h        | 5 +++++
 rts/sm/Storage.c                    | 8 ++++++++
 testsuite/tests/rts/flags/T20006.hs | 0
 3 files changed, 13 insertions(+)
 mode change 100644 => 100755 testsuite/tests/rts/flags/T20006.hs

diff --git a/includes/rts/storage/Block.h b/includes/rts/storage/Block.h
index 626cddb2a2..a1db4edadd 100644
--- a/includes/rts/storage/Block.h
+++ b/includes/rts/storage/Block.h
@@ -107,6 +107,11 @@ typedef struct bdescr_ {
                                    // value (StgPtr)(-1) is used to
                                    // indicate that a block is unallocated.
                                    //
+                                   // Also note that this field is only set lazily
+                                   // (e.g. when the mutator starts and stops
+                                   // allocating in the nursery stg_gc_noregs) in
+                                   // the case of a nursery block.
+                                   //
                                    // Unused by the non-moving allocator.
         struct NonmovingSegmentInfo nonmoving_segment;
     };
diff --git a/rts/sm/Storage.c b/rts/sm/Storage.c
index 7d450a8931..b29c734f81 100644
--- a/rts/sm/Storage.c
+++ b/rts/sm/Storage.c
@@ -828,6 +828,14 @@ resetNurseries (void)
             ASSERT(bd->gen == g0);
             ASSERT(bd->node == capNoToNumaNode(n));
             IF_DEBUG(zero_on_gc, memset(bd->start, 0xaa, BLOCK_SIZE));
+
+            // In the non-DEBUG RTS we initialize bd->free lazily (e.g. when
+            // the mutator starts allocating into the block in stg_gc_noregs).
+            // However, in the past we have had bugs (e.g. #16862) where code
+            // looked at the ->free field of blocks that the mutator never
+            // allocated into.  We set the free pointer to a dummy value
+            // (0xaaaaa...) to catch this.
+            IF_DEBUG(sanity, memset(&bd->free, 0xaa, sizeof(bd->free)));
         }
     }
 #endif
diff --git a/testsuite/tests/rts/flags/T20006.hs b/testsuite/tests/rts/flags/T20006.hs
old mode 100644
new mode 100755
-- 
cgit v1.2.1