Re: Reference counting bug in ld-linux.so.2 (2.1.2, 2.1.3, 2.1.9x, et. al.)

["Allen Bauer" <kylix_rd at hotmail dot com>]

> On Thu, Oct 19, 2000 at 11:32:10AM -0700, Ulrich Drepper wrote:
> > "H . J . Lu" <hjl@lucon.org> writes:
> >
> > > I don't think they are the same list. One is map->l_initfini and
> > > the other is map->l_searchlist.r_list. Ulrich, are they the same list?
> >
> > I will look at this when I have the time.
> >
>
> Here is a testcase based on Allen's report.

I've done some more extensive testing and have found that it looks like this
patch introduces the opposite problem.  It seems that I can now induce a
situation where a shared object can be unloaded too soon.  I will send a
test case soon that will demonstrate the problem.  I am also looking at a
potential patch now that I've got a more clear understanding of how the code
works.  It appears that the reference counting is not handled in a
symmetrical fashion.  Reference counts are bumped when the search lists are
built regardless of whether or not the object is already mapped into memory
by some other implicit load.   The loader then uses the fact that the search
list is or is not built to add references to dependent object.  I think this
may be the base of the problem.  Reference counts should be managed
independently from the building of the search list.  I will do some more
debugging and post my findings.

------
Allen Bauer.
Delphi/C++Builder/Kylix Sr. Staff Engineer.
Delphi/C++Builder/Kylix IDE R&D Manager.