Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix crashes using multithreaded julia from python#758

Open
dpinol wants to merge 1 commit into
JuliaPy:mainfrom
Avatar-Cognition:v0.9.31-fix-crash2
Open

fix crashes using multithreaded julia from python#758
dpinol wants to merge 1 commit into
JuliaPy:mainfrom
Avatar-Cognition:v0.9.31-fix-crash2

Conversation

@dpinol
Copy link
Copy Markdown
Contributor

@dpinol dpinol commented Apr 16, 2026
edited
Loading

Solves #669

The vectors PYJLVALUES and PYJLFREEVALUES are modified without any protection against GC-triggered re-entrancy.

  _pyjl_dealloc(o1) or PyJuliaValue_SetValue
    └→ push!(PYJLFREEVALUES, idx)          # begins resize (sets internal flag)
         └→ vector must grow → allocates → triggers Julia GC
              └→ GC collects a Py object → runs py_finalizer
                   └→ enqueue(ptr) → PyGILState_Check()==1 (same thread holds GIL)
                        └→ Py_DecRef(ptr) → refcount hits 0
                             └→ _pyjl_dealloc(o2)
                                  └→ push!(PYJLFREEVALUES, idx2)   ← BOOM: flag already set
                                     ConcurrencyViolationError!
  1. push! needs to grow the vector (exceeds capacity), so it allocates
  2. The allocation triggers Julia GC, which runs finalizers
  3. A finalizer calls Py_DecRef (because enqueue sees the GIL is held on this same thread), dropping refcount to 0, which triggers _pyjl_dealloc re-entrantly on the same vector

This is especially likely during shutdown (at_jl_exit → jl_atexit_hook), because jl_gc_run_all_finalizers runs finalizers on the calling thread (the main thread, which holds the GIL).
Many Py objects are finalized at once, repeatedly pushing to PYJLFREEVALUES, and each push that triggers a reallocation can cause the re-entrant chain.

Disabled Julia's GC during the critical vector modifications, so that push!/pop! cannot trigger allocation-based GC,
which prevents the finalizer chain from re-entering.
Added a SpinLock as defense-in-depth against true multi-thread races.

@dpinol dpinol force-pushed the v0.9.31-fix-crash2 branch from cbc7ef1 to 7d7bf7e Compare April 21, 2026 14:39
fix: rare crash due to race condition
68f8e71 
The vectors PYJLVALUES and PYJLFREEVALUES are modified without any protection against GC-triggered re-entrancy.

  _pyjl_dealloc(o1) or PyJuliaValue_SetValue
    └→ push!(PYJLFREEVALUES, idx)          # begins resize (sets internal flag)
         └→ vector must grow → allocates → triggers Julia GC
              └→ GC collects a Py object → runs py_finalizer
                   └→ enqueue(ptr) → PyGILState_Check()==1 (same thread holds GIL)
                        └→ Py_DecRef(ptr) → refcount hits 0
                             └→ _pyjl_dealloc(o2)
                                  └→ push!(PYJLFREEVALUES, idx2)   ← BOOM: flag already set
                                     ConcurrencyViolationError!

1. push! needs to grow the vector (exceeds capacity), so it allocates
2. The allocation triggers Julia GC, which runs finalizers
3. A finalizer calls Py_DecRef (because enqueue sees the GIL is held on this same thread), dropping refcount to 0, which triggers _pyjl_dealloc re-entrantly on the same vector

This is especially likely during shutdown (at_jl_exit → jl_atexit_hook), because jl_gc_run_all_finalizers runs finalizers on the calling thread (the main thread, which holds the GIL).
Many Py objects are finalized at once, repeatedly pushing to PYJLFREEVALUES, and each push that triggers a reallocation can cause the re-entrant chain.

Disabled Julia's GC during the critical vector modifications, so that push!/pop! cannot trigger allocation-based GC,
which prevents the finalizer chain from re-entering.
Added a SpinLock as defense-in-depth against true multi-thread races.
@dpinol dpinol force-pushed the v0.9.31-fix-crash2 branch from 7d7bf7e to 68f8e71 Compare April 21, 2026 15:08
@cjdoris
Copy link
Copy Markdown
Member

cjdoris commented May 16, 2026

Hi, thanks for the PR, I'm glad you isolated the issue you're having.

I think the approach taken for the fix is not the right one, though. Turning Julia's GC off and on like this seems fragile (what happens if another concurrent task also toggles GC, it's not guaranteed that this will end up in the right state at the end). And maybe slow?

I think there is a simpler solution: since the issue just occurs in finalising/deallocating objects, let's avoid resizing PYJLFREEVALUES there. We can do this by ensuring that PYJLFREEVALUES is always the same length as PYJLVALUES (by pushing 0 whenever we push to PYJLVALUES, which does not happen in finaliser/deallocator code) and have a PYJLFREEVALUECOUNT which tells us how many elements of PYJLFREEVALUES we're actually using. This should avoid the re-entrancy issues, since now the part between the spin locks is just a simple array read/write without allocation.

I think the spin locks themselves are a good idea, to avoid concurrent writes to these variables.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dpinol @cjdoris