Skip to content

fix crashes using multithreaded julia from python#758

Open
dpinol wants to merge 2 commits intoJuliaPy:mainfrom
Avatar-Cognition:v0.9.31-fix-crash2
Open

fix crashes using multithreaded julia from python#758
dpinol wants to merge 2 commits intoJuliaPy:mainfrom
Avatar-Cognition:v0.9.31-fix-crash2

Conversation

@dpinol
Copy link
Copy Markdown
Contributor

@dpinol dpinol commented Apr 16, 2026

Solves #669
Two issues:

fix: rare crash due to memory race condition

The vectors PYJLVALUES and PYJLFREEVALUES are modified without any protection against GC-triggered re-entrancy.

  _pyjl_dealloc(o1) or PyJuliaValue_SetValue
    └→ push!(PYJLFREEVALUES, idx)          # begins resize (sets internal flag)
         └→ vector must grow → allocates → triggers Julia GC
              └→ GC collects a Py object → runs py_finalizer
                   └→ enqueue(ptr) → PyGILState_Check()==1 (same thread holds GIL)
                        └→ Py_DecRef(ptr) → refcount hits 0
                             └→ _pyjl_dealloc(o2)
                                  └→ push!(PYJLFREEVALUES, idx2)   ← BOOM: flag already set
                                     ConcurrencyViolationError!
  1. push! needs to grow the vector (exceeds capacity), so it allocates
  2. The allocation triggers Julia GC, which runs finalizers
  3. A finalizer calls Py_DecRef (because enqueue sees the GIL is held on this same thread), dropping refcount to 0, which triggers _pyjl_dealloc re-entrantly on the same vector

This is especially likely during shutdown (at_jl_exit → jl_atexit_hook), because jl_gc_run_all_finalizers runs finalizers on the calling thread (the main thread, which holds the GIL).
Many Py objects are finalized at once, repeatedly pushing to PYJLFREEVALUES, and each push that triggers a reallocation can cause the re-entrant chain.

Disabled Julia's GC during the critical vector modifications, so that push!/pop! cannot trigger allocation-based GC,
which prevents the finalizer chain from re-entering.
Added a SpinLock as defense-in-depth against true multi-thread races.

fix: crash in atexit

After jl_atexit_hook(0) returns, Python continues destroying objects, calling _pyjl_dealloc.
But Julia's GC subsystem is already torn down, so Base.GC.enable() and lock() crash.
Now we add a flag that's set by a Julia atexit hook (runs before finalizers inside jl_atexit_hook).
When the flag is set, _pyjl_dealloc skips all Julia runtime operations — the process is exiting anyway.

Dani Pinyol added 2 commits April 16, 2026 17:11
fix: rare crash due to memoty race condition
7d7bf7e 
The vectors PYJLVALUES and PYJLFREEVALUES are modified without any protection against GC-triggered re-entrancy.

  _pyjl_dealloc(o1) or PyJuliaValue_SetValue
    └→ push!(PYJLFREEVALUES, idx)          # begins resize (sets internal flag)
         └→ vector must grow → allocates → triggers Julia GC
              └→ GC collects a Py object → runs py_finalizer
                   └→ enqueue(ptr) → PyGILState_Check()==1 (same thread holds GIL)
                        └→ Py_DecRef(ptr) → refcount hits 0
                             └→ _pyjl_dealloc(o2)
                                  └→ push!(PYJLFREEVALUES, idx2)   ← BOOM: flag already set
                                     ConcurrencyViolationError!

1. push! needs to grow the vector (exceeds capacity), so it allocates
2. The allocation triggers Julia GC, which runs finalizers
3. A finalizer calls Py_DecRef (because enqueue sees the GIL is held on this same thread), dropping refcount to 0, which triggers _pyjl_dealloc re-entrantly on the same vector

This is especially likely during shutdown (at_jl_exit → jl_atexit_hook), because jl_gc_run_all_finalizers runs finalizers on the calling thread (the main thread, which holds the GIL).
Many Py objects are finalized at once, repeatedly pushing to PYJLFREEVALUES, and each push that triggers a reallocation can cause the re-entrant chain.

Disabled Julia's GC during the critical vector modifications, so that push!/pop! cannot trigger allocation-based GC,
which prevents the finalizer chain from re-entering.
Added a SpinLock as defense-in-depth against true multi-thread races.
fix: crash in atexit
104103c 
After jl_atexit_hook(0) returns, Python continues destroying objects, calling _pyjl_dealloc.
But Julia's GC subsystem is already torn down, so Base.GC.enable() and lock() crash.
Now we add a flag that's set by a Julia atexit hook (runs before finalizers inside jl_atexit_hook).
When the flag is set, _pyjl_dealloc skips all Julia runtime operations — the process is exiting anyway.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dpinol