[Gc] double allocate

Bruce Hoult bruce at hoult.org
Tue Nov 14 02:10:02 PST 2006


I'm in the process of tracking down a problem where GC_malloc() is
returning the same memory block from sucessive calls.  I'm not sure
yet whether we've done something wrong (perhaps a memory stomper?) or
whether it's an obscure bug in the GC, but while I'm tracking things
down I thought perhaps someone might have an idea.

Originally the problem was in fairly widely separated code, but we've
now reduced it to specially inserted code that is run some time into
the execution fo the program and does...

void *p = GC_malloc(16);
void *q = GC_malloc(16);

... in adjacent lines of code and p and q both get the same value.

What I've tracked down so far is that when p is allocated it gets the
last item in the 16 byte object freelist.  The freelist is correctly
set to NULL.  The next call to GC_malloc() finds the freelist empty,
gets the next partially-full block of 16 byte objects from the list
created by the last GC and scans its mark bits to create a new free
list.  The first object on the new free list is .. ta da .. the same
object allocated by the previous call to GC_malloc()!  i.e. the object
pointed to by p is in the block that is reclaimed next.

So ... is it supposed to be possible to have a block not yet be
scanned after the last GC, but also have objects from it be on an
object free list?  If this is not normal, could it be caused by
GC_free()?

That certainly seems like a bad situation because any objects newly
allocated from it won't have their mark bit set when it is scanned.

I'll continue trying to track down how this is happening, but any
advice is much appreciated.

Bruce


More information about the Gc mailing list