[Gc] Crash in GC_realloc - HDR(h) NULL

Emmeran Seehuber rototor at rototor.de
Fri Aug 22 04:33:03 PDT 2008


Hi,

I`m using the GC 7.1cvs (head) and get a very rare crash in GC_realloc(). The 
program crashes when accessing hhdr at the beginning of GC_realloc():

hhdr = HDR(h);
sz = hhdr -> hb_sz;

hddr is NULL here. In which cases can HDR(h) return NULL?

The old pointer given to GC_realloc() looks fine (contains  valid data). I 
don`t think this is a bug in the GC, but rather my program might have 
corrupted some GC memory. Since I explicit control the collections (i.e. with 
GC_disable()/GC_enable(), collection only in the mainthread)  and log each 
collector run into the debug console I can tell you that the collector did 
not run for at least 300 seconds, so it should be not a problem with 
premature collection of memory.

I`ve got this problem on Win32 (in some Win32 specific network code), i did 
not yet encounter it on Linux x86. The application is multithreaded, does not 
use TLS-Allocator, does not use incremential collection, every thread starts 
running with GC_call_with_stack_base(), GC_MALLOC_ATOMIC_IGNORE_OFF_PAGE() is 
used when ever possible, and GC_malloc_explicitly_typed() is used in most 
other cases. Memory is freed using GC_FREE() when ever possible (i.e. the 
lifetime of the memory is exactly known). The memory passed to GC_realloc() 
is allocated using GC_MALLOC(). The collector is built without Debug using a 
patched gc.mak with Visual Studio 2005 using the following options:

CPP_PROJ=/nologo /MDd /W3 /Gm /EHs-c- /GS- /GL /Zi /O2 /I include \
 /D "NDEBUG" /D "GC_BUILD"\
 /D "WIN32" /D "_WINDOWS" /D "LARGE_CONFIG" /D "ALL_INTERIOR_POINTERS" \
 /D "__STDC__" /D\
 "GC_WIN32_THREADS"  /FR"$(INTDIR)/" /Fp"$(INTDIR)/gc.pch" /wd4996 \
 /Fo"$(INTDIR)/"\
 /Fd"$(INTDIR)/" /I "libatomic_ops-1.2\src" /c 

In 99% everything works fine. Only in rare cases I get this crash. Any hint 
how I could get the reason for this crash?

Thanks.

Emmeran Seehuber
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://napali.hpl.hp.com/pipermail/gc/attachments/20080822/849573ea/attachment.pgp


More information about the Gc mailing list