[Gc] Re: Segfault in mark_from

Hans W. Uhlig huhlig at gmail.com
Thu Nov 13 22:09:03 PST 2008


ktreichel at web.de wrote:
> Hi once more,
> 
> the libgc version used is now including all changes till Oct, 21th.
> 
>>> libgc is built with assertions enabled but without mmap and munmap.
>> You are not using THREAD_LOCAL_ALLOC and PARALLEL_MARK, aren't you?
>> And, on the contrary, ALL_INTERIOR_POINTERS should be defined.
> 
> This is how libgc is build:
> 
>         /bin/sh ./libtool --tag=CC   --mode=compile gcc -DPACKAGE_NAME=
> \"gc\" -DPACKAGE_TARNAME=\"gc\" -DPACKAGE_VERSION=\"7.2alpha1\"
> -DPACKAGE_STRING=\"gc\ 7.2alpha1\" -DPACKAGE_BUGREPORT=
> \"Hans.Boehm at hp.com\" -DGC_VERSION_MAJOR=7 -DGC_VERSION_MINOR=2
> -DGC_ALPHA_VERSION=1 -DPACKAGE=\"gc\" -DVERSION=\"7.2alpha1\"
> -DGC_LINUX_THREADS=1 -D_REENTRANT=1 -DTHREAD_LOCAL_ALLOC=1
> -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
> -DNO_EXECUTE_PERMISSION=1 -DALL_INTERIOR_POINTERS=1 -DGC_GCJ_SUPPORT=1
> -DJAVA_FINALIZATION=1 -DATOMIC_UNCOLLECTABLE=1 -DGC_ASSERTIONS=1
> -I./include   -fexceptions -I libatomic_ops/src -g -O2 -MT mark.lo -MD
> -MP -MF $depbase.Tpo -c -o mark.lo mark.c &&\
>         mv -f $depbase.Tpo $depbase.Plo
>  gcc -DPACKAGE_NAME=\"gc\" -DPACKAGE_TARNAME=\"gc\" -DPACKAGE_VERSION=
> \"7.2alpha1\" "-DPACKAGE_STRING=\"gc 7.2alpha1\"" -DPACKAGE_BUGREPORT=
> \"Hans.Boehm at hp.com\" -DGC_VERSION_MAJOR=7 -DGC_VERSION_MINOR=2
> -DGC_ALPHA_VERSION=1 -DPACKAGE=\"gc\" -DVERSION=\"7.2alpha1\"
> -DGC_LINUX_THREADS=1 -D_REENTRANT=1 -DTHREAD_LOCAL_ALLOC=1
> -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
> -DNO_EXECUTE_PERMISSION=1 -DALL_INTERIOR_POINTERS=1 -DGC_GCJ_SUPPORT=1
> -DJAVA_FINALIZATION=1 -DATOMIC_UNCOLLECTABLE=1 -DGC_ASSERTIONS=1
> -I./include -fexceptions -I libatomic_ops/src -g -O2 -MT mark.lo -MD -MP
> -MF .deps/mark.Tpo -c mark.c  -fPIC -DPIC -o .libs/mark.o
>  gcc -DPACKAGE_NAME=\"gc\" -DPACKAGE_TARNAME=\"gc\" -DPACKAGE_VERSION=
> \"7.2alpha1\" "-DPACKAGE_STRING=\"gc 7.2alpha1\"" -DPACKAGE_BUGREPORT=
> \"Hans.Boehm at hp.com\" -DGC_VERSION_MAJOR=7 -DGC_VERSION_MINOR=2
> -DGC_ALPHA_VERSION=1 -DPACKAGE=\"gc\" -DVERSION=\"7.2alpha1\"
> -DGC_LINUX_THREADS=1 -D_REENTRANT=1 -DTHREAD_LOCAL_ALLOC=1
> -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
> -DNO_EXECUTE_PERMISSION=1 -DALL_INTERIOR_POINTERS=1 -DGC_GCJ_SUPPORT=1
> -DJAVA_FINALIZATION=1 -DATOMIC_UNCOLLECTABLE=1 -DGC_ASSERTIONS=1
> -I./include -fexceptions -I libatomic_ops/src -g -O2 -MT mark.lo -MD -MP
> -MF .deps/mark.Tpo -c mark.c -o mark.o >/dev/null 2>&1
> 
>> Please insert something like "GC_noop1(*(word*)...->mse_start);" after every place
>> in gclib where mse_start is changed. And try to reproduce the segfault again...
> 
> Now that i found out that the problem is in large blocks i've added a
> GC_noop1 call to check if the end address of the block is accessible too
> in mark.c at line 640.
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0xb6996b90 (LWP 7483)]
> 0x08103817 in GC_mark_from (mark_stack_top=0x819d100,
> mark_stack=0x819d000,
>     mark_stack_limit=0x81a5000) at mark.c:643
> 643                     GC_noop1(*(word *)(mark_stack_top -> mse_start +
> mark_stack_top -> mse_descr - 1));
> (gdb) print mark_stack_top[0]
> $1 = {mse_start = 0x83591fc "", mse_descr = 3145268}
> (gdb) call GC_dump()
> ***Static roots:
> Total size: 0
> 
> ***Heap sections:
> Total heap size: 1916928
> Section 0 from 0x81a5000 to 0x81b5000 0/16 blacklisted
> Section 1 from 0x81c5000 to 0x81d5000 0/16 blacklisted
> Section 2 from 0x8265000 to 0x8275000 0/16 blacklisted
> Section 3 from 0x8275000 to 0x828e000 0/25 blacklisted
> Section 4 from 0x828e000 to 0x82af000 0/33 blacklisted
> Section 5 from 0x82af000 to 0x8309000 0/90 blacklisted
> Section 6 from 0x8309000 to 0x8378000 0/111 blacklisted
> Section 7 from 0x8378000 to 0x8419000 0/161 blacklisted
> 
> ***Free blocks:
> Free list 4 (Total size 16384):
>         0x82d0000 size 16384 not black listed
> Free list 45 (Total size 561152):
>         0x8390000 size 561152 not black listed
> Total of 577536 bytes on free list
> 
> ***Blocks in use:
> (kind(0=ptrfree,1=normal,2=unc.):size_in_bytes, #_marks_set)
> (4:221208,1)(4:36880,0)(4:208920,0)(4:34832,0)(4:159768,0)(4:36880,0)(2:10248,1)(2:32776,1)(4:26640,0)(4:221208,0)(2:10248,1)(2:32776,1)(1:64,10)(1:136,0)(0:8,262)(4:64,0)(1:56,0)(2:10248,1)(2:32776,1)(0:16,180)(1:448,4)(2:10248,1)(2:32776,1)(4:4112,0)(4:32,0)(4:2064,1)(4:72,0)(4:48,0)(1:48,0)(4:24,2)(4:16,2)(4:40,0)(2:4080,1)(4:136,1)(1:24,1)(1:16,1)(4:56,0)(2:10248,1)(0:1360,2)(1:56,17)(2:32776,1)(2:136,5!=486)(1:32,5)(1:8,1)(1:216,1)(2:24,2!=343)
> blocks = 46, bytes = 1339392
> 
> ***Finalization statistics:
> 16 finalization table entries; 0 disappearing links
> 0 objects are eligible for immediate finalization
> (gdb) bt
> #0  0x08103817 in GC_mark_from (mark_stack_top=0x819d100,
>     mark_stack=0x819d000, mark_stack_limit=0x81a5000) at mark.c:643
> #1  0x08104580 in GC_mark_some (cold_gc_frame=0xb6995b14
> "\020`(\b([\231�")
>     at mark.c:400
> #2  0x080fd858 in GC_stopped_mark (stop_func=0x80fcd00
> <GC_never_stop_func>)
>     at alloc.c:519
> #3  0x080fda67 in GC_try_to_collect_inner (
>     stop_func=0x80fcd00 <GC_never_stop_func>) at alloc.c:368
> #4  0x080fddac in GC_try_to_collect (stop_func=0x80fcd00
> <GC_never_stop_func>)
>     at alloc.c:792
> #5  0x080fde92 in GC_gcollect () at alloc.c:804
> 
> This is again from the tread just allocating a large block:
> 
> (gdb) threa 3
> [Switching to thread 3 (Thread 0xb7197b90 (LWP 7482))]#0  0xffffe410 in
> __kernel_vsyscall ()
> (gdb) bt
> #0  0xffffe410 in __kernel_vsyscall ()
> #1  0xb7d38d77 in sigsuspend () from /lib/libc.so.6
> #2  0x0810c652 in GC_suspend_handler_inner (
>     sig_arg=0x1e <Address 0x1e out of bounds>, context=0xb71967dc)
>     at pthread_stop_world.c:202
> #3  0x0810c6b7 in GC_suspend_handler (sig=30, info=0xb719675c,
>     context=0xb71967dc) at pthread_stop_world.c:142
> #4  <signal handler called>
> #5  0xb7d7d1f7 in memset () from /lib/libc.so.6
> #6  0x08100edc in GC_generic_malloc (lb=221203, k=4) at malloc.c:189
> #7  0x08108f21 in GC_malloc_explicitly_typed (lb=221203, d=1073741825)
>     at typd_mlc.c:611
> 
> (gdb) fr 6
> #6  0x08100edc in GC_generic_malloc (lb=221203, k=4) at malloc.c:189
> 189                 BZERO(result, n_blocks * HBLKSIZE);
> (gdb) print resupt
> No symbol "resupt" in current context.
> (gdb) print result
> $2 = (void *) 0x8359000
> 
> The end of the just allocated block is 0x838f012 (if we can trust gdb's
> output)
> 
> Looking at the mse_start of mark_stack_top it looks like that's in the
> just new allocated large block.
> 
> &#65279;$1 = {mse_start = 0x83591fc "", mse_descr = 3145268}
> 
> Klaus
> 
> _____________________________________________________________________
> Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> http://smartsurfer.web.de/?mc=100071&distributionid=000000000066

Is this still an open issue? I checked out the latest CVS and am still 
getting a segfault. Valgrind output included below.

==16007== Process terminating with default action of signal 11 (SIGSEGV)
==16007==  Access not within mapped region at address 0xBEC1E168
==16007==    at 0x405D39D: GC_mark_from (in /usr/lib/libgc.so.1.0.2)
==16007==    by 0x405DB8F: GC_mark_some (in /usr/lib/libgc.so.1.0.2)
==16007==    by 0x40556DA: GC_stopped_mark (in /usr/lib/libgc.so.1.0.2)
==16007==    by 0x4055A8B: GC_try_to_collect_inner (in 
/usr/lib/libgc.so.1.0.2)
==16007==    by 0x405FB6D: GC_init_inner (in /usr/lib/libgc.so.1.0.2)
==16007==    by 0x405FD74: GC_init (in /usr/lib/libgc.so.1.0.2)
==16007==    by 0x81DB3F4: operator new(unsigned) (mem.c:28)
==16007==    by 0x8161A23: (within /home/hans/ldc/ldc-gccvs/bin/ldc)
==16007==    by 0x88B5238: __libc_csu_init (in 
/home/hans/ldc/ldc-gccvs/bin/ldc)
==16007==    by 0x41B43EB: (below main) (in /lib/i686/cmov/libc-2.7.so)
--16007-- REDIR: 0x420e820 (free) redirected to 0x4022ad0 (free)



More information about the Gc mailing list