[Gc] Segfault in mark_from

ktreichel at web.de ktreichel at web.de
Sat Oct 25 12:05:31 PDT 2008


Hi once more,

the libgc version used is now including all changes till Oct, 21th.

> > libgc is built with assertions enabled but without mmap and munmap.
> You are not using THREAD_LOCAL_ALLOC and PARALLEL_MARK, aren't you?
> And, on the contrary, ALL_INTERIOR_POINTERS should be defined.

This is how libgc is build:

        /bin/sh ./libtool --tag=CC   --mode=compile gcc -DPACKAGE_NAME=
\"gc\" -DPACKAGE_TARNAME=\"gc\" -DPACKAGE_VERSION=\"7.2alpha1\"
-DPACKAGE_STRING=\"gc\ 7.2alpha1\" -DPACKAGE_BUGREPORT=
\"Hans.Boehm at hp.com\" -DGC_VERSION_MAJOR=7 -DGC_VERSION_MINOR=2
-DGC_ALPHA_VERSION=1 -DPACKAGE=\"gc\" -DVERSION=\"7.2alpha1\"
-DGC_LINUX_THREADS=1 -D_REENTRANT=1 -DTHREAD_LOCAL_ALLOC=1
-DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
-DNO_EXECUTE_PERMISSION=1 -DALL_INTERIOR_POINTERS=1 -DGC_GCJ_SUPPORT=1
-DJAVA_FINALIZATION=1 -DATOMIC_UNCOLLECTABLE=1 -DGC_ASSERTIONS=1
-I./include   -fexceptions -I libatomic_ops/src -g -O2 -MT mark.lo -MD
-MP -MF $depbase.Tpo -c -o mark.lo mark.c &&\
        mv -f $depbase.Tpo $depbase.Plo
 gcc -DPACKAGE_NAME=\"gc\" -DPACKAGE_TARNAME=\"gc\" -DPACKAGE_VERSION=
\"7.2alpha1\" "-DPACKAGE_STRING=\"gc 7.2alpha1\"" -DPACKAGE_BUGREPORT=
\"Hans.Boehm at hp.com\" -DGC_VERSION_MAJOR=7 -DGC_VERSION_MINOR=2
-DGC_ALPHA_VERSION=1 -DPACKAGE=\"gc\" -DVERSION=\"7.2alpha1\"
-DGC_LINUX_THREADS=1 -D_REENTRANT=1 -DTHREAD_LOCAL_ALLOC=1
-DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
-DNO_EXECUTE_PERMISSION=1 -DALL_INTERIOR_POINTERS=1 -DGC_GCJ_SUPPORT=1
-DJAVA_FINALIZATION=1 -DATOMIC_UNCOLLECTABLE=1 -DGC_ASSERTIONS=1
-I./include -fexceptions -I libatomic_ops/src -g -O2 -MT mark.lo -MD -MP
-MF .deps/mark.Tpo -c mark.c  -fPIC -DPIC -o .libs/mark.o
 gcc -DPACKAGE_NAME=\"gc\" -DPACKAGE_TARNAME=\"gc\" -DPACKAGE_VERSION=
\"7.2alpha1\" "-DPACKAGE_STRING=\"gc 7.2alpha1\"" -DPACKAGE_BUGREPORT=
\"Hans.Boehm at hp.com\" -DGC_VERSION_MAJOR=7 -DGC_VERSION_MINOR=2
-DGC_ALPHA_VERSION=1 -DPACKAGE=\"gc\" -DVERSION=\"7.2alpha1\"
-DGC_LINUX_THREADS=1 -D_REENTRANT=1 -DTHREAD_LOCAL_ALLOC=1
-DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
-DNO_EXECUTE_PERMISSION=1 -DALL_INTERIOR_POINTERS=1 -DGC_GCJ_SUPPORT=1
-DJAVA_FINALIZATION=1 -DATOMIC_UNCOLLECTABLE=1 -DGC_ASSERTIONS=1
-I./include -fexceptions -I libatomic_ops/src -g -O2 -MT mark.lo -MD -MP
-MF .deps/mark.Tpo -c mark.c -o mark.o >/dev/null 2>&1

> Please insert something like "GC_noop1(*(word*)...->mse_start);" after every place
> in gclib where mse_start is changed. And try to reproduce the segfault again...

Now that i found out that the problem is in large blocks i've added a
GC_noop1 call to check if the end address of the block is accessible too
in mark.c at line 640.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6996b90 (LWP 7483)]
0x08103817 in GC_mark_from (mark_stack_top=0x819d100,
mark_stack=0x819d000,
    mark_stack_limit=0x81a5000) at mark.c:643
643                     GC_noop1(*(word *)(mark_stack_top -> mse_start +
mark_stack_top -> mse_descr - 1));
(gdb) print mark_stack_top[0]
$1 = {mse_start = 0x83591fc "", mse_descr = 3145268}
(gdb) call GC_dump()
***Static roots:
Total size: 0

***Heap sections:
Total heap size: 1916928
Section 0 from 0x81a5000 to 0x81b5000 0/16 blacklisted
Section 1 from 0x81c5000 to 0x81d5000 0/16 blacklisted
Section 2 from 0x8265000 to 0x8275000 0/16 blacklisted
Section 3 from 0x8275000 to 0x828e000 0/25 blacklisted
Section 4 from 0x828e000 to 0x82af000 0/33 blacklisted
Section 5 from 0x82af000 to 0x8309000 0/90 blacklisted
Section 6 from 0x8309000 to 0x8378000 0/111 blacklisted
Section 7 from 0x8378000 to 0x8419000 0/161 blacklisted

***Free blocks:
Free list 4 (Total size 16384):
        0x82d0000 size 16384 not black listed
Free list 45 (Total size 561152):
        0x8390000 size 561152 not black listed
Total of 577536 bytes on free list

***Blocks in use:
(kind(0=ptrfree,1=normal,2=unc.):size_in_bytes, #_marks_set)
(4:221208,1)(4:36880,0)(4:208920,0)(4:34832,0)(4:159768,0)(4:36880,0)(2:10248,1)(2:32776,1)(4:26640,0)(4:221208,0)(2:10248,1)(2:32776,1)(1:64,10)(1:136,0)(0:8,262)(4:64,0)(1:56,0)(2:10248,1)(2:32776,1)(0:16,180)(1:448,4)(2:10248,1)(2:32776,1)(4:4112,0)(4:32,0)(4:2064,1)(4:72,0)(4:48,0)(1:48,0)(4:24,2)(4:16,2)(4:40,0)(2:4080,1)(4:136,1)(1:24,1)(1:16,1)(4:56,0)(2:10248,1)(0:1360,2)(1:56,17)(2:32776,1)(2:136,5!=486)(1:32,5)(1:8,1)(1:216,1)(2:24,2!=343)
blocks = 46, bytes = 1339392

***Finalization statistics:
16 finalization table entries; 0 disappearing links
0 objects are eligible for immediate finalization
(gdb) bt
#0  0x08103817 in GC_mark_from (mark_stack_top=0x819d100,
    mark_stack=0x819d000, mark_stack_limit=0x81a5000) at mark.c:643
#1  0x08104580 in GC_mark_some (cold_gc_frame=0xb6995b14
"\020`(\b([\231�")
    at mark.c:400
#2  0x080fd858 in GC_stopped_mark (stop_func=0x80fcd00
<GC_never_stop_func>)
    at alloc.c:519
#3  0x080fda67 in GC_try_to_collect_inner (
    stop_func=0x80fcd00 <GC_never_stop_func>) at alloc.c:368
#4  0x080fddac in GC_try_to_collect (stop_func=0x80fcd00
<GC_never_stop_func>)
    at alloc.c:792
#5  0x080fde92 in GC_gcollect () at alloc.c:804

This is again from the tread just allocating a large block:

(gdb) threa 3
[Switching to thread 3 (Thread 0xb7197b90 (LWP 7482))]#0  0xffffe410 in
__kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7d38d77 in sigsuspend () from /lib/libc.so.6
#2  0x0810c652 in GC_suspend_handler_inner (
    sig_arg=0x1e <Address 0x1e out of bounds>, context=0xb71967dc)
    at pthread_stop_world.c:202
#3  0x0810c6b7 in GC_suspend_handler (sig=30, info=0xb719675c,
    context=0xb71967dc) at pthread_stop_world.c:142
#4  <signal handler called>
#5  0xb7d7d1f7 in memset () from /lib/libc.so.6
#6  0x08100edc in GC_generic_malloc (lb=221203, k=4) at malloc.c:189
#7  0x08108f21 in GC_malloc_explicitly_typed (lb=221203, d=1073741825)
    at typd_mlc.c:611

(gdb) fr 6
#6  0x08100edc in GC_generic_malloc (lb=221203, k=4) at malloc.c:189
189                 BZERO(result, n_blocks * HBLKSIZE);
(gdb) print resupt
No symbol "resupt" in current context.
(gdb) print result
$2 = (void *) 0x8359000

The end of the just allocated block is 0x838f012 (if we can trust gdb's
output)

Looking at the mse_start of mark_stack_top it looks like that's in the
just new allocated large block.

&#65279;$1 = {mse_start = 0x83591fc "", mse_descr = 3145268}

Klaus

_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066



More information about the Gc mailing list