bug-gnustep
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Strange memory-related behavior (bug?)

From: Marko Mikulicic
Subject: Strange memory-related behavior (bug?)
Date: Sun, 02 Sep 2001 15:07:48 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801 
Hi,

I tried to run a gnustep app (I tried plparse,plmerge, Ink.app)
trough njamd (not just another malloc debugger), with
NJAMD_PROT=none and NJAMD_PROT=underflow (setting overflow detection
causes all address space to be exausted by too many allocations,
more that 64k (a linux kernel limit of mmap's). this happens also
with efence so it's probably not a bug in njamd. Only with AppKit apps).



I get the following backtrace:

 NJAMD free: Heap corruption. Try using underflow option

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 1024 (LWP 20789)]
 0x40343d11 in kill () from /lib/libc.so.6
 (gdb) bt
 #0  0x40343d11 in kill () from /lib/libc.so.6
 #1  0x40304dc3 in raise (sig=11) at signals.c:65
#2 0x4001968b in __nj_none_free (buf=0x4419cff8, ret=0xbffff010) at mem_none.c:119 
 #3  0x4001c8b1 in free (ptr=0x4419cff8) at public.c:499
#4 0x8052bc0 in objc_free (mem=0x4419cff8) at ../../../gcc-3.0/libobjc/misc.c:134 #5 0x8052315 in __objc_exec_class (module=0x805ada0) at ../../../gcc-3.0/libobjc/objc/objc-list.h:88 
 #6  0x8053c80 in _GLOBAL__I_.._.._.._gcc_3.0_libobjc_Protocol.mTBvkAc ()
    at ../../../gcc-3.0/libobjc/Protocol.m:129
 #7  0x8056f97 in __do_global_ctors_aux ()
 #8  0x804b996 in _init ()
 #9  0x403330c7 in __libc_start_main () from /lib/libc.so.6

and when activating the underflow option:

 Starting program: /System/Tools/ix86/linux-gnu/gnu-gnu-gnu/plparse
 [New Thread 1024 (LWP 20793)]
 NJAMD/free: Address passed (0x4419cff8) is not page-aligned

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 1024 (LWP 20793)]
 0x40343d11 in kill () from /lib/libc.so.6
 (gdb) bt
 #0  0x40343d11 in kill () from /lib/libc.so.6
 #1  0x40304dc3 in raise (sig=11) at signals.c:65
#2 0x40019dc8 in nj_free_init (start=0x4419cff4, laddr=0xbffff010, caller=0x4001ece2 "free") 
    at mem_under.c:37gcc_3.0_libobjc_Protocol.mTBvkAc
#3 0x4001a342 in __nj_underflow_free (buf=0x4419cff8, ret=0xbffff010) at mem_under.c:314 
 #4  0x4001c8b1 in free (ptr=0x4419cff8) at public.c:499
#5 0x8052bc0 in objc_free (mem=0x4419cff8) at ../../../gcc-3.0/libobjc/misc.c:134 #6 0x8052315 in __objc_exec_class (module=0x805ada0) at ../../../gcc-3.0/libobjc/objc/objc-list.h:88 
 #7  0x8053c80 in _GLOBAL__I_.._.._.._gcc_3.0_libobjc_Protocol.mTBvkAc ()
    at ../../../gcc-3.0/libobjc/Protocol.m:129
 #8  0x8056f97 in __do_global_ctors_aux ()
 #9  0x804b996 in _init ()
 #10 0x403330c7 in __libc_start_main () from /lib/libc.so.6


I had some memory related bug I could not locate in my code.
(When changing NSObject dealloc to nop all works). My intuition
says multiple frees but I don't know how this can happen with
retain/release. Probably there is memory corruption but hardly it is
direct (I don't use c library functions, only Foundation, never play directly with pointers, never malloc, never use C arrays). It is possible I use some autorelease incorrectly but how can I locate my error (I have only 7k lines of code) ? 

Please help.
I'm not confortable with semi-automatic memory handling. Perhaps I'm doing something wrong. I want to find where is my error but it seems that malloc debugger come in conflict with gnustep. 

Some questions:

- does gnustep only use malloc for all his allocations
  (objc_malloc does call malloc at the end)
 (the default zone should use objc_malloc) ?

- is __do_global_ctors_aux calling static initializers
  and other things before main ?

- what is gcc_3.0_libobjc_Protocol.mTBvkAc ?

- it seems that "free" is called with an address not returned by
"malloc" (njamd returns page-aligned (+4 bytes) addresses, starting near 0x4xxxx000, 
  so the faulting address seems returned by the njamd allocator, not malloc
  0x8xxxxxxx is more common). It seems that somewhere in the initialization of
gnustep foundation (I tried plain libobjc with Object subclasses and it works), an address is decremented of 12 bytes (ff8+C = 1004). 
  Is this possible ? Where to look. (Why ProjectCenter works ? to be honest
 it crashes sometimes, but if it is really a real bug in gnustep why did anyone
 notice it before?)
- what could do gnustep (assuming there are no bugs so deep inside) against a malloc debugger ? 


Please help

Thanks a lot in advance

Marko
reply via email to
[Prev in Thread] Current Thread [Next in Thread]