[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Strange memory-related behavior (bug?)
From: |
Marko Mikulicic |
Subject: |
Strange memory-related behavior (bug?) |
Date: |
Sun, 02 Sep 2001 15:07:48 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801 |
Hi,
I tried to run a gnustep app (I tried plparse,plmerge, Ink.app)
trough njamd (not just another malloc debugger), with
NJAMD_PROT=none and NJAMD_PROT=underflow (setting overflow detection
causes all address space to be exausted by too many allocations,
more that 64k (a linux kernel limit of mmap's). this happens also
with efence so it's probably not a bug in njamd. Only with AppKit apps).
I get the following backtrace:
NJAMD free: Heap corruption. Try using underflow option
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 20789)]
0x40343d11 in kill () from /lib/libc.so.6
(gdb) bt
#0 0x40343d11 in kill () from /lib/libc.so.6
#1 0x40304dc3 in raise (sig=11) at signals.c:65
#2 0x4001968b in __nj_none_free (buf=0x4419cff8, ret=0xbffff010) at
mem_none.c:119
#3 0x4001c8b1 in free (ptr=0x4419cff8) at public.c:499
#4 0x8052bc0 in objc_free (mem=0x4419cff8) at
../../../gcc-3.0/libobjc/misc.c:134
#5 0x8052315 in __objc_exec_class (module=0x805ada0) at
../../../gcc-3.0/libobjc/objc/objc-list.h:88
#6 0x8053c80 in _GLOBAL__I_.._.._.._gcc_3.0_libobjc_Protocol.mTBvkAc ()
at ../../../gcc-3.0/libobjc/Protocol.m:129
#7 0x8056f97 in __do_global_ctors_aux ()
#8 0x804b996 in _init ()
#9 0x403330c7 in __libc_start_main () from /lib/libc.so.6
and when activating the underflow option:
Starting program: /System/Tools/ix86/linux-gnu/gnu-gnu-gnu/plparse
[New Thread 1024 (LWP 20793)]
NJAMD/free: Address passed (0x4419cff8) is not page-aligned
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 20793)]
0x40343d11 in kill () from /lib/libc.so.6
(gdb) bt
#0 0x40343d11 in kill () from /lib/libc.so.6
#1 0x40304dc3 in raise (sig=11) at signals.c:65
#2 0x40019dc8 in nj_free_init (start=0x4419cff4, laddr=0xbffff010,
caller=0x4001ece2 "free")
at mem_under.c:37gcc_3.0_libobjc_Protocol.mTBvkAc
#3 0x4001a342 in __nj_underflow_free (buf=0x4419cff8, ret=0xbffff010) at
mem_under.c:314
#4 0x4001c8b1 in free (ptr=0x4419cff8) at public.c:499
#5 0x8052bc0 in objc_free (mem=0x4419cff8) at
../../../gcc-3.0/libobjc/misc.c:134
#6 0x8052315 in __objc_exec_class (module=0x805ada0) at
../../../gcc-3.0/libobjc/objc/objc-list.h:88
#7 0x8053c80 in _GLOBAL__I_.._.._.._gcc_3.0_libobjc_Protocol.mTBvkAc ()
at ../../../gcc-3.0/libobjc/Protocol.m:129
#8 0x8056f97 in __do_global_ctors_aux ()
#9 0x804b996 in _init ()
#10 0x403330c7 in __libc_start_main () from /lib/libc.so.6
I had some memory related bug I could not locate in my code.
(When changing NSObject dealloc to nop all works). My intuition
says multiple frees but I don't know how this can happen with
retain/release. Probably there is memory corruption but hardly it is
direct (I don't use c library functions, only Foundation, never play directly
with pointers, never malloc, never use C arrays). It is possible I use some
autorelease incorrectly but how can I locate my error (I have only 7k lines of
code) ?
Please help.
I'm not confortable with semi-automatic memory handling. Perhaps I'm doing
something wrong. I want to find where is my error but it seems that malloc
debugger come in conflict with gnustep.
Some questions:
- does gnustep only use malloc for all his allocations
(objc_malloc does call malloc at the end)
(the default zone should use objc_malloc) ?
- is __do_global_ctors_aux calling static initializers
and other things before main ?
- what is gcc_3.0_libobjc_Protocol.mTBvkAc ?
- it seems that "free" is called with an address not returned by
"malloc" (njamd returns page-aligned (+4 bytes) addresses, starting near
0x4xxxx000,
so the faulting address seems returned by the njamd allocator, not malloc
0x8xxxxxxx is more common). It seems that somewhere in the initialization of
gnustep foundation (I tried plain libobjc with Object subclasses and it
works), an address is decremented of 12 bytes (ff8+C = 1004).
Is this possible ? Where to look. (Why ProjectCenter works ? to be honest
it crashes sometimes, but if it is really a real bug in gnustep why did anyone
notice it before?)
- what could do gnustep (assuming there are no bugs so deep inside) against a
malloc debugger ?
Please help
Thanks a lot in advance
Marko
- Strange memory-related behavior (bug?),
Marko Mikulicic <=