[gclist] Segmentation faults
elmex@x-paste.de
elmex@x-paste.de
Tue, 1 May 2001 17:32:03 +0200
Hi,
i am working on a interpreter for a new scripting language.
My OS is linux-2.4.x and i use the Boehm GC 4.14.
The interpreter uses dlopen to load modules (which use the
gc-malloc too (gc.a is linked)).
But there are modules which use the normal mallocs too (eg. from libwww).
With a parser i build up a parse-tree.
Turned on GC_enable_incremental, and it
segfaults (on evaluating the parse-tree) with these messages:
==================
Segfault at 0x30302e30
Unexpected bus error or segmentation fault
Aborted (core dumped)
==================
Whitout GC_enable_incremental on, it only segfaults without any notice
and procudes this backtrace:
==================
#0 0x30302e30 in ?? ()
#1 0x8059893 in eval_connect (t=0x80f37b0, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
#2 0x8059893 in eval_connect (t=0x80f3540, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
#3 0x8059893 in eval_connect (t=0x80f3360, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
#4 0x8059893 in eval_connect (t=0x80f4ea0, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
#5 0x8053455 in squash_eval_ptree (exp=0x80f4ea0, e=0x80a5fe0, a=0x80a7f18) at squash.c:206
#6 0x8053406 in main (argc=2, argv=0xbffffc1c) at squash.c:192
#7 0x4007f0d3 in __libc_start_main (main=0x8052e34 <main>, argc=2,
ubp_av=0xbffffc1c, init=0x80526c0 <_init>, fini=0x80794a4 <_fini>,
rtld_fini=0x4000d650 <_dl_fini>, stack_end=0xbffffc14)
at ../sysdeps/generic/libc-start.c:129
==================
And with GC_enable_incremental turned on:
==================
#0 0x4008f151 in __kill () from /lib/libc.so.6
#1 0x4008ee39 in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2 0x400905d1 in abort () at ../sysdeps/generic/abort.c:88
#3 0x805d705 in GC_abort ()
#4 0x805d928 in GC_write_fault_handler ()
#5 <signal handler called>
#6 0x30302e30 in ?? ()
#7 0x8059893 in eval_connect (t=0x80b17b0, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
#8 0x8059893 in eval_connect (t=0x80b1540, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
#9 0x8059893 in eval_connect (t=0x80b1360, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
#10 0x8059893 in eval_connect (t=0x80b2ea0, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
#11 0x8053455 in squash_eval_ptree (exp=0x80b2ea0, e=0x80a5fe0, a=0x80a7f18) at squash.c:206
#12 0x8053406 in main (argc=2, argv=0xbffffc1c) at squash.c:192
#13 0x4007f0d3 in __libc_start_main (main=0x8052e34 <main>, argc=2,
ubp_av=0xbffffc1c, init=0x80526c0 <_init>, fini=0x8079484 <_fini>,
rtld_fini=0x4000d650 <_dl_fini>, stack_end=0xbffffc14)
at ../sysdeps/generic/libc-start.c:129
==================
Here is some additional information:
(gdb) f 7
#7 0x8059893 in eval_connect (t=0x80b17b0, e=0x80a5fe0, a=0x80a7f18) at obj_con.c:33
33 EVAL(EXP1(t), e, a);
(gdb) p *t->exp1->exp1
$3 = {eval = 0x30302e30, exp1 = 0x30303030, exp2 = 0x41414100,
exp3 = 0x41414141, exp4 = 0x41414141, i1 = 1094795585,
str1 = 0x41414141 <Address 0x41414141 out of bounds>,
db1 = 2261634.5098039214, vd1 = 0x41414141}
It seems as a node of the parse-tree gets free'ed or overwritten
by the garbage collector.(If i use the normal malloc's, it doesn't
segfault.)
I had other problems with overwritten data in my parse tree before.
I thougt that was a problem with type-casting a pointer to
big structure to a small structre, and the GC overwrote the data after the
small structs memory.
Here is what i mean:
===
struct L { char *a; char *b }; struct S { char *a; };
...
struct L *ptr=malloc(sizeof(struct L));
struct S *sptr=NULL;
struct L *lptr=NULL;
ptr->a = GC_malloc(sizeof(char) * 4); ptr->a = "foo";
ptr->b = GC_malloc(sizeof(char) * 4); ptr->b = "bar";
sptr = (struct S) ptr;
... runtime ... a big text gets read in ...
lptr = (struct L) sptr; // sptr is a pointer to memory allocated for a large struct
strlen(lptr->b);
SIGSEGV
And a backtrace's result was, that lptr->b was full of
anything, but not "bar".
I am really confused. And i only get that segmentation faults when i use the
GC.
cya,
Robin Redeker