[Ur] Rough edges.
Michael Stone
michael.r.stone at gmail.com
Mon Mar 15 17:25:21 EDT 2010
On 3/9/10, Michael Stone <michael.r.stone at gmail.com> wrote:
> On 3/9/10, Adam Chlipala <adamc at impredicative.com> wrote:
>> Michael Stone wrote:
>>> uw_malloc
>>> : uw_malloc is doing something that I don't understand, in that the
>>> following approximate snippet:
>>>
>>> size_t len = ...
>>> char* c = uw_malloc(ctx, len);
>>> if (!c) uw_error(ctx, FATAL, "couldn't allocate %d bytes", len);
>>> memset(c, 0, len);
>>>
>>> sometimes segfaults on the memset. (I was able to work around this
>>> problem by using a fixed-size stack-allocated array.)
>>>
>>
>> That is definitely not supposed to happen. Would you mind reducing this
>> to a minimal example that still exhibits the problem and then submitting
>> the source code in a Mantis bug report?
Adam,
I haven't found a minimal always-reproducible example yet but I do
have several observations for you, which result from testing on
$ uname -a
Linux mstone 2.6.31-16-generic #52-Ubuntu SMP Thu Dec 3 22:07:16 UTC
2009 x86_64 GNU/Linux
The observations are:
1. The error is not deterministically reproducible and appears to be
a heisenbug. (It is consistently non-reproducible under valgrind.)
2. When segfaults occur, the returned address is unmapped. (Other
subsequent addresses may also be unmapped; I haven't checked.)
3. The addresses which are unmapped are sometimes quite large; e.g.,
0xffffffff9387408a, and sometimes quite small, e.g., 0x6b14308a. (Note
that -1 - 0xffffffff9387408a = 0x6c78bf75, which is quite comparable
to 0x6b14308a.)
4. src/c/urweb.c does not check the return codes of calls to
malloc() and realloc() for NULL.
I'll write again if/when I come up with a new insight or datum.
Regards,
Michael
More information about the Ur
mailing list