strange effect with --enable-fast-malloc=full
Falk Brettschneider
gigafalk at yahoo.com
Thu Apr 18 08:04:18 BST 2002
Hi!
Lubos Lunak wrote:
>On Ășt 16. duben 2002 22:43, Falk Brettschneider wrote:
>
>>Lubos Lunak wrote:
>>
>>>>>Yes, you should. Unless you can prove the bug is not in the application,
>>>>>I'm considering this malloc() implementation to be Bug Free(tm).
>>>>>
>>>>Hmm...being in the infinite loop is worse than a good old-fashioned
>>>>crash. Can we please insert an escape condition { ... if (p->fd==nextp
>>>>&& prev_inuse(p)) { break; }... } while (....) ? Then I at least get a
>>>>good crash. :-)
>>>>
>>>Hmm. I'll think about this after we find out where the problem is. If
>>>it's the app's fault, I don't think it should check for every runaway
>>>pointer. And if it's this malloc's fault ... well, it's a malloc
>>>implementation developed for several years and probably widely used,
>>>which I more or less just tweaked a bit and copy&pasted spinlocks from
>>>glibc to it.
>>>
>>Well, Lubos, there must be a difference between your implementation and
>>the classic malloc. As I wrote before it doesn't infinitely loop, if I
>>don't switch --enable-fast-malloc=full on.
>>
>
> Yes, and the difference is the internal data. With one implementation, if you
>delete twice or write out of the allocated data, you damage the internal
>data, with other implementation, you may be writting to an unused part of
>memory. Just the fact that it crashes with one malloc implementation but
>doesn't with another doesn't necessarily mean that the first one is broken
>
>
>>Second, an infinite loop in malloc is a bug IMO. It should never happen
>>there. If I get a crash in my application, that's the common signal for
>>me to fix a memory problem in my app.
>>
>
> I don't see how much different is a malloc that crashes and heap corruption
>from one that endlessly loops on heap corruption. Assuming neither of them is
>buggy, which we still don't know yet.
>
In case of a memory fault the application should always segfault.
Imagine you start the app from K->RunCommand. You don't have a prompt
that shows the app has finished. If it stays in the loop at the end of
the program, it will look like the app doesn't have a problem but the
user just wonders why there's 100% CPU load. In the last years I've
never seen the original malloc() having such problems with buggy programs.
>
>
>>But I don't just grumble, I have a patch for you that fixes the problem
>>here. All other KDE apps seem to work on normally. The patch is not only
>>the (p->fd==nextp) condition but also the (nextp->fd->fd==nextp)
>>condition that also happened here and leads to the same infinite loop.
>>
>>P.S.: I can commit if you want to
>>
>
> This doesn't look like a real fix to me. What if
>'if(next->fd->fd->fd==nextp)' will be needed some day too?
>
Indead this is unsolved. Is there a general rule that for instance the
address of nextp has always to be bigger than the one of next? Maybe
such a check is better. But I don't fully understand the malloc() code.
The meaning of the variables isn't very well documented.
>Does this patch
>make your application work?
>
Yes. It works well with my patch. Now I get just a segfault in
qt_cleanup() at XCloseDisplay(). I'm hunting the leaks now.
>Given that you actually can test it, as when your
>application is already closing down, there're not many chances to crash on
>corrupted heap. If you add one loop at the end of main(), allocating a lot of
>blocks of different sizes and another one releasing them, will it still work?
>Regardless of where the problem is, the patch looks like curing only the
>symptoms you have.
>
>
> Put '#define DEBUG' at the beginning of malloc.c and recompile it, it will
>add some checks and will hopefully crash somewhere near the real problem. And
>if you could put the debug outputs there printing the block addresses, that
>would probably help too (I still think it's a double deleting of something,
>not that rare when application is closing down).
>
I'm sorry, I don't have time any more for this. That's why, now I don't
use --enable-fast-malloc any more, other programmers should be warned to
use it, too.
>And I'll probably mail Doug
>Lea, just in case the bug is really in the malloc.
>
Thanks anyway,
Cheers
F at lk
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the kde-core-devel
mailing list