debug help request

Joel Sherrill joel.sherrill at oarcorp.com
Wed Nov 15 22:26:18 UTC 2006


Thanks to those who emailed me with suggestions and to Sergei Organov who
quickly responded to my plea for help when it looked like a heap bug.

The problem turned out to be a miscalculated offset in 
pthread_keysetspecific.
The code was using the class portion of the ID to index and should have been
using the API portion.

For those who are interested, I binary searched using _Heap_Walk until I
found the one call which broke it. 

I will post a patch tomorrow and check to see how far back this one goes.
At first glance, this does appear to impact the 4.6 branch so anyone using
POSIX keys is at risk. 

SUMMARY: NOT A HEAP BUG -- specific to POSIX Keys!!

--joel

Joel Sherrill wrote:
> FWIW I quadrupled the stack sizes in this test and it did not help.
>
> I also determined that the address being reported as being freed on
> the SPARC corresponds to an address that was allocated. 
>
> It looks like  it is being allocated from the workspace by libc_create_hook.
> That means that this could be a case of something writing beyond their
> allocated memory.  So this one needs to be fixed.
>
> I will have to let this sit overnight ... if someone has an insight, it
> would be greatly appreciated.
>
> --joel
>
> Joel Sherrill wrote:
>   
>> Hi,
>>
>> psx06 fails on sparc and mips during the pthread_exit.  It gets
>> an exception while doing a _Heap_Free.  I am totally disgusted
>> and confused at this point because on sparc, it appears that
>> every local variable of interest has been optimized away and
>> the backtrace is of little help.
>>
>> On mipsjmr3904, the stack track is:
>>
>> (gdb) bt
>> #0  0xffffffff8800b468 in _Heap_Free ()
>> #1  0xffffffff880027d4 in libc_delete_hook ()
>> #2  0xffffffff8800e3ec in _User_extensions_Thread_delete ()
>> #3  0xffffffff8800c860 in _Thread_Close ()
>> #4  0xffffffff880060e4 in pthread_exit ()
>> #5  0xffffffff8800084c in Task_2 ()
>> #6  0xffffffff88013fec in _Thread_Handler ()
>> #7  0xffffffff88013ee0 in _Thread_Evaluate_mode ()
>> #8  0xffffffff88013ee0 in _Thread_Evaluate_mode ()
>>
>> On PowerPC/psim it appears to work OK.
>>
>> Can someone give it a try on their target and see if they can
>> figure out what the bug is?
>>
>> Thanks.
>>
>> --joel
>>
>> _______________________________________________
>> rtems-users mailing list
>> rtems-users at rtems.com
>> http://rtems.rtems.org/mailman/listinfo/rtems-users
>>   
>>     
>
> _______________________________________________
> rtems-users mailing list
> rtems-users at rtems.com
> http://rtems.rtems.org/mailman/listinfo/rtems-users
>   




More information about the users mailing list