Crash deep in heap allocation for rtems_region_get_segment() call

Matthew J Fletcher amimjf at gmail.com
Tue Mar 6 16:25:52 UTC 2018


Hi,

I've been investigating an interesting but reproducible crash deep in the
heap allocator, any help much appreciated.


This is the callstack..

_Heap_Is_prev_used() at heapimpl.h:510 0x700ebb8e
_Heap_Is_used() at heapimpl.h:517 0x700ebb8a
_Heap_Block_split() at heap.c:336 0x700ebb7c
_Heap_Block_allocate_from_begin() at heap.c:371 0x700ebbf0
_Heap_Block_allocate() at heap.c:461 0x700ebdb6
_Heap_Allocate_aligned_with_boundary() at heapallocate.c:262 0x700ebf0e
_Heap_Allocate() at heapimpl.h:137 0x700ea4a4
_Region_Allocate_segment() at regionimpl.h:108 0x700ea4a4
rtems_region_get_segment() at regiongetsegment.c:79 0x700ea4a4


RTEMS_INLINE_ROUTINE bool _Heap_Is_used(
  const Heap_Block *block
)
{
  const Heap_Block *const next_block =
    _Heap_Block_at( block, _Heap_Block_size( block ) );

  return _Heap_Is_prev_used( next_block );
}

so this is the routine above the crash,. in the debugger i can see that 'block'
is at a valid address, but 'next_block' is "optimized out" and gdb wont
show it (rtems is already re-compiled with -0g)


RTEMS_INLINE_ROUTINE bool _Heap_Is_prev_used( const Heap_Block *block )
{
  return block->size_and_flag & HEAP_PREV_BLOCK_USED;
}

i presume that in this crashing routine, block must be invalid.

There is still 3.4mb left on the heap at this point (from the stats pointer
information), its not like this is an early startup crash, from the
Heap_Statistics;

lifetime_allocated 788736
lifetime_freed 40704
size 4194048
free_size 3445504
min_free_size 3445504
free_blocks 3
max_free_blocks 5
used_blocks 128
max_search 4
searches 289
allocs 267
failed_allocs 0
frees 130
resizes 0


-- 

regards
---
Matthew J Fletcher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/users/attachments/20180306/3223f1c7/attachment.html>


More information about the users mailing list