search

giuseppebarba / python-on-a-chip

Automatically exported from code.google.com/p/python-on-a-chip
Other
0 stars 0 forks source link

Fix segfault in heap/gc #180

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Reported by Oscar of maillist on 2010/12/30:

Checked out a fresh copy of p14p. I use the desktop platform.  Changed the 
HEAP_SIZE in main.c to 0x10000 (64k).  Changed to IPM = false in Makefile (I'm 
not sure exactly what this does, but false seems more right, since I am not 
running the IPM)

Then I replaced main.py with:
import sys
sys.gc()

Then I ran it:
Administrators-MacBook-Air:desktop admin$ ./main.out
Segmentation fault
Administrators-MacBook-Air:desktop admin$

When setting the HEAP_SIZE to four bytes less (0xfffc) the program does not 
cause a segmentation fault.

Original issue reported on code.google.com by dwhall...@gmail.com on 1 Jan 2011 at 9:08

GoogleCodeExporter commented 9 years ago 
Took desktop project, set PM_HEAP to 0x10000 and main.py to "import sys; 
sys.gc()".  Ran in gdb until segfault:

(gdb) bt
#0  0x00005131 in heap_unlinkFromFreelist (pchunk=0xbffff428) at heap.c:278
#1  0x0000672d in heap_gcSweep () at heap.c:1103
#2  0x0000690e in heap_gcRun () at heap.c:1168
#3  0x000134b5 in nat_25_sys_gc (ppframe=0xbfff036c) at pmstdlib_nat.c:1144
#4  0x0000cd38 in interpret (returnOnNoThreads=1 '\001') at interp.c:1991
#5  0x0000f441 in pm_run (modstr=0x13fe0 "main") at pm.c:90
#6  0x000024ae in main () at main.c:31

(gdb) print pchunk
$3 = (pPmHeapDesc_t) 0xbffff428

(gdb) print *pchunk
$4 = {
  hd = 43690,
  prev = 0x0,
  next = 0x1000
}

(gdb) print pmHeap
$5 = {
  base = 0xbffef42c "\r\b",
  size = 65536,
  pfreelist = 0xbffeff50,
  avail = 17812,
  gcval = 1 '\001',
  auto_gc = 1 '\001',
  temp_roots = {0xbfff064c, 0xbfff0574, 0xbfff0520, 0xbfff0568, 0xbffefb78, 0xbf
fefbc4, 0x0 <repeats 18 times>},
  temp_root_index = 1 '\001'
}

END

pmHeap.base = 0xbffef42c + 0x10000
            = 0xbffff42c
pchunk      = 0xbffff428

So it looks like the offending pchunk is at the tail end of the heap and is too 
small to be a valid chunk.

Original comment by dwhall...@gmail.com on 1 Jan 2011 at 10:08

GoogleCodeExporter commented 9 years ago 
The issue is that heap_init() divides the given memory space into as many 
max-sized chunks as possible and one remainder sized chunk.  AND if that 
remainder sized chunk is too small, then it is neglected.

Then, when heap_gcSweep() is performed, the scanner pointer iterates with this 
condition:     while ((uint8_t *)pobj < &pmHeap.base[pmHeap.size]).  So the 
scanner proceeds past the end of linked chunks and into the neglected space.

The solution is to eliminate neglected end-memory in pm_init() by using space 
from the penultimate chunk to make the end-memory big enough to be a chunk.

Original comment by dwhall...@gmail.com on 1 Jan 2011 at 11:07

GoogleCodeExporter commented 9 years ago 
rb2ce818b4772
- Fixed heap.c to use memory remaining after (%) modulo MAX_CHUNK_SIZE sizes 
that are less than MIN_CHUNK_SIZE.
- Changed desktop's Makefile to NOT apply "-Os" when debug is declared.  Helps 
debugging by eliminating inlined functions.
- Added system test t380.
- Updated tools/pmOdDecoder.py to also decode free chunks.

System tests pass.

Original comment by dwhall...@gmail.com on 2 Jan 2011 at 2:09

GoogleCodeExporter commented 9 years ago

Original comment by dwhall...@gmail.com on 2 Jan 2011 at 2:09