search

ivmai / bdwgc

The Boehm-Demers-Weiser conservative C/C++ Garbage Collector (bdwgc, also known as bdw-gc, boehm-gc, libgc)
https://www.hboehm.info/gc/
Other
3k stars 406 forks source link

Bad complex descriptor occurs rarely in find-leak mode #548

Open ivmai opened 1 year ago

ivmai commented 1 year ago

Source: master (4bdf9b9c327) Host: Ubuntu 20.04 / x64 Compiler: gcc Occurrence rate: ~1/350 How to build: ./configure --enable-gc-assertions --enable-cplusplus && make -j check CFLAGS_EXTRA="-D _FORTIFY_SOURCE=2 -D FIND_LEAK -D SKIP_LEAKED_OBJECTS_PRINTING" Output (gctest.log): Found 40 leaked objects: ... Found 40 leaked objects: Bad complex descriptor

ivmai commented 1 year ago 
#1  0x00007fb1c9808859 in __GI_abort () at abort.c:79
#2  0x00007fb1c9a2a923 in GC_push_complex_descriptor (addr=addr@entry=0x7fb1bdfca000, complex_d=<optimized out>,
    msp=msp@entry=0x7fb1c6f9de90, msl=msl@entry=0x7fb1c6fade90) at extra/../typd_mlc.c:623
#3  0x00007fb1c9a2aa9f in GC_array_mark_proc (addr=0x7fb1bdfca000, mark_stack_ptr=0x7fb1c6f9de90,
    mark_stack_limit=0x7fb1c6fadea0, env=<optimized out>) at extra/../typd_mlc.c:653
#4  0x00007fb1c9a2e916 in GC_mark_from (mark_stack_top=<optimized out>, mark_stack_top@entry=0x7fb1c6f9deb0,
    mark_stack=mark_stack@entry=0x7fb1c6f9dea0, mark_stack_limit=mark_stack_limit@entry=0x7fb1c6fadea0)
    at extra/../mark.c:711
#5  0x00007fb1c9a3dca1 in GC_do_local_mark (local_mark_stack=0x7fb1c6f9dea0, local_top=0x7fb1c6f9deb0)
    at extra/../mark.c:1005
#6  0x00007fb1c9a3dee9 in GC_mark_local (local_mark_stack=local_mark_stack@entry=0x7fb1c6f9dea0, id=5)
    at extra/../mark.c:1136
#7  0x00007fb1c9a3e1a9 in GC_help_marker (my_mark_no=893) at extra/../mark.c:1195
#8  0x00007fb1c9a3e325 in GC_mark_thread (id=<optimized out>) at extra/../pthread_support.c:466
#9  GC_mark_thread (id=<optimized out>) at extra/../pthread_support.c:415
#10 0x00007fb1c99e6609 in start_thread (arg=<optimized out>) at pthread_create.c:477
(gdb) fr 3
(gdb) p nwords
$4 = 3004
(gdb) p *(complex_descriptor*)addr[nwords-1]
$8 = {ld = {ld_tag = 140401415094208, ld_size = 140401388137088, ld_nelements = 0, ld_descriptor = 0}, ad = {
    ad_tag = 140401415094208, ad_nelements = 140401388137088, ad_element_descr = 0x0}, sd = {sd_tag = 140401415094208,
    sd_first = 0x7fb1beddaa80, sd_second = 0x0}}

But ld_tag should be 3 (tags are in range 1..3)

Currently unclear whether the ptr to descriptor is corrupted or the descriptor itself.

ivmai commented 1 year ago

Not reproduced with -O0 Not reproduced with -D GC_DISABLE_INCREMENTAL Reproduced with -D NO_SOFT_VDB

ivmai commented 1 year ago

Source: master (5839684) Build: https://app.travis-ci.com/github/ivmai/bdwgc/jobs/608674850 Host: Linux/amd64 Config: CFLAGS_EXTRA="-D _FORTIFY_SOURCE=2 -D FIND_LEAK -D SKIP_LEAKED_OBJECTS_PRINTING" CONF_OPTIONS="--enable-gc-assertions --enable-cplusplus"

ivmai commented 4 days ago

Source: master (cbe0581) Build: https://app.travis-ci.com/github/ivmai/bdwgc/jobs/627986672 Host: Ubuntu 22.04/x86_64