[Barrelfish-users] Bug in malloc()/free() ?

Thu Sep 22 16:25:23 CEST 2011

I think I found the issue. Here's a patch:

diff -r 215f069a289c lib/barrelfish/vspace/mmu_aware.c

--- a/lib/barrelfish/vspace/mmu_aware.c Tue Sep 20 15:18:31 2011 +0200
+++ b/lib/barrelfish/vspace/mmu_aware.c Thu Sep 22 16:23:43 2011 +0200
@@ -227,6 +227,7 @@

      // Reduce offset
      state->offset -= bytes;
+    state->consumed -= bytes;
      if (success) {
          state->mapoffset = min_offset;
      }

  -- Simon

On 22.09.2011 13:23, Zeus Gómez Marmolejo wrote:
> I'm running free() under the debugger and the x86_64 specific hack is
> not firing.
>
> It's going through lesscore() and then from a quick view it seems that
> is doing it ok:
>
> memobj_anon unfill(), calling to the x86_64 pmap unmap and then calling
> to the kernel vnode_unmap(). Finally track_frame_return()...
>
> I don't see anything wrong here, it seems it's not skipping anything...
> The curious thing is that the pointer returned by malloc() is always the
> same. So it "seems" that free is working correctly.
>
> The program is always stopping after allocating about 1Gb of memory,
> which is the size of the physical memory of the virtual machine....
>
> zeus.
>
> El 22 de septiembre de 2011 01:33, Baumann Andrew <andrewb at inf.ethz.ch
> <mailto:andrewb at inf.ethz.ch>> escribió:
>
>     Hi Zeus,____
>
>     __ __
>
>     We’re really bad with reclaiming memory, but I didn’t know it was
>     that bad! Honestly, there’s no good reason I can see for our heap
>     being that broken. From the quick glance through the code
>     (lib/c/src/malloc.c) my guess is that either the x86_64-specific
>     hack to avoid freeing memory allocated on another core is firing
>     incorrectly, or lesscore() is firing and doing something dumb. Could
>     you check which it is?____
>
>     __ __
>
>     I’m CCing Simon, who should know more about the workings of
>     lesscore().____
>
>     __ __
>
>     Andrew____
>
>     __ __
>
>     *From:* Zeus Gómez Marmolejo [mailto:zeus.gomez at bsc.es
>     <mailto:zeus.gomez at bsc.es>]
>     *Sent:* Wednesday, 21 September, 2011 6:14
>     *To:* barrelfish-users at lists.inf.ethz.ch
>     <mailto:barrelfish-users at lists.inf.ethz.ch>
>     *Subject:* [Barrelfish-users] Bug in malloc()/free() ?____
>
>     __ __
>
>     Hi,____
>
>     __ __
>
>     Here I introduce you a pretty simple program:____
>
>     __ __
>
>     int main(int argc, char **argv)____
>
>     {____
>
>     void *p;____
>
>     int i;____
>
>     ____
>
>     for(i=0; ;i++)____
>
>     {____
>
>     p = malloc(65536);____
>
>     if (p==NULL)____
>
>     USER_PANIC("malloc() returned NULL at %d", i);____
>
>     free (p);____
>
>     }____
>
>     ____
>
>     return 0;____
>
>     }____
>
>     __ __
>
>     This is ALWAYS aborting as:____
>
>     __ __
>
>     ERROR: myapp.0 in morecore_alloc()
>     ../barrelfish/lib/barrelfish/morecore.c:85____
>
>     ERROR: vspace_mmu_aware_map fail____
>
>     Failure: ( libbarrelfish) Out of space in vspace_mmu_aware_map()
>     function [LIB_ERR_VSPACE_MMU_AWARE_NO_SPACE]____
>
>     myapp.0 in main() ../barrelfish/usr/tests/myapp/myapp.c:12____
>
>     malloc() returned NULL at 16382____
>
>     Aborted____
>
>     __ __
>
>     With the latest Barrelfish tree. Are you aware of this?____
>
>     __ __
>
>     __ __
>
>     --
>     Zeus Gómez Marmolejo
>     Barcelona Supercomputing Center
>     PhD student
>     http://www.bsc.es
>
>     ____
>
>
>
>
> --
> Zeus Gómez Marmolejo
> Barcelona Supercomputing Center
> PhD student
> http://www.bsc.es
>
>


