[Barrelfish-users] Bug in malloc()/free() ?
Zeus Gómez Marmolejo
zeus.gomez at bsc.es
Thu Sep 22 19:33:49 CEST 2011
Hi Simon,
Thanks for the patch. Now it takes a bit longer ... but it ends up by
returning NULL anyway. The above program didn't change.
> spawnd.0: spawning /x86_64/sbin/myapp on core 0
myapp.0 in main() ../barrelfish/usr/tests/myapp/myapp.c:12
malloc() returned NULL at 30710
Aborted
To add originality to the situation, sometimes I get this error too:
ERROR: mem_serv.0 in mem_lmp_default_error_handler()
./x86_64/lib/barrelfish/_for_lib_barrelfish/mem_flounder_bindings.c:1328
ERROR: asynchronous error in Flounder-generated mem lmp binding (default
handler)
Failure: ( libbarrelfish) Failure in lmp_chan_alloc_recv_slot()
[LIB_ERR_LMP_ALLOC_RECV_SLOT]
Failure: ( libbarrelfish) Failure in slot_alloc() [LIB_ERR_SLOT_ALLOC]
Failure: ( libbarrelfish) Failure in cnode_create() [LIB_ERR_CNODE_CREATE]
Failure: ( libbarrelfish) Failure in ram_alloc() [LIB_ERR_RAM_ALLOC]
Failure: ( libmm) No matching node found [MM_ERR_NOT_FOUND]
Aborted
To give you some hints about the first error, it fails when calling
to vspace_mmu_aware_map() in morecore.c:59 with error
LIB_ERR_FRAME_CREATE_MS_CONSTRAINTS. It turns out that (step <
BASE_PAGE_SIZE). As this is the first call to that function in the loop, the
buffer is NULL.
As I see, in the latest version the debug_err() has been removed when
reaching this condition.
Thanks for your help,
zeus.
El 22 de septiembre de 2011 16:25, Simon Peter <speter at inf.ethz.ch>escribió:
> I think I found the issue. Here's a patch:
>
> diff -r 215f069a289c lib/barrelfish/vspace/mmu_**aware.c
> --- a/lib/barrelfish/vspace/mmu_**aware.c Tue Sep 20 15:18:31 2011 +0200
> +++ b/lib/barrelfish/vspace/mmu_**aware.c Thu Sep 22 16:23:43 2011 +0200
> @@ -227,6 +227,7 @@
>
> // Reduce offset
> state->offset -= bytes;
> + state->consumed -= bytes;
> if (success) {
> state->mapoffset = min_offset;
> }
>
> -- Simon
>
>
> On 22.09.2011 13:23, Zeus Gómez Marmolejo wrote:
>
>> I'm running free() under the debugger and the x86_64 specific hack is
>> not firing.
>>
>> It's going through lesscore() and then from a quick view it seems that
>> is doing it ok:
>>
>> memobj_anon unfill(), calling to the x86_64 pmap unmap and then calling
>> to the kernel vnode_unmap(). Finally track_frame_return()...
>>
>> I don't see anything wrong here, it seems it's not skipping anything...
>> The curious thing is that the pointer returned by malloc() is always the
>> same. So it "seems" that free is working correctly.
>>
>> The program is always stopping after allocating about 1Gb of memory,
>> which is the size of the physical memory of the virtual machine....
>>
>> zeus.
>>
>> El 22 de septiembre de 2011 01:33, Baumann Andrew <andrewb at inf.ethz.ch
>> <mailto:andrewb at inf.ethz.ch>> escribió:
>>
>>
>> Hi Zeus,____
>>
>> __ __
>>
>> We’re really bad with reclaiming memory, but I didn’t know it was
>> that bad! Honestly, there’s no good reason I can see for our heap
>> being that broken. From the quick glance through the code
>> (lib/c/src/malloc.c) my guess is that either the x86_64-specific
>> hack to avoid freeing memory allocated on another core is firing
>> incorrectly, or lesscore() is firing and doing something dumb. Could
>> you check which it is?____
>>
>> __ __
>>
>> I’m CCing Simon, who should know more about the workings of
>> lesscore().____
>>
>> __ __
>>
>> Andrew____
>>
>> __ __
>>
>> *From:* Zeus Gómez Marmolejo [mailto:zeus.gomez at bsc.es
>> <mailto:zeus.gomez at bsc.es>]
>> *Sent:* Wednesday, 21 September, 2011 6:14
>> *To:* barrelfish-users at lists.inf.**ethz.ch<barrelfish-users at lists.inf.ethz.ch>
>> <mailto:barrelfish-users@**lists.inf.ethz.ch<barrelfish-users at lists.inf.ethz.ch>
>> >
>>
>> *Subject:* [Barrelfish-users] Bug in malloc()/free() ?____
>>
>> __ __
>>
>> Hi,____
>>
>> __ __
>>
>> Here I introduce you a pretty simple program:____
>>
>> __ __
>>
>> int main(int argc, char **argv)____
>>
>> {____
>>
>> void *p;____
>>
>> int i;____
>>
>> ____
>>
>> for(i=0; ;i++)____
>>
>> {____
>>
>> p = malloc(65536);____
>>
>> if (p==NULL)____
>>
>> USER_PANIC("malloc() returned NULL at %d", i);____
>>
>> free (p);____
>>
>> }____
>>
>> ____
>>
>> return 0;____
>>
>> }____
>>
>> __ __
>>
>> This is ALWAYS aborting as:____
>>
>> __ __
>>
>> ERROR: myapp.0 in morecore_alloc()
>> ../barrelfish/lib/barrelfish/**morecore.c:85____
>>
>> ERROR: vspace_mmu_aware_map fail____
>>
>> Failure: ( libbarrelfish) Out of space in vspace_mmu_aware_map()
>> function [LIB_ERR_VSPACE_MMU_AWARE_NO_**SPACE]____
>>
>> myapp.0 in main() ../barrelfish/usr/tests/myapp/**myapp.c:12____
>>
>> malloc() returned NULL at 16382____
>>
>> Aborted____
>>
>> __ __
>>
>> With the latest Barrelfish tree. Are you aware of this?____
>>
>> __ __
>>
>> __ __
>>
>> --
>> Zeus Gómez Marmolejo
>> Barcelona Supercomputing Center
>> PhD student
>> http://www.bsc.es
>>
>> ____
>>
>>
>>
>>
>> --
>> Zeus Gómez Marmolejo
>> Barcelona Supercomputing Center
>> PhD student
>> http://www.bsc.es
>>
>>
>>
>
--
Zeus Gómez Marmolejo
Barcelona Supercomputing Center
PhD student
http://www.bsc.es
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.inf.ethz.ch/pipermail/barrelfish-users/attachments/20110922/c70d9b0c/attachment-0001.html
More information about the Barrelfish-users
mailing list