[Issue 1282] New: Very strange GC problem, memory corruption

d-bugmail at puremagic.com d-bugmail at puremagic.com
Wed Jun 20 13:13:05 PDT 2007


http://d.puremagic.com/issues/show_bug.cgi?id=1282

           Summary: Very strange GC problem, memory corruption
           Product: D
           Version: 1.016
          Platform: PC
        OS/Version: Windows
            Status: NEW
          Keywords: wrong-code
          Severity: critical
          Priority: P2
         Component: Phobos
        AssignedTo: bugzilla at digitalmars.com
        ReportedBy: deewiant at gmail.com


For most of the past 12 hours I've tried, desperately, to track down this bug
and to find a minimal test case, without luck.

Using Jascha Wetzel's excellent Ddbg, I've only managed to narrow my problems
down to Tango's gc.basic.gcx and/or gc.basic.gcalloc modules, but beyond that,
I don't really know. The latest iteration, which I present here, causes an
Access Violation in memmove. All of the following affect whether the bug shows
up, and how it shows up:

- compiler flags, both those used to compile the GC and those for the source
itself
- the number of object files in the compilation: at one point, I had to have up
to around 100 empty dummy modules compiled in just to keep the bug showing up
- the memory footprint of various structs used in the program, and sizes of
arrays not even used at any point
- the precise x-y dimensions of the file (_bef.b98 in the .zip I link to below)
which is loaded into an associative array

Especially the last two factors mentioned above lead me to believe that this
bug might not be reproduceable, which is also why I'm now filing it now, while
it still reliably crashes on my machine, instead of coming back tomorrow and
finding that nothing happens any longer.

Indeed, in this particular testcase, I've already lost the crash which
originally lead me to find this bug. I can still get it in my main project,
though, so I might follow up on this tomorrow.

Various ways in which the bug has manifested itself:

- IBM PurifyPlus reported numerous VirtualFree() calls to invalid memory
- Access Violation in gc.gcx.Gcx.__invariant
- Access Violation in gc.gcx.Gcx.mark
- Access Violation in gc.gcx.Gc.fullCollect
- Access Violation in gc.gcx.Gc.mallocNoSync (or one of the NoSync methods,
can't remember for sure which one)
- Access Violation in _memmove (the one I'm currently getting)
- a class reference suddenly becoming uint.max, in the middle of code which
doesn't even know about the class existing (doesn't import the relevant
modules)

It used to be the case that uncommenting line 68 in utils.d caused the bug to
disappear, but not so with this memmove crash. I'll try to catch those other
bugs tomorrow.

The code is Tango dependent, but since it's a GC bug I filed it under Phobos,
here. I'll try to port the code to Phobos later this week.

I'm using the SVN trunk of Tango (revision 2345), compiled with -g (replaced
DFLAGS in lib\gc\basic\win32.mak).

Anybody who can shed some light, please do! I looked at Bug 72, and I'm willing
to believe this has something to do with that.

Source package, with precompiled .exe (it's a Windows only issue anyway):
http://rapidshare.com/files/38390338/evil_bug.zip.html


-- 



More information about the Digitalmars-d-bugs mailing list