[Issue 10701] New: segfault after GC.realloc

d-bugmail at puremagic.com d-bugmail at puremagic.com
Tue Jul 23 01:21:06 PDT 2013 

http://d.puremagic.com/issues/show_bug.cgi?id=10701

           Summary: segfault after GC.realloc
           Product: D
           Version: D2
          Platform: x86_64
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: druntime
        AssignedTo: nobody at puremagic.com
        ReportedBy: monarchdodra at gmail.com


--- Comment #0 from monarchdodra at gmail.com 2013-07-23 01:21:05 PDT ---
Created an attachment (id=1238)
segfault after realloc

Only reproduced on 64 bit posix systems.

This is kind of complicated. The reduced program needs to iterate a couple of
times (probably to corrupt the GC?) a few times before the problem will
trigger. The good news, is that the segfault deterministically repeats itselft,
so the debug "should" be easy to do.

It would *appear* that the core culprit is creating a dynamic array (or size
larger than 4080), and then calling realloc on "array.ptr". Now, I'm not 100%
sure this is legal to begin with, since "array.ptr" is actually offset by 16
bytes from the start of the memory block. Is that actually undefined behavior,
or does it just reduce the chances of the program working?

I'd simply leave it at that and move on, but there is something that bothers me
deeply:

//----
ubyte[] arr = new ubyte[](5000);
GC.realloc(arr.ptr, 0, GC.BlkAttr.NO_SCAN);
//----
This works 100% fine (AFAIK, never segfaulted), but this:

//----
ubyte[] arr;
arr.length = 5000;
GC.realloc(arr.ptr, 0, GC.BlkAttr.NO_SCAN);
//----

Doing this ends up segfaulting later down the line.
*** Why is the behavior different? ***
I believe it is worth trying to investigate this at least a little, we might be
able to unravel a bug somewhere inside the code...

The code is in the attachment. I've reduced it as much as I could.

If somebody with more skills (and is more used to debugging in a *nix
environment) could take a peak?

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------

More information about the Digitalmars-d-bugs mailing list