* [9fans] pool curalloc bug
@ 2015-02-26 2:38 mischief
2015-02-26 22:27 ` mischief
2015-03-02 8:06 ` erik quanstrom
0 siblings, 2 replies; 5+ messages in thread
From: mischief @ 2015-02-26 2:38 UTC (permalink / raw)
To: 9fans
does anyone care to take a stab at figuring out why mainmem->curalloc underflows? here's a c program to reproduce.
#include <u.h>
#include <libc.h>
/*
8c curalloc.c
8l curalloc.8
p=`{8.out >[2=1] | awk '{ print $2 }' | tr -d : }
echo '*mainmem' | acid -lpool $p
-> curalloc 4294967016
*/
void
domalloc(int n)
{
int i;
void **a;
a = mallocz(n * sizeof(void*), 1);
for(i = 0; i < n; i++){
a[i] = malloc(1024*1024*5);
}
for(i = 0; i < n; i++){
free(a[i]);
}
free(a);
}
void
main(int argc, char *argv[])
{
ARGBEGIN{
}ARGEND
domalloc(2);
abort();
}
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] pool curalloc bug
2015-02-26 2:38 [9fans] pool curalloc bug mischief
@ 2015-02-26 22:27 ` mischief
2015-03-02 8:06 ` erik quanstrom
1 sibling, 0 replies; 5+ messages in thread
From: mischief @ 2015-02-26 22:27 UTC (permalink / raw)
To: 9fans
cinap_lenrek has fixed this in 9front revision dd392df17488. the bug seems present in 9atom and labs too, though.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] pool curalloc bug
2015-02-26 2:38 [9fans] pool curalloc bug mischief
2015-02-26 22:27 ` mischief
@ 2015-03-02 8:06 ` erik quanstrom
2015-03-02 10:10 ` cinap_lenrek
2015-03-02 10:23 ` cinap_lenrek
1 sibling, 2 replies; 5+ messages in thread
From: erik quanstrom @ 2015-03-02 8:06 UTC (permalink / raw)
To: 9fans
On Wed Feb 25 18:40:39 PST 2015, mischief@9.offblast.org wrote:
> does anyone care to take a stab at figuring out why mainmem->curalloc underflows? here's a c program to reproduce.
>
i can't replicate this on amd64/9atom
; 6.curalloc
6.curalloc 786: suicide: sys: trap: fault read addr=0x0 pc=0x202761
acid; stk()
abort()+0x0 /sys/src/libc/9sys/abort.c:6
main(argv=0xfedfff80,argc=0x0)+0x54 /usr/quanstro/curalloc.c:41
_main+0x40 /sys/src/libc/amd64/main9.s:15
; 6c -a curalloc.c>curalloc.acid
; acid -l curalloc.acid 786
/proc/786/text:amd64 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/amd64
acid; (Pool)mainmem
name 0x00400248
maxsize 0
cursize 1072693248
curfree 16
curalloc 0 <---
minarena 0
quantum 1076101120
minblock 1852399981
freeroot 0x00000000
arenalist 0xfaf0f1fe
alloc 0x00000000
merge 0x00000000
move 0xfedffef8
flags 32
nfree 0
lastcompact 2106590
lock 0x00000023
unlock 0x002024de
print 0x00000025
panic 0x00201f75
logstack 0x0000002b
private 0x002024de
- erik
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] pool curalloc bug
2015-03-02 8:06 ` erik quanstrom
@ 2015-03-02 10:10 ` cinap_lenrek
2015-03-02 10:23 ` cinap_lenrek
1 sibling, 0 replies; 5+ messages in thread
From: cinap_lenrek @ 2015-03-02 10:10 UTC (permalink / raw)
To: 9fans
the values make no sense because mainmem is a pointer to a pool,
not the pool itself. use *mainmem or sbrkmem.
--
cinap
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] pool curalloc bug
2015-03-02 8:06 ` erik quanstrom
2015-03-02 10:10 ` cinap_lenrek
@ 2015-03-02 10:23 ` cinap_lenrek
1 sibling, 0 replies; 5+ messages in thread
From: cinap_lenrek @ 2015-03-02 10:23 UTC (permalink / raw)
To: 9fans
the problem with curalloc was the following:
poolallocl() allocates, trims, and then adds the resulting
block size to curalloc. and poolfreel() subtracts the blocksize
from curalloc. so far so good. problem is when we try to merge
arenas, the last block in the bottom arena is extended up to
the start of the top arena to encompass the space between,
and then it is trimmed back to its old *data* size. depending
on the size of the gab, the free data might be accounted for in the
Btail datasize or it might get its own free block if it is
big enougth. in the first case, the block size would'v been
increased (we got some extra space at the end) but this was not
accounted for in curalloc. so poolfreel() will subtract a bigger
value than was added to curalloc, hence the underflow.
the fix is to account for the changed block size in curalloc when
merging arenas.
curalloc is also not properly maintained in poolallocalign(),
but thats not in the testcase.
--
cinap
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-03-02 10:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-26 2:38 [9fans] pool curalloc bug mischief
2015-02-26 22:27 ` mischief
2015-03-02 8:06 ` erik quanstrom
2015-03-02 10:10 ` cinap_lenrek
2015-03-02 10:23 ` cinap_lenrek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).