[Python-bugs-list] [Bug #115912] GC crashes in 2.0b1 and 2.0b2

noreply@sourceforge.net noreply@sourceforge.net
Tue, 3 Oct 2000 06:43:26 -0700 

Bug #115912, was updated on 2000-Oct-03 06:43
Here is a current snapshot of the bug.

Project: Python
Category: Core
Status: Open
Resolution: None
Bug Group: 3rd Party
Priority: 5
Summary: GC crashes in 2.0b1 and 2.0b2

Details: Forwarded message from Andrew Reutter at Origin:


We are experiencing crashes in both Python 2.0b1 and 2.0b2 that appear to be
related to cyclical garbage collection.
A summary of the scenario follows:

We have embedded Python as a .lib into a much larger project.  We build this
project in both Win32 and Solaris environments.
On Win32 _only_, we use custom memory management routines in order to
facilitate the tracking of memory.
The memory manager also fills memory with specific bit patterns upon both
allocation and deallocation in order to detect the use of uninitialized or
freed memory.

After several minutes of successful execution, we see a reproducible crash
in gc_list_remove.
It receives a node pointer which points to memory filled with our memory
initialization bit pattern (0xCD),
indicating to us that the allocation was successful, but the object was
never fully initialized or placed in a gc_list.
Although this crash occurs at the same point in our code each time, the
address of the node pointer varies with each execution,
making it impossible to set a breakpoint when the node allocation takes
place.

Since we only tweak memory management under Win32, our memory manager is
unlikely to be the culprit.
The crash disappears when Python is compiled without the WITH_CYCLE_GC
definition.

Unfortunately, the project is both extremely large and the source is closed,
so we are unable to send you a quick methodology for reproduction of our
crash.  We would nonetheless like to assist you in solving this problem in
any way we _are_ able, so let us know.
Are there any other reported bugs in gcmodule.c (we noted that some were
fixed when b2 was released)?
Is there any information you could provide us that would help us debug it
ourselves?  An example would be to direct us to the single method by which
all objects are allocated, if such a method exists.



For detailed info, follow this link:
http://sourceforge.net/bugs/?func=detailbug&bug_id=115912&group_id=5470