[snake-farm] Re: [Python-Dev] Snake farm
Guido van Rossum
guido@python.org
Mon, 11 Nov 2002 09:09:57 -0500
> > Marc, pymalloc is supposed to be bulletproof. If there's a segfault
> > that can be avoided by disabling pymalloc, that's a bug in pymalloc.
> > Would you mind helping us find this bug?
> No problem. Environment: FreeBSD-current (Nov. 8th), Python CVS Sources
> Nov. 11th (~ 10:00 CEST).
> limit:
> cputime unlimited
> filesize unlimited
> datasize 512MB
> stacksize 64MB
> coredumpsize unlimited
> memoryuse unlimited
> memorylocked unlimited
> maxproc 7390
> descriptors 32768
> sockbufsize unlimited
> vmemorysize unlimited
>
> I compiled Python with no optimization flags set
But there are optimization flags set by default in the Makefile
(at OPT=...). Can you take out the -O3 from the OPT variable and
start over? As Tim Peters suggested, this may be an optimizer bug.
> and my changes to
> pyconfig.h.in/configure.in (removes XOPEN_*,POSIX_* in the FreeBSD case
> to get it compiled). The only configure argument was prefix.
>
> Error
> /usr/bin/install -c ./install-sh
> /opt/local/python/lib/python2.3/config/install-sh
> ./python -E ./setup.py install \
> --prefix=/opt/local/python \
> --install-scripts=/opt/local/python/bin \
> --install-platlib=/opt/local/python/lib/python2.3/lib-dynload
> running install
> running build
> running build_ext
> gmake: *** [sharedinstall] Segmentation fault (core dumped)
>
> 713 if (ADDRESS_IN_RANGE(p, pool->arenaindex)) {
>
> (gdb) bt
> #0 0x080779c0 in PyObject_Free (p=0x800) at Objects/obmalloc.c:713
> #1 0x080e00a0 in function_call (func=0x82641ec, arg=0x8258b8c,
> kw=0x826bbdc) at Objects/funcobject.c:481
> #2 0x080599fb in PyObject_Call (func=0x82641ec, arg=0x8258b8c,
> kw=0x826bbdc) at Objects/abstract.c:1688
> #3 0x080a7950 in ext_do_call (func=0x82641ec, pp_stack=0xbfbfdfa4,
> flags=2, na=1, nk=0) at Python/ceval.c:3453
> #4 0x080a4b64 in eval_frame (f=0x81d400c) at Python/ceval.c:2043
> #5 0x080a5e1e in PyEval_EvalCodeEx (co=0x820e620, globals=0x819a57c,
> locals=0x0, args=0x831ad70, argcount=1, kws=0x831ad74, kwcount=0,
> defs=0x0, defcount=0, closure=0x0) at Python/ceval.c:2554
> #6 0x080a73c3 in fast_function (func=0x82378ec, pp_stack=0xbfbfe194,
> n=1, na=1, nk=0) at Python/ceval.c:3297
> #7 0x080a72af in call_function (pp_stack=0xbfbfe194, oparg=0) at
> Python/ceval.c:3266
> #8 0x080a4a50 in eval_frame (f=0x831ac0c) at Python/ceval.c:2009
> [...]
>
> (gdb) l
> 708
> 709 if (p == NULL) /* free(NULL) has no effect */
> 710 return;
> 711
> 712 pool = POOL_ADDR(p);
> 713 if (ADDRESS_IN_RANGE(p, pool->arenaindex)) {
> 714 /* We allocated this address. */
> 715 LOCK();
> 716 /*
> 717 * Link p to the start of the pool's freeblock list. Since
>
> Here ?
>
> (gdb) p pool
> $1 = (struct pool_header *) 0x0
>
> (gdb) p p
> $2 = (void *) 0x800
>
> (gdb) x 0x800
> 0x800: Cannot access memory at address 0x800
So it looks like PyOblect_Free() was called with 0x800 as an argument,
which is a bogus pointer value. Can you go up one stack level and see
what the value of k in function_call() is?
> This doesn't happen if either --without-pymalloc or --with-pydebug is
> given.
Well, --without-pymalloc means that this code is never executed. It's
disturbing that --with-pydebug doesn't reveal a problem though; that
again points in the direction of the optimizer.
--Guido van Rossum (home page: http://www.python.org/~guido/)