[snake-farm] Re: [Python-Dev] Snake farm

Guido van Rossum guido@python.org
Mon, 11 Nov 2002 09:09:57 -0500 

> > Marc, pymalloc is supposed to be bulletproof.  If there's a segfault
> > that can be avoided by disabling pymalloc, that's a bug in pymalloc.
> > Would you mind helping us find this bug?

> No problem. Environment: FreeBSD-current (Nov. 8th), Python CVS Sources
> Nov. 11th (~ 10:00 CEST).
> limit:
> cputime         unlimited
> filesize        unlimited
> datasize        512MB
> stacksize       64MB
> coredumpsize    unlimited
> memoryuse       unlimited
> memorylocked    unlimited
> maxproc         7390
> descriptors     32768
> sockbufsize     unlimited
> vmemorysize     unlimited
> 
> I compiled Python with no optimization flags set

But there are optimization flags set by default in the Makefile
(at OPT=...).  Can you take out the -O3 from the OPT variable and
start over?  As Tim Peters suggested, this may be an optimizer bug.

> and my changes to
> pyconfig.h.in/configure.in (removes XOPEN_*,POSIX_* in the FreeBSD case
> to get it compiled). The only configure argument was prefix.
> 
> Error 
> /usr/bin/install -c ./install-sh
> /opt/local/python/lib/python2.3/config/install-sh
> ./python -E ./setup.py install \
>    	--prefix=/opt/local/python \
> 	--install-scripts=/opt/local/python/bin \
> 	--install-platlib=/opt/local/python/lib/python2.3/lib-dynload
> running install
> running build
> running build_ext
> gmake: *** [sharedinstall] Segmentation fault (core dumped)
> 
> 713		if (ADDRESS_IN_RANGE(p, pool->arenaindex)) {
> 
> (gdb) bt
> #0  0x080779c0 in PyObject_Free (p=0x800) at Objects/obmalloc.c:713
> #1  0x080e00a0 in function_call (func=0x82641ec, arg=0x8258b8c,
> kw=0x826bbdc) at Objects/funcobject.c:481
> #2  0x080599fb in PyObject_Call (func=0x82641ec, arg=0x8258b8c,
> kw=0x826bbdc) at Objects/abstract.c:1688
> #3  0x080a7950 in ext_do_call (func=0x82641ec, pp_stack=0xbfbfdfa4,
> flags=2, na=1, nk=0) at Python/ceval.c:3453
> #4  0x080a4b64 in eval_frame (f=0x81d400c) at Python/ceval.c:2043
> #5  0x080a5e1e in PyEval_EvalCodeEx (co=0x820e620, globals=0x819a57c,
> locals=0x0, args=0x831ad70, argcount=1, kws=0x831ad74, kwcount=0,
> defs=0x0, defcount=0, closure=0x0) at Python/ceval.c:2554
> #6  0x080a73c3 in fast_function (func=0x82378ec, pp_stack=0xbfbfe194,
> n=1, na=1, nk=0) at Python/ceval.c:3297
> #7  0x080a72af in call_function (pp_stack=0xbfbfe194, oparg=0) at
> Python/ceval.c:3266
> #8  0x080a4a50 in eval_frame (f=0x831ac0c) at Python/ceval.c:2009
> [...]
> 
> (gdb) l
> 708	
> 709		if (p == NULL)	/* free(NULL) has no effect */
> 710			return;
> 711	
> 712		pool = POOL_ADDR(p);
> 713		if (ADDRESS_IN_RANGE(p, pool->arenaindex)) {
> 714			/* We allocated this address. */
> 715			LOCK();
> 716			/*
> 717			 * Link p to the start of the pool's freeblock list.  Since
> 
> Here ?
> 
> (gdb) p pool
> $1 = (struct pool_header *) 0x0
> 
> (gdb) p p
> $2 = (void *) 0x800
> 
> (gdb) x 0x800
> 0x800:	Cannot access memory at address 0x800

So it looks like PyOblect_Free() was called with 0x800 as an argument,
which is a bogus pointer value.  Can you go up one stack level and see
what the value of k in function_call() is?

> This doesn't happen if either --without-pymalloc or --with-pydebug is
> given.

Well, --without-pymalloc means that this code is never executed.  It's
disturbing that --with-pydebug doesn't reveal a problem though; that
again points in the direction of the optimizer.

--Guido van Rossum (home page: http://www.python.org/~guido/)