Subject: Re: [Boost-bugs] [Boost C++ Libraries] #7093: Building "system" segfaults on AIX 6.1 / vacpp
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2013-03-07 22:53:13
#7093: Building "system" segfaults on AIX 6.1 / vacpp
----------------------------------------------------+-----------------------
Reporter: Martin Baute <solar@…> | Owner: vladimir_prus
Type: Bugs | Status: new
Milestone: To Be Determined | Component: build
Version: Boost 1.50.0 | Severity: Regression
Resolution: | Keywords: aix
----------------------------------------------------+-----------------------
Comment (by steven_watanabe):
Here's my current analysis of the behavior:
The error appears on the instruction:
{{{
lwz r0,0(r3) #0x0000057c
}}}
Inside the block labelled !__L578 in list_copy.
This instruction corresponds to the source lists.c:34
{{{
freelist[ bucket ] = result->next;
}}}
!r3 holds the variable result and its value is 0x1, hence the seg-fault.
This means that the free list is corrupted. Now, since this is for lists
of size 1, that's probably where the 0x1 comes from. (The next pointer in
the free list occupies the same memory as the size in the LIST struct.).
The most likely culprit is list_sublist, since (a) it was the last list
operation called before the error and (b) this was the first time that
list_sublist was called with a non-empty list. I'll review this function,
but it'll take a little while since I'm not very familiar with PPC
assembly.
What might help for tracking this down is in lists.c:
{{{
#undef NDEBUG
#include <assert.h>
}}}
and sprinkle
{{{
assert((unsigned long)freelist[0] != 1ul);
}}}
around. Adding this assertion between lines 33 and 34 in list_alloc
should catch just before the segfault.
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/7093#comment:10> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:12 UTC