|
|
Boost : |
Subject: Re: [boost] [simple_segregated_storage] segfault
From: Chris Newbold (Chris.Newbold_at_[hidden])
Date: 2008-10-01 20:54:29
> From: boost-bounces_at_[hidden] [mailto:boost-bounces_at_[hidden]]
> On Behalf Of Phil Bouchard
> Sent: Wednesday, October 01, 2008 12:06 PM
> My mistake. I forgot taking the chunk_size_ away and relying on array of
> chars. Now here is the crash I got:
I've reproduced and debugged this crash and I think this one it another bug in the shifted_ptr code, though I have not yet been able to pin it down. Something is corrupting the free list in the unallocated chunks held by the pool.
It's very deterministic, so I managed to set a watchpoint on the chunk that gets clobbered; here's what I see:
Hardware watchpoint 2: *137317164
Old value = 137317168
New value = 137317167
0x080498c5 in boost::detail::sp_counted_base::release (this=0x82f4b28) at /usr/include/boost/detail/sp_counted_base_nt.hpp:77
77 if( --use_count_ == 0 )
(gdb) where
#0 0x080498c5 in boost::detail::sp_counted_base::release (this=0x82f4b28) at /usr/include/boost/detail/sp_counted_base_nt.hpp:77
#1 0x0804bf60 in ~shifted_ptr_base (this=0x82eceb0) at ../../../boost/detail/shifted_ptr_base.hpp:64
#2 0x08055f64 in ~shifted_ptr (this=0x82eceb0) at ../../../boost/shifted_ptr.hpp:255
#3 0x08055ff8 in ~_List_node_base (this=0x82ecea8) at ../../../bits/stl_list.h:76
#4 0x080569f5 in ~_List_node (this=0x82ecea8) at ../../../bits/stl_list.h:108
#5 0x08056a50 in ~shifted (this=0x82ece7c) at ../../../boost/detail/sh_owned_base_nt.hpp:197
#6 0x08049862 in boost::detail::sp_counted_base::destroy (this=0x82ece7c) at /usr/include/boost/detail/sp_counted_base_nt.hpp:58
#7 0x080498ae in boost::detail::sp_counted_base::weak_release (this=0x82ece7c)
at /usr/include/boost/detail/sp_counted_base_nt.hpp:93
#8 0x080498f1 in boost::detail::sp_counted_base::release (this=0x82ece7c) at /usr/include/boost/detail/sp_counted_base_nt.hpp:80
#9 0x0804b9ca in ~shifted_ptr_base (this=0x82ece74) at ../../../boost/detail/shifted_ptr_base.hpp:64
#10 0x080565ce in ~shifted_ptr (this=0x82ece74) at ../../../boost/shifted_ptr.hpp:255
#11 0x08056611 in ~_List_impl (this=0x82ece74) at ../../../bits/stl_list.h:318
#12 0x0805670e in ~_List_base (this=0x82ece74) at ../../../bits/stl_list.h:352
#13 0x0805674f in ~list (this=0x82ece74) at ../../../bits/stl_list.h:412
#14 0x08056770 in ~vector (this=0x82ece74) at shifted_ptr_test2.cpp:66
#15 0x0805679c in ~shifted (this=0x82ece48) at ../../../boost/detail/sh_owned_base_nt.hpp:197
#16 0x0805571f in boost::detail::sh::set::release (this=0x82ec228) at ../../../boost/shifted_ptr.hpp:86
#17 0x080568af in boost::detail::sh::shifted_ptr<vector>::release (this=0xbfb9389c, d=true) at ../../../boost/shifted_ptr.hpp:263
#18 0x0805698d in ~shifted_ptr (this=0xbfb9389c) at ../../../boost/shifted_ptr.hpp:255
#19 0x080492b8 in main () at shifted_ptr_test2.cpp:95
(gdb) print sizeof(*this)
$3 = 12
(gdb) print *this
$4 = {_vptr.sp_counted_base = 0x82f4b2c, use_count_ = 137317167, weak_count_ = 137317172}
(gdb) print this
$5 = (class boost::detail::sp_counted_base * const) 0x82f4b28
The sp_counted_base at 0x82f4b28 at frame #0 is completely bogus. Some further instrumentation of the pool reveals that the address 0x82f4b28 is owned by the pool, but has never been handed out to the application.
-Chris
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk