Re: [Boost-bugs] [Boost C++ Libraries] #7093: Building "system" segfaults on AIX 6.1 / vacpp

Subject: Re: [Boost-bugs] [Boost C++ Libraries] #7093: Building "system" segfaults on AIX 6.1 / vacpp
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2013-03-07 22:53:13

#7093: Building "system" segfaults on AIX 6.1 / vacpp
  Reporter: Martin Baute <solar@…> | Owner: vladimir_prus
      Type: Bugs | Status: new
 Milestone: To Be Determined | Component: build
   Version: Boost 1.50.0 | Severity: Regression
Resolution: | Keywords: aix

Comment (by steven_watanabe):

 Here's my current analysis of the behavior:

 The error appears on the instruction:

 lwz r0,0(r3) #0x0000057c

 Inside the block labelled !__L578 in list_copy.

 This instruction corresponds to the source lists.c:34
 freelist[ bucket ] = result->next;

 !r3 holds the variable result and its value is 0x1, hence the seg-fault.
 This means that the free list is corrupted. Now, since this is for lists
 of size 1, that's probably where the 0x1 comes from. (The next pointer in
 the free list occupies the same memory as the size in the LIST struct.).

 The most likely culprit is list_sublist, since (a) it was the last list
 operation called before the error and (b) this was the first time that
 list_sublist was called with a non-empty list. I'll review this function,
 but it'll take a little while since I'm not very familiar with PPC

 What might help for tracking this down is in lists.c:

 #undef NDEBUG
 #include <assert.h>

 and sprinkle

 assert((unsigned long)freelist[0] != 1ul);

 around. Adding this assertion between lines 33 and 34 in list_alloc
 should catch just before the segfault.

Ticket URL: <>
Boost C++ Libraries <>
Boost provides free peer-reviewed portable C++ source libraries.

This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:12 UTC