Boost logo

Boost Users :

Subject: Re: [Boost-users] serialization 1.36.0 extended_type_info exit issue(s)
From: Robert Mecklenburg (rmecklenburg_at_[hidden])
Date: 2008-10-08 17:05:29


troy d. straszheim writes:
> Robert Mecklenburg, I'd be interested to see what you get from
> running your tests under valgrind like this:
>
> valgrind --tool=memcheck --malloc-fill=FF --free-fill=EE ./my_failing_test

Interesting. Today when I link and run the program it runs without a
crash (although my actuall tests still crash). It seems to have
something to do with the contents of freed memory (which may explain
why it doesn't crash at this moment).

Valgrind shows invalid memory read and delete below:

509 rmecklenburg:common$ valgrind --tool=memcheck --malloc-fill=FF --free-fill=EE ./serial
==32298== Memcheck, a memory error detector.
==32298== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==32298== Using LibVEX rev 1804, a library for dynamic binary translation.
==32298== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==32298== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation framework.
==32298== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==32298== For more details, rerun with: -v
==32298==
Running 1 test case...

*** No errors detected
==32298== Invalid read of size 4
==32298== at 0x40B793F: boost::unit_test::framework_impl::~framework_impl() (in /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x40B4BDF: (within /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x425C103: exit (exit.c:75)
==32298== by 0x4245457: (below main) (libc-start.c:252)
==32298== Address 0x438ae3c is 20 bytes inside a block of size 24 free'd
==32298== at 0x40232EC: operator delete(void*) (vg_replace_malloc.c:342)
==32298== by 0x40B7526: std::_Rb_tree<unsigned long, std::pair<unsigned long const, boost::unit_test::test_unit*>, std::_Select1st<std::pair<unsigned long const, boost::unit_test::test_unit*> >, std::less<unsigned long>, std::allocator<std::pair<unsigned long const, boost::unit_test::test_unit*> > >::erase(unsigned long const&) (in /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x40B497B: boost::unit_test::framework::deregister_test_unit(boost::unit_test::test_unit*) (in /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x40CE37E: boost::unit_test::test_unit::~test_unit() (in /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x40B793B: boost::unit_test::framework_impl::~framework_impl() (in /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x40B4BDF: (within /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x425C103: exit (exit.c:75)
==32298== by 0x4245457: (below main) (libc-start.c:252)
==32298==
==32298== Invalid free() / delete / delete[]
==32298== at 0x40232EC: operator delete(void*) (vg_replace_malloc.c:342)
==32298== by 0x40B7949: boost::unit_test::framework_impl::~framework_impl() (in /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x40B4BDF: (within /home/mecklen/work/boost-install/lib/boost-1_37/libboost_unit_test_framework-gcc42-mt-1_37.so.1.37.0)
==32298== by 0x425C103: exit (exit.c:75)
==32298== by 0x4245457: (below main) (libc-start.c:252)
==32298== Address 0xeeeeeeee is not stack'd, malloc'd or (recently) free'd
==32298==
==32298== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 25 from 1)
==32298== malloc/free: in use at exit: 52 bytes in 1 blocks.
==32298== malloc/free: 112 allocs, 112 frees, 37,564 bytes allocated.
==32298== For counts of detected errors, rerun with: -v
==32298== searching for pointers to 1 not-freed blocks.
==32298== checked 146,152 bytes.
==32298==
==32298== LEAK SUMMARY:
==32298== definitely lost: 52 bytes in 1 blocks.
==32298== possibly lost: 0 bytes in 0 blocks.
==32298== still reachable: 0 bytes in 0 blocks.
==32298== suppressed: 0 bytes in 0 blocks.
==32298== Rerun with --leak-check=full to see details of leaked memory.

Here is one of my "real" test that does crash today:

-*- mode: compilation; default-directory: "~/s5w/trunk/core/common/" -*-
Compilation started at Wed Oct 8 14:43:20

 valgrind --tool=memcheck --malloc-fill=FF --free-fill=EE src/test/SampleBinTest --catch_system_errors=no
==1235== Memcheck, a memory error detector.
==1235== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==1235== Using LibVEX rev 1804, a library for dynamic binary translation.
==1235== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==1235== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation framework.
==1235== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==1235== For more details, rerun with: -v
==1235==
==1235== Syscall param sigaltstack(ss) points to uninitialised byte(s)
==1235== at 0x4929B21: sigaltstack (in /usr/lib/debug/libc-2.7.so)
==1235== by 0x403F5E6: boost::execution_monitor::catch_signals(boost::unit_test::callback0<int> const&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x403F6A4: boost::execution_monitor::execute(boost::unit_test::callback0<int> const&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x4046103: boost::unit_test::framework::init(bool (*)(), int, char**) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x4053B3C: boost::unit_test::unit_test_main(bool (*)(), int, char**) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x808BE3D: main (unit_test.hpp:59)
==1235== Address 0xbeb71a50 is on thread 1's stack
==1235==
==1235== Syscall param sigaltstack(ss) points to uninitialised byte(s)
==1235== at 0x4929B21: sigaltstack (in /usr/lib/debug/libc-2.7.so)
==1235== by 0x403F5E6: boost::execution_monitor::catch_signals(boost::unit_test::callback0<int> const&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x403F6A4: boost::execution_monitor::execute(boost::unit_test::callback0<int> const&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x404522D: boost::unit_test::framework::run(unsigned long, bool) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x4053BF8: boost::unit_test::unit_test_main(bool (*)(), int, char**) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x808BE3D: main (unit_test.hpp:59)
==1235== Address 0xbeb71820 is on thread 1's stack
Running 5 test cases...
==1235==
==1235== Syscall param sigaltstack(ss) points to uninitialised byte(s)
==1235== at 0x4929B21: sigaltstack (in /usr/lib/debug/libc-2.7.so)
==1235== by 0x403F5E6: boost::execution_monitor::catch_signals(boost::unit_test::callback0<int> const&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x403F6A4: boost::execution_monitor::execute(boost::unit_test::callback0<int> const&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x40559FA: boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::unit_test::test_case const&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x404740E: boost::unit_test::framework_impl::visit(boost::unit_test::test_case const&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x405D27E: boost::unit_test::traverse_test_tree(boost::unit_test::test_case const&, boost::unit_test::test_tree_visitor&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x405E0AF: boost::unit_test::traverse_test_tree(unsigned long, boost::unit_test::test_tree_visitor&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x405DEF2: boost::unit_test::traverse_test_tree(boost::unit_test::test_suite const&, boost::unit_test::test_tree_visitor&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x405E0E4: boost::unit_test::traverse_test_tree(unsigned long, boost::unit_test::test_tree_visitor&) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x4045592: boost::unit_test::framework::run(unsigned long, bool) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x4053BF8: boost::unit_test::unit_test_main(bool (*)(), int, char**) (in /usr/lib/boost-1_36/libboost_unit_test_framework-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x808BE3D: main (unit_test.hpp:59)
==1235== Address 0xbeb71700 is on thread 1's stack

*** No errors detected
==1235==
==1235== Invalid read of size 4
==1235== at 0x44E3839: boost::serialization::detail::extended_type_info_typeid_0::type_unregister() (in /usr/lib/boost-1_36/libboost_serialization-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x8083803: boost::serialization::extended_type_info_typeid<s5w::SampleBin>::~extended_type_info_typeid() (extended_type_info_typeid.hpp:80)
==1235== by 0x807A705: __tcf_6 (singleton.hpp:104)
==1235== by 0x492C103: exit (exit.c:75)
==1235== by 0x4915457: (below main) (libc-start.c:252)
==1235== Address 0x4bbbc58 is 16 bytes inside a block of size 20 free'd
==1235== at 0x40232EC: operator delete(void*) (vg_replace_malloc.c:342)
==1235== by 0x44E34C6: (within /usr/lib/boost-1_36/libboost_serialization-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x492C437: __cxa_finalize (cxa_finalize.c:56)
==1235== by 0x44D4622: (within /usr/lib/boost-1_36/libboost_serialization-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x4502C2B: (within /usr/lib/boost-1_36/libboost_serialization-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x400DFCE: _dl_fini (in /lib/ld-2.7.so)
==1235== by 0x492C103: exit (exit.c:75)
==1235== by 0x4915457: (below main) (libc-start.c:252)
==1235==
==1235== Invalid read of size 4
==1235== at 0x44E383F: boost::serialization::detail::extended_type_info_typeid_0::type_unregister() (in /usr/lib/boost-1_36/libboost_serialization-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x8083803: boost::serialization::extended_type_info_typeid<s5w::SampleBin>::~extended_type_info_typeid() (extended_type_info_typeid.hpp:80)
==1235== by 0x807A705: __tcf_6 (singleton.hpp:104)
==1235== by 0x492C103: exit (exit.c:75)
==1235== by 0x4915457: (below main) (libc-start.c:252)
==1235== Address 0xeeeeeeee is not stack'd, malloc'd or (recently) free'd
==1235==
==1235== Process terminating with default action of signal 11 (SIGSEGV)
==1235== Access not within mapped region at address 0xEEEEEEEE
==1235== at 0x44E383F: boost::serialization::detail::extended_type_info_typeid_0::type_unregister() (in /usr/lib/boost-1_36/libboost_serialization-gcc42-mt-1_36.so.1.36.0)
==1235== by 0x8083803: boost::serialization::extended_type_info_typeid<s5w::SampleBin>::~extended_type_info_typeid() (extended_type_info_typeid.hpp:80)
==1235== by 0x807A705: __tcf_6 (singleton.hpp:104)
==1235== by 0x492C103: exit (exit.c:75)
==1235== by 0x4915457: (below main) (libc-start.c:252)
==1235==
==1235== ERROR SUMMARY: 18 errors from 5 contexts (suppressed: 51 from 1)
==1235== malloc/free: in use at exit: 2,672 bytes in 8 blocks.
==1235== malloc/free: 2,328 allocs, 2,320 frees, 479,988 bytes allocated.
==1235== For counts of detected errors, rerun with: -v
==1235== searching for pointers to 8 not-freed blocks.
==1235== checked 484,704 bytes.
==1235==
==1235== LEAK SUMMARY:
==1235== definitely lost: 0 bytes in 0 blocks.
==1235== possibly lost: 0 bytes in 0 blocks.
==1235== still reachable: 2,672 bytes in 8 blocks.
==1235== suppressed: 0 bytes in 0 blocks.
==1235== Rerun with --leak-check=full to see details of leaked memory.

Compilation segmentation fault at Wed Oct 8 14:43:25

> - what happens while all the global statics are being destroyed
> - Can you get a test that passes when run 'normally' to fail when run
> under valgrind as above?

No, I haven't been able to do that yet.

Thanks for any insights,

-- 
Robert

Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net