#4 double free() on freebsd

closed-fixed
nobody
5
2002-03-25
2002-03-15
Mr. Codepage
No

On FreeBSD 4.5, GCC 2.95.3 I got a

python in free(): warning: page is already free
Bus error (core dumped)

When I recompiled psyco with debug turned on it no
longer dumped core.

The core file I did get the first time would not give
me a backtrace.

If would love to work on making psyco work on FreeBSD,
the speedups I see are excellent, on other platforms.

"""

Python 2.2 (#1, Feb 14 2002, 22:56:58)
[GCC 2.95.3 20010315 (release) [FreeBSD]] on freebsd4
Type "help", "copyright", "credits" or "license" for
more information.
>>> import psyco
>>> psyco.jit(1)
>>> def f():
... for x in range(10):
... print x
...
>>>
>>> f()
0
1
2
3
4
5
6
7
8
9
>>> f()
0
1
2
3
4
5
6
7
8
9
0
1
2
3
4
5
6
7
8
9
python in free(): warning: page is already free
Bus error (core dumped)

"""

import psyco
psyco.jit(1)
def f():
for x in range(10):
print x

f()
f()

Discussion

  • Mr. Codepage
    Mr. Codepage
    2002-03-15

    Logged In: YES
    user_id=9229

    this with a cvs update as of friday march 15, 2002 at 10am
    PST

     
  • Mr. Codepage
    Mr. Codepage
    2002-03-15

    Logged In: YES
    user_id=9229

    double free is on line 341 of vcompiler.h

    #0 psycofunction_call (self=Cannot access memory at
    address 0x9.
    ) at c/vcompiler.h:341
    341 deallocate_array(array, po);
    (gdb) list
    336 inline void deallocate_array(vinfo_array_t* array,
    PsycoObject* po) {
    337 int i = array->count;
    338 while (i--) vinfo_xdecref(array->items[i],
    po);
    339 }
    340 inline void array_delete(vinfo_array_t* array,
    PsycoObject* po) {
    341 deallocate_array(array, po);
    342 array_release(array);
    343 }
    344
    345

    still couldn't get backtrace

     
  • Mr. Codepage
    Mr. Codepage
    2002-03-19

    Logged In: YES
    user_id=9229

    tested with the new code changes as of the 3-18 checkin...

    still crashing if I compile with

    #PSYCO_DEBUG = 1

    if I set, PSYCO_DEBUG no crash

    and it PSYCO_DEBUG is unset AND if I comment out

    > // ndata = PyObject_REALLOC(obj,
    sizeof(CodeBufferObject) + nsize);

    I can't get anything to crash, even my prime number routine
    runs without error

    bash-2.05a$ python jitDump.py
    started execution
    2.14256989956
    0.259557008743
    0.254989981651

    some clues,

    if I use a print statemet, like

    for x in range(10):
    print x

    it will crash much faster

    if I

    for x in range(10):
    pass

    it will just complain about double free

    I still got these messages during execution of the
    # PSYCO_DEBUG , unset
    compiled with
    python setup.py build -f --debug build with realloc() in place

    python in free(): warning: page is already free
    python in free(): warning: chunk is already free
    python in free(): warning: chunk is already free
    python in free(): warning: page is already free

    this code will not crash but just spit out errors in free()
    ad infinitum

    import psyco

    def f():
    for x in range(10):
    x = x
    f()
    f()
    psyco.jit(1)
    f()
    f()
    f()
    f()
    f()
    f()
    #x = 10000
    #while x > 0:
    # x -= 1
    #f()

    still seems like a problem in realloc(), the other bug will
    most likely disappear if this one does, but I won't mark it
    as a dupe yet.

     
  • Mr. Codepage
    Mr. Codepage
    2002-03-25

    • status: open --> closed-fixed
     
  • Mr. Codepage
    Mr. Codepage
    2002-03-25

    Logged In: YES
    user_id=9229

    As for a cvs update Sun March 24 7 PM PST this is bug is
    marked FIXED CLOSED.

    Great job, this works on FreeBSD in a non debug build.