#1246 Namespace double delete - causes core dump

obsolete: 8.2.2
closed-invalid
miguel sofer
8
2001-08-22
2000-10-26
Anonymous
No

OriginalBugID: 3875 Bug
Version: 8.2.2
SubmitDate: '1999-12-14'
LastModified: '2000-04-03'
Severity: CRIT
Status: Assigned
Submitter: techsupp
ChangedBy: hobbs
OS: Solaris
OSVersion: all unix and NT
Machine: Sun, IRIX
FixedDate: '2000-10-25'
ClosedDate: '2000-10-25'

Name:
scott waldon

CVS:
n/a

Extensions:
Itcl 3.1a

CustomShell:
Dash patch and print statements to find this

Comments:
This error exists on SGI, HP, Sun, and NT - Berry Kerchval from scriptics worked with us on
site last week and narrowed it down to some code that does something like this. I boiled it down
to this 20 line script. This particular script bombs on Tcl 7.6 as well as 8.2. Our production code
doesn't seem to exhibit this behavior on 7.6.

ReproducibleScript:
It is possible that this is an itcl error - however since it appears to be in the namespace code
which is part of the tcl core I filed it here.

package require Itcl

puts "\n\n\nDefine Class ABC"
itcl::class ABC {

public method SomeMethod {} {
puts "In SomeMethod"
#
# The renaming or redefintion of command from a command
# of type itcl::class to a tcl::proc causes a nasty
# core dump. This causes a double delete on the namespace

uplevel #0 [list proc ABC { args } {}]
}
}

puts "Create Class instance <foo>"
ABC foo

foo SomeMethod

ObservedBehavior:
the interpreter core dumps - here are the print statements put in by Berry Kercheval from scriptics
that helped us track down the problem. Notice the double delete.

CreateNS: init NS cnt to 0
CreateNS: init NS cnt to 0
deleting namespace
NamespaceFree: freeing
CreateNS: init auto_mkindex_parser NS cnt to 0
CreateNS: init Labeledwidget NS cnt to 0
Tcl8Port-Script: 1
CreateNS: init itcl NS cnt to 0
CreateNS: init import NS cnt to 0
CreateNS: init parser NS cnt to 0
CreateNS: init builtin NS cnt to 0
CreateNS: init old-parser NS cnt to 0
CreateNS: init old-builtin NS cnt to 0
SetNSFA: incr itcl NS cnt to 1
FNSNIP: decr itcl NS cnt to 0

Define Class ABC
CreateNS: init ABC NS cnt to 0
Create Class instance <foo>
Load Pkg - Create Tcl Command with same name
In SomeMethod
namespace ABC is dying
deleting namespace ABC
deleting namespace ABC
NamespaceFree: freeing ABC
Itcl_ReleaseData can t find reference for 0x9bd48
Abort (core dumped)

purify output below - this purify output is different from the original that caused us to research
this problem - in that the original problem died due to FMR/FMW and had no SBR's - but both
are probably caused by the same thing.

****
FMR: Free memory read:
* This is occurring while in:
ItclDestroyClassNamesp [itcl_class.c]
TclTeardownNamespace [tclNamesp.c:828]
Tcl_DeleteNamespace [tclNamesp.c:641]
Tcl_PopCallFrame [tclNamesp.c:398]
Itcl_PopContext [tclStubLib.c]
Itcl_HandleInstance [tclStubLib.c]
EvalObjv [tclParse.c:932]
Tcl_EvalEx [tclParse.c:1393]
Tcl_EvalFile [tclIOUtil.c:323]
Tk_MainEx [tkMain.c:227]
UnixCreateMain [isight_pkg.c:183]
IsightCreateMainInterp [isight_pkg.c:719]
* Reading 4 bytes from 0x2870a0 in the heap.
* Address 0x2870a0 is 32 bytes into a freed block at 0x287080 of 332 bytes.
* This block was allocated from:
malloc [rtlib.o]
TclpAlloc [tclAlloc.c:666]
Tcl_Alloc [tclCkalloc.c:810]
Itcl_CreateClass [tclStubLib.c]
Itcl_ClassCmd [tclStubLib.c]
EvalObjv [tclParse.c:932]
Tcl_EvalEx [tclParse.c:1393]
Tcl_EvalFile [tclIOUtil.c:323]
Tk_MainEx [tkMain.c:227]
UnixCreateMain [isight_pkg.c:183]
IsightCreateMainInterp [isight_pkg.c:719]
IsightCreateMainInterp [isight_stub.c:174]
* There have been 6 frees since this block was freed from:
free [rtlib.o]
TclpFree [tclAlloc.c:689]
Tcl_Free [tclCkalloc.c:903]
ItclFreeClass [itcl_class.c]
Itcl_ReleaseData [tclStubLib.c]
ItclFreeObject [itcl_objects.c]
Itcl_ReleaseData [tclStubLib.c]
Tcl_DeleteCommandFromToken [tclBasic.c:2318]
ItclDestroyClassNamesp [itcl_class.c]
TclTeardownNamespace [tclNamesp.c:828]
Tcl_DeleteNamespace [tclNamesp.c:641]
Tcl_PopCallFrame [tclNamesp.c:398]

**** Purify instrumented /vob/prod/runtime/bin/SunOS_5.6/is_wish_pure.exe (pid 22235) ****
FMR: Free memory read:
* This is occurring while in:
ItclDestroyClassNamesp [itcl_class.c]
TclTeardownNamespace [tclNamesp.c:828]
Tcl_DeleteNamespace [tclNamesp.c:641]
Tcl_PopCallFrame [tclNamesp.c:398]
Itcl_PopContext [tclStubLib.c]
Itcl_HandleInstance [tclStubLib.c]
EvalObjv [tclParse.c:932]
Tcl_EvalEx [tclParse.c:1393]
Tcl_EvalFile [tclIOUtil.c:323]
Tk_MainEx [tkMain.c:227]
UnixCreateMain [isight_pkg.c:183]
IsightCreateMainInterp [isight_pkg.c:719]
* Reading 4 bytes from 0x287090 in the heap.
* Address 0x287090 is 16 bytes into a freed block at 0x287080 of 332 bytes.
* This block was allocated from:
malloc [rtlib.o]
TclpAlloc [tclAlloc.c:666]
Tcl_Alloc [tclCkalloc.c:810]
Itcl_CreateClass [tclStubLib.c]
Itcl_ClassCmd [tclStubLib.c]
EvalObjv [tclParse.c:932]
Tcl_EvalEx [tclParse.c:1393]
Tcl_EvalFile [tclIOUtil.c:323]
Tk_MainEx [tkMain.c:227]
UnixCreateMain [isight_pkg.c:183]
IsightCreateMainInterp [isight_pkg.c:719]
IsightCreateMainInterp [isight_stub.c:174]
* There have been 6 frees since this block was freed from:
free [rtlib.o]
TclpFree [tclAlloc.c:689]
Tcl_Free [tclCkalloc.c:903]
ItclFreeClass [itcl_class.c]
Itcl_ReleaseData [tclStubLib.c]
ItclFreeObject [itcl_objects.c]
Itcl_ReleaseData [tclStubLib.c]
Tcl_DeleteCommandFromToken [tclBasic.c:2318]
ItclDestroyClassNamesp [itcl_class.c]
TclTeardownNamespace [tclNamesp.c:828]
Tcl_DeleteNamespace [tclNamesp.c:641]
Tcl_PopCallFrame [tclNamesp.c:398]

**** Purify instrumented /vob/prod/runtime/bin/SunOS_5.6/is_wish_pure.exe (pid 22235) ****
SBR: Stack array bounds read:
* This is occurring while in:
Tcl_PanicVA [tclPanic.c:82]
Tcl_Panic [tclPanic.c:121]
Itcl_ReleaseData [tclStubLib.c]
ItclDestroyClassNamesp [itcl_class.c]
TclTeardownNamespace [tclNamesp.c:828]
Tcl_DeleteNamespace [tclNamesp.c:641]
Tcl_PopCallFrame [tclNamesp.c:398]
Itcl_PopContext [tclStubLib.c]
Itcl_HandleInstance [tclStubLib.c]
EvalObjv [tclParse.c:932]
Tcl_EvalEx [tclParse.c:1393]
Tcl_EvalFile [tclIOUtil.c:323]
* Reading 4 bytes from 0xefffe538.
* Frame pointer 0xefffe538
* Address 0xefffe538 is 0 bytes above stack pointer in function ItclDestroyClassNamesp.

**** Purify instrumented /vob/prod/runtime/bin/SunOS_5.6/is_wish_pure.exe (pid 22235) ****
SBR: Stack array bounds read:
* This is occurring while in:
Tcl_PanicVA [tclPanic.c:83]
Tcl_Panic [tclPanic.c:121]
Itcl_ReleaseData [tclStubLib.c]
ItclDestroyClassNamesp [itcl_class.c]
TclTeardownNamespace [tclNamesp.c:828]
Tcl_DeleteNamespace [tclNamesp.c:641]
Tcl_PopCallFrame [tclNamesp.c:398]
Itcl_PopContext [tclStubLib.c]
Itcl_HandleInstance [tclStubLib.c]
EvalObjv [tclParse.c:932]
Tcl_EvalEx [tclParse.c:1393]
Tcl_EvalFile [tclIOUtil.c:323]
* Reading 4 bytes from 0xefffe53c.
* Frame pointer 0xefffe538
* Address 0xefffe53c is 4 bytes above stack pointer in function ItclDestroyClassNamesp.

**** Purify instrumented /vob/prod/runtime/bin/SunOS_5.6/is_wish_pure.exe (pid 22235) ****
COR: Fatal core dump:
* This is occurring while in:
_p921static [crtn.o]
abort [libc.so.1]
Tcl_PanicVA [tclPanic.c:93]
Tcl_Panic [tclPanic.c:121]
Itcl_ReleaseData [tclStubLib.c]
ItclDestroyClassNamesp [itcl_class.c]
TclTeardownNamespace [tclNamesp.c:828]
Tcl_DeleteNamespace [tclNamesp.c:641]
Tcl_PopCallFrame [tclNamesp.c:398]
Itcl_PopContext [tclStubLib.c]
Itcl_HandleInstance [tclStubLib.c]
EvalObjv [tclParse.c:932]
* Received signal 6 (SIGABRT - Abort)
* Signal mask:
* Pending signals:
[waldon@eng007 (waldon-t82) 28]>

DesiredBehavior:
If you move the evaluate the proc ABC prior to the method call - ie outside the class, it simply
deletes the class namespace and all its associated objects and replaces it with a proc and does
not core dump - it does this with no warning message which I find a little disturbing.

This may be an Itcl problem, verified with Itcl3.1/Tcl8.3.0
-- 04/03/2000 hobbs

Discussion

    • priority: 5 --> 8
     
    • labels: 104238 --> 21. [namespace]
     
  • miguel sofer
    miguel sofer
    2001-08-22

    • assigned_to: nobody --> msofer
     
  • miguel sofer
    miguel sofer
    2001-08-22

    • status: open --> closed-invalid
     
  • miguel sofer
    miguel sofer
    2001-08-22

    Logged In: YES
    user_id=148712

    Reported to [incr Tcl] project; double deletes in tcl work
    fine ...