Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault in GeneralPurposeAllocator #15971

Closed
lassade opened this issue Jun 7, 2023 · 2 comments
Closed

Segfault in GeneralPurposeAllocator #15971

lassade opened this issue Jun 7, 2023 · 2 comments
Labels
bug Observed behavior contradicts documented or intended behavior

Comments

@lassade
Copy link

lassade commented Jun 7, 2023

Zig Version

0.11.0-dev.3220+447a30299

Steps to Reproduce and Observed Behavior

The segfault happens everytime,

I'm just allocating memory as usual, until I hit this problem, my program have these huge ArrayLists that grow from 0 to around 4MB, as the array is filled I do many other small allocations of ~128 to 16Bytes that get freed very quicly.

I can avoid the error by pre-allocating the array.

Segmentation fault at address 0xffffffffffffffff
C:\ProgramTools\zig-windows-x86_64-0.11.0\lib\std\hash_map.zig:959:31: 0x7ff7179045e2 in capacity (zbg.exe.obj)
            return self.header().capacity;
                              ^
C:\ProgramTools\zig-windows-x86_64-0.11.0\lib\std\hash_map.zig:1185:30: 0x7ff71791f2f5 in getEntryAdapted__anon_12867 (zbg.exe.obj)
            if (self.getIndex(key, ctx)) |idx| {
                             ^
C:\ProgramTools\zig-windows-x86_64-0.11.0\lib\std\hash_map.zig:1182:40: 0x7ff7179001f1 in getEntryContext (zbg.exe.obj)
            return self.getEntryAdapted(key, ctx);
                                       ^
C:\ProgramTools\zig-windows-x86_64-0.11.0\lib\std\hash_map.zig:1179:40: 0x7ff7178c93b1 in getEntry (zbg.exe.obj)
            return self.getEntryContext(key, undefined);
                                       ^
C:\ProgramTools\zig-windows-x86_64-0.11.0\lib\std\heap\general_purpose_allocator.zig:844:62: 0x7ff7178c9f3b in free (zbg.exe.obj)
                const entry = self.small_allocations.getEntry(@ptrToInt(old_mem.ptr)) orelse
                                                             ^
C:\ProgramTools\zig-windows-x86_64-0.11.0\lib\std\mem\Allocator.zig:304:31: 0x7ff71787fdde in free__anon_5855 (zbg.exe.obj)
    self.rawFree(non_const_ptr[0..bytes_len], log2a(Slice.alignment), @returnAddress());
                              ^
D:\Working\z\zbg\src\main.zig:170:50: 0x7ff71789d0fd in visitCXXRecordDecl (zbg.exe.obj)
                        defer self.allocator.free(field_type);
                                                 ^
D:\Working\z\zbg\src\main.zig:109:62: 0x7ff717880147 in visit (zbg.exe.obj)
                .CXXRecordDecl => try self.visitCXXRecordDecl(value),
                                                             ^
D:\Working\z\zbg\src\main.zig:123:31: 0x7ff7178998b4 in visitTranslationUnitDecl (zbg.exe.obj)
                try self.visit(&inner_item);
                              ^
D:\Working\z\zbg\src\main.zig:108:74: 0x7ff717880103 in visit (zbg.exe.obj)
                .TranslationUnitDecl => try self.visitTranslationUnitDecl(value),
                                                                         ^
D:\Working\z\zbg\src\main.zig:496:29: 0x7ff71787e333 in main (zbg.exe.obj)
        try transpiler.visit(&tree.root);
                            ^
C:\ProgramTools\zig-windows-x86_64-0.11.0\lib\std\start.zig:379:65: 0x7ff717881f57 in WinStartup (zbg.exe.obj)
    std.os.windows.kernel32.ExitProcess(initEventLoopAndCallMain());
                                                                ^
???:?:?: 0x7ffc5ffe7613 in ??? (KERNEL32.DLL)
???:?:?: 0x7ffc61e626a0 in ??? (ntdll.dll)

Expected Behavior

Any error but just not a segfault
@lassade lassade added the bug Observed behavior contradicts documented or intended behavior label Jun 7, 2023
@lassade
Copy link
Author

lassade commented Jun 7, 2023
edited
Loading

Ok, in following code the Writer will override mrmory of of bounds right?

pub fn init(allocator: Allocator) Transpiler {
    var buffer = std.ArrayList(u8).init(allocator);
    return Transpiler{
        .allocator = allocator,
        .buffer = buffer,
        .out = buffer.writer(),
    };
}

Edit: I think that was the problem btw

@squeek502
Copy link
Collaborator

squeek502 commented Jun 7, 2023
edited
Loading

The return of buffer.writer() contains a pointer to the buffer on the stack of the init function, which is invalidated after the init function returns.

From the language reference:

Once a function returns, any Pointers to variables in the function's stack frame become invalid references, and dereferencing them becomes unchecked Undefined Behavior.

The relevant issues are:

@lassade lassade closed this as completed Jun 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Observed behavior contradicts documented or intended behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@squeek502 @lassade