Tcl Source Code

View Ticket
Login
Ticket UUID: 1077017
Title: TCL crash on AIX 64bit
Type: Bug Version: obsolete: 8.4.7
Submitter: rtbalaji Created on: 2004-12-01 19:42:47
Subsystem: 14. List Object Assigned To: kennykb
Priority: 7 High Severity:
Status: Closed Last Modified: 2004-12-13 22:36:45
Resolution: Invalid Closed By: kennykb
    Closed on: 2004-12-13 15:36:45
Description:
Hi,

     I have tcl linked into an application that is run on 
AIX-5.1 64bit. I am using Tcl-8.4.7. I see a crash due to 
a memory allocation failure. Please see below for the 
messages just before the crash and the stack trace. 
They are also in the attached file. This problem does not 
happen when I run the same exe through dbx. Also, the 
crash occurs at different places but tclListObj.c is where 
I often see this. I would appreciate any help regarding 
this.
Thanks,
-Balaji
Messages:


total mallocs                4323648
total frees                  3682253
current packets allocated     641395
current bytes allocated     40681784
maximum packets allocated     641395
maximum bytes allocated     40681784
unable to alloc 32 
bytes, ../tcl8.4.7/unix/../generic/tclListObj.c line 460

(dbx) where
warning: could not locate trace table from starting 
address 0x377c
pthread_kill(??, ??) at 0x9000000002a3980
_p_raise(??) at 0x9000000002a3410
raise.raise(??) at 0x900000000022774
abort() at 0x90000000003156c
Tcl_PanicVA(0x9001000a029ae00, 0xffffffffffd3258), line 
106 in "tclPanic.c"
Tcl_Panic(0x9001000a029ae00, 0x20, 
0x9001000a02af5b0, 0x1cc, 0x0, 0x100062d9, 
0x100062d9, 0x0), line 134 in "tclPanic.c"
Tcl_DbCkalloc(0x2000000020, 0x9001000a02af5b0, 
0x1cc000001cc), line 381 in "tclCkalloc.c"
unnamed block $b781, line 459 in "tclListObj.c"
Tcl_ListObjAppendElement(0x0, 0x117fffcc8, 
0x117fffee8), line 459 in "tclListObj.c"
GetConfigList() at 0x90000000091fd78
Tk_GetOptionInfo() at 0x900000000921614
FrameWidgetObjCmd() at 0x90000000091d154
TclEvalObjvInternal(0x110391668, 0x200000002, 
0xffffffffffd3978, 0x117ff9fe8, 0xd4000000d4, 0x0), line 
3087 in "tclBasic.c"
Tcl_EvalEx(0x110391668, 0x117ff9fe8, 0xd4ffffffff, 0x0), 
line 3682 in "tclBasic.c"
Tcl_Eval(0x110391668, 0x117ff9fe8), line 3879 
in "tclBasic.c"
Itk_ArchCompAddCmd() at 0x9000000008b90f8
Itk_ArchComponentCmd() at 0x9000000008b98d0
Itcl_EvalMemberCode() at 0x9000000008c5014
Itcl_ExecMethod() at 0x9000000008c42a8
TclEvalObjvInternal(0x110391668, 0x500000005, 
0x110392d90, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x110d5f708), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110d49148), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110d49148, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_InvokeMethodIfExists() at 0x9000000008c3574
Itcl_ConstructBase() at 0x9000000008c3698
Itcl_EvalMemberCode() at 0x9000000008c4fe4
Itcl_InvokeMethodIfExists() at 0x9000000008c3574
Itcl_ConstructBase() at 0x9000000008c3698
Itcl_EvalMemberCode() at 0x9000000008c4fe4
Itcl_InvokeMethodIfExists() at 0x9000000008c3574
Itcl_CreateObject() at 0x9000000008c8a1c
Itcl_HandleClass() at 0x9000000008c03d8
TclEvalObjvInternal(0x110391668, 0xe0000000e, 
0xffffffffffd8718, 0x117fea1e8, 0x1e9000001e9, 0x0), 
line 3087 in "tclBasic.c"
Tcl_EvalEx(0x110391668, 0x117fea1e8, 0x1e9000001e9, 
0x4000000040000), line 3682 in "tclBasic.c"
Tcl_EvalObjEx(0x110391668, 0x117fea448, 
0x4000000040000), line 4000 in "tclBasic.c"
unnamed block $b851, line 684 in "tclProc.c"
Tcl_UplevelObjCmd(0x0, 0x110391668, 0x300000004, 
0x110392d78), line 684 in "tclProc.c"
TclEvalObjvInternal(0x110391668, 0x400000004, 
0x110392d70, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x113d49e88), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x113a68828), line 982 
in "tclExecute.c"
TclObjInterpProc(0x113a689e8, 0x110391668, 
0xe0000000e, 0xffffffffffdaea8), line 1100 in "tclProc.c"
TclEvalObjvInternal(0x110391668, 0xe0000000e, 
0xffffffffffdaea8, 0x117fe9168, 0x1e9000001e9, 0x0), 
line 3087 in "tclBasic.c"
Tcl_EvalEx(0x110391668, 0x117fe9168, 0x1e9000001e9, 
0x4000000040000), line 3682 in "tclBasic.c"
Tcl_EvalObjEx(0x110391668, 0x117fd0d48, 
0x4000000040000), line 4000 in "tclBasic.c"
Tcl_EvalObjCmd(0x0, 0x110391668, 0x400000004, 
0x110392d50), line 619 in "tclCmdAH.c"
TclEvalObjvInternal(0x110391668, 0x400000004, 
0x110392d50, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x114139588), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x114138568), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x114138568, 0x0), line 
4012 in "tclBasic.c"
Itk_ArchCompAddCmd() at 0x9000000008b8b1c
Itk_ArchComponentCmd() at 0x9000000008b98d0
Itcl_EvalMemberCode() at 0x9000000008c5014
Itcl_ExecMethod() at 0x9000000008c42a8
TclEvalObjvInternal(0x110391668, 0x500000005, 
0x110392d28, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x114138888), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x11410c5e8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x11410c5e8, 0x0), line 
4012 in "tclBasic.c"
Tcl_IfObjCmd(0x0, 0x110391668, 0x500000005, 
0x110392d00), line 279 in "tclCmdIL.c"
TclEvalObjvInternal(0x110391668, 0x500000005, 
0x110392d00, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x11410c9e8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x113cdb9e8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x113cdb9e8, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_ExecMethod() at 0x9000000008c42a8
Itcl_EvalArgs() at 0x9000000008c1588
Itcl_HandleInstance() at 0x9000000008c8254
TclEvalObjvInternal(0x110391668, 0x1000000010, 
0x110392c80, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x114296508), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x114109428), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x114109428, 0x0), line 
4012 in "tclBasic.c"
Tcl_SwitchObjCmd(0x0, 0x110391668, 0x600000003, 
0x11410d128), line 2857 in "tclCmdMZ.c"
TclEvalObjvInternal(0x110391668, 0x300000003, 
0x110392c68, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x1141042c8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_ExecMethod() at 0x9000000008c42a8
TclEvalObjvInternal(0x110391668, 0x400000004, 
0x110392c48, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x1141042c8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_ExecMethod() at 0x9000000008c42a8
TclEvalObjvInternal(0x110391668, 0x400000004, 
0x110392c28, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x1141042c8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_ExecMethod() at 0x9000000008c42a8
TclEvalObjvInternal(0x110391668, 0x400000004, 
0x110392c08, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x1141042c8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_ExecMethod() at 0x9000000008c42a8
TclEvalObjvInternal(0x110391668, 0x400000004, 
0x110392be8, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x1141042c8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_ExecMethod() at 0x9000000008c42a8
Itcl_EvalArgs() at 0x9000000008c1588
Itcl_HandleInstance() at 0x9000000008c8254
TclEvalObjvInternal(0x110391668, 0x500000005, 
0x110392bc0, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x1140f14a8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110d3d4c8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110d3d4c8, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_ExecMethod() at 0x9000000008c42a8
Itcl_EvalArgs() at 0x9000000008c1588
Itcl_HandleInstance() at 0x9000000008c8254
TclEvalObjvInternal(0x110391668, 0x200000002, 
0x110392bb0, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x111f7a7c8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110ced948), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110ced948, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_InvokeMethodIfExists() at 0x9000000008c3574
Itcl_CreateObject() at 0x9000000008c8a1c
Itcl_HandleClass() at 0x9000000008c03d8
TclEvalObjvInternal(0x110391668, 0x500000005, 
0xfffffffffff45b8, 0x111f6b1e8, 0x3500000035, 0x0), line 
3087 in "tclBasic.c"
Tcl_EvalEx(0x110391668, 0x111f6b1e8, 0x3500000035, 
0x4000000040000), line 3682 in "tclBasic.c"
Tcl_EvalObjEx(0x110391668, 0x111f6b2e8, 
0x4000000040000), line 4000 in "tclBasic.c"
NamespaceEvalCmd(0x0, 0x110391668, 0x800000008, 
0x110392b70), line 2984 in "tclNamesp.c"
Tcl_NamespaceObjCmd(0x0, 0x110391668, 
0x800000008, 0x110392b70), line 2529 in "tclNamesp.c"
TclEvalObjvInternal(0x110391668, 0x800000008, 
0x110392b70, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x111f6b5c8), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x111f6a288), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x111f6a288, 0x0), line 
4012 in "tclBasic.c"
Tcl_SwitchObjCmd(0x0, 0x110391668, 0x400000004, 
0x111f69b68), line 2857 in "tclCmdMZ.c"
TclEvalObjvInternal(0x110391668, 0x400000004, 
0x110392b48, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x111f69968), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x110c6d428), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x110c6d428, 0x0), line 
4012 in "tclBasic.c"
Itcl_EvalMemberCode() at 0x9000000008c50d8
Itcl_ExecProc() at 0x9000000008c408c
TclEvalObjvInternal(0x110391668, 0x300000003, 
0xfffffffffff8cb8, 0x111f21d68, 0x2300000023, 0x0), line 
3087 in "tclBasic.c"
Tcl_EvalEx(0x110391668, 0x111f21d68, 0x2300000023, 
0x4000000040000), line 3682 in "tclBasic.c"
Tcl_EvalObjEx(0x110391668, 0x111f56c28, 
0x4000000040000), line 4000 in "tclBasic.c"
Tcl_EvalObjCmd(0x0, 0x110391668, 0x300000003, 
0x110392b30), line 619 in "tclCmdAH.c"
TclEvalObjvInternal(0x110391668, 0x300000003, 
0x110392b30, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x111f68648), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x111f621a8), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x111f621a8, 0x0), line 
4012 in "tclBasic.c"
Tcl_ForeachObjCmd(0x0, 0x110391668, 0x400000004, 
0x110392b08), line 1863 in "tclCmdAH.c"
TclEvalObjvInternal(0x110391668, 0x400000004, 
0x110392b08, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x111f63288), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x111f61368), line 982 
in "tclExecute.c"
Tcl_EvalObjEx(0x110391668, 0x111f61368, 0x0), line 
4012 in "tclBasic.c"
Tcl_IfObjCmd(0x0, 0x110391668, 0x300000003, 
0xfffffffffffcc28), line 243 in "tclCmdIL.c"
TclEvalObjvInternal(0x110391668, 0x300000003, 
0xfffffffffffcc28, 0x1107b2574, 0x6e2000006e2, 0x0), 
line 3087 in "tclBasic.c"
Tcl_EvalEx(0x110391668, 0x1107832a8, 0x301f1ffffffff, 
0x0), line 3682 in "tclBasic.c"
Tcl_Eval(0x110391668, 0x1107832a8), line 3879 
in "tclBasic.c"
denTclEvalFile(0x110391668, 0x110782388), line 244 
in "memmaker.c"
densourceCmd(0x0, 0x110391668, 0x200000002, 
0xfffffffffffd1e0), line 244 in "memmaker.c"
TclInvokeStringCommand(0x110476508, 0x110391668, 
0x200000002, 0x110780d68), line 1778 in "tclBasic.c"
TclEvalObjvInternal(0x110391668, 0x200000002, 
0x110780d68, 0x9001000a029b708, 0x0, 
0x4000000040000), line 3087 in "tclBasic.c"
Tcl_EvalObjv(0x110391668, 0x200000002, 0x110780d68, 
0x4000000040000), line 3203 in "tclBasic.c"
unnamed block $b72, line 3996 in "tclBasic.c"
Tcl_EvalObjEx(0x110391668, 0x110782808, 
0x4000000040000), line 3996 in "tclBasic.c"
Tcl_UplevelObjCmd(0x0, 0x110391668, 0x100000003, 
0x110392b00), line 674 in "tclProc.c"
TclEvalObjvInternal(0x110391668, 0x300000003, 
0x110392af0, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c"
unnamed block $b531, line 1404 in "tclExecute.c"
TclExecuteByteCode(0x110391668, 0x110781948), line 
1404 in "tclExecute.c"
TclCompEvalObj(0x110391668, 0x11077ed48), line 982 
in "tclExecute.c"
TclObjInterpProc(0x11077f368, 0x110391668, 
0x100000001, 0xffffffffffffba8), line 1100 in "tclProc.c"
TclEvalObjvInternal(0x110391668, 0x100000001, 
0xffffffffffffba8, 0x110000cf8, 0xc0000000c, 0x0), line 
3087 in "tclBasic.c"
Tcl_EvalEx(0x110391668, 0x110000854, 0x4b0ffffffff, 
0x0), line 3682 in "tclBasic.c"
Tcl_Eval(0x110391668, 0x110000854), line 3879 
in "tclBasic.c"
makerMain(0x200000002, 0x200fe050), line 244 
in "memmaker.c"
main(0x200000002, 0x200fe050), line 244 
in "memmaker.c"
User Comments: kennykb added on 2004-12-13 22:36:45:
Logged In: YES 
user_id=99768

Since the observed behavior strongly suggests heap
corruption resulting from a rogue pointer in code outside
the Core, I'm closing this bug for now.  Please feel to
reopen it if you have further evidence what might be going on.

One thing to try - if you can - is to run the same code
through 'valgrind' on your Linux platform or Purify on one
of your platforms that supports it.  Sometimes bugs that
result in access to freed memory or other pointer smashes
can - just through chance - result in code that appears to
work, simply because nothing of value is present at the
location designated by the bad pointer. A memory analysis
tool can often detect this sort of error readily.

Please feel to repoen or resubmit this bug if you have
further evidence for us to go on. In particular - and I know
how difficult this can be - a reproducible test case would
be invaluable.

rtbalaji added on 2004-12-10 07:22:31:
Logged In: YES 
user_id=1169205

Thanks for both  your comments and suggestions. I have 
been trying to check to see if I can use any memory analysis 
tool. I think Valgrind works only on Linux x86 platforms and I 
don't have a release for AIX-64bit for Purify available. I am 
not sure if Purify in AIX 64bit is supported and not sure if we 
will need a separate license for that. I have asked our 
Rational sales contact. 

If there is not a memory analysis tool available for AIX 64bit I 
am not sure what to do next :( 

It works fine on Solaris (32 and 64bit), linux (32bit and 
64bit) , AIX (32bit) and HP11 (32bit and 64bit) though I may 
not be using the exact same patch of tcl8.4 and other related 
software like itcl/itk and iWidget. So, I think building and 
running purify may not essentially show this problem  but 
atleast seems like an option. 

I will also check to see if I can upgrade to tcl8.4.9 and check 
if it works.
-Balaji

dgp added on 2004-12-09 23:01:10:
Logged In: YES 
user_id=80530

Might also be worthwhile to
try to reproduce with 
Tcl/Tk 8.4.9 , which are
the current releases.

kennykb added on 2004-12-09 22:56:42:
Logged In: YES 
user_id=99768

The observed symptoms are consistent with corruption of the
runtime heap.
I notice that memmaker is in use - and additionally, that at
least
[incr Tcl], [incr Tk] and [incr Widgets] are all in the mix.

It would appear that there is C code in the mix somewhere that's
storing through a rogue pointer (likely either accessing
beyond the
end of an array, or accessing freed memory).  These problems are
notoriously difficult to track down.

Tcl_ListObj doesn't appear to be the immediate culprit - its
request for
32 bytes is as expected given the stack.  The first argument to
Tcl_DbCkalloc looks odd, but the panic message shows the
correct number, so I'm willing for now to consider that an issue
with the code that generates the stack trace.

Do you have access to a memory analysis tool like Purify or
Valgrind that could be used to assess where the invalid memory
access is happening?

rtbalaji added on 2004-12-07 02:43:02:
Logged In: YES 
user_id=1169205

Hi Kennykb,

                  Just checking to see if you have any 
updates on this issues. Please let me know if you have 
any questions or need more information. I would 
appreciate your comments or suggestions on this issue.
Thanks,
-Balaji

dgp added on 2004-12-02 02:53:00:
Logged In: YES 
user_id=80530


too large memory request
appears to come from Tcl_ListObjAppendElement().

Passing hot potato there first.

rtbalaji added on 2004-12-02 02:42:48:

File Added - 110886: crash

Attachments: