Ticket UUID: | 1077017 | |||
Title: | TCL crash on AIX 64bit | |||
Type: | Bug | Version: | obsolete: 8.4.7 | |
Submitter: | rtbalaji | Created on: | 2004-12-01 19:42:47 | |
Subsystem: | 14. List Object | Assigned To: | kennykb | |
Priority: | 7 High | Severity: | ||
Status: | Closed | Last Modified: | 2004-12-13 22:36:45 | |
Resolution: | Invalid | Closed By: | kennykb | |
Closed on: | 2004-12-13 15:36:45 | |||
Description: |
Hi, I have tcl linked into an application that is run on AIX-5.1 64bit. I am using Tcl-8.4.7. I see a crash due to a memory allocation failure. Please see below for the messages just before the crash and the stack trace. They are also in the attached file. This problem does not happen when I run the same exe through dbx. Also, the crash occurs at different places but tclListObj.c is where I often see this. I would appreciate any help regarding this. Thanks, -Balaji Messages: total mallocs 4323648 total frees 3682253 current packets allocated 641395 current bytes allocated 40681784 maximum packets allocated 641395 maximum bytes allocated 40681784 unable to alloc 32 bytes, ../tcl8.4.7/unix/../generic/tclListObj.c line 460 (dbx) where warning: could not locate trace table from starting address 0x377c pthread_kill(??, ??) at 0x9000000002a3980 _p_raise(??) at 0x9000000002a3410 raise.raise(??) at 0x900000000022774 abort() at 0x90000000003156c Tcl_PanicVA(0x9001000a029ae00, 0xffffffffffd3258), line 106 in "tclPanic.c" Tcl_Panic(0x9001000a029ae00, 0x20, 0x9001000a02af5b0, 0x1cc, 0x0, 0x100062d9, 0x100062d9, 0x0), line 134 in "tclPanic.c" Tcl_DbCkalloc(0x2000000020, 0x9001000a02af5b0, 0x1cc000001cc), line 381 in "tclCkalloc.c" unnamed block $b781, line 459 in "tclListObj.c" Tcl_ListObjAppendElement(0x0, 0x117fffcc8, 0x117fffee8), line 459 in "tclListObj.c" GetConfigList() at 0x90000000091fd78 Tk_GetOptionInfo() at 0x900000000921614 FrameWidgetObjCmd() at 0x90000000091d154 TclEvalObjvInternal(0x110391668, 0x200000002, 0xffffffffffd3978, 0x117ff9fe8, 0xd4000000d4, 0x0), line 3087 in "tclBasic.c" Tcl_EvalEx(0x110391668, 0x117ff9fe8, 0xd4ffffffff, 0x0), line 3682 in "tclBasic.c" Tcl_Eval(0x110391668, 0x117ff9fe8), line 3879 in "tclBasic.c" Itk_ArchCompAddCmd() at 0x9000000008b90f8 Itk_ArchComponentCmd() at 0x9000000008b98d0 Itcl_EvalMemberCode() at 0x9000000008c5014 Itcl_ExecMethod() at 0x9000000008c42a8 TclEvalObjvInternal(0x110391668, 0x500000005, 0x110392d90, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x110d5f708), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110d49148), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110d49148, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_InvokeMethodIfExists() at 0x9000000008c3574 Itcl_ConstructBase() at 0x9000000008c3698 Itcl_EvalMemberCode() at 0x9000000008c4fe4 Itcl_InvokeMethodIfExists() at 0x9000000008c3574 Itcl_ConstructBase() at 0x9000000008c3698 Itcl_EvalMemberCode() at 0x9000000008c4fe4 Itcl_InvokeMethodIfExists() at 0x9000000008c3574 Itcl_CreateObject() at 0x9000000008c8a1c Itcl_HandleClass() at 0x9000000008c03d8 TclEvalObjvInternal(0x110391668, 0xe0000000e, 0xffffffffffd8718, 0x117fea1e8, 0x1e9000001e9, 0x0), line 3087 in "tclBasic.c" Tcl_EvalEx(0x110391668, 0x117fea1e8, 0x1e9000001e9, 0x4000000040000), line 3682 in "tclBasic.c" Tcl_EvalObjEx(0x110391668, 0x117fea448, 0x4000000040000), line 4000 in "tclBasic.c" unnamed block $b851, line 684 in "tclProc.c" Tcl_UplevelObjCmd(0x0, 0x110391668, 0x300000004, 0x110392d78), line 684 in "tclProc.c" TclEvalObjvInternal(0x110391668, 0x400000004, 0x110392d70, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x113d49e88), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x113a68828), line 982 in "tclExecute.c" TclObjInterpProc(0x113a689e8, 0x110391668, 0xe0000000e, 0xffffffffffdaea8), line 1100 in "tclProc.c" TclEvalObjvInternal(0x110391668, 0xe0000000e, 0xffffffffffdaea8, 0x117fe9168, 0x1e9000001e9, 0x0), line 3087 in "tclBasic.c" Tcl_EvalEx(0x110391668, 0x117fe9168, 0x1e9000001e9, 0x4000000040000), line 3682 in "tclBasic.c" Tcl_EvalObjEx(0x110391668, 0x117fd0d48, 0x4000000040000), line 4000 in "tclBasic.c" Tcl_EvalObjCmd(0x0, 0x110391668, 0x400000004, 0x110392d50), line 619 in "tclCmdAH.c" TclEvalObjvInternal(0x110391668, 0x400000004, 0x110392d50, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x114139588), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x114138568), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x114138568, 0x0), line 4012 in "tclBasic.c" Itk_ArchCompAddCmd() at 0x9000000008b8b1c Itk_ArchComponentCmd() at 0x9000000008b98d0 Itcl_EvalMemberCode() at 0x9000000008c5014 Itcl_ExecMethod() at 0x9000000008c42a8 TclEvalObjvInternal(0x110391668, 0x500000005, 0x110392d28, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x114138888), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x11410c5e8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x11410c5e8, 0x0), line 4012 in "tclBasic.c" Tcl_IfObjCmd(0x0, 0x110391668, 0x500000005, 0x110392d00), line 279 in "tclCmdIL.c" TclEvalObjvInternal(0x110391668, 0x500000005, 0x110392d00, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x11410c9e8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x113cdb9e8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x113cdb9e8, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_ExecMethod() at 0x9000000008c42a8 Itcl_EvalArgs() at 0x9000000008c1588 Itcl_HandleInstance() at 0x9000000008c8254 TclEvalObjvInternal(0x110391668, 0x1000000010, 0x110392c80, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x114296508), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x114109428), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x114109428, 0x0), line 4012 in "tclBasic.c" Tcl_SwitchObjCmd(0x0, 0x110391668, 0x600000003, 0x11410d128), line 2857 in "tclCmdMZ.c" TclEvalObjvInternal(0x110391668, 0x300000003, 0x110392c68, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x1141042c8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_ExecMethod() at 0x9000000008c42a8 TclEvalObjvInternal(0x110391668, 0x400000004, 0x110392c48, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x1141042c8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_ExecMethod() at 0x9000000008c42a8 TclEvalObjvInternal(0x110391668, 0x400000004, 0x110392c28, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x1141042c8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_ExecMethod() at 0x9000000008c42a8 TclEvalObjvInternal(0x110391668, 0x400000004, 0x110392c08, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x1141042c8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_ExecMethod() at 0x9000000008c42a8 TclEvalObjvInternal(0x110391668, 0x400000004, 0x110392be8, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x1141042c8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110d3aea8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110d3aea8, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_ExecMethod() at 0x9000000008c42a8 Itcl_EvalArgs() at 0x9000000008c1588 Itcl_HandleInstance() at 0x9000000008c8254 TclEvalObjvInternal(0x110391668, 0x500000005, 0x110392bc0, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x1140f14a8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110d3d4c8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110d3d4c8, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_ExecMethod() at 0x9000000008c42a8 Itcl_EvalArgs() at 0x9000000008c1588 Itcl_HandleInstance() at 0x9000000008c8254 TclEvalObjvInternal(0x110391668, 0x200000002, 0x110392bb0, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x111f7a7c8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110ced948), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110ced948, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_InvokeMethodIfExists() at 0x9000000008c3574 Itcl_CreateObject() at 0x9000000008c8a1c Itcl_HandleClass() at 0x9000000008c03d8 TclEvalObjvInternal(0x110391668, 0x500000005, 0xfffffffffff45b8, 0x111f6b1e8, 0x3500000035, 0x0), line 3087 in "tclBasic.c" Tcl_EvalEx(0x110391668, 0x111f6b1e8, 0x3500000035, 0x4000000040000), line 3682 in "tclBasic.c" Tcl_EvalObjEx(0x110391668, 0x111f6b2e8, 0x4000000040000), line 4000 in "tclBasic.c" NamespaceEvalCmd(0x0, 0x110391668, 0x800000008, 0x110392b70), line 2984 in "tclNamesp.c" Tcl_NamespaceObjCmd(0x0, 0x110391668, 0x800000008, 0x110392b70), line 2529 in "tclNamesp.c" TclEvalObjvInternal(0x110391668, 0x800000008, 0x110392b70, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x111f6b5c8), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x111f6a288), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x111f6a288, 0x0), line 4012 in "tclBasic.c" Tcl_SwitchObjCmd(0x0, 0x110391668, 0x400000004, 0x111f69b68), line 2857 in "tclCmdMZ.c" TclEvalObjvInternal(0x110391668, 0x400000004, 0x110392b48, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x111f69968), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x110c6d428), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x110c6d428, 0x0), line 4012 in "tclBasic.c" Itcl_EvalMemberCode() at 0x9000000008c50d8 Itcl_ExecProc() at 0x9000000008c408c TclEvalObjvInternal(0x110391668, 0x300000003, 0xfffffffffff8cb8, 0x111f21d68, 0x2300000023, 0x0), line 3087 in "tclBasic.c" Tcl_EvalEx(0x110391668, 0x111f21d68, 0x2300000023, 0x4000000040000), line 3682 in "tclBasic.c" Tcl_EvalObjEx(0x110391668, 0x111f56c28, 0x4000000040000), line 4000 in "tclBasic.c" Tcl_EvalObjCmd(0x0, 0x110391668, 0x300000003, 0x110392b30), line 619 in "tclCmdAH.c" TclEvalObjvInternal(0x110391668, 0x300000003, 0x110392b30, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x111f68648), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x111f621a8), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x111f621a8, 0x0), line 4012 in "tclBasic.c" Tcl_ForeachObjCmd(0x0, 0x110391668, 0x400000004, 0x110392b08), line 1863 in "tclCmdAH.c" TclEvalObjvInternal(0x110391668, 0x400000004, 0x110392b08, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x111f63288), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x111f61368), line 982 in "tclExecute.c" Tcl_EvalObjEx(0x110391668, 0x111f61368, 0x0), line 4012 in "tclBasic.c" Tcl_IfObjCmd(0x0, 0x110391668, 0x300000003, 0xfffffffffffcc28), line 243 in "tclCmdIL.c" TclEvalObjvInternal(0x110391668, 0x300000003, 0xfffffffffffcc28, 0x1107b2574, 0x6e2000006e2, 0x0), line 3087 in "tclBasic.c" Tcl_EvalEx(0x110391668, 0x1107832a8, 0x301f1ffffffff, 0x0), line 3682 in "tclBasic.c" Tcl_Eval(0x110391668, 0x1107832a8), line 3879 in "tclBasic.c" denTclEvalFile(0x110391668, 0x110782388), line 244 in "memmaker.c" densourceCmd(0x0, 0x110391668, 0x200000002, 0xfffffffffffd1e0), line 244 in "memmaker.c" TclInvokeStringCommand(0x110476508, 0x110391668, 0x200000002, 0x110780d68), line 1778 in "tclBasic.c" TclEvalObjvInternal(0x110391668, 0x200000002, 0x110780d68, 0x9001000a029b708, 0x0, 0x4000000040000), line 3087 in "tclBasic.c" Tcl_EvalObjv(0x110391668, 0x200000002, 0x110780d68, 0x4000000040000), line 3203 in "tclBasic.c" unnamed block $b72, line 3996 in "tclBasic.c" Tcl_EvalObjEx(0x110391668, 0x110782808, 0x4000000040000), line 3996 in "tclBasic.c" Tcl_UplevelObjCmd(0x0, 0x110391668, 0x100000003, 0x110392b00), line 674 in "tclProc.c" TclEvalObjvInternal(0x110391668, 0x300000003, 0x110392af0, 0x0, 0x0, 0x0), line 3087 in "tclBasic.c" unnamed block $b531, line 1404 in "tclExecute.c" TclExecuteByteCode(0x110391668, 0x110781948), line 1404 in "tclExecute.c" TclCompEvalObj(0x110391668, 0x11077ed48), line 982 in "tclExecute.c" TclObjInterpProc(0x11077f368, 0x110391668, 0x100000001, 0xffffffffffffba8), line 1100 in "tclProc.c" TclEvalObjvInternal(0x110391668, 0x100000001, 0xffffffffffffba8, 0x110000cf8, 0xc0000000c, 0x0), line 3087 in "tclBasic.c" Tcl_EvalEx(0x110391668, 0x110000854, 0x4b0ffffffff, 0x0), line 3682 in "tclBasic.c" Tcl_Eval(0x110391668, 0x110000854), line 3879 in "tclBasic.c" makerMain(0x200000002, 0x200fe050), line 244 in "memmaker.c" main(0x200000002, 0x200fe050), line 244 in "memmaker.c" | |||
User Comments: |
kennykb added on 2004-12-13 22:36:45:
Logged In: YES user_id=99768 Since the observed behavior strongly suggests heap corruption resulting from a rogue pointer in code outside the Core, I'm closing this bug for now. Please feel to reopen it if you have further evidence what might be going on. One thing to try - if you can - is to run the same code through 'valgrind' on your Linux platform or Purify on one of your platforms that supports it. Sometimes bugs that result in access to freed memory or other pointer smashes can - just through chance - result in code that appears to work, simply because nothing of value is present at the location designated by the bad pointer. A memory analysis tool can often detect this sort of error readily. Please feel to repoen or resubmit this bug if you have further evidence for us to go on. In particular - and I know how difficult this can be - a reproducible test case would be invaluable. rtbalaji added on 2004-12-10 07:22:31: Logged In: YES user_id=1169205 Thanks for both your comments and suggestions. I have been trying to check to see if I can use any memory analysis tool. I think Valgrind works only on Linux x86 platforms and I don't have a release for AIX-64bit for Purify available. I am not sure if Purify in AIX 64bit is supported and not sure if we will need a separate license for that. I have asked our Rational sales contact. If there is not a memory analysis tool available for AIX 64bit I am not sure what to do next :( It works fine on Solaris (32 and 64bit), linux (32bit and 64bit) , AIX (32bit) and HP11 (32bit and 64bit) though I may not be using the exact same patch of tcl8.4 and other related software like itcl/itk and iWidget. So, I think building and running purify may not essentially show this problem but atleast seems like an option. I will also check to see if I can upgrade to tcl8.4.9 and check if it works. -Balaji dgp added on 2004-12-09 23:01:10: Logged In: YES user_id=80530 Might also be worthwhile to try to reproduce with Tcl/Tk 8.4.9 , which are the current releases. kennykb added on 2004-12-09 22:56:42: Logged In: YES user_id=99768 The observed symptoms are consistent with corruption of the runtime heap. I notice that memmaker is in use - and additionally, that at least [incr Tcl], [incr Tk] and [incr Widgets] are all in the mix. It would appear that there is C code in the mix somewhere that's storing through a rogue pointer (likely either accessing beyond the end of an array, or accessing freed memory). These problems are notoriously difficult to track down. Tcl_ListObj doesn't appear to be the immediate culprit - its request for 32 bytes is as expected given the stack. The first argument to Tcl_DbCkalloc looks odd, but the panic message shows the correct number, so I'm willing for now to consider that an issue with the code that generates the stack trace. Do you have access to a memory analysis tool like Purify or Valgrind that could be used to assess where the invalid memory access is happening? rtbalaji added on 2004-12-07 02:43:02: Logged In: YES user_id=1169205 Hi Kennykb, Just checking to see if you have any updates on this issues. Please let me know if you have any questions or need more information. I would appreciate your comments or suggestions on this issue. Thanks, -Balaji dgp added on 2004-12-02 02:53:00: Logged In: YES user_id=80530 too large memory request appears to come from Tcl_ListObjAppendElement(). Passing hot potato there first. rtbalaji added on 2004-12-02 02:42:48: File Added - 110886: crash |
Attachments:
- crash [download] added by rtbalaji on 2004-12-02 02:42:48. [details]