support Low-Fragmentation Heap #63
Comments
|
From timurrrr@google.com on October 01, 2010 04:51:09 This is likely related to issue #23 - same assertion |
|
From derek.br...@gmail.com on October 01, 2010 07:12:01 same assertion, but different: here there's an out-of-main-heap allocation that we saw being allocated by a heap routine, but did not see the de-allocation of, while in issue #23 there's an allocation being used as a heap that we did not see the allocation of |
|
From derek.br...@gmail.com on October 01, 2010 07:16:06 actually the asserts are different too: is_in_heap_region() called in leak.c vs is_entirely_in_heap_region() called in alloc.c |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From derek.br...@gmail.com on September 30, 2010 21:51:06
running winword Office2007 I hit an ASSERT where an LFH meta-alloc disappeared:
ASSERT FAILURE (thread 3960): drmemory/leak.c:589: is_in_heap_region(pointer) (heap data struct inconsistency)
0:000> .frame 5
05 22149b04 100da9e6 drmemorylib!check_reachability_pointer+0x3bf [drmemory\leak.c @ 589]
0:000> dv
chunk_size = 0xe7f8
pointer = 0x03d803d7 ""
ptr_addr = 0x334cfce0 "???"
data = 0x22149df8
chunk_start = 0x03d80050 ""
node = 0x231b58a4
reachable = 0
chunk_end = 0x03d8e848 ""
add_reachable = 0
add_maybe_reachable = 0
flags = 0
0:000> ?? *heap_tree->root
struct _rb_node_t
+0x000 parent : 0x10193930
+0x004 right : 0x233f4418
+0x008 left : 0x22226234
+0x00c color : 1 ( BLACK )
+0x010 base : 0x03c80000 "???"
+0x014 size : 0x100000
+0x018 max : (null)
+0x01c client : 0x23a875b8
0:000> !vprot 03c80000
BaseAddress: 03c80000
AllocationBase: 03c80000
AllocationProtect: 00000004 PAGE_READWRITE
RegionSize: 00100000
State: 00001000 MEM_COMMIT
Protect: 00000004 PAGE_READWRITE
Type: 00020000 MEM_PRIVATE
0:000> !vprot 03d80000
BaseAddress: 03d80000
AllocationBase: 00000000
RegionSize: 00100000
State: 00010000 MEM_FREE
Protect: 00000001 PAGE_NOACCESS
0:000> ?? *large_malloc_tree->root->right
struct _rb_node_t
+0x000 parent : 0x22249894
+0x004 right : 0x10193930
+0x008 left : 0x222498dc
+0x00c color : 1 ( BLACK )
+0x010 base : 0x03d80050 ""
+0x014 size : 0xe7f8
+0x018 max : (null)
+0x01c client : (null)
struct _malloc_entry_t
+0x000 start : 0x03d80050 ""
+0x004 end : 0x03d8e848 ""
+0x008 usable_extra : 8
+0x00a flags : 1
+0x00c data : 0x23b4ac28
0:000> ?? *(packed_callstack_t *)0x23b4ac28
struct _packed_callstack_t
+0x000 refcount : 2
+0x004 num_frames : 0x14
+0x008 frames : 0x23b4ac34
0:000> U ntdll+0x39897-5
ntdll!RtlpCreateLowFragHeap+0x20:
7d639892 e8ef5dfeff call ntdll!RtlAllocateHeap (7d61f686)
0:000> U ntdll+0x39a02-5
ntdll!RtlSetHeapInformation+0x27:
7d6399fd e810000000 call ntdll!RtlpActivateLowFragmentationHeap (7d639a12)
0:000> U kernel32+0x42f78-6
kernel32!HeapSetInformation+0x11:
7d502f72 ff155c034d7d call dword ptr [kernel32!_imp__RtlSetHeapInformation (7d4d035c)]
=> am I missing the de-alloc of the low-frag heap's malloc?
0:000> Uf ntdll!RtlpDestroyLowFragHeap
ntdll!RtlpDestroyLowFragHeap:
7d63d6f0 8bff mov edi,edi
7d63d6f2 51 push ecx
7d63d6f3 e8a13afeff call ntdll!RtlDeleteCriticalSection (7d621199)
7d63d6f8 c3 ret
so maybe it's de-allocated in some weird way?
simple test app runs fine:
BOOL bResult = HeapSetInformation(GetProcessHeap(),
HeapCompatibilityInformation,
&bogus,
sizeof(bogus));
leaving this Issue open for handling LFH if we really need to, but for now: Issue 280 : [drmem] DrMemory should wrap HeapSetInformation(*,
HeapEnableTerminationOnCorruption, *, *) with no-op
and also HeapCompatibilityInformation (== LFH) => noop
Original issue: http://code.google.com/p/drmemory/issues/detail?id=63
The text was updated successfully, but these errors were encountered: