Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid heap argument reports in spec2006 471.omnetpp #862

Closed
derekbruening opened this issue Nov 28, 2014 · 7 comments
Closed

Invalid heap argument reports in spec2006 471.omnetpp #862

derekbruening opened this issue Nov 28, 2014 · 7 comments
Labels
Migrated OpSys-Linux Priority-Medium ThirdParty-Bug

Comments

@derekbruening
Copy link
Contributor

From zhao...@google.com on April 12, 2012 14:47:08

test input, drmemory shadow light mode:

time ~/Workspace/DrMemory/builds/build_x86_rel.svn/bin/drmemory.pl -light -verbose 2 -- ./omnetpp_base.gcc43-32bit omnetpp.ini

ERRORS FOUND:
0 unique, 0 total unaddressable access(es)
55 unique, 589283 total invalid heap argument(s)
0 unique, 0 total warning(s)

DUPLICATE ERROR COUNTS:
Error # 16: 4
Error # 17: 2
Error # 18: 147176
Error # 19: 147176
Error # 20: 258355
Error # 21: 35997
...

Error #18: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete
#0 omnetpp_base.gcc43-32bit!? (0x080b22f5 <omnetpp_base.gcc43-32bit+0x6a2f5>) modid:1
#1 omnetpp_base.gcc43-32bit!? (0x08051718 <omnetpp_base.gcc43-32bit+0x9718>) modid:1
#2 omnetpp_base.gcc43-32bit!? (0x08059211 <omnetpp_base.gcc43-32bit+0x11211>) modid:1
#3 omnetpp_base.gcc43-32bit!? (0x08059cb8 <omnetpp_base.gcc43-32bit+0x11cb8>) modid:1
#4 omnetpp_base.gcc43-32bit!? (0x080aaf04 <omnetpp_base.gcc43-32bit+0x62f04>) modid:1
#5 omnetpp_base.gcc43-32bit!? (0x08088838 <omnetpp_base.gcc43-32bit+0x40838>) modid:1
#6 omnetpp_base.gcc43-32bit!? (0x08088b8a <omnetpp_base.gcc43-32bit+0x40b8a>) modid:1
#7 omnetpp_base.gcc43-32bit!? (0x0808d4a8 <omnetpp_base.gcc43-32bit+0x454a8>) modid:1
#8 libc.so.6!? (0xf7301bd6 <libc.so.6+0x16bd6>) modid:4
#9 omnetpp_base.gcc43-32bit!? (0x0804a291 <omnetpp_base.gcc43-32bit+0x2291>) modid:1
info: @0:00:00.702 in thread 22669
error end

Error #19: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete
#0 omnetpp_base.gcc43-32bit!? (0x08059211 <omnetpp_base.gcc43-32bit+0x11211>) modid:1
#1 omnetpp_base.gcc43-32bit!? (0x08059cb8 <omnetpp_base.gcc43-32bit+0x11cb8>) modid:1
#2 omnetpp_base.gcc43-32bit!? (0x080aaf04 <omnetpp_base.gcc43-32bit+0x62f04>) modid:1
#3 omnetpp_base.gcc43-32bit!? (0x08088838 <omnetpp_base.gcc43-32bit+0x40838>) modid:1
#4 omnetpp_base.gcc43-32bit!? (0x08088b8a <omnetpp_base.gcc43-32bit+0x40b8a>) modid:1
#5 omnetpp_base.gcc43-32bit!? (0x0808d4a8 <omnetpp_base.gcc43-32bit+0x454a8>) modid:1
#6 libc.so.6!? (0xf7301bd6 <libc.so.6+0x16bd6>) modid:4
#7 omnetpp_base.gcc43-32bit!? (0x0804a291 <omnetpp_base.gcc43-32bit+0x2291>) modid:1
info: @0:00:00.702 in thread 22669
error end

Error #20: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete
#0 omnetpp_base.gcc43-32bit!? (0x080aaf04 <omnetpp_base.gcc43-32bit+0x62f04>) modid:1
#1 omnetpp_base.gcc43-32bit!? (0x08088838 <omnetpp_base.gcc43-32bit+0x40838>) modid:1
#2 omnetpp_base.gcc43-32bit!? (0x08088b8a <omnetpp_base.gcc43-32bit+0x40b8a>) modid:1
#3 omnetpp_base.gcc43-32bit!? (0x0808d4a8 <omnetpp_base.gcc43-32bit+0x454a8>) modid:1
#4 libc.so.6!? (0xf7301bd6 <libc.so.6+0x16bd6>) modid:4
#5 omnetpp_base.gcc43-32bit!? (0x0804a291 <omnetpp_base.gcc43-32bit+0x2291>) modid:1
info: @0:00:00.709 in thread 22669
error end

Original issue: http://code.google.com/p/drmemory/issues/detail?id=862
@derekbruening
Copy link
Contributor Author

From zhao...@google.com on April 12, 2012 11:57:33

error report from result.txt

Error #18: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit!cObject::~cObject()

1 omnetpp_base.gcc43-32bit!EtherFrameWithLLC::~EtherFrameWithLLC()

2 omnetpp_base.gcc43-32bit!EtherMAC::handleEndTxPeriod()

3 omnetpp_base.gcc43-32bit!EtherMAC::handleMessage(cMessage_)

4 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule_)

5 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()

6 omnetpp_base.gcc43-32bit!TCmdenvApp::run()

7 omnetpp_base.gcc43-32bit!main

8 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

9 omnetpp_base.gcc43-32bit!_start

Note: elapsed time = 0:00:00.702 in thread 22669

Error #19: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit!EtherMAC::handleEndTxPeriod()

1 omnetpp_base.gcc43-32bit!EtherMAC::handleMessage(cMessage_)

2 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule_)

3 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()

4 omnetpp_base.gcc43-32bit!TCmdenvApp::run()

5 omnetpp_base.gcc43-32bit!main

6 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

7 omnetpp_base.gcc43-32bit!_start

Note: elapsed time = 0:00:00.702 in thread 22669

Error #20: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule*)

1 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()

2 omnetpp_base.gcc43-32bit!TCmdenvApp::run()

3 omnetpp_base.gcc43-32bit!main

4 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

5 omnetpp_base.gcc43-32bit!_start

Note: elapsed time = 0:00:00.709 in thread 22669

Error #21: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit!EtherAppSrv::handleMessage(cMessage_)

1 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule_)

2 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()

3 omnetpp_base.gcc43-32bit!TCmdenvApp::run()

4 omnetpp_base.gcc43-32bit!main

5 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

6 omnetpp_base.gcc43-32bit!_start

Note: elapsed time = 0:00:00.714 in thread 22669

Status: Accepted
Labels: OpSys-Linux

@derekbruening
Copy link
Contributor Author

From zhao...@google.com on April 12, 2012 12:08:47

Similar error reported by Valgrind too:

==3816==
==3816== Mismatched free() / delete / delete []
==3816== at 0x47CF05E: free (vg_replace_malloc.c:427)
==3816== by 0x8089284: operator delete(void_) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80B22F4: cObject::~cObject() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x809AD17: cSimpleChannel::~cSimpleChannel() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80B22F4: cObject::~cObject() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80AB982: cSimulation::~cSimulation() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x70A448E: run_exit_handlers (exit.c:78)
==3816== by 0x70A44FE: exit (exit.c:100)
==3816== by 0x708BBDD: (below main) (libc-start.c:258)
==3816== Address 0x735b688 is 0 bytes inside a block of size 48 alloc'd
==3816== at 0x47CF8B9: operator new[](unsigned int) (vg_replace_malloc.c:343)
==3816== by 0x80B2200: cObject::operator new(unsigned int) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x809AAEA: cChannel::createparlist() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x809B4EF: cSimpleChannel::setDelay(cPar) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x809E792: connect(cModule, int, cPar, cPar_, cPar_, cModule_, int) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80811FF: TwoHosts::doBuildInside() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x809E4CF: cModule::buildInside() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x807A2FF: twoHosts::setupNetwork() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80AB3FD: cSimulation::setupNetwork(cNetworkType_, int) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x8088B47: TCmdenvApp::run() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x808D4A7: main (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816==
==3816== Mismatched free() / delete / delete []
==3816== at 0x47CF05E: free (vg_replace_malloc.c:427)
==3816== by 0x8089284: operator delete(void_) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80B22F4: cObject::~cObject() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80AB982: cSimulation::~cSimulation() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x70A448E: run_exit_handlers (exit.c:78)
==3816== by 0x70A44FE: exit (exit.c:100)
==3816== by 0x708BBDD: (below main) (libc-start.c:258)
==3816== Address 0x735b5a8 is 0 bytes inside a block of size 64 alloc'd
==3816== at 0x47CF8B9: operator new[](unsigned int) (vg_replace_malloc.c:343)
==3816== by 0x80B2200: cObject::operator new(unsigned int) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80A6FBB: cGate::setDelay(cPar) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x809E792: connect(cModule, int, cPar_, cPar_, cPar_, cModule_, int) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80811FF: TwoHosts::doBuildInside() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x809E4CF: cModule::buildInside() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x807A2FF: twoHosts::setupNetwork() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x80AB3FD: cSimulation::setupNetwork(cNetworkType_, int) (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x8088B47: TCmdenvApp::run() (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816== by 0x808D4A7: main (in /home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/run/run_base_test_gcc43-32bit.0000/omnetpp_base.gcc43-32bit)
==3816==
==3816==
==3816== HEAP SUMMARY:
==3816== in use at exit: 4,892,096 bytes in 111,184 blocks
==3816== total heap usage: 1,031,699 allocs, 920,515 frees, 94,844,874 bytes allocated
==3816==
==3816== LEAK SUMMARY:
==3816== definitely lost: 4,892,008 bytes in 111,182 blocks
==3816== indirectly lost: 0 bytes in 0 blocks
==3816== possibly lost: 88 bytes in 2 blocks
==3816== still reachable: 0 bytes in 0 blocks
==3816== suppressed: 0 bytes in 0 blocks
==3816== Rerun with --leak-check=full to see details of leaked memory
==3816==
==3816== For counts of detected and suppressed errors, rerun with: -v
==3816== ERROR SUMMARY: 589283 errors from 33 contexts (suppressed: 17 from 6)

@derekbruening
Copy link
Contributor Author

From zhao...@google.com on April 12, 2012 12:24:24

More detailed reports from drmemory full mode

Error #24: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit!cObject::~cObject()

1 omnetpp_base.gcc43-32bit!EtherFrameWithLLC::~EtherFrameWithLLC()

2 omnetpp_base.gcc43-32bit!EtherMAC::handleEndTxPeriod()

3 omnetpp_base.gcc43-32bit!EtherMAC::handleMessage(cMessage_)

4 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule_)

5 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()

6 omnetpp_base.gcc43-32bit!TCmdenvApp::run()

7 omnetpp_base.gcc43-32bit!main

8 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

9 omnetpp_base.gcc43-32bit!_start

Note: elapsed time = 0:00:01.317 in thread 6950
Note: memory was allocated here:
Note: # 0 omnetpp_base.gcc43-32bit!operator new(unsigned int)
Note: # 1 libstdc++.so.6!std::time_get<wchar_t, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> > >::_M_extract_name(std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> \

, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> >, int&, wchar_t const*_, unsigned long, std::ios_base&, std::Ios_Iostate&) const [/build/buildd/gcc-4.4-4.4.3/build/x86_64-l
inux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:886]
Note: # 2 omnetpp_base.gcc43-32bit!cObject::operator new(unsigned int)
Note: # 3 omnetpp_base.gcc43-32bit!EtherAppCli::sendPacket()
Note: # 4 omnetpp_base.gcc43-32bit!EtherAppCli::handleMessage(cMessage)
Note: # 5 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule*)
Note: # 6 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()
Note: # 7 omnetpp_base.gcc43-32bit!TCmdenvApp::run()
Note: # 8 omnetpp_base.gcc43-32bit!main
Note: # 9 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

Error #25: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit!EtherMAC::handleEndTxPeriod()

1 omnetpp_base.gcc43-32bit!EtherMAC::handleMessage(cMessage_)

2 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule_)

3 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()

4 omnetpp_base.gcc43-32bit!TCmdenvApp::run()

5 omnetpp_base.gcc43-32bit!main

6 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

7 omnetpp_base.gcc43-32bit!_start

Note: elapsed time = 0:00:01.317 in thread 6950
Note: memory was allocated here:
Note: # 0 omnetpp_base.gcc43-32bit!operator new(unsigned int)
Note: # 1 libstdc++.so.6!std::time_get<wchar_t, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> > >::_M_extract_name(std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> \

, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> >, int&, wchar_t const*_, unsigned long, std::ios_base&, std::Ios_Iostate&) const [/build/buildd/gcc-4.4-4.4.3/build/x86_64-l
inux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:886]
Note: # 2 omnetpp_base.gcc43-32bit!cObject::operator new(unsigned int)
Note: # 3 omnetpp_base.gcc43-32bit!EtherLLC::processPacketFromHigherLayer(cMessage)
Note: # 4 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule*)
Note: # 5 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()
Note: # 6 omnetpp_base.gcc43-32bit!TCmdenvApp::run()
Note: # 7 omnetpp_base.gcc43-32bit!main

Error #26: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit!cSimulation::doOneEvent(cSimpleModule_)

1 omnetpp_base.gcc43-32bit!TCmdenvApp::simulate()

2 omnetpp_base.gcc43-32bit!TCmdenvApp::run()

3 omnetpp_base.gcc43-32bit!main

4 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

5 omnetpp_base.gcc43-32bit!_start

Note: elapsed time = 0:00:01.334 in thread 6950
Note: memory was allocated here:
Note: # 0 omnetpp_base.gcc43-32bit!operator new(unsigned int)
Note: # 1 libstdc++.so.6!std::time_get<wchar_t, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> > >::_M_extract_name(std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> \

, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> >, int&, wchar_t const__, unsigned long, std::ios_base&, std::Ios_Iostate&) const [/build/buildd/gcc-4.4-4.4.3/build/x86_64-l
inux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:886]
Note: # 2 omnetpp_base.gcc43-32bit!cObject::operator new(unsigned int)
Note: # 3 omnetpp_base.gcc43-32bit!EtherFrameWithLLC::dup() const
Note: # 4 omnetpp_base.gcc43-32bit!EtherMAC::startFrameTransmission()
Note: # 5 omnetpp_base.gcc43-32bit!EtherMAC::handleMessage(cMessage)

@derekbruening
Copy link
Contributor Author

From zhao...@google.com on April 12, 2012 12:50:23

Error report with symbol information:

Error #19: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit-sym!~EtherFrameWithLLC [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/E\

therFrame_m.cc:384]

1 omnetpp_base.gcc43-32bit-sym!EtherMAC::handleMessage(cMessage_) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-\

32bit-sym.0000/EtherMAC.cc:360]

2 omnetpp_base.gcc43-32bit-sym!TCmdenvApp::simulate() [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.00\

00/libs/cmdenv/cmdenv.cc:388]

3 omnetpp_base.gcc43-32bit-sym!TCmdenvApp::run() [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/l\

ibs/cmdenv/cmdenv.cc:226]

4 omnetpp_base.gcc43-32bit-sym!main [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/l\

ibs/envir/main.cc:42]

5 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

6 omnetpp_base.gcc43-32bit-sym!_start

Note: elapsed time = 0:00:01.695 in thread 9775
Note: memory was allocated here:
Note: # 0 omnetpp_base.gcc43-32bit-sym!operator new(unsigned int) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32
bit-sym.0000/libs/cmdenv/heap.cc:305]
Note: # 1 libstdc++.so.6!std::time_get<wchar_t, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> > >::_M_extract_name(std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> \

, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> >, int&, wchar_t const__, unsigned long, std::ios_base&, std::Ios_Iostate&) const [/build/buildd/gcc-4.4-4.4.3/build/x86_64-l
inux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:886]
Note: # 2 omnetpp_base.gcc43-32bit-sym!cObject::operator new(unsigned int) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base
gcc43-32bit-sym.0000/libs/sim/cobject.cc:104]
Note: # 3 omnetpp_base.gcc43-32bit-sym!EtherLLC::processPacketFromHigherLayer(cMessage) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/bu
ild/build_base_gcc43-32bit-sym.0000/EtherLLC.cc:134]
Note: # 4 omnetpp_base.gcc43-32bit-sym!EtherLLC::handleMessage(cMessage) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_
gcc43-32bit-sym.0000/EtherLLC.cc:86]
Note: # 5 omnetpp_base.gcc43-32bit-sym!cSimulation::doOneEvent(cSimpleModule_) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_
base_gcc43-32bit-sym.0000/libs/sim/csimul.cc:576]
Note: # 6 omnetpp_base.gcc43-32bit-sym!TCmdenvApp::simulate() [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-
sym.0000/libs/cmdenv/cmdenv.cc:388]

...

Error #22: INVALID HEAP ARGUMENT: allocated with operator new[], freed with operator delete

0 omnetpp_base.gcc43-32bit-sym!~EtherAppResp [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/E\

therApp_m.cc:201]

1 omnetpp_base.gcc43-32bit-sym!~cObject [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/l\

ibs/sim/cobject.cc:96]

2 omnetpp_base.gcc43-32bit-sym!~cMessage [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/l\

ibs/sim/cmessage.cc:74]

3 omnetpp_base.gcc43-32bit-sym!~EtherFrame [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/E\

therFrame_m.cc:29]

4 omnetpp_base.gcc43-32bit-sym!~EtherFrameWithLLC [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/E\

therFrame_m.cc:384]

5 omnetpp_base.gcc43-32bit-sym!EtherMAC::handleMessage(cMessage_) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-\

32bit-sym.0000/EtherMAC.cc:360]

6 omnetpp_base.gcc43-32bit-sym!TCmdenvApp::simulate() [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.00\

00/libs/cmdenv/cmdenv.cc:388]

7 omnetpp_base.gcc43-32bit-sym!TCmdenvApp::run() [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/l\

ibs/cmdenv/cmdenv.cc:226]

8 omnetpp_base.gcc43-32bit-sym!main [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.0000/l\

ibs/envir/main.cc:42]

9 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

#10 omnetpp_base.gcc43-32bit-sym!_start
Note: elapsed time = 0:00:01.742 in thread 9775
Note: memory was allocated here:
Note: # 0 omnetpp_base.gcc43-32bit-sym!operator new(unsigned int) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32
bit-sym.0000/libs/cmdenv/heap.cc:305]
Note: # 1 libstdc++.so.6!std::time_get<wchar_t, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> > >::_M_extract_name(std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> \

, std::istreambuf_iterator<wchar_t, std::char_traits<wchar_t> >, int&, wchar_t const__, unsigned long, std::ios_base&, std::Ios_Iostate&) const [/build/buildd/gcc-4.4-4.4.3/build/x86_64-l
inux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:886]
Note: # 2 omnetpp_base.gcc43-32bit-sym!cObject::operator new(unsigned int) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base
gcc43-32bit-sym.0000/libs/sim/cobject.cc:104]
Note: # 3 omnetpp_base.gcc43-32bit-sym!EtherAppSrv::handleMessage(cMessage) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_ba
se_gcc43-32bit-sym.0000/EtherAppSrv.cc:112]
Note: # 4 omnetpp_base.gcc43-32bit-sym!cSimulation::doOneEvent(cSimpleModule*) [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build
base_gcc43-32bit-sym.0000/libs/sim/csimul.cc:576]
Note: # 5 omnetpp_base.gcc43-32bit-sym!TCmdenvApp::simulate() [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-
sym.0000/libs/cmdenv/cmdenv.cc:388]
Note: # 6 omnetpp_base.gcc43-32bit-sym!TCmdenvApp::run() [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.
0000/libs/cmdenv/cmdenv.cc:226]
Note: # 7 omnetpp_base.gcc43-32bit-sym!cEnvir::run() [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.
0000/libs/envir/cenvir.cc:224]
Note: # 8 omnetpp_base.gcc43-32bit-sym!main [/usr/local/google/home/zhaoqin/Benchmarks/spec2k6/SPEC_CPU2006v1.2/benchspec/CPU2006/471.omnetpp/build/build_base_gcc43-32bit-sym.
0000/libs/envir/main.cc:42]
Note: # 9 libc.so.6!__libc_start_main [/build/buildd/eglibc-2.11.1/csu/libc-start.c:226]

@derekbruening
Copy link
Contributor Author

From zhao...@google.com on April 12, 2012 14:46:06

C++ makes debugging impossible:

Tracking the execution

class EtherFrameWithLLC : public EtherFrame
{
...
virtual cObject _dup() const {return new EtherFrameWithLLC(_this);}
...
}

0x8054126 <EtherFrameWithLLC::dup() const>: push %ebp
0x8054127 <EtherFrameWithLLC::dup() const+1>: mov %esp,%ebp
0x8054129 <EtherFrameWithLLC::dup() const+3>: push %edi
0x805412a <EtherFrameWithLLC::dup() const+4>: push %esi
0x805412b <EtherFrameWithLLC::dup() const+5>: push %ebx
0x805412c <EtherFrameWithLLC::dup() const+6>: sub $0x1c,%esp
0x805412f <EtherFrameWithLLC::dup() const+9>: movl $0x94,(%esp)
0x8054136 <EtherFrameWithLLC::dup() const+16>: call 0x80cdef3 <cObject::operator new(unsigned int)>
=> 0x805413b <EtherFrameWithLLC::dup() const+21>: mov %eax,%ebx
0x805413d <EtherFrameWithLLC::dup() const+23>: mov %ebx,%eax

void *cObject::operator new(size_t m)
{
void *p = ::new char[m];
if (p) heapflag = 1;
return p;
}
which calls to 0xf7f870a0 in operator new[](unsigned int) () from /usr/lib32/libstdc++.so.6, which calls to operator new (m=148) at libs/cmdenv/heap.cc:299. That's why all the object is actually allocated by new[].

The allocated pointer will be passed into cObject::setOwner and assigned to ownerp->firstchildp sometimes:
#0 cObject::setOwner (this=0x811e418, newowner=0x8118e00) at libs/sim/cobject.cc:150
#1 0x080cdcc8 in cObject::cObject (this=0x811e418, name=0x0) at libs/sim/cobject.cc:85
#2 0x080a85a8 in cMessage::cMessage (this=0x811e418, name=0x0, k=0, ln=1, pri=0, err=false) at libs/sim/cmessage.cc:54
#3 0x08050c7f in EtherFrame::EtherFrame (this=0x811e418, name=0x0, kind=0) at EtherFrame_m.cc:15
#4 0x08051e79 in EtherFrameWithLLC::EtherFrameWithLLC (this=0x811e418, other=...) at EtherFrame_m.cc:375
#5 0x0805414e in EtherFrameWithLLC::dup (this=0x811e8e0) at EtherFrame_m.h:64

The firstchildp will then be deleted later using delete
void discard(cObject *object)
{if(object->storage()=='D') delete object; else object->setOwner(NULL);}

(gdb) where
#0 operator delete (p=0x811e618) at libs/cmdenv/heap.cc:364
#1 0x0804cbc4 in EtherAppResp::~EtherAppResp (this=0x811e618, __in_chrg=) at EtherApp_m.cc:201
#2 0x080a77f4 in cObject::discard (this=0x811e978, object=0x811e618) at omnet_include/cobject.h:205
#3 0x080cdda2 in cObject::~cObject (this=0x811e978, __in_chrg=) at libs/sim/cobject.cc:96
#4 0x080a878d in cMessage::~cMessage (this=0x811e978, __in_chrg=) at libs/sim/cmessage.cc:74
#5 0x08050f8c in EtherFrame::~EtherFrame (this=0x811e978, __in_chrg=) at EtherFrame_m.cc:29
#6 0x08051f4c in EtherFrameWithLLC::~EtherFrameWithLLC (this=0x811e978, __in_chrg=) at EtherFrame_m.cc:384
#7 0x0805c0a4 in EtherMAC::handleEndTxPeriod (this=0x8118cf8) at EtherMAC.cc:686
#8 0x0805b061 in EtherMAC::handleMessage (this=0x8118cf8, msg=0x811bf00) at EtherMAC.cc:360

That's how the mismatch happens.

It seems cObject only implemented new(size_t m), which calls to system new[], which calls to new(size_t m) at heap.cc.
while it does not implement delete, so any object delete calls to system delete, which calls to delete at heap.cc.

It seems that the system new[] will simply convert new[m] to new(size_t m).

0xf7f870a0 <_Znaj>: push %ebp
0xf7f870a1 <_Znaj+1>: mov %esp,%ebp
0xf7f870a3 <_Znaj+3>: push %ebx
0xf7f870a4 <_Znaj+4>: call 0xf7f102e7
0xf7f870a9 <_Znaj+9>: add $0x2ef4b,%ebx
0xf7f870af <_Znaj+15>: sub $0x14,%esp
0xf7f870b2 <_Znaj+18>: mov 0x8(%ebp),%eax
0xf7f870b5 <_Znaj+21>: mov %eax,(%esp)
0xf7f870b8 <_Znaj+24>: call 0xf7f0ff0c _Znwj@plt
=> 0xf7f870bd <_Znaj+29>: add $0x14,%esp
0xf7f870c0 <_Znaj+32>: pop %ebx
0xf7f870c1 <_Znaj+33>: pop %ebp
0xf7f870c2 <_Znaj+34>: ret

Similarly, the detele[] p will calls to delete p directly

(gdb) x/20i _ZdaPv
0xf7f84ad0 <_ZdaPv>: push %ebp
0xf7f84ad1 <_ZdaPv+1>: mov %esp,%ebp
0xf7f84ad3 <_ZdaPv+3>: push %ebx
0xf7f84ad4 <_ZdaPv+4>: call 0xf7f102e7
0xf7f84ad9 <_ZdaPv+9>: add $0x3151b,%ebx
0xf7f84adf <_ZdaPv+15>: sub $0x14,%esp
0xf7f84ae2 <_ZdaPv+18>: mov 0x8(%ebp),%eax
0xf7f84ae5 <_ZdaPv+21>: mov %eax,(%esp)
0xf7f84ae8 <_ZdaPv+24>: call 0xf7f0e5fc _ZdlPv@plt
0xf7f84aed <_ZdaPv+29>: add $0x14,%esp
0xf7f84af0 <_ZdaPv+32>: pop %ebx
0xf7f84af1 <_ZdaPv+33>: pop %ebp
0xf7f84af2 <_ZdaPv+34>: ret

@derekbruening
Copy link
Contributor Author

From zhao...@google.com on April 12, 2012 14:48:37

After analysis, it is real mismatch.

Status: WontFix

@derekbruening
Copy link
Contributor Author

From bruen...@google.com on April 12, 2012 17:01:25

Status: NotABug
Labels: ThirdParty-Bug

@derekbruening derekbruening mentioned this issue Nov 28, 2014
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Migrated OpSys-Linux Priority-Medium ThirdParty-Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derekbruening