Roland Mainz
2013-05-28 09:48:00 UTC
Hi!
----
The following example...
-- snip --
function _assert
{
integer line=$1
shift
print -u2 -f "ASSERT line=${line}: %q\n" "$@"
# exit 1
}
alias _assert='_assert $LINENO'
# stack of objects
typeset -T objstack_t=(
compound -a st
integer st_n=0
# push an object
# argument is the name of a variable which will
# be moved into the stack space
function pushobj
{
nameref obj=$1
typeset -m "_.st[$((_.st_n++))].obj=obj"
}
# print absolute variable name of object in head
function printhead
{
printf '%s%s\n' "${!_}" ".st[${_.st_n}].obj"
}
# pop an object and return it to the location
# specified by the variable name passed in
function popobj
{
nameref obj=$1
typeset -m "obj=_.st[$((--_.st_n))].obj"
# "obj" should be removed from _.st[_.st_n] by
# now... complain if there are any "leftovers"
s="$(typeset -p _.st[_.st_n].obj)"
[[ "$s" == '' ]] || \
_assert "_.st[_.st_n].obj == \"$s\""
# remove empty array node which was created
# when "pushobj" moved the obj into the array
[[ "$(typeset -p _.st[_.st_n])" != '' ]] || \
_assert "_.st[_.st_n] is gone"
# unset _.st[_.st_n]
}
)
function main
{
compound c
objstack_t c.ost
# push some objects
compound foo=( integer val=5 )
c.ost.pushobj foo
# create, fill and push another stack object
compound sc
objstack_t sc.s
compound c1=( integer a=1 )
compound c2=( integer a=2 )
sc.s.pushobj c1
sc.s.pushobj c2
c.ost.pushobj sc
print -v c
return 0
}
set -o nounset
main
-- snip --
... triggers the following valgrind hits (note that valgrind needs to
be patched as described in
http://lists.research.att.com/pipermail/ast-developers/2013q2/002574.html
("[ast-developers] valgrind 3.8.1 patch to recognise libast
allocator...")) with ast-ksh.2013-05-24...
-- snip --
==32239== Invalid read of size 1
==32239== at 0x4C2EA49: bcmp (mc_replace_strmem.c:930)
==32239== by 0x45CD7A: nextnode (nvtree.c:282)
==32239== by 0x45CE9C: nv_dirnext (nvtree.c:313)
==32239== by 0x45FE1D: walk_tree (nvtree.c:1130)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== Address 0x5970228 is 72 bytes inside a block of size 75 free'd
==32239== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==32239== by 0x45FD53: walk_tree (nvtree.c:1155)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== by 0x481912: sh_funct (xec.c:3376)
==32239==
==32239== Invalid read of size 1
==32239== at 0x4C2EA60: bcmp (mc_replace_strmem.c:930)
==32239== by 0x45CD7A: nextnode (nvtree.c:282)
==32239== by 0x45CE9C: nv_dirnext (nvtree.c:313)
==32239== by 0x45FE1D: walk_tree (nvtree.c:1130)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== Address 0x5970229 is 73 bytes inside a block of size 75 free'd
==32239== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==32239== by 0x45FD53: walk_tree (nvtree.c:1155)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== by 0x481912: sh_funct (xec.c:3376)
==32239==
==32239== Invalid read of size 1
==32239== at 0x4C2EA4C: bcmp (mc_replace_strmem.c:930)
==32239== by 0x45D02B: nv_dirnext (nvtree.c:347)
==32239== by 0x45FE1D: walk_tree (nvtree.c:1130)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== Address 0x5970228 is 72 bytes inside a block of size 75 free'd
==32239== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==32239== by 0x45FD53: walk_tree (nvtree.c:1155)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== by 0x481912: sh_funct (xec.c:3376)
==32239==
==32239== Invalid read of size 1
==32239== at 0x4C2EA66: bcmp (mc_replace_strmem.c:930)
==32239== by 0x45D02B: nv_dirnext (nvtree.c:347)
==32239== by 0x45FE1D: walk_tree (nvtree.c:1130)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== Address 0x5970229 is 73 bytes inside a block of size 75 free'd
==32239== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==32239== by 0x45FD53: walk_tree (nvtree.c:1155)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== by 0x481912: sh_funct (xec.c:3376)
==32239==
(
objstack_t ost=(
typeset -l -i st_n=2
st[0]=(
typeset -C obj=(
typeset -l -i val=5
)
)
st[1]=(
typeset -C obj=(
objstack_t s=(
typeset -l -i st_n=2
st[0]=(
typeset -C obj=(
typeset -l -i a=1
)
)
st[1]=(
typeset -C obj=(
typeset -l -i a=2
)
)
)
)
)
)
)
-- snip --
This seems to be an issue of "read access after |free()| was called" ...
----
Bye,
Roland
----
The following example...
-- snip --
function _assert
{
integer line=$1
shift
print -u2 -f "ASSERT line=${line}: %q\n" "$@"
# exit 1
}
alias _assert='_assert $LINENO'
# stack of objects
typeset -T objstack_t=(
compound -a st
integer st_n=0
# push an object
# argument is the name of a variable which will
# be moved into the stack space
function pushobj
{
nameref obj=$1
typeset -m "_.st[$((_.st_n++))].obj=obj"
}
# print absolute variable name of object in head
function printhead
{
printf '%s%s\n' "${!_}" ".st[${_.st_n}].obj"
}
# pop an object and return it to the location
# specified by the variable name passed in
function popobj
{
nameref obj=$1
typeset -m "obj=_.st[$((--_.st_n))].obj"
# "obj" should be removed from _.st[_.st_n] by
# now... complain if there are any "leftovers"
s="$(typeset -p _.st[_.st_n].obj)"
[[ "$s" == '' ]] || \
_assert "_.st[_.st_n].obj == \"$s\""
# remove empty array node which was created
# when "pushobj" moved the obj into the array
[[ "$(typeset -p _.st[_.st_n])" != '' ]] || \
_assert "_.st[_.st_n] is gone"
# unset _.st[_.st_n]
}
)
function main
{
compound c
objstack_t c.ost
# push some objects
compound foo=( integer val=5 )
c.ost.pushobj foo
# create, fill and push another stack object
compound sc
objstack_t sc.s
compound c1=( integer a=1 )
compound c2=( integer a=2 )
sc.s.pushobj c1
sc.s.pushobj c2
c.ost.pushobj sc
print -v c
return 0
}
set -o nounset
main
-- snip --
... triggers the following valgrind hits (note that valgrind needs to
be patched as described in
http://lists.research.att.com/pipermail/ast-developers/2013q2/002574.html
("[ast-developers] valgrind 3.8.1 patch to recognise libast
allocator...")) with ast-ksh.2013-05-24...
-- snip --
==32239== Invalid read of size 1
==32239== at 0x4C2EA49: bcmp (mc_replace_strmem.c:930)
==32239== by 0x45CD7A: nextnode (nvtree.c:282)
==32239== by 0x45CE9C: nv_dirnext (nvtree.c:313)
==32239== by 0x45FE1D: walk_tree (nvtree.c:1130)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== Address 0x5970228 is 72 bytes inside a block of size 75 free'd
==32239== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==32239== by 0x45FD53: walk_tree (nvtree.c:1155)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== by 0x481912: sh_funct (xec.c:3376)
==32239==
==32239== Invalid read of size 1
==32239== at 0x4C2EA60: bcmp (mc_replace_strmem.c:930)
==32239== by 0x45CD7A: nextnode (nvtree.c:282)
==32239== by 0x45CE9C: nv_dirnext (nvtree.c:313)
==32239== by 0x45FE1D: walk_tree (nvtree.c:1130)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== Address 0x5970229 is 73 bytes inside a block of size 75 free'd
==32239== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==32239== by 0x45FD53: walk_tree (nvtree.c:1155)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== by 0x481912: sh_funct (xec.c:3376)
==32239==
==32239== Invalid read of size 1
==32239== at 0x4C2EA4C: bcmp (mc_replace_strmem.c:930)
==32239== by 0x45D02B: nv_dirnext (nvtree.c:347)
==32239== by 0x45FE1D: walk_tree (nvtree.c:1130)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== Address 0x5970228 is 72 bytes inside a block of size 75 free'd
==32239== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==32239== by 0x45FD53: walk_tree (nvtree.c:1155)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== by 0x481912: sh_funct (xec.c:3376)
==32239==
==32239== Invalid read of size 1
==32239== at 0x4C2EA66: bcmp (mc_replace_strmem.c:930)
==32239== by 0x45D02B: nv_dirnext (nvtree.c:347)
==32239== by 0x45FE1D: walk_tree (nvtree.c:1130)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== Address 0x5970229 is 73 bytes inside a block of size 75 free'd
==32239== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==32239== by 0x45FD53: walk_tree (nvtree.c:1155)
==32239== by 0x45C466: clone_tree (nvtree.c:94)
==32239== by 0x411DDE: clone_all_disc (nvdisc.c:893)
==32239== by 0x412019: nv_clone (nvdisc.c:944)
==32239== by 0x45AF63: nv_rename (name.c:3370)
==32239== by 0x4A17D4: setall (typeset.c:725)
==32239== by 0x4A072D: b_typeset (typeset.c:458)
==32239== by 0x47A915: sh_exec (xec.c:1357)
==32239== by 0x47D9A2: sh_exec (xec.c:2222)
==32239== by 0x483765: sh_funscope_20120720 (xec.c:4067)
==32239== by 0x481912: sh_funct (xec.c:3376)
==32239==
(
objstack_t ost=(
typeset -l -i st_n=2
st[0]=(
typeset -C obj=(
typeset -l -i val=5
)
)
st[1]=(
typeset -C obj=(
objstack_t s=(
typeset -l -i st_n=2
st[0]=(
typeset -C obj=(
typeset -l -i a=1
)
)
st[1]=(
typeset -C obj=(
typeset -l -i a=2
)
)
)
)
)
)
)
-- snip --
This seems to be an issue of "read access after |free()| was called" ...
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)