This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

malloc bug

From: jschopp <jschopp at austin dot ibm dot com>
To: newlib at sources dot redhat dot com
Cc: Sean Starke <sstarke at us dot ibm dot com>
Date: Wed, 28 Mar 2007 15:41:55 -0500
Subject: malloc bug

A user of newlib 1.15 malloc() on cell seems to have stumbled across a malloc() bug. Since malloc is generic across architectures I don't think this is just a cell bug, but it's quite a bit more noticeable on cell since we only have 256K of total memory.

Basically allocating and then freeing before the following alloc fails in this sequence:
Allocated 131072 bytes at 0x2eb0
Allocated 16384 bytes at 0x2eb0
Allocated 32768 bytes at 0x2eb0
Allocated 65536 bytes at 0x2eb0
Allocated 131072 bytes at (nil)

But succeeds in this sequence:

Allocated 131072 bytes at 0x2eb0
Allocated 16384 bytes at 0x2eb0
Allocated 65536 bytes at 0x2eb0
Allocated 131072 bytes at 0x2eb0

and if you add an allocation without freeing it to the first sequence just after the first alloc but before the first free it works:

Allocated 131072 bytes at 0x2f30
Allocated 16384 bytes before freeing previous allocation, and never freed at 0x22f40
Allocated 16384 bytes at 0x2f30
Allocated 32768 bytes at 0x2f30
Allocated 65536 bytes at 0x2f30
Allocated 131072 bytes at 0x2f30

Anybody got any ideas off the top of their heads before I go spend a week debugging this?

Code for third sequence below, trivial to rearrange to get other 2 sequences:

#include <stdio.h>
#include <stdlib.h>

int main(unsigned long long id)
{
 printf("Hello Cell (0x%llx)\n", id);

 /* Initial trial */
 int block_size;
 void* mem;
 void* mem2;

block_size = 128*1024; mem = malloc(block_size); printf("Allocated %d bytes at %p\n", block_size, mem); mem2 = malloc(16*1024); printf("Allocated %d bytes before freeing previous allocation, and never freed at %p\n", 16*1024, mem2);

free(mem);

 block_size = 16*1024;
 mem = malloc(block_size);
 printf("Allocated %d bytes at %p\n", block_size, mem);
 free(mem);

 block_size = 32*1024;
 mem = malloc(block_size);
 printf("Allocated %d bytes at %p\n", block_size, mem);
 free(mem);

 block_size = 64*1024;
 mem = malloc(block_size);
 printf("Allocated %d bytes at %p\n", block_size, mem);
 free(mem);

 block_size = 128*1024;
 mem = malloc(block_size);
 printf("Allocated %d bytes at %p\n", block_size, mem);

 return 0;
}

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]