Bugs item #2960781, was opened at 2010-02-28 19:15 Message generated for change (Comment added) made by stmane You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=482468&aid=2960781&group_id=56967
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: MonetDB5 "candidate" Status: Open Resolution: None Priority: 5 Private: No Submitted By: Stefan Manegold (stmane) Assigned to: Martin Kersten (mlkersten) Summary: M5: potiential SEGFAULTs in mal_interpreter Initial Comment: As far as I can see, global static variable "hottop" in MonetDB5/src/mal/mal_interpreter.mx is never initialized, nor is there any check that, in particular with the increment in updMemoryUsed(), it does not exceed MAXHOT. Either can (and does) lead to SEGFAULTs: (while running TPCH SF-100 with a debug build from http://monetdb.cwi.nl/downloads/sources/Feb2010/MonetDB-Feb2010-SuperBall.tar.bz2) Program terminated with signal 11, Segmentation fault. #0 0x000000000097d6ee in updMemoryUsedPart (stk=0x7f3a467e3858, pci=0x7f3f5edc3fa8, start=0, stop=1, argclaim=-1) at mal_interpreter.c:6778 6778 if ( hotpotatoes[j].bid != ABS(bid)) Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-3.fc10.x86_64 cyrus-sasl-lib-2.1.22-19.fc10.x86_64 e2fsprogs-libs-1.41.4-6.fc10.x86_64 glibc-2.9-3.x86_64 keyutils-libs-1.2-3.fc9.x86_64 krb5-libs-1.6.3-18.fc10.x86_64 libcurl-7.19.6-2.fc10.x86_64 libidn-0.6.14-8.x86_64 libselinux-2.0.78-1.fc10.x86_64 libssh2-0.18-7.fc9.x86_64 libxml2-2.7.6-1.fc10.x86_64 libxslt-1.1.26-1.fc10.x86_64 ncurses-libs-5.6-20.20080927.fc10.x86_64 nspr-4.7.6-1.fc10.1.x86_64 nss-3.12.3.99.3-2.10.6.fc10.x86_64 openldap-2.4.12-1.fc10.x86_64 openssl-0.9.8g-14.fc10.x86_64 pcre-7.8-1.fc10.x86_64 raptor-1.4.18-5.fc10.x86_64 readline-5.2-13.fc9.x86_64 zlib-1.2.3-18.fc9.x86_64 (gdb) li 6773 } 6774 for ( i = start; i< stop; i++) 6775 if (stk->stk[getArg(pci,i)].vtype == TYPE_bat && (bid = stk->stk[getArg(pci,i)].val.bval) && bid) 6776 { 6777 for ( h = j= 0; j< hottop; j++) 6778 if ( hotpotatoes[j].bid != ABS(bid)) 6779 hotpotatoes[h++]= hotpotatoes[j]; 6780 else{ 6781 #ifdef DEBUG_MEMORY_CLAIM 6782 if ( hotpotatoes[j].claim){ (gdb) print hottop $1 = 600037897 (gdb) print j $2 = 44184 (gdb) print h $3 = 44184 (gdb) print hotpotatoes[j] Cannot access memory at address 0xc83000 (gdb) print hotpotatoes $4 = {{claim = 0, bid = 0} <repeats 11 times>, {claim = 600037896, bid = 1334}, {claim = 600037896, bid = 1278}, {claim = 600037896, bid = 1359}, {claim = 600037944, bid = 1377}, {claim = 600037896, bid = 1275}} (gdb) print hotpotatoes[0] $5 = {claim = 0, bid = 0} (gdb) print hotpotatoes[15] $6 = {claim = 600037896, bid = 1275} (gdb) print hotpotatoes[16] $7 = {claim = 600037897, bid = 1413} (gdb) print hotpotatoes[17] $8 = {claim = 0, bid = 0} (gdb) print hotpotatoes[100] $9 = {claim = 0, bid = 0} (gdb) print hotpotatoes[1000] $10 = {claim = 0, bid = 0} (gdb) print hotpotatoes[10000] $11 = {claim = 0, bid = 0} (gdb) print hotpotatoes[100000] Cannot access memory at address 0xd5d080 (gdb) ---------------------------------------------------------------------- >Comment By: Stefan Manegold (stmane) Date: 2010-03-01 09:28 Message: I check in an initialization of hottop to 0 as follows. Is that OK? Index: MonetDB5/src/mal/mal_interpreter.mx =================================================================== RCS file: /cvsroot/monetdb/MonetDB5/src/mal/mal_interpreter.mx,v retrieving revision 1.337.2.33 retrieving revision 1.337.2.34 diff -u -r1.337.2.33 -r1.337.2.34 --- MonetDB5/src/mal/mal_interpreter.mx 28 Feb 2010 18:49:24 -0000 1.337.2.33 +++ MonetDB5/src/mal/mal_interpreter.mx 1 Mar 2010 08:27:04 -0000 1.337.2.34 @@ -89,7 +89,7 @@ lng claim; /* actual claim on memory*/ int bid; } hotpotatoes[MAXHOT]; -static int hottop; +static int hottop = 0; @- The struct alignment leads to 40% gain in simple instructions when set. @c ---------------------------------------------------------------------- Comment By: Stefan Manegold (stmane) Date: 2010-02-28 20:16 Message: Thanks. What would be a proper initial value for hottop? 0, I guess? ---------------------------------------------------------------------- Comment By: Martin Kersten (mlkersten) Date: 2010-02-28 19:50 Message: Indeed. It missed the point that an instruction could return multiple results, which could bypass the limit without noticing. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=482468&aid=2960781&group_id=56967 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Monetdb-bugs mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/monetdb-bugs
