#13731: Fix libsingular memory management
---------------------------+------------------------------------------------
Reporter: nbruin | Owner: rlm
Type: defect | Status: new
Priority: major | Milestone: sage-5.6
Component: memleak | Resolution:
Keywords: | Work issues:
Report Upstream: N/A | Reviewers:
Authors: | Merged in:
Dependencies: | Stopgaps:
---------------------------+------------------------------------------------
Comment (by nbruin):
OK, making the changes outlined above do make
{{{
./sage -t devel/sage/sage/libs/singular/function.pyx
}}}
pass with `MALLOC_CHECK_=3`. So: yes, `singular-malloc` found a real issue
in the singular code (please report upstream!).
Bugs like this *could* trip up singular on architectures that have default
4-byte alignment and `sizeof(long) = 8`. From `omTables.c` we see that
bins that have a length that are not a multiple of 8 are used in that
case:
{{{
#ifdef OM_ALIGN_8
size_t om_BinSize [SIZEOF_OM_BIN_PAGE / MIN_BIN_BLOCKS] =
{ 8, 16, 24, 32,
40, 48, 56, 64, 72,
80, 96, 112, 128, 144,
160, 192, 224,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR*9)) / 8)*8,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR*6)) / 8)*8,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR*4)) / 8)*8,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR*2)) / 8)*8,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR)) / 8)*8,
OM_MAX_BLOCK_SIZE};
#else /* ! OM_ALIGN_8 */
size_t om_BinSize [SIZEOF_OM_BIN_PAGE / MIN_BIN_BLOCKS] =
{ 8, 12, 16, 20,
24, 28, 32,
40, 48, 56, 64,
80, 96, 112, 128,
160, 192, 224,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR*9)) /
SIZEOF_STRICT_ALIGNMENT)*SIZEOF_STRICT_ALIGNMENT,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR*6)) /
SIZEOF_STRICT_ALIGNMENT)*SIZEOF_STRICT_ALIGNMENT,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR*4)) /
SIZEOF_STRICT_ALIGNMENT)*SIZEOF_STRICT_ALIGNMENT,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR*2)) /
SIZEOF_STRICT_ALIGNMENT)*SIZEOF_STRICT_ALIGNMENT,
((SIZEOF_OM_BIN_PAGE / (MIN_BIN_BLOCKS + INCR_FACTOR)) /
SIZEOF_STRICT_ALIGNMENT)*SIZEOF_STRICT_ALIGNMENT,
OM_MAX_BLOCK_SIZE};
#endif /* OM_ALIGN_8 */
}}}
Running the same file with valgrind does give a couple of reports of the
form:
{{{
==30816== Conditional jump or move depends on uninitialised value(s)
==30816== at 0x26942A01: hGetmem(int, int**, monrec*) (hutil.cc:1026)
==30816== by 0x26940296: hHilbStep(int*, int**, int, int*, int, int*,
int) (hilb.cc:142)
==30816== by 0x2694047C: hHilbStep(int*, int**, int, int*, int, int*,
int) (hilb.cc:186)
==30816== by 0x26940AEB: hSeries(sip_sideal*, intvec*, int, intvec*,
sip_sideal*, sip_sring*) (hilb.cc:285)
==30816== by 0x26A62E0D: khCheck(sip_sideal*, intvec*, intvec*, int&,
int&, skStrategy*) (khstd.cc:75)
==30816== by 0x2697EE07: bba(sip_sideal*, sip_sideal*, intvec*,
intvec*, skStrategy*) (kstd2.cc:1214)
==30816== by 0x26973F5A: kStd(sip_sideal*, sip_sideal*, tHomog,
intvec**, intvec*, int, int, intvec*) (kstd1.cc:1819)
==30816== by 0x268B3B27: jjSTD_HILB(sleftv*, sleftv*, sleftv*)
(iparith.cc:3321)
}}}
and also (and this one seems to be what `ElectricFence` trips on):
{{{
==30816== Invalid read of size 8
==30816== at 0x26B8B3F2: List<CanonicalForm>::isEmpty() const
(ftmpl_list.cc:256)
==30816== by 0x26AFA34F: multiFactorize(CanonicalForm const&, Variable
const&) (facFactorize.cc:710)
==30816== by 0x26A95E9C: ratFactorize(CanonicalForm const&, Variable
const&, bool) (facFactorize.h:45)
==30816== by 0x26A9303B: factorize(CanonicalForm const&, bool)
(cf_factor.cc:651)
==30816== by 0x26935B43: singclap_factorize(spolyrec*, intvec**, int)
(clapsing.cc:835)
==30816== by 0x268B0D4F: jjFAC_P(sleftv*, sleftv*) (iparith.cc:3995)
==30816== by 0x268B9C41: iiExprArith1(sleftv*, sleftv*, int)
(iparith.cc:7869)
==30816== by 0x270C9F54:
__pyx_f_4sage_4libs_8singular_8function_17KernelCallHandler_handle_call(__pyx_obj_4sage_4libs_8singular_8function_KernelCallHandler*,
__pyx_obj_4sage_4libs_8singular_8function_Converter*,
__pyx_opt_args_4sage_4libs_8singular_8function_17KernelCallHandler_handle_call*)
(function.cpp:11286)
...
==30816== Address 0x40c08620 is 0 bytes after a block of size 32 alloc'd
==30816== at 0x4A06A97: operator new[](unsigned long)
(vg_replace_malloc.c:363)
==30816== by 0x26AFA10B: multiFactorize(CanonicalForm const&, Variable
const&) (facFactorize.cc:688)
==30816== by 0x26A95E9C: ratFactorize(CanonicalForm const&, Variable
const&, bool) (facFactorize.h:45)
==30816== by 0x26A9303B: factorize(CanonicalForm const&, bool)
(cf_factor.cc:651)
==30816== by 0x26935B43: singclap_factorize(spolyrec*, intvec**, int)
(clapsing.cc:835)
==30816== by 0x268B0D4F: jjFAC_P(sleftv*, sleftv*) (iparith.cc:3995)
==30816== by 0x268B9C41: iiExprArith1(sleftv*, sleftv*, int)
(iparith.cc:7869)
==30816== by 0x270C9F54:
__pyx_f_4sage_4libs_8singular_8function_17KernelCallHandler_handle_call(__pyx_obj_4sage_4libs_8singular_8function_KernelCallHandler*,
__pyx_obj_4sage_4libs_8singular_8function_Converter*,
__pyx_opt_args_4sage_4libs_8singular_8function_17KernelCallHandler_handle_call*)
(function.cpp:11286)
}}}
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13731#comment:32>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
