malloc bug

jschopp jschopp@austin.ibm.com
Wed Mar 28 23:35:00 GMT 2007 

A user of newlib 1.15 malloc() on cell seems to have stumbled across a malloc() bug. 
Since malloc is generic across architectures I don't think this is just a cell bug, but 
it's quite a bit more noticeable on cell since we only have 256K of total memory.

Basically allocating and then freeing before the following alloc fails in this sequence:
Allocated 131072 bytes at 0x2eb0
Allocated 16384 bytes at 0x2eb0
Allocated 32768 bytes at 0x2eb0
Allocated 65536 bytes at 0x2eb0
Allocated 131072 bytes at (nil)

But succeeds in this sequence:

Allocated 131072 bytes at 0x2eb0
Allocated 16384 bytes at 0x2eb0
Allocated 65536 bytes at 0x2eb0
Allocated 131072 bytes at 0x2eb0

and if you add an allocation without freeing it to the first sequence just after the first 
alloc but before the first free it works:

Allocated 131072 bytes at 0x2f30
Allocated 16384 bytes before freeing previous allocation, and never freed at 0x22f40
Allocated 16384 bytes at 0x2f30
Allocated 32768 bytes at 0x2f30
Allocated 65536 bytes at 0x2f30
Allocated 131072 bytes at 0x2f30

Anybody got any ideas off the top of their heads before I go spend a week debugging this?

Code for third sequence below, trivial to rearrange to get other 2 sequences:

#include <stdio.h>
#include <stdlib.h>

int main(unsigned long long id)
{
  printf("Hello Cell (0x%llx)\n", id);

  /* Initial trial */
  int block_size;
  void* mem;
  void* mem2;

  block_size = 128*1024;
  mem = malloc(block_size);
  printf("Allocated %d bytes at %p\n", block_size, mem);
  mem2 = malloc(16*1024);
  printf("Allocated %d bytes before freeing previous allocation, and never freed at %p\n", 
16*1024, mem2);

  free(mem);

  block_size = 16*1024;
  mem = malloc(block_size);
  printf("Allocated %d bytes at %p\n", block_size, mem);
  free(mem);

  block_size = 32*1024;
  mem = malloc(block_size);
  printf("Allocated %d bytes at %p\n", block_size, mem);
  free(mem);

  block_size = 64*1024;
  mem = malloc(block_size);
  printf("Allocated %d bytes at %p\n", block_size, mem);
  free(mem);

  block_size = 128*1024;
  mem = malloc(block_size);
  printf("Allocated %d bytes at %p\n", block_size, mem);

  return 0;
}

More information about the Newlib mailing list