我在调试valgrind错误方面相对较新,这个让我感到难过:
==1920== Invalid write of size 1
==1920== at 0x4C2ECC7: strcpy (/builddir/build/BUILD/valgrind-3.11.0/memcheck/../shared/vg_replace_strmem.c:506)
==1920== by 0x1D533B57: CSR_bullet (packages/tests-vg/vetr/src/cstringr.c:448)
... redacted (see end for full error)
==1920== Address 0x1bd1be1f is 5,599 bytes inside a block of size 7,960 alloc'd
==1920== at 0x4C2BBAD: malloc (/builddir/build/BUILD/valgrind-3.11.0/coregrind/m_replacemalloc/vg_replace_malloc.c:299)
==1920== by 0x4F3D3E: GetNewPage (svn/R-devel/src/main/memory.c:879)
... redacted (see end for full error)
请注意, 1 字节内部 已分配块。我已经看到类似的错误,包括写入之后,之前或之后写入自由块,甚至写入写入大小大于块的地址 - 地址(因此溢出),但我找不到像这个。
这发生在R CRAN check farm的this line of code。
我无法在OSX或Linux VM上使用valgrind在本地重现错误。
除此之外,错误对我来说没有意义。为什么我不能在分配的块中间写1个字节?这一切都在R里面运行,所以我猜有问题的分配是由程序的一个不同部分做出的,并且它是以某种方式保留的(一个可能的提示,即我发生的请求是从R请求的分配少于60错误显示时的字节数),但我不知道这是否是valgrind无论如何都能检测到的。
完整错误:
==1920== Invalid write of size 1
==1920== at 0x4C2ECC7: strcpy (/builddir/build/BUILD/valgrind-3.11.0/memcheck/../shared/vg_replace_strmem.c:506)
==1920== by 0x1D533B57: CSR_bullet (packages/tests-vg/vetr/src/cstringr.c:448)
==1920== by 0x1D53317D: CSR_bullet_ext (packages/tests-vg/vetr/src/cstringr-ext.c:107)
==1920== by 0x4852BD: do_dotcall (svn/R-devel/src/main/dotcode.c:1252)
==1920== by 0x4C274D: Rf_eval (svn/R-devel/src/main/eval.c:728)
==1920== by 0x4C3AB5: R_execClosure (svn/R-devel/src/main/eval.c:1617)
==1920== by 0x4C2391: Rf_eval (svn/R-devel/src/main/eval.c:747)
==1920== by 0x4C29E0: forcePromise (svn/R-devel/src/main/eval.c:520)
==1920== by 0x4C27A1: Rf_eval (svn/R-devel/src/main/eval.c:647)
==1920== by 0x4C7746: do_withVisible (svn/R-devel/src/main/eval.c:2998)
==1920== by 0x4F7104: do_internal (svn/R-devel/src/main/names.c:1363)
==1920== by 0x4B553B: bcEval (svn/R-devel/src/main/eval.c:6503)
==1920== Address 0x1bd1be1f is 5,599 bytes inside a block of size 7,960 alloc'd
==1920== at 0x4C2BBAD: malloc (/builddir/build/BUILD/valgrind-3.11.0/coregrind/m_replacemalloc/vg_replace_malloc.c:299)
==1920== by 0x4F3D3E: GetNewPage (svn/R-devel/src/main/memory.c:879)
==1920== by 0x4F5814: Rf_allocVector3 (svn/R-devel/src/main/memory.c:2659)
==1920== by 0x4CAEAF: Rf_allocVector (svn/R-devel/src/include/Rinlinedfuns.h:247)
==1920== by 0x4CAEAF: do_growconst (svn/R-devel/src/main/eval.c:7490)
==1920== by 0x4B64BD: bcEval (svn/R-devel/src/main/eval.c:6483)
==1920== by 0x4C2207: Rf_eval (svn/R-devel/src/main/eval.c:624)
==1920== by 0x4C3AB5: R_execClosure (svn/R-devel/src/main/eval.c:1617)
==1920== by 0x4BAE13: bcEval (svn/R-devel/src/main/eval.c:6454)
==1920== by 0x4C2207: Rf_eval (svn/R-devel/src/main/eval.c:624)
==1920== by 0x4C3AB5: R_execClosure (svn/R-devel/src/main/eval.c:1617)
==1920== by 0x4BAE13: bcEval (svn/R-devel/src/main/eval.c:6454)
==1920== by 0x4C2207: Rf_eval (svn/R-devel/src/main/eval.c:624)
答案 0 :(得分:1)
使用内存池时可能会发生此类错误。
通常,lib或应用程序(例如R)可以构建自己的分配器 通过获得大块例如从malloc,然后分配小块 从这些大块。 Valgrind有一些客户端请求允许描述这些块(大块或内层较小的块)及其分配。
使用此类客户端请求,您可能拥有malloc分配块的一部分 实际上标记为不可寻址。
查看堆栈跟踪条目:
== 1920 == by 0x4F3D3E:GetNewPage(svn / R-devel / src / main / memory.c:879)
上述解释看起来似乎有道理。
这可能表明R中某处存在真正的错误 和/或R分配器将其内存池描述为valgrind的方式