This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug libstdc++/52604] New: mt allocator crashes on multi-threaded
- From: "laurent.alfonsi at st dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Fri, 16 Mar 2012 15:23:52 +0000
- Subject: [Bug libstdc++/52604] New: mt allocator crashes on multi-threaded
- Auto-submitted: auto-generated
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52604
Bug #: 52604
Summary: mt allocator crashes on multi-threaded
Classification: Unclassified
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: laurent.alfonsi@st.com
Created attachment 26904
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=26904
Testcase to reproduce
There's a problem with mt_allocator when using multi-threads.
see example attached (g++ -lpthread).
At exit time,
- the __freelist destructor is called.
which does a __gthread_key_delete(_M_key).
- and then afterwards, the std::list<> destructor is called.
This finally have for effect to use that thread key with gthread_setspecific.
Valgrind reports :
=================================
==5212== Invalid read of size 8
==5212== at 0x4CA009D: __gnu_cxx::__pool<true>::_M_get_thread_id() (in
../gcc-4.6.3/lib64/libstdc++.so.6.0.16)
==5212== by 0x4CA0173: __gnu_cxx::__pool<true>::_M_reclaim_block(char*,
unsigned long) (in ../gcc-4.6.3/lib64/libstdc++.so.6.0.16)
==5212== by 0x401989: __gnu_cxx::__mt_alloc<std::_List_node<std::string>,
__gnu_cxx::__common_pool_policy<__gnu_cxx::__pool, true>
>::deallocate(std::_List_node<std::string>*, unsigned long) (in /tmp/a.out)
==5212== by 0x401847: std::_List_base<std::string,
__gnu_cxx::__mt_alloc<std::string,
__gnu_cxx::__common_pool_policy<__gnu_cxx::__pool, true> >
>::_M_put_node(std::_List_node<std::string>*) (in /tmp/a.out)
==5212== by 0x40168C: std::_List_base<std::string,
__gnu_cxx::__mt_alloc<std::string,
__gnu_cxx::__common_pool_policy<__gnu_cxx::__pool, true> > >::_M_clear() (in
/tmp/a.out)
==5212== by 0x40151A: std::_List_base<std::string,
__gnu_cxx::__mt_alloc<std::string,
__gnu_cxx::__common_pool_policy<__gnu_cxx::__pool, true> > >::~_List_base() (in
/tmp/a.out)
==5212== by 0x401BB1: std::list<std::string,
__gnu_cxx::__mt_alloc<std::string,
__gnu_cxx::__common_pool_policy<__gnu_cxx::__pool, true> > >::~list() (in
/tmp/a.out)
==5212== by 0x3814E30C94: exit (in /lib64/tls/libc-2.3.4.so)
==5212== by 0x3814E1C411: (below main) (in /lib64/tls/libc-2.3.4.so)
==5212== Address 0x5b5ce88 is 24 bytes inside a block of size 65,536 free'd
==5212== at 0x4A077EC: operator delete(void*) (vg_replace_malloc.c:457)
==5212== by 0x3814E30C94: exit (in /lib64/tls/libc-2.3.4.so)
==5212== by 0x3814E1C411: (below main) (in /lib64/tls/libc-2.3.4.so)
=================================
I ve seen a quite close bug report
(http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22309), that is already fixed in
4.0.0.
This apparently leaded to re-write a part of mt_allocate (Jakub Jelinek). But
this was not sufficient for the current bug report i m reporting.
Thanks in advance.
Laurent Alfonsi