segmentation fault when access the pointer generated by mxMalloc written in C only in Ubuntu (works well in Windows)
1 view (last 30 days)
Show older comments
I am using a third party code library: BDAGL, there are incompatibility issues with the R2017b(the author only tested on R2007a).
Basically I am using two functions in this code:
- The first function (mkADTree) recursively creates tree nodes using mxMalloc, assigns values to the nodes' members and return the pointer of these nodes. This is the C code:
ADTreeNode *mkADTree( int nodeI, int count, int *records, int dp) {
int ni, nChildren;
ADTreeNode *node = (ADTreeNode *)MallocPool(sizeof(ADTreeNode), poolNo);
if (node)
{
printf("Assigned pointer value %d which is the start address of tree node \n", node);
}
else
{
printf("Empty pointer occurs when mkADTree \n");
}
node->count = count;
node->nChildren = nNodes - nodeI; /* not +1 since we're 0-indexed */
node->children = (void **)MallocPool(node->nChildren*sizeof(ADVaryNode*), poolNo);
/* base case -- nChildren==0 => nothing more to do on this branch */
for(ni=nodeI; ni<nNodes; ni++ ) {
node->children[ni-nodeI] = (void*)mkADVaryNode( ni, count, records, dp+1 );
}
printf("Returned pointer value %d \n", node);
return node;
}
The supportive functions and node structures:
#include "util.h"
#include "mex.h"
#include <memory.h>
#define WORDSIZE 4 /* Size of machine word in bytes. Must be power of 2. */
#define BLOCKSIZE 2048 /* Minimum number of bytes requested at a time from
the system. Must be multiple of WORDSIZE. 2048 is the original number*/
/* Pointers to base of current block for each storage pool (C automatically
initializes them to NULL). */
static char *PoolBase[POOLNUM];
/* Number of bytes left in current block for each storage pool (initialized
to 0). */
static int PoolRemain[POOLNUM];
/* Returns a pointer to a piece of new memory of the given size in bytes
allocated from a named pool.
*/
void *MallocPool(int size, int pool)
{
char *m, **prev;
int bsize;
/* Round size up to a multiple of wordsize. The following expression
only works for WORDSIZE that is a power of 2, by masking last bits of
incremented size to zero. */
size = (size + WORDSIZE - 1) & ~(WORDSIZE - 1);
/* Check whether new block must be allocated. Note that first word of
block is reserved for pointer to previous block. */
if (size > PoolRemain[pool]) {
bsize = (size + sizeof(char **) > BLOCKSIZE) ?
size + sizeof(char **) : BLOCKSIZE;
m = (char*) mxMalloc(bsize);
if (! m) printf("Failed to allocate memory\n");
else
mexMakeMemoryPersistent((void *)m);
PoolRemain[pool] = bsize - sizeof(void *);
/* Fill first word of new block with pointer to previous block. */
prev = (char **) m;
prev[0] = PoolBase[pool];
PoolBase[pool] = m;
}
/* Allocate new storage from end of the block. */
PoolRemain[pool] -= size;
return (PoolBase[pool] + sizeof(char **) + PoolRemain[pool]);
}
/* Free all storage that was previously allocated with MallocPool from
a particular named pool.
*/
void FreeStoragePool(int pool)
{
char *prev;
while (PoolBase[pool] != NULL) {
prev = *((char **) PoolBase[pool]); /* Get pointer to prev block. */
mxFree(PoolBase[pool]);
PoolBase[pool] = prev;
}
PoolRemain[pool] = 0;
}
In the header "util.h"
#ifndef __UTIL_H
#define __UTIL_H
#define POOLNUM 5 // 5 is the original
void *MallocPool(int size, int pool);
void FreeStoragePool(int pool);
#endif
The Tree struct is defined in ADTree.h
typedef struct {
void **children; /* ADVaryNode */
int nChildren;
int count;
} ADTreeNode;
typedef struct {
void **children; /* ADTreeNode */
int nChildren;
int MCV;
int nodeI;
} ADVaryNode;
- The second function basically takes the pointer returned by the first function as input and tries to access node's member, and this member cannot be found in this pointer which causes the crash. The corresponding mex function that cause this problem is here
void mexFunction(int nlhs, mxArray *plhs[], int nrhs, const mxArray *prhs[]) {
/* mkContab( ADTreeRootPtr, queryVars, arities ) */
double *tarities;
int maxArity;
int ci, vi;
int prod;
unsigned int *rootPtr;
double *queryPtr;
double t1, t2;
if(nrhs<3) {
mexErrMsgTxt("usage: mkADTree( data, queryVars, arities)");
}
rootPtr = (unsigned int*)mxGetData(prhs[0]);
root = (ADTreeNode*)rootPtr[0];
// !!! The pointer obtained here is correct, but it looks like it is empty, thus the next line cause the crash
nNodes = root->nChildren;
queryPtr = mxGetPr(prhs[1]);
queryLength = mxGetM(prhs[1])*mxGetN(prhs[1]);
query = (int*)mxMalloc( queryLength*sizeof(int) );
for( ci=0; ci<queryLength; ci ++) {
query[ci] = (int)queryPtr[ci]-1; /* 0/1 indexing */
}
arities = (int*)mxMalloc( queryLength*sizeof(int) );
maxArity = 0;
tarities = mxGetPr(prhs[2]);
for( ci=0; ci<queryLength; ci++ ) {
arities[ci] = (int)tarities[ci];
if( arities[ci]>maxArity ) maxArity = arities[ci];
}
prod = 1;
dimMultiplier = (int**)mxMalloc( queryLength*sizeof(int*) );
for( ci=0; ci<queryLength; ci++ ) {
dimMultiplier[ci] = (int*)mxMalloc( arities[ci]*sizeof(int) );
for( vi=0; vi<arities[ci]; vi++ ) {
dimMultiplier[ci][vi] = prod * vi;
}
prod *= arities[ci];
}
plhs[0] = mxCreateNumericArray( queryLength, arities, mxDOUBLE_CLASS, mxREAL );
result = mxGetPr(plhs[0]);
memset(result, 0, prod*sizeof(double) );
mkContab( 0, root, 0 );
for( ci=0; ci<queryLength; ci++ ) {
mxFree(dimMultiplier[ci]);
}
mxFree(dimMultiplier);
mxFree(arities);
mxFree(query);
}
If using the same code, and I run in Windows it is totally fine, crash only happens in Ubuntu(Linux), the tree node generation process is exactly the same with the following structure:
Assigned pointer value -857198768 which is the start address of tree node
Assigned pointer value -857198840 which is the start address of tree node
Assigned pointer value -857198904 which is the start address of tree node
Returned pointer value -857198904
Returned pointer value -857198840
Assigned pointer value -857198960 which is the start address of tree node
Returned pointer value -857198960
Returned pointer value -857198768
The information shoot by Matlab when it crashes:
------------------------------------------------------------------------
Segmentation violation detected at Wed Nov 1 11:12:32 2017
------------------------------------------------------------------------
Configuration:
Crash Decoding : Disabled - No sandbox or build area path
Crash Mode : continue (default)
Current Graphics Driver: Unknown hardware
Current Visual : 0x97 (class 4, depth 24)
Default Encoding : UTF-8
Deployed : false
GNU C Library : 2.23 stable
Host Name : keyi
MATLAB Architecture : glnxa64
MATLAB Entitlement ID: 1445980
MATLAB Root : /usr/local/MATLAB/R2017b
MATLAB Version : 9.3.0.713579 (R2017b)
OpenGL : hardware
Operating System : Linux 4.10.0-38-generic #42~16.04.1-Ubuntu SMP Tue Oct 10 16:32:20 UTC 2017 x86_64
Processor ID : x86 Family 6 Model 158 Stepping 9, GenuineIntel
Virtual Machine : Java 1.8.0_121-b13 with Oracle Corporation Java HotSpot(TM) 64-Bit Server VM mixed mode
Window System : The X.Org Foundation (11903000), display :0
Fault Count: 1
Abnormal termination:
Segmentation violation
Register State (from fault):
RAX = 00000000cce82f50 RBX = 00007f603e7c4d38
RCX = 00007f603e7c4c58 RDX = 00007f5ecbdfc088
RSP = 00007f603e7c4510 RBP = 00007f603e7c4560
RSI = 00007f603e7c45a0 RDI = 00007f604242ca30
R8 = 0000000000000049 R9 = 0000000000000001
R10 = 00007f603800bce0 R11 = 0000000000000246
R12 = 00007f603e7c4c58 R13 = 00007f603e7c4c58
R14 = 00007f5ecce9afb0 R15 = 00007f603e7c4c70
RIP = 00007f5ecbbfabaa EFL = 0000000000010206
CS = 0033 FS = 0000 GS = 0000
Stack Trace (from fault):
[ 0] 0x00007f5ecbbfabaa /media/keyi/DATA/RPI/s2tmbtestdata/o_38/S2TMBtest/mkContab.mexa64+00002986 mexFunction+00000062
[ 1] 0x00007f604c0683c7 bin/glnxa64/libmex.so+00172999 mexRunMexFile+00000439
[ 2] 0x00007f604c061c23 bin/glnxa64/libmex.so+00146467
[ 3] 0x00007f604c062385 bin/glnxa64/libmex.so+00148357
[ 4] 0x00007f604ddd3c83 bin/glnxa64/libmwm_dispatcher.so+00830595 _ZN8Mfh_file16dispatch_fh_implEMS_FviPP11mxArray_tagiS2_EiS2_iS2_+00000947
[ 5] 0x00007f604ddd454e bin/glnxa64/libmwm_dispatcher.so+00832846 _ZN8Mfh_file11dispatch_fhEiPP11mxArray_tagiS2_+00000030
[ 6] 0x00007f604a43f90a bin/glnxa64/libmwm_lxe.so+12519690
[ 7] 0x00007f604a440d9e bin/glnxa64/libmwm_lxe.so+12524958
[ 8] 0x00007f604a501779 bin/glnxa64/libmwm_lxe.so+13313913
[ 9] 0x00007f604a4a6eb1 bin/glnxa64/libmwm_lxe.so+12943025
[ 10] 0x00007f6049d8ee50 bin/glnxa64/libmwm_lxe.so+05504592
[ 11] 0x00007f6049d910e4 bin/glnxa64/libmwm_lxe.so+05513444
[ 12] 0x00007f6049d8d8d1 bin/glnxa64/libmwm_lxe.so+05499089
[ 13] 0x00007f6049d89861 bin/glnxa64/libmwm_lxe.so+05482593
[ 14] 0x00007f6049d89c89 bin/glnxa64/libmwm_lxe.so+05483657
[ 15] 0x00007f6049d8d100 bin/glnxa64/libmwm_lxe.so+05497088
[ 16] 0x00007f6049d8d1cf bin/glnxa64/libmwm_lxe.so+05497295
[ 17] 0x00007f6049e8d1d1 bin/glnxa64/libmwm_lxe.so+06545873
[ 18] 0x00007f6049e8ff53 bin/glnxa64/libmwm_lxe.so+06557523
[ 19] 0x00007f604a33f4ce bin/glnxa64/libmwm_lxe.so+11470030
[ 20] 0x00007f604a430f1e bin/glnxa64/libmwm_lxe.so+12459806
[ 21] 0x00007f604ddd3c83 bin/glnxa64/libmwm_dispatcher.so+00830595 _ZN8Mfh_file16dispatch_fh_implEMS_FviPP11mxArray_tagiS2_EiS2_iS2_+00000947
[ 22] 0x00007f604ddd454e bin/glnxa64/libmwm_dispatcher.so+00832846 _ZN8Mfh_file11dispatch_fhEiPP11mxArray_tagiS2_+00000030
[ 23] 0x00007f604a43f90a bin/glnxa64/libmwm_lxe.so+12519690
[ 24] 0x00007f604a440d9e bin/glnxa64/libmwm_lxe.so+12524958
[ 25] 0x00007f604a5018c9 bin/glnxa64/libmwm_lxe.so+13314249
[ 26] 0x00007f604a4a6f01 bin/glnxa64/libmwm_lxe.so+12943105
[ 27] 0x00007f6049d8ee50 bin/glnxa64/libmwm_lxe.so+05504592
[ 28] 0x00007f6049d910e4 bin/glnxa64/libmwm_lxe.so+05513444
[ 29] 0x00007f6049d8d8d1 bin/glnxa64/libmwm_lxe.so+05499089
[ 30] 0x00007f6049d89861 bin/glnxa64/libmwm_lxe.so+05482593
[ 31] 0x00007f6049d89c89 bin/glnxa64/libmwm_lxe.so+05483657
[ 32] 0x00007f6049d8d100 bin/glnxa64/libmwm_lxe.so+05497088
[ 33] 0x00007f6049d8d1cf bin/glnxa64/libmwm_lxe.so+05497295
[ 34] 0x00007f6049e8d1d1 bin/glnxa64/libmwm_lxe.so+06545873
[ 35] 0x00007f6049e8ff53 bin/glnxa64/libmwm_lxe.so+06557523
[ 36] 0x00007f604a33f4ce bin/glnxa64/libmwm_lxe.so+11470030
[ 37] 0x00007f604a3048fa bin/glnxa64/libmwm_lxe.so+11229434
[ 38] 0x00007f604a304e78 bin/glnxa64/libmwm_lxe.so+11230840
[ 39] 0x00007f604a3066e2 bin/glnxa64/libmwm_lxe.so+11237090
[ 40] 0x00007f604a37c24e bin/glnxa64/libmwm_lxe.so+11719246
[ 41] 0x00007f604a37c5da bin/glnxa64/libmwm_lxe.so+11720154
[ 42] 0x00007f604c2a5a8e bin/glnxa64/libmwbridge.so+00199310 _Z8mnParserv+00000862
[ 43] 0x00007f604e2a2793 bin/glnxa64/libmwmcr.so+00558995
[ 44] 0x00007f604e2a492e bin/glnxa64/libmwmcr.so+00567598
[ 45] 0x00007f604e2a5099 bin/glnxa64/libmwmcr.so+00569497 _ZN5boost6detail17task_shared_stateINS_3_bi6bind_tIvPFvRKNS_8functionIFvvEEEENS2_5list1INS2_5valueIS6_EEEEEEvE6do_runEv+00000025
[ 46] 0x00007f604e2a38b6 bin/glnxa64/libmwmcr.so+00563382
[ 47] 0x00007f604ec87259 bin/glnxa64/libmwiqm.so+00860761
[ 48] 0x00007f604ec73b6c bin/glnxa64/libmwiqm.so+00781164 _ZN5boost6detail8function21function_obj_invoker0ISt8functionIFNS_3anyEvEES4_E6invokeERNS1_15function_bufferE+00000028
[ 49] 0x00007f604ec7384c bin/glnxa64/libmwiqm.so+00780364 _ZN3iqm18PackagedTaskPlugin7executeEP15inWorkSpace_tagRN5boost10shared_ptrIN14cmddistributor17IIPCompletedEventEEE+00000428
[ 50] 0x00007f604ec518b8 bin/glnxa64/libmwiqm.so+00641208
[ 51] 0x00007f604ec3f53f bin/glnxa64/libmwiqm.so+00566591
[ 52] 0x00007f604ec41759 bin/glnxa64/libmwiqm.so+00575321
[ 53] 0x00007f605e495aba bin/glnxa64/libmwservices.so+02702010
[ 54] 0x00007f605e49706f bin/glnxa64/libmwservices.so+02707567
[ 55] 0x00007f605e49781a bin/glnxa64/libmwservices.so+02709530 _Z25svWS_ProcessPendingEventsiib+00000186
[ 56] 0x00007f604e2a2f0e bin/glnxa64/libmwmcr.so+00560910
[ 57] 0x00007f604e2a32b4 bin/glnxa64/libmwmcr.so+00561844
[ 58] 0x00007f604e290c06 bin/glnxa64/libmwmcr.so+00486406
[ 59] 0x00007f605d4316ba /lib/x86_64-linux-gnu/libpthread.so.0+00030394
[ 60] 0x00007f605d1673dd /lib/x86_64-linux-gnu/libc.so.6+01078237 clone+00000109
[ 61] 0x0000000000000000 <unknown-module>+00000000
This error was detected while a MEX-file was running. If the MEX-file
is not an official MathWorks function, please examine its source code
for errors. Please consult the External Interfaces Guide for information
on debugging MEX-files.
If this problem is reproducible, please submit a Service Request via:
http://www.mathworks.com/support/contact_us/
A technical support engineer might contact you with further information.
Thank you for your help.** This crash report has been saved to disk as /root/matlab_crash_dump.3663-1 **
Anyone ever encountered this issue? Any hints? Thank you so much.
2 Comments
James Tursa
on 1 Nov 2017
Edited: James Tursa
on 1 Nov 2017
What are PoolBase and PoolRemain? Where are they defined?
Answers (1)
Philip Borghesani
on 2 Nov 2017
It looks to me that the c code is coded for a 32 bit machine and needs updates to be compatible with 64 bit systems. This line for starters is probably wrong:
#define WORDSIZE 4
There are many int values that I believe are used for address calculations. These must all be changed to intptr_t, size_t or other other 64 bit type to work properly on 64 bit machines. Are you running 32 bit Matlab (R2015b or before) on Windows? It is also possible that a 64 bit Windows version is getting lucky because, I believe, Windows tries to keep addresses below 4gb until the application needs more then 4gb memory.
2 Comments
Meghamala Sinha
on 24 May 2019
Hi,
I am having the same issue on R2018b 64-bit Windows. Were you able to solve your issue?
"Error using mkContab" out of memory
Thanks a lot.
See Also
Categories
Find more on Deploy to C++ Applications Using mwArray API (C++03) in Help Center and File Exchange
Products
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!