[Csnd-dev] testDebugger

Date	2015-11-24 14:48
From	jpff
Subject	[Csnd-dev] testDebugger
	I just ran this under valgrind, concentrating on first error Test: Test Next Command ...virtual_keyboard real time MIDI plugin for Csound 0dBFS level = 32768.0 Csound version 6.07 (double samples) Nov 23 2015 libsndfile-1.0.26 ==5150== Invalid read of size 4 ==5150== at 0x4F9999F: kperf_debug (csound.c:1744) ==5150== by 0x4F9A1DB: csoundPerformKsmps (csound.c:1944) ==5150== by 0x40228F: test_next (csound_debugger_test.c:451) ==5150== by 0x52FC260: ??? (in /usr/lib64/libcunit.so.1.0.1) ==5150== by 0x52FC56E: ??? (in /usr/lib64/libcunit.so.1.0.1) ==5150== by 0x52FC8A5: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1) ==5150== by 0x4012EC: main (csound_debugger_test.c:511) ==5150== Address 0x9d644d0 is 32 bytes inside a block of size 56 free'd ==5150== at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==5150== by 0x4E8C268: mfree (memalloc.c:172) ==5150== by 0x4F996AD: process_debug_buffers (csound.c:1675) ==5150== by 0x4F996AD: kperf_debug (csound.c:1719) ==5150== by 0x4F9A1DB: csoundPerformKsmps (csound.c:1944) ==5150== by 0x40228F: test_next (csound_debugger_test.c:451) ==5150== by 0x52FC260: ??? (in /usr/lib64/libcunit.so.1.0.1) ==5150== by 0x52FC56E: ??? (in /usr/lib64/libcunit.so.1.0.1) ==5150== by 0x52FC8A5: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1) ==5150== by 0x4012EC: main (csound_debugger_test.c:511) ==5150== That suggests that kperf_debug freed buffers at while (n) { if (n->line == bkpt_node->line && n->instr == bkpt_node->instr) { prev->next = n->next; csound->Free(csound, n); /* TODO this should be moved from kperf to a non-realtime context */ n = prev->next; including one that was read later at if (data->cur_bkpt->skip <= 2) data->cur_bkpt->count = 2; No idea what the code is trying to do though. Possibly deleting breakpoints and not zeroing the pointer?

Date	2015-11-24 15:32
From	jpff
Subject	Re: [Csnd-dev] testDebugger
	Update. Using breakpoints on lines 1675 and 1744 it is clear that the free is of (bkpt_node_t ) 0x7ceb10 (gdb) print n $10 = {line = -1, instr = 1.2, skip = 0, count = 0, mode = CSDEBUG_BKPT_INSTR, next = 0x0} ad the first time it reaches line 1744 data is {bkpt_buffer = 0x7ce770, cmd_buffer = 0x7ce9c0, status = CSDEBUG_STATUS_STOPPED, bkpt_anchor = 0x7ce730, cur_bkpt = 0x7ceb10, bkpt_cb = 0x401810 , cb_data = 0x0, debug_instr_ptr = 0x7e6460, debug_opcode_ptr = 0x0} Note that data->cur_bkpt is tha same as the freed location. There is no calll to mmalloc before the line 1744 so the code is wrong somewhere inside te debugger -- so not a csound core error On Tue, 24 Nov 2015, jpff wrote: > I just ran this under valgrind, concentrating on first error > > Test: Test Next Command ...virtual_keyboard real time MIDI plugin for Csound > 0dBFS level = 32768.0 > Csound version 6.07 (double samples) Nov 23 2015 > libsndfile-1.0.26 > ==5150== Invalid read of size 4 > ==5150== at 0x4F9999F: kperf_debug (csound.c:1744) > ==5150== by 0x4F9A1DB: csoundPerformKsmps (csound.c:1944) > ==5150== by 0x40228F: test_next (csound_debugger_test.c:451) > ==5150== by 0x52FC260: ??? (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x52FC56E: ??? (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x52FC8A5: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x4012EC: main (csound_debugger_test.c:511) > ==5150== Address 0x9d644d0 is 32 bytes inside a block of size 56 free'd > ==5150== at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==5150== by 0x4E8C268: mfree (memalloc.c:172) > ==5150== by 0x4F996AD: process_debug_buffers (csound.c:1675) > ==5150== by 0x4F996AD: kperf_debug (csound.c:1719) > ==5150== by 0x4F9A1DB: csoundPerformKsmps (csound.c:1944) > ==5150== by 0x40228F: test_next (csound_debugger_test.c:451) > ==5150== by 0x52FC260: ??? (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x52FC56E: ??? (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x52FC8A5: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x4012EC: main (csound_debugger_test.c:511) > ==5150== > > That suggests that kperf_debug freed buffers at > while (n) { > if (n->line == bkpt_node->line && n->instr == bkpt_node->instr) { > prev->next = n->next; > csound->Free(csound, n); /* TODO this should be moved from kperf to a > non-realtime context */ > n = prev->next; > including one that was read later at > if (data->cur_bkpt->skip <= 2) data->cur_bkpt->count = 2; > No idea what the code is trying to do though. Possibly deleting > breakpoints and not zeroing the pointer? > > ==John ffitch

Date	2015-11-24 15:40
From	Andres Cabrera
Subject	Re: [Csnd-dev] testDebugger
	Thanks for reviewing john. I'll look and fix tonight. A On 7:32AM, Tue, Nov 24, 2015 jpff <jpff@codemist.co.uk> wrote: Update. Using breakpoints on lines 1675 and 1744 it is clear that the free is of (bkpt_node_t ) 0x7ceb10 (gdb) print n $10 = {line = -1, instr = 1.2, skip = 0, count = 0, mode = CSDEBUG_BKPT_INSTR, next = 0x0} ad the first time it reaches line 1744 data is {bkpt_buffer = 0x7ce770, cmd_buffer = 0x7ce9c0, status = CSDEBUG_STATUS_STOPPED, bkpt_anchor = 0x7ce730, cur_bkpt = 0x7ceb10, bkpt_cb = 0x401810 <brkpt_cb8>, cb_data = 0x0, debug_instr_ptr = 0x7e6460, debug_opcode_ptr = 0x0} Note that data->cur_bkpt is tha same as the freed location. There is no calll to mmalloc before the line 1744 so the code is wrong somewhere inside te debugger -- so not a csound core error On Tue, 24 Nov 2015, jpff wrote: > I just ran this under valgrind, concentrating on first error > > Test: Test Next Command ...virtual_keyboard real time MIDI plugin for Csound > 0dBFS level = 32768.0 > Csound version 6.07 (double samples) Nov 23 2015 > libsndfile-1.0.26 > ==5150== Invalid read of size 4 > ==5150== at 0x4F9999F: kperf_debug (csound.c:1744) > ==5150== by 0x4F9A1DB: csoundPerformKsmps (csound.c:1944) > ==5150== by 0x40228F: test_next (csound_debugger_test.c:451) > ==5150== by 0x52FC260: ??? (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x52FC56E: ??? (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x52FC8A5: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x4012EC: main (csound_debugger_test.c:511) > ==5150== Address 0x9d644d0 is 32 bytes inside a block of size 56 free'd > ==5150== at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==5150== by 0x4E8C268: mfree (memalloc.c:172) > ==5150== by 0x4F996AD: process_debug_buffers (csound.c:1675) > ==5150== by 0x4F996AD: kperf_debug (csound.c:1719) > ==5150== by 0x4F9A1DB: csoundPerformKsmps (csound.c:1944) > ==5150== by 0x40228F: test_next (csound_debugger_test.c:451) > ==5150== by 0x52FC260: ??? (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x52FC56E: ??? (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x52FC8A5: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1) > ==5150== by 0x4012EC: main (csound_debugger_test.c:511) > ==5150== > > That suggests that kperf_debug freed buffers at > while (n) { > if (n->line == bkpt_node->line && n->instr == bkpt_node->instr) { > prev->next = n->next; > csound->Free(csound, n); /* TODO this should be moved from kperf to a > non-realtime context */ > n = prev->next; > including one that was read later at > if (data->cur_bkpt->skip <= 2) data->cur_bkpt->count = 2; > No idea what the code is trying to do though. Possibly deleting > breakpoints and not zeroing the pointer? > > ==John ffitch >