public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created
@ 2011-03-02 11:36 joachim.protze at zih dot tu-dresden.de
2011-11-23 21:09 ` [Bug python/12533] " tromey at redhat dot com
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: joachim.protze at zih dot tu-dresden.de @ 2011-03-02 11:36 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
Summary: gdb consumes large memory when millions gdb.values are
created
Product: gdb
Version: HEAD
Status: NEW
Severity: normal
Priority: P2
Component: python
AssignedTo: unassigned@sourceware.org
ReportedBy: joachim.protze@zih.tu-dresden.de
For my current pretty-printer project i collect some metadata in inferior
space. This is used to evaluate, how some values - especially send/recv-buffers
- should be formated for printout. In some cases it is necessary to evaluate
metadata for each single value in buffer, which can be 10k+ values.
I observed gdb to consume hundreds of MB memory and tried to analyze the source
of the problem with valgrind + massif: most memory is consumed within
allocate_value()
What i don't understand: why are the value structures not freed while the
command is running. Is this an issue of the python interpreter or is this an
issue of the gdb-py api?
Is there a way to get the values freed?
-----------------------------------------
short example to see this behaviour (for RAM <2GB use smaller iteration
counts!):
(gdb) python v=gdb.parse_and_eval("1")
(gdb) python
>for i in range(1000000):
> v+=1
>end
(gdb) python
>for i in range(1200000):
> v+=1
>end
(gdb)
gdb consumes 600MB after the 1.0M iterations and 780MB after the 1.2M
iterations
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
@ 2011-11-23 21:09 ` tromey at redhat dot com
2011-12-02 18:02 ` tromey at redhat dot com
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: tromey at redhat dot com @ 2011-11-23 21:09 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
Tom Tromey <tromey at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tromey at redhat dot com
AssignedTo|unassigned at sourceware |tromey at redhat dot com
|dot org |
--- Comment #1 from Tom Tromey <tromey at redhat dot com> 2011-11-23 21:08:38 UTC ---
Testing a patch.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
2011-11-23 21:09 ` [Bug python/12533] " tromey at redhat dot com
@ 2011-12-02 18:02 ` tromey at redhat dot com
2011-12-08 19:00 ` ian at mahuron dot org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: tromey at redhat dot com @ 2011-12-02 18:02 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
--- Comment #2 from Tom Tromey <tromey at redhat dot com> 2011-12-02 18:02:12 UTC ---
It took me a while, but I finally understand why this is non-trivial.
My initial idea was to change value_to_value_object to release the
value from the value chain (or incref if already released).
This would cause memory management of the value to be strictly linked
to the wrapping python object.
However, this causes various problems. First, some python code returns
unwrapped values; e.g., fnpy_call or things like pretty_print_one_value.
Changing this to incref would avoid the crashes, but then that passes
the deallocation problem to their callers, which in general are not
set up to deal with this -- all the rest of gdb relies on the value chain.
Perhaps it would work to relink a value onto the chain. That seems quite
ugly though.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
2011-11-23 21:09 ` [Bug python/12533] " tromey at redhat dot com
2011-12-02 18:02 ` tromey at redhat dot com
@ 2011-12-08 19:00 ` ian at mahuron dot org
2011-12-22 19:52 ` cvs-commit at gcc dot gnu.org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: ian at mahuron dot org @ 2011-12-08 19:00 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
Ian Mahuron <ian at mahuron dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ian at mahuron dot org
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
` (2 preceding siblings ...)
2011-12-08 19:00 ` ian at mahuron dot org
@ 2011-12-22 19:52 ` cvs-commit at gcc dot gnu.org
2011-12-22 19:53 ` tromey at redhat dot com
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2011-12-22 19:52 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> 2011-12-22 19:51:15 UTC ---
CVSROOT: /cvs/src
Module name: src
Changes by: tromey@sourceware.org 2011-12-22 19:51:10
Modified files:
gdb : ChangeLog value.c value.h varobj.c
gdb/python : py-value.c
Log message:
PR python/12533:
* value.h (release_value_or_incref): Declare.
* value.c (struct value) <released>: New field.
(free_all_values, release_value, value_release_to_mark): Update
'released'.
(release_value_or_incref): New function.
* python/py-value.c (valpy_new): Use release_value_or_incref.
(value_to_value_object): Likewise.
* varobj.c (install_new_value): Move value_incref earlier.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/ChangeLog.diff?cvsroot=src&r1=1.13664&r2=1.13665
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/value.c.diff?cvsroot=src&r1=1.148&r2=1.149
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/value.h.diff?cvsroot=src&r1=1.190&r2=1.191
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/varobj.c.diff?cvsroot=src&r1=1.182&r2=1.183
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/python/py-value.c.diff?cvsroot=src&r1=1.30&r2=1.31
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
` (3 preceding siblings ...)
2011-12-22 19:52 ` cvs-commit at gcc dot gnu.org
@ 2011-12-22 19:53 ` tromey at redhat dot com
2011-12-22 21:34 ` ian at mahuron dot org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: tromey at redhat dot com @ 2011-12-22 19:53 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
Tom Tromey <tromey at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
Target Milestone|--- |7.5
--- Comment #4 from Tom Tromey <tromey at redhat dot com> 2011-12-22 19:52:45 UTC ---
Fix checked in.
It turns out I was mistaken about the need to put values back
on the value chain.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
` (4 preceding siblings ...)
2011-12-22 19:53 ` tromey at redhat dot com
@ 2011-12-22 21:34 ` ian at mahuron dot org
2011-12-23 2:46 ` tromey at redhat dot com
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: ian at mahuron dot org @ 2011-12-22 21:34 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
--- Comment #5 from Ian Mahuron <ian at mahuron dot org> 2011-12-22 21:34:00 UTC ---
Tested 7.4.50.20111222-cvs. gdb still leaks memory as reported in initial
problem description.
My test does something along the lines of:
buckets = gdb.newest_frame().read_var("buckets")
bucket_count = 2 ** 32
# iterate over all buckets
for i in range(0, bucket_count):
llist = buckets[i]['llhead']
# iterate over linked list for this bucket
while llist:
print llist.address
llist = llist['next']['llnext']
GDB hits 1.2G in a matter of seconds. This code shouldn't hold any refs so I'm
fairly confident it's still leaking.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
` (5 preceding siblings ...)
2011-12-22 21:34 ` ian at mahuron dot org
@ 2011-12-23 2:46 ` tromey at redhat dot com
2012-01-03 19:28 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: tromey at redhat dot com @ 2011-12-23 2:46 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
Tom Tromey <tromey at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
--- Comment #6 from Tom Tromey <tromey at redhat dot com> 2011-12-23 02:45:46 UTC ---
Yeah, I messed up somewhere.
Sorry about that, I will fix it in January.
My test case is something like:
python
v = gdb.Value(0)
for x in range(1000000):
v = v + 1
end
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
` (6 preceding siblings ...)
2011-12-23 2:46 ` tromey at redhat dot com
@ 2012-01-03 19:28 ` cvs-commit at gcc dot gnu.org
2012-01-03 19:30 ` tromey at redhat dot com
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2012-01-03 19:28 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
--- Comment #7 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> 2012-01-03 19:27:57 UTC ---
CVSROOT: /cvs/src
Module name: src
Changes by: tromey@sourceware.org 2012-01-03 19:27:52
Modified files:
gdb : ChangeLog
gdb/python : py-value.c
Log message:
PR python/12533:
* python/py-value.c (valpy_dereference, valpy_get_address
valpy_get_dynamic_type, valpy_lazy_string, valpy_do_cast)
(valpy_getitem, valpy_call, valpy_binop, valpy_negative)
(valpy_absolute, valpy_richcompare): Free intermediate values.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/ChangeLog.diff?cvsroot=src&r1=1.13692&r2=1.13693
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/python/py-value.c.diff?cvsroot=src&r1=1.31&r2=1.32
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
` (7 preceding siblings ...)
2012-01-03 19:28 ` cvs-commit at gcc dot gnu.org
@ 2012-01-03 19:30 ` tromey at redhat dot com
2012-01-03 19:44 ` ian at mahuron dot org
2023-02-27 22:56 ` cvs-commit at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: tromey at redhat dot com @ 2012-01-03 19:30 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
Tom Tromey <tromey at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |FIXED
--- Comment #8 from Tom Tromey <tromey at redhat dot com> 2012-01-03 19:29:49 UTC ---
Ok, I think it should be fixed now.
Please give it a try.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
` (8 preceding siblings ...)
2012-01-03 19:30 ` tromey at redhat dot com
@ 2012-01-03 19:44 ` ian at mahuron dot org
2023-02-27 22:56 ` cvs-commit at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: ian at mahuron dot org @ 2012-01-03 19:44 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=12533
--- Comment #9 from Ian Mahuron <ian at mahuron dot org> 2012-01-03 19:44:09 UTC ---
(In reply to comment #8)
> Ok, I think it should be fixed now.
> Please give it a try.
Much better! Thanks Tom.
A small change was required to make compiler happy.
gdb/python/py-value.c:728
- struct value *res_val;
+ struct value *res_val = NULL;
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug python/12533] gdb consumes large memory when millions gdb.values are created
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
` (9 preceding siblings ...)
2012-01-03 19:44 ` ian at mahuron dot org
@ 2023-02-27 22:56 ` cvs-commit at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-02-27 22:56 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=12533
--- Comment #10 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Tom Tromey <tromey@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f3d3bbbcdd8af6295458eee3b023447c13edabd3
commit f3d3bbbcdd8af6295458eee3b023447c13edabd3
Author: Tom Tromey <tom@tromey.com>
Date: Wed Feb 8 13:59:36 2023 -0700
Fix value chain use-after-free
Hannes filed a bug showing a crash, where a pretty-printer written in
Python could cause a use-after-free. He sent a patch, but I thought a
different approach was needed.
In a much earlier patch (see bug #12533), we changed the Python code
to release new values from the value chain when constructing a
gdb.Value. The rationale for this is that if you write a command that
does a lot of computations in a loop, all the values will be kept live
by the value chain, resulting in gdb using a large amount of memory.
However, suppose a value is passed to Python from some code in gdb
that needs to use the value after the call into Python. In this
scenario, value_to_value_object will still release the value -- and
because gdb code doesn't generally keep strong references to values (a
consequence of the ancient decision to use the value chain to avoid
memory management), this will result in a use-after-free.
This scenario can happen, as it turns out, when a value is passed to
Python for pretty-printing. Now, normally this route boxes the value
via value_to_value_object_no_release, avoiding the problematic release
from the value chain. However, if you then call Value.cast, the
underlying value API might return the same value, when is then
released from the chain.
This patch fixes the problem by changing how value boxing is done.
value_to_value_object no longer removes a value from the chain.
Instead, every spot in gdb that might construct new values uses a
scoped_value_mark to ensure that the requirements of bug #12533 are
met. And, because incoming values aren't ever released from the chain
(the Value.cast one comes earlier on the chain than the
scoped_value_mark), the bug can no longer occur. (Note that many
spots in the Python layer already take this approach, so not many
places needed to be touched.)
In the future I think we should replace the use of raw "value *" with
value_ref_ptr pretty much everywhere. This will ensure lifetime
safety throughout gdb.
The test case in this patch comes from Hannes' original patch. I only
made a trivial ("require") change to it. However, while this fails
for him, I can't make it fail on this machine; nevertheless, he tried
my patch and reported the bug as being fixed.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30044
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-02-27 22:56 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-02 11:36 [Bug python/12533] New: gdb consumes large memory when millions gdb.values are created joachim.protze at zih dot tu-dresden.de
2011-11-23 21:09 ` [Bug python/12533] " tromey at redhat dot com
2011-12-02 18:02 ` tromey at redhat dot com
2011-12-08 19:00 ` ian at mahuron dot org
2011-12-22 19:52 ` cvs-commit at gcc dot gnu.org
2011-12-22 19:53 ` tromey at redhat dot com
2011-12-22 21:34 ` ian at mahuron dot org
2011-12-23 2:46 ` tromey at redhat dot com
2012-01-03 19:28 ` cvs-commit at gcc dot gnu.org
2012-01-03 19:30 ` tromey at redhat dot com
2012-01-03 19:44 ` ian at mahuron dot org
2023-02-27 22:56 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).