Loading ...
Sorry, an error occurred while loading the content.

54315Re: Fix for crash in eval.c

Expand Messages
  • Bram Moolenaar
    May 22, 2009
      Dominique Pelle wrote:

      > Nico Weber wrote:
      >
      > > Hi,
      > >
      > > On 03.05.2009, at 00:03, Dominique Pellé wrote:
      > >
      > >> After applying your patch, there are no such errors anymore.
      > >>
      > >> However, when exiting, I see that those blocks are not being
      > >> freed:
      > >>
      > >> ==16990== 217 bytes in 10 blocks are possibly lost in loss record 36
      > >> of 57
      > >> ==16990== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > >> ==16990== by 0x81142FA: lalloc (misc2.c:866)
      > >> ==16990== by 0x8114216: alloc (misc2.c:765)
      > >> ==16990== by 0x807AD1D: dictitem_alloc (eval.c:6775)
      > >> ==16990== by 0x8074FFD: set_var_lval (eval.c:2856)
      > >> ==16990== by 0x80742F4: ex_let_one (eval.c:2414)
      > >> ==16990== by 0x807329F: ex_let_vars (eval.c:1869)
      > >> ==16990== by 0x8073250: ex_let (eval.c:1834)
      > >> ==16990== by 0x80A6AA3: do_one_cmd (ex_docmd.c:2622)
      > >> ==16990== by 0x80A4323: do_cmdline (ex_docmd.c:1096)
      > >> ==16990== by 0x8090328: call_user_func (eval.c:21301)
      > >> ==16990== by 0x807C4FE: call_func (eval.c:8079)
      > >> ==16990== by 0x807C142: get_func_tv (eval.c:7925)
      > >> ==16990== by 0x8075B83: ex_call (eval.c:3333)
      > >> ==16990== by 0x80A6AA3: do_one_cmd (ex_docmd.c:2622)
      > >> ==16990== by 0x80A4323: do_cmdline (ex_docmd.c:1096)
      > >> ==16990== by 0x812A758: nv_colon (normal.c:5227)
      > >> ==16990== by 0x8123DA2: normal_cmd (normal.c:1189)
      > >> ==16990== by 0x80E6D49: main_loop (main.c:1180)
      > >> ==16990== by 0x80E6896: main (main.c:939)
      > >>
      > >> I built Vim with -DEXITFREE (i.e. uncommented line
      > >> PROFILE_CFLAGS = -DEXITFREE in src/Makefile)
      > >> so normally all blocks should be freed when exiting.
      > >
      > > Thanks for checking.
      > >
      > > I've attached an updated version of the patch that fixes some of the
      > > leaks. The copy()d dicts in the script don't get freed, but I don't
      > > (yet?) understand why.
      > >
      > > Nico
      >
      >
      > I tried to fix the leak as well but without success so far.
      > It does not seem simple.
      >
      > In any cases, it's a real leak, running the following leak.vim
      > script for example causes Vim memory usage to grow
      > continuously:
      >
      > --- 8< --- cut here --- 8< --- cut here --- 8< ---
      > set nocp
      >
      > " foo.vim is the script attached in the original bug submission
      > " at http://groups.google.com/group/vim_mac/browse_thread/thread/4e0149ff4f84e3d3
      > so foo.vim
      >
      > let g:count_loops = 0
      > while 1
      > call foo#Buffer.New()
      > q
      > let g:count_loops = g:count_loops + 1
      > endwhile
      > --- 8< --- cut here --- 8< --- cut here --- 8< ---
      >
      > I do:
      >
      > $ vim -u NONE leak.vim
      > :so %
      >
      > Then in another xterm, I can see with "top" that memory usage
      > of Vim keeps increasing.
      >
      > If I run the leak.vim script with Valgrind...
      >
      > valgrind --leak-resolution=high --leak-check=yes \
      > --num-callers=30 --track-fds=yes 2> vg.log \
      > ./vim -u NONE leak.vim
      >
      > Then do:
      > - :so %
      > - let the script execute for some time
      > - press CTRL-C to interrupt the infinite loop
      > - Look at how many times loop iterated with
      > :echo g:count_loops
      > (it prints 2774 for example)
      > - then quit vim: qa!
      >
      > Then look for leaks in vg.log, and observe that some leaks
      > happen exactly 2774 times (same number as number as
      > g:loop_count):
      >
      > ==22962== 27,740 bytes in 2,774 blocks are possibly lost in loss
      > record 113 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x8114C16: vim_strsave (misc2.c:1177)
      > ==22962== by 0x808C427: copy_tv (eval.c:19380)
      > ==22962== by 0x808AE51: get_var_tv (eval.c:18452)
      > ==22962== by 0x80785E7: eval7 (eval.c:5032)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8079667: get_list_tv (eval.c:5675)
      > ==22962== by 0x807837D: eval7 (eval.c:4943)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962==
      > ==22962==
      > ==22962== 33,288 bytes in 5,548 blocks are possibly lost in loss
      > record 114 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x8114C16: vim_strsave (misc2.c:1177)
      > ==22962== by 0x808C427: copy_tv (eval.c:19380)
      > ==22962== by 0x807B117: dict_copy (eval.c:6961)
      > ==22962== by 0x808C662: item_copy (eval.c:19471)
      > ==22962== by 0x807DB82: f_copy (eval.c:9141)
      > ==22962== by 0x807C7DF: call_func (eval.c:8188)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x807859A: eval7 (eval.c:5018)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x80A2793: do_source (ex_cmds2.c:3119)
      > ==22962== by 0x80A2047: cmd_source (ex_cmds2.c:2741)
      > ==22962== by 0x80A1F9B: ex_source (ex_cmds2.c:2714)
      > ==22962==
      > ==22962==
      > ==22962== 49,932 bytes in 8,322 blocks are possibly lost in loss
      > record 115 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x8114C16: vim_strsave (misc2.c:1177)
      > ==22962== by 0x808C427: copy_tv (eval.c:19380)
      > ==22962== by 0x807B117: dict_copy (eval.c:6961)
      > ==22962== by 0x808C662: item_copy (eval.c:19471)
      > ==22962== by 0x807DB82: f_copy (eval.c:9141)
      > ==22962== by 0x807C7DF: call_func (eval.c:8188)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x807859A: eval7 (eval.c:5018)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x808AF05: handle_subscript (eval.c:18491)
      > ==22962== by 0x8078640: eval7 (eval.c:5046)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962==
      > ==22962==
      > ==22962== 58,254 bytes in 2,774 blocks are possibly lost in loss
      > record 116 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807AEFC: dictitem_alloc (eval.c:6855)
      > ==22962== by 0x807507D: set_var_lval (eval.c:2864)
      > ==22962== by 0x8074374: ex_let_one (eval.c:2422)
      > ==22962== by 0x807331F: ex_let_vars (eval.c:1877)
      > ==22962== by 0x80732D0: ex_let (eval.c:1842)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x80A2793: do_source (ex_cmds2.c:3119)
      > ==22962== by 0x80A2047: cmd_source (ex_cmds2.c:2741)
      > ==22962== by 0x80A1F9B: ex_source (ex_cmds2.c:2714)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x812ACC4: nv_colon (normal.c:5227)
      > ==22962== by 0x812430E: normal_cmd (normal.c:1189)
      > ==22962== by 0x80E6F3D: main_loop (main.c:1180)
      > ==22962==
      > ==22962==
      > ==22962== 77,672 bytes in 2,774 blocks are possibly lost in loss
      > record 117 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807AEFC: dictitem_alloc (eval.c:6855)
      > ==22962== by 0x807507D: set_var_lval (eval.c:2864)
      > ==22962== by 0x8074374: ex_let_one (eval.c:2422)
      > ==22962== by 0x807331F: ex_let_vars (eval.c:1877)
      > ==22962== by 0x80732D0: ex_let (eval.c:1842)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x808AF05: handle_subscript (eval.c:18491)
      > ==22962== by 0x8078640: eval7 (eval.c:5046)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962==
      > ==22962==
      > ==22962== 133,152 bytes in 5,548 blocks are possibly lost in loss
      > record 118 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807AEFC: dictitem_alloc (eval.c:6855)
      > ==22962== by 0x807B0B3: dict_copy (eval.c:6948)
      > ==22962== by 0x808C662: item_copy (eval.c:19471)
      > ==22962== by 0x807DB82: f_copy (eval.c:9141)
      > ==22962== by 0x807C7DF: call_func (eval.c:8188)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x807859A: eval7 (eval.c:5018)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x80A2793: do_source (ex_cmds2.c:3119)
      > ==22962== by 0x80A2047: cmd_source (ex_cmds2.c:2741)
      > ==22962== by 0x80A1F9B: ex_source (ex_cmds2.c:2714)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962==
      > ==22962==
      > ==22962== 160,892 bytes in 5,548 blocks are possibly lost in loss
      > record 119 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807AEFC: dictitem_alloc (eval.c:6855)
      > ==22962== by 0x807507D: set_var_lval (eval.c:2864)
      > ==22962== by 0x8074374: ex_let_one (eval.c:2422)
      > ==22962== by 0x807331F: ex_let_vars (eval.c:1877)
      > ==22962== by 0x80732D0: ex_let (eval.c:1842)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x80A2793: do_source (ex_cmds2.c:3119)
      > ==22962== by 0x80A2047: cmd_source (ex_cmds2.c:2741)
      > ==22962== by 0x80A1F9B: ex_source (ex_cmds2.c:2714)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x812ACC4: nv_colon (normal.c:5227)
      > ==22962== by 0x812430E: normal_cmd (normal.c:1189)
      > ==22962== by 0x80E6F3D: main_loop (main.c:1180)
      > ==22962== by 0x80E6A8A: main (main.c:939)
      > ==22962==
      > ==22962==
      > ==22962== 213,598 bytes in 8,322 blocks are possibly lost in loss
      > record 120 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807AEFC: dictitem_alloc (eval.c:6855)
      > ==22962== by 0x807B0B3: dict_copy (eval.c:6948)
      > ==22962== by 0x808C662: item_copy (eval.c:19471)
      > ==22962== by 0x807DB82: f_copy (eval.c:9141)
      > ==22962== by 0x807C7DF: call_func (eval.c:8188)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x807859A: eval7 (eval.c:5018)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x808AF05: handle_subscript (eval.c:18491)
      > ==22962== by 0x8078640: eval7 (eval.c:5046)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962==
      > ==22962==
      > ==22962== 288,496 bytes in 5,548 blocks are possibly lost in loss
      > record 121 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114723: alloc_clear (misc2.c:777)
      > ==22962== by 0x80797D0: list_alloc (eval.c:5729)
      > ==22962== by 0x807961D: get_list_tv (eval.c:5667)
      > ==22962== by 0x807837D: eval7 (eval.c:4943)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x80A2793: do_source (ex_cmds2.c:3119)
      > ==22962== by 0x80A2047: cmd_source (ex_cmds2.c:2741)
      > ==22962==
      > ==22962==
      > ==22962== 399,456 bytes in 16,644 blocks are possibly lost in loss
      > record 122 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807994D: listitem_alloc (eval.c:5810)
      > ==22962== by 0x807967A: get_list_tv (eval.c:5679)
      > ==22962== by 0x807837D: eval7 (eval.c:4943)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x80A2793: do_source (ex_cmds2.c:3119)
      > ==22962== by 0x80A2047: cmd_source (ex_cmds2.c:2741)
      > ==22962==
      > ==22962==
      > ==22962== 499,320 bytes in 2,774 blocks are possibly lost in loss
      > record 123 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807AD1E: dict_alloc (eval.c:6770)
      > ==22962== by 0x807B6A8: get_dict_tv (eval.c:7216)
      > ==22962== by 0x807839E: eval7 (eval.c:4949)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x808AF05: handle_subscript (eval.c:18491)
      > ==22962== by 0x8078640: eval7 (eval.c:5046)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962==
      > ==22962==
      > ==22962== 499,320 bytes in 2,774 blocks are possibly lost in loss
      > record 124 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807AD1E: dict_alloc (eval.c:6770)
      > ==22962== by 0x807B040: dict_copy (eval.c:6933)
      > ==22962== by 0x808C662: item_copy (eval.c:19471)
      > ==22962== by 0x807DB82: f_copy (eval.c:9141)
      > ==22962== by 0x807C7DF: call_func (eval.c:8188)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x807859A: eval7 (eval.c:5018)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x808AF05: handle_subscript (eval.c:18491)
      > ==22962== by 0x8078640: eval7 (eval.c:5046)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962==
      > ==22962==
      > ==22962== 499,320 bytes in 2,774 blocks are possibly lost in loss
      > record 125 of 125
      > ==22962== at 0x402603E: malloc (vg_replace_malloc.c:207)
      > ==22962== by 0x81147FD: lalloc (misc2.c:866)
      > ==22962== by 0x8114708: alloc (misc2.c:765)
      > ==22962== by 0x807AD1E: dict_alloc (eval.c:6770)
      > ==22962== by 0x807B040: dict_copy (eval.c:6933)
      > ==22962== by 0x808C662: item_copy (eval.c:19471)
      > ==22962== by 0x807DB82: f_copy (eval.c:9141)
      > ==22962== by 0x807C7DF: call_func (eval.c:8188)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x807859A: eval7 (eval.c:5018)
      > ==22962== by 0x8077EA3: eval6 (eval.c:4685)
      > ==22962== by 0x8077A8F: eval5 (eval.c:4501)
      > ==22962== by 0x8076FE0: eval4 (eval.c:4196)
      > ==22962== by 0x8076E38: eval3 (eval.c:4108)
      > ==22962== by 0x8076CC4: eval2 (eval.c:4037)
      > ==22962== by 0x8076AF4: eval1 (eval.c:3962)
      > ==22962== by 0x8076A5B: eval0 (eval.c:3919)
      > ==22962== by 0x807326C: ex_let (eval.c:1833)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x8090507: call_user_func (eval.c:21381)
      > ==22962== by 0x807C6DD: call_func (eval.c:8159)
      > ==22962== by 0x807C321: get_func_tv (eval.c:8005)
      > ==22962== by 0x8075C03: ex_call (eval.c:3341)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)
      > ==22962== by 0x80A450B: do_cmdline (ex_docmd.c:1096)
      > ==22962== by 0x80A2793: do_source (ex_cmds2.c:3119)
      > ==22962== by 0x80A2047: cmd_source (ex_cmds2.c:2741)
      > ==22962== by 0x80A1F9B: ex_source (ex_cmds2.c:2714)
      > ==22962== by 0x80A6C8B: do_one_cmd (ex_docmd.c:2622)

      Here is a new patch that hopefully fixes both the crash and the leaks.
      It's a bit tricky, but I think this catches all situations.
      Please verify.

      Note that with your script one needs to wait a few moments before
      exiting to give the garbage collector a chance.


      *** ../vim-7.2.185/src/eval.c 2009-05-16 17:29:37.000000000 +0200
      --- src/eval.c 2009-05-22 20:04:22.000000000 +0200
      ***************
      *** 129,136 ****
      --- 129,139 ----
      /*
      * When recursively copying lists and dicts we need to remember which ones we
      * have done to avoid endless recursiveness. This unique ID is used for that.
      + * The last bit is used for previous_funccal, ignored when comparing.
      */
      static int current_copyID = 0;
      + #define COPYID_INC 2
      + #define COPYID_MASK (~0x1)

      /*
      * Array to hold the hashtab with variables local to each sourced script.
      ***************
      *** 439,444 ****
      --- 442,448 ----
      static void list_remove __ARGS((list_T *l, listitem_T *item, listitem_T *item2));
      static char_u *list2string __ARGS((typval_T *tv, int copyID));
      static int list_join __ARGS((garray_T *gap, list_T *l, char_u *sep, int echo, int copyID));
      + static int free_unref_items __ARGS((int copyID));
      static void set_ref_in_ht __ARGS((hashtab_T *ht, int copyID));
      static void set_ref_in_list __ARGS((list_T *l, int copyID));
      static void set_ref_in_item __ARGS((typval_T *tv, int copyID));
      ***************
      *** 6494,6507 ****
      int
      garbage_collect()
      {
      ! dict_T *dd;
      ! list_T *ll;
      ! int copyID = ++current_copyID;
      buf_T *buf;
      win_T *wp;
      int i;
      funccall_T *fc, **pfc;
      ! int did_free = FALSE;
      #ifdef FEAT_WINDOWS
      tabpage_T *tp;
      #endif
      --- 6498,6510 ----
      int
      garbage_collect()
      {
      ! int copyID;
      buf_T *buf;
      win_T *wp;
      int i;
      funccall_T *fc, **pfc;
      ! int did_free;
      ! int did_free_funccal = FALSE;
      #ifdef FEAT_WINDOWS
      tabpage_T *tp;
      #endif
      ***************
      *** 6511,6520 ****
      --- 6514,6538 ----
      may_garbage_collect = FALSE;
      garbage_collect_at_exit = FALSE;

      + /* We advance by two because we add one for items referenced through
      + * previous_funccal. */
      + current_copyID += COPYID_INC;
      + copyID = current_copyID;
      +
      /*
      * 1. Go through all accessible variables and mark all lists and dicts
      * with copyID.
      */
      +
      + /* Don't free variables in the previous_funccal list unless they are only
      + * referenced through previous_funccal. This must be first, because if
      + * the item is referenced elsewhere it must not be freed. */
      + for (fc = previous_funccal; fc != NULL; fc = fc->caller)
      + {
      + set_ref_in_ht(&fc->l_vars.dv_hashtab, copyID + 1);
      + set_ref_in_ht(&fc->l_avars.dv_hashtab, copyID + 1);
      + }
      +
      /* script-local variables */
      for (i = 1; i <= ga_scripts.ga_len; ++i)
      set_ref_in_ht(&SCRIPT_VARS(i), copyID);
      ***************
      *** 6546,6556 ****
      /* v: vars */
      set_ref_in_ht(&vimvarht, copyID);

      /*
      ! * 2. Go through the list of dicts and free items without the copyID.
      */
      for (dd = first_dict; dd != NULL; )
      ! if (dd->dv_copyID != copyID)
      {
      /* Free the Dictionary and ordinary items it contains, but don't
      * recurse into Lists and Dictionaries, they will be in the list
      --- 6564,6610 ----
      /* v: vars */
      set_ref_in_ht(&vimvarht, copyID);

      + /* Free lists and dictionaries that are not referenced. */
      + did_free = free_unref_items(copyID);
      +
      + /* check if any funccal can be freed now */
      + for (pfc = &previous_funccal; *pfc != NULL; )
      + {
      + if (can_free_funccal(*pfc, copyID))
      + {
      + fc = *pfc;
      + *pfc = fc->caller;
      + free_funccal(fc, TRUE);
      + did_free = TRUE;
      + did_free_funccal = TRUE;
      + }
      + else
      + pfc = &(*pfc)->caller;
      + }
      + if (did_free_funccal)
      + /* When a funccal was freed some more items might be garbage
      + * collected, so run again. */
      + (void)garbage_collect();
      +
      + return did_free;
      + }
      +
      + /*
      + * Free lists and dictionaries that are no longer referenced.
      + */
      + static int
      + free_unref_items(copyID)
      + int copyID;
      + {
      + dict_T *dd;
      + list_T *ll;
      + int did_free = FALSE;
      +
      /*
      ! * Go through the list of dicts and free items without the copyID.
      */
      for (dd = first_dict; dd != NULL; )
      ! if ((dd->dv_copyID & COPYID_MASK) != (copyID & COPYID_MASK))
      {
      /* Free the Dictionary and ordinary items it contains, but don't
      * recurse into Lists and Dictionaries, they will be in the list
      ***************
      *** 6565,6576 ****
      dd = dd->dv_used_next;

      /*
      ! * 3. Go through the list of lists and free items without the copyID.
      ! * But don't free a list that has a watcher (used in a for loop), these
      ! * are not referenced anywhere.
      */
      for (ll = first_list; ll != NULL; )
      ! if (ll->lv_copyID != copyID && ll->lv_watch == NULL)
      {
      /* Free the List and ordinary items it contains, but don't recurse
      * into Lists and Dictionaries, they will be in the list of dicts
      --- 6619,6631 ----
      dd = dd->dv_used_next;

      /*
      ! * Go through the list of lists and free items without the copyID.
      ! * But don't free a list that has a watcher (used in a for loop), these
      ! * are not referenced anywhere.
      */
      for (ll = first_list; ll != NULL; )
      ! if ((ll->lv_copyID & COPYID_MASK) != (copyID & COPYID_MASK)
      ! && ll->lv_watch == NULL)
      {
      /* Free the List and ordinary items it contains, but don't recurse
      * into Lists and Dictionaries, they will be in the list of dicts
      ***************
      *** 6584,6603 ****
      else
      ll = ll->lv_used_next;

      - /* check if any funccal can be freed now */
      - for (pfc = &previous_funccal; *pfc != NULL; )
      - {
      - if (can_free_funccal(*pfc, copyID))
      - {
      - fc = *pfc;
      - *pfc = fc->caller;
      - free_funccal(fc, TRUE);
      - did_free = TRUE;
      - }
      - else
      - pfc = &(*pfc)->caller;
      - }
      -
      return did_free;
      }

      --- 6639,6644 ----
      ***************
      *** 18842,18847 ****
      --- 18883,18889 ----
      {
      hash_init(&dict->dv_hashtab);
      dict->dv_refcount = DO_NOT_FREE_CNT;
      + dict->dv_copyID = 0;
      dict_var->di_tv.vval.v_dict = dict;
      dict_var->di_tv.v_type = VAR_DICT;
      dict_var->di_tv.v_lock = VAR_FIXED;
      ***************
      *** 21294,21301 ****
      current_funccal = fc->caller;
      --depth;

      ! /* if the a:000 list and the a: dict are not referenced we can free the
      ! * funccall_T and what's in it. */
      if (fc->l_varlist.lv_refcount == DO_NOT_FREE_CNT
      && fc->l_vars.dv_refcount == DO_NOT_FREE_CNT
      && fc->l_avars.dv_refcount == DO_NOT_FREE_CNT)
      --- 21336,21343 ----
      current_funccal = fc->caller;
      --depth;

      ! /* If the a:000 list and the l: and a: dicts are not referenced we can
      ! * free the funccall_T and what's in it. */
      if (fc->l_varlist.lv_refcount == DO_NOT_FREE_CNT
      && fc->l_vars.dv_refcount == DO_NOT_FREE_CNT
      && fc->l_avars.dv_refcount == DO_NOT_FREE_CNT)
      ***************
      *** 21334,21340 ****

      /*
      * Return TRUE if items in "fc" do not have "copyID". That means they are not
      ! * referenced from anywhere.
      */
      static int
      can_free_funccal(fc, copyID)
      --- 21376,21382 ----

      /*
      * Return TRUE if items in "fc" do not have "copyID". That means they are not
      ! * referenced from anywhere that is in use.
      */
      static int
      can_free_funccal(fc, copyID)


      --
      Why I like vim:
      > I like VIM because, when I ask a question in this newsgroup, I get a
      > one-line answer. With xemacs, I get a 1Kb lisp script with bugs in it ;-)

      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
      /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
      \\\ download, build and distribute -- http://www.A-A-P.org ///
      \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

      --~--~---------~--~----~------------~-------~--~----~
      You received this message from the "vim_dev" maillist.
      For more information, visit http://www.vim.org/maillist.php
      -~----------~----~----~----~------~----~------~--~---
    • Show all 12 messages in this topic