Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

segfault in shift_remainders() when empty_index < start_index #9

Open
koadman opened this issue Jul 4, 2019 · 6 comments
Open

segfault in shift_remainders() when empty_index < start_index #9

koadman opened this issue Jul 4, 2019 · 6 comments

Comments

@koadman
Copy link

koadman commented Jul 4, 2019

I've been experiencing segfaults in shift_remainders(), and it seems to be happening because the value of empty_index is less than start_index, when called from line 1372 (from within insert1()).
I'm just getting started with cqf and it's quite possible that I've misunderstood something in the API. The keys I'm inserting to the QFs should all be within the allowable range, and I am not storing values, just keys. I've enabled auto resizing, and these crashes are happening during qf_resize_malloc.
Am I doing something wrong, or is this a bug?
@prashantpandey
Copy link
Member

Hi @koadman ,

Could you please share the code to reproduce the bug?

Thanks,
Prashant

@koadman
Copy link
Author

koadman commented Jul 4, 2019

Hi Prashant thanks for the quick reply. I've had some difficulty isolating the exact same conditions from the rest of the codebase I'm working on but have now found two small-ish test cases that reproduce what look like a very similar or possibly the same issue.
The first is given in cqf_debug.cpp, which I am building as:

g++ cqf_debug.cpp  -o cqf_debug -O0 -g3 -I. /home/koadman/software/cqf/obj/*.o -std=c++11 -I/home/koadman/software/cqf/include/ -pthread -lz -lssl -lcrypto -lm

with gcc version 5.4.0 20160609 on intel x64.
When I run it I see:

gdb ./cqf_debug
...
Reading symbols from ./cqf_debug...done.
(gdb) r keys_1.txt keys_2.txt 
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Resizing the CQF.
Resizing the CQF.
Resizing the CQF.
Resizing the CQF.

Program received signal SIGSEGV, Segmentation fault.
0x00000000004036a1 in shift_remainders (qf=0x7fffffffd8d0, start_index=7692, empty_index=7680) at src/gqf.c:711
711			*REMAINDER_WORD(qf, last_word) = shift_into_b(*REMAINDER_WORD(qf, last_word-1),
(gdb) bt
#0  0x00000000004036a1 in shift_remainders (qf=0x7fffffffd8d0, start_index=7692, empty_index=7680) at src/gqf.c:711
#1  0x0000000000405717 in insert1 (qf=0x7fffffffd8d0, hash=493509468, runtime_lock=4 '\004') at src/gqf.c:1372
#2  0x000000000040746b in qf_insert (qf=0x7fffffffd8d0, key=493509468, value=0, count=1, flags=4 '\004') at src/gqf.c:1922
#3  0x00000000004017f4 in main (argc=3, argv=0x7fffffffde08) at cqf_debug.cpp:44

The interesting thing is that if I comment out the code block that creates and loads keys to the first QF, then the 2nd QF does not segfault. Possibly there is some global or file-scoped variable that's creating an unexpected dependency between the two QFs?
cqf_debug.cpp.gz
keys_2.txt.gz
keys_1.txt.gz

@koadman
Copy link
Author

koadman commented Jul 4, 2019

The second, possibly related problem I have isolated into a small test example happens when merging two QFs. As above, compiling with:

g++ cqf_debug2.cpp  -o cqf_debug2 -O0 -g3 -I. /home/koadman/software/cqf/obj/*.o -std=c++11 -I/home/koadman/software/cqf/include/ -pthread -lz -lssl -lcrypto -lm

and running:

gdb ./cqf_debug2
...
Reading symbols from ./cqf_debug2...done.
(gdb) r
...

Program received signal SIGSEGV, Segmentation fault.
0x0000000000403c1b in run_end (qf=0x7fffffffdc60, hash_bucket_index=80) at src/gqf.c:601
601					runend_block_offset = bitselectv(get_block(qf,
(gdb) bt
#0  0x0000000000403c1b in run_end (qf=0x7fffffffdc60, hash_bucket_index=80) at src/gqf.c:601
#1  0x0000000000406544 in insert (qf=0x7fffffffdc60, hash=330765, count=16, runtime_lock=9 '\t') at src/gqf.c:1444
#2  0x0000000000407eb0 in qf_insert (qf=0x7fffffffdc60, key=330765, value=0, count=16, flags=9 '\t') at src/gqf.c:1924
#3  0x000000000040a0a6 in qf_multi_merge (qf_arr=0x621c20, nqf=2, qfr=0x7fffffffdc60) at src/gqf.c:2498
#4  0x00000000004018ba in merger (cqf1="cqf_2.1", cqf2="cqf_2.2", cqf_out="cqf_2.merged") at cqf_debug2.cpp:27
#5  0x0000000000401af7 in main (argc=1, argv=0x7fffffffde28) at cqf_debug2.cpp:36
(gdb)

cqf_debug2.cpp.gz
cqf_1.1.gz
cqf_1.2.gz
cqf_2.1.gz
cqf_2.2.gz
(the above files need to be unzipped first of course)

interestingly, I see a similar behavior as before, where if I comment out the merge of the first two QFs then the 2nd merge is able to complete successfully, otherwise it segfaults.

@koadman
Copy link
Author

koadman commented Aug 6, 2019

quick update: i still have these problems. I have been able to work around them by doing two things:

  1. only insert to a single CQF per program invocation
  2. avoid CQF auto-resizing

of course a solution that eliminates the segfault would be preferable!

@kylebd99
Copy link

Hey,
I had this same issue, and I think it derives from some reliance on the buffer's state. I changed the malloc call for the filter's buffer to a calloc call and this issue disappeared.

@koadman
Copy link
Author

koadman commented Sep 10, 2019

cool! maybe send a pull request?

robymetallo added a commit to robymetallo/cqf that referenced this issue Feb 12, 2020
@robymetallo
Merged fix proposed here splatlab#9
a645a2f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@koadman @prashantpandey @kylebd99