flori/amatch

Segfault with REE on Linux and Mac OS X

jlecour opened this issue · 43 comments

Hi,

I've been using AMatch for 2 years, with a regular MRI 1.8.7 in production, but with versions 2.0.5 and 2.0.7, I have SEGFAULTs on a regular basis when running with REE.

I thought it was happening only with Debian 64 bits, but recently I've had some with a 32 bits Ubuntu and now also with Mac OS X (10.6.8).

There is a more detailed ticket in the REE issue tracker : http://code.google.com/p/rubyenterpriseedition/issues/detail?id=71

Tell me if there is anything I can do to help solving this very annoying thing.

Besides that, I'm very happy with AMatch. Thanks for maintaining it.

Can you send me a code example that causes this behaviour and/or the core file that is dumped?

I've not been able to pin down the code that is causing this. I typically have a lot of background jobs where I use Amatch for soma string comparisons. Once in a while (maybe after a a hundred jobs processed, maybe after more than a thousand) it crashes.

I don't know either how to get the core dump. In my console or in the logs, I get a line saying that REE crashed, but nothing more.

If you know what I can do, tell me, I'll do it.

Thanks.

@jlecour, is it possible you're using amatch in a threaded environment? Or with EventMachine?

@flori is amatch supposed to be thread-safe?

All these segfaults mention pthread. They are from ruby 1.9.2-p180 running on heroku celadon cedar:

https://gist.github.com/8b4e3a1cd1da5472ffa4

@seamusabshere I pretty sure that my code is not threaded. It's a Rails 2.3 app, running on REE 1.8.7

@flori is there any other debugging information I can get you?

I've attached a gdb session to a rake command (a delayed_job worker, running jobs that use Amatch) which sometimes triggers a SEGFAULT.

gdb prints :

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000011
st_foreach (table=0x109a0d140, func=0x10003d990 <mark_keyvalue>, arg=0) at st.c:487
487         retval = (*func)(ptr->key, ptr->record, arg);

I don't know if this is relevant to my issue since I know absolutely nothing about gdb and don't know how to continue after this (hitting c print the same thing again and again).

I'd be more than happy to help debug this further if I had some instructions.

It is related to my issue. If I terminate the gdb session, the ruby process exit, showing the SEGFAULT message.

should be using xfree() rather than free() to free any memory alloced with ALLOC() or ALLOC_N(). those ALLOC functions do more than just a malloc(), and xfree() is the correct complement for them (or so it seems, i haven't dug that deeply - i spent enough time worming my way through macro-land in this gem's source)

this will likely fix all your segfaults. it fixed mine. please fix this so we can use a working version in production.

sorry, that was incorrect. it was another change i made in the caller - i was using the JaroWinkler matcher and noticed the segfaults occured in the xfree call at the end in the FREE_STRINGS macro (which is actually a correct xfree() call).

to stop the segfault, i used ignore_case=false and downcased the strings in ruby to avoid the if clause altogether. this likely won't apply for the other posters, but i'll debug the c a bit further tomorrow and post again if there is anything worth mentioning.

@redbeardenterprises if you write a .patch that I can easily apply, I might be able to test it with my code base.

the patch wouldn't fix your problem, it didn't end up fixing mine. it is definitely a problem that those ALLOC calls aren't matched with xfree. if you grep gc.c in ruby source for CALC_EXACT_MALLOC_SIZE you'll see that those calls alloc an extra size_t above than the size requested and tack a header on the allocated block which indicates the size of the allocation. they also track the allocated memory within the GC context. this means that an unmatched free would free the wrong pointer (without doing the decrement) which would normally blow the heap immediately, the problem wouldn't be sporadic. thus it's unlikely that any of us are actually using ruby interpreters where CALC_EXACT_MALLOC_SIZE was enabled during compilation. when it's not enabled, free will work normally.

this does not mean those frees shouldn't be fixed, they should still be changed to xfree() calls. i'm digging into the gem a bit further now.

don't have much more time to spend on this, will either use another gem (fuzzy-string-match works for me since i'm using the jaro metric) or roll my own implementation, which would likely be faster than debugging this one.

That's too bad. I really thought there was something here.

Thanks for having tried.

I'm also getting a segfault, but without REE. I'm just using default ruby-1.9.2-p290 with RVM on Mac. I can send whatever other details are required as well. I had to drop back to version 0.2.5 before I was able to stop my app from faulting.

http://pastebin.com/fkgXKx16

In case it could be useful to anyone who understand that gibberish :


Process:         ruby [70993]
Path:            /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/bin/ruby
Identifier:      ruby
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  zsh [23903]

Date/Time:       2012-01-19 15:55:35.883 +0100
OS Version:      Mac OS X 10.6.8 (10K549)
Report Version:  6

Interval Since Last Report:          308908 sec
Crashes Since Last Report:           7
Per-App Crashes Since Last Report:   5
Anonymous UUID:                      A4CCA252-FD66-4334-A088-0A8A8D6E9568

Exception Type:  EXC_BAD_ACCESS (SIGABRT)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000011
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Application Specific Information:
abort() called

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   libSystem.B.dylib               0x00007fff821070b6 __kill + 10
1   libSystem.B.dylib               0x00007fff821a79f6 abort + 83
2   libruby.dylib                   0x0000000100018da1 rb_bug + 241 (error.c:213)
3   libruby.dylib                   0x0000000100088107 0x100003000 + 545031
4   libSystem.B.dylib               0x00007fff821191ba _sigtramp + 26
5   libruby.dylib                   0x000000010008b170 st_foreach + 80 (st.c:487)
6   libruby.dylib                   0x000000010003d6e9 gc_mark_children + 1769 (gc.c:1538)
7   libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
8   libruby.dylib                   0x000000010003d9cc mark_entry + 12 (gc.c:1295)
9   libruby.dylib                   0x000000010008b182 st_foreach + 98 (st.c:488)
10  libruby.dylib                   0x000000010003d6f2 gc_mark_children + 1778 (gc.c:1539)
11  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
12  libruby.dylib                   0x000000010003d5f4 gc_mark_children + 1524 (gc.c:1593)
13  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
14  libruby.dylib                   0x000000010003d9cc mark_entry + 12 (gc.c:1295)
15  libruby.dylib                   0x000000010008b182 st_foreach + 98 (st.c:488)
16  libruby.dylib                   0x000000010003d6e9 gc_mark_children + 1769 (gc.c:1538)
17  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
18  libruby.dylib                   0x000000010003d9cc mark_entry + 12 (gc.c:1295)
19  libruby.dylib                   0x000000010008b182 st_foreach + 98 (st.c:488)
20  libruby.dylib                   0x000000010003d6f2 gc_mark_children + 1778 (gc.c:1539)
21  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
22  libruby.dylib                   0x000000010003d07c gc_mark_children + 124 (gc.c:1533)
23  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
24  libruby.dylib                   0x000000010003d07c gc_mark_children + 124 (gc.c:1533)
25  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
26  libruby.dylib                   0x000000010003d07c gc_mark_children + 124 (gc.c:1533)
27  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
28  libruby.dylib                   0x000000010003d5f4 gc_mark_children + 1524 (gc.c:1593)
29  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
30  libruby.dylib                   0x000000010003d5f4 gc_mark_children + 1524 (gc.c:1593)
31  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
32  libruby.dylib                   0x000000010003d5f4 gc_mark_children + 1524 (gc.c:1593)
33  libruby.dylib                   0x000000010003d8ae rb_gc_mark + 190 (gc.c:1366)
34  libruby.dylib                   0x000000010003dc18 garbage_collect_0 + 200 (gc.c:2103)
35  libruby.dylib                   0x000000010003eaef garbage_collect + 79 (gc.c:2210)
36  libruby.dylib                   0x000000010003ed97 ruby_xmalloc + 279 (gc.c:249)
37  libruby.dylib                   0x0000000100004dc7 ary_new + 55 (array.c:128)
38  libruby.dylib                   0x000000010000987c rb_ary_collect + 60 (array.c:1836)
39  libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
40  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
41  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
42  libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
43  libruby.dylib                   0x00000001000310c2 eval_call + 114 (eval.c:3375)
44  libruby.dylib                   0x0000000100030f5c eval_fcall + 444 (eval.c:3391)
45  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
46  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
47  libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
48  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
49  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
50  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
51  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
52  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
53  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
54  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
55  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
56  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
57  libruby.dylib                   0x00000001000310c2 eval_call + 114 (eval.c:3375)
58  libruby.dylib                   0x0000000100022bd8 rb_eval + 3144 (eval.c:4110)
59  libruby.dylib                   0x000000010002219d rb_eval + 525 (eval.c:3859)
60  libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
61  libruby.dylib                   0x00000001000096c6 rb_ary_select + 150 (array.c:1951)
62  libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
63  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
64  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
65  libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
66  libruby.dylib                   0x00000001000283c7 eval_rescue + 311 (eval.c:3237)
67  libruby.dylib                   0x00000001000222e5 rb_eval + 853 (eval.c:3991)
68  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
69  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
70  libruby.dylib                   0x0000000100030bdb rb_f_send + 139 (eval.c:6357)
71  libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
72  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
73  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
74  libruby.dylib                   0x0000000100022548 rb_eval + 1464 (eval.c:4100)
75  libruby.dylib                   0x000000010002219d rb_eval + 525 (eval.c:3859)
76  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
77  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
78  libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
79  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
80  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
81  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
82  libruby.dylib                   0x0000000100022548 rb_eval + 1464 (eval.c:4100)
83  libruby.dylib                   0x000000010002282d rb_eval + 2205 (eval.c:3910)
84  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
85  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
86  libruby.dylib                   0x0000000100030bdb rb_f_send + 139 (eval.c:6357)
87  libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
88  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
89  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
90  libruby.dylib                   0x000000010002ccd4 block_pass + 868 (eval.c:9341)
91  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
92  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
93  libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
94  libruby.dylib                   0x000000010002ccd4 block_pass + 868 (eval.c:9341)
95  libruby.dylib                   0x00000001000283c7 eval_rescue + 311 (eval.c:3237)
96  libruby.dylib                   0x00000001000222e5 rb_eval + 853 (eval.c:3991)
97  libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
98  libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
99  libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
100 libruby.dylib                   0x0000000100022bd8 rb_eval + 3144 (eval.c:4110)
101 libruby.dylib                   0x000000010002219d rb_eval + 525 (eval.c:3859)
102 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
103 libruby.dylib                   0x0000000100004b7e rb_ary_each + 46 (array.c:1260)
104 libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
105 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
106 libruby.dylib                   0x0000000100030bdb rb_f_send + 139 (eval.c:6357)
107 libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
108 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
109 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
110 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
111 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
112 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
113 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
114 libruby.dylib                   0x000000010002ccd4 block_pass + 868 (eval.c:9341)
115 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
116 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
117 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
118 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
119 libruby.dylib                   0x0000000100022548 rb_eval + 1464 (eval.c:4100)
120 libruby.dylib                   0x000000010002219d rb_eval + 525 (eval.c:3859)
121 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
122 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
123 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
124 libruby.dylib                   0x00000001000310c2 eval_call + 114 (eval.c:3375)
125 libruby.dylib                   0x000000010002282d rb_eval + 2205 (eval.c:3910)
126 libruby.dylib                   0x000000010002219d rb_eval + 525 (eval.c:3859)
127 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
128 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
129 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
130 libruby.dylib                   0x00000001000221dd rb_eval + 589 (eval.c:4086)
131 libruby.dylib                   0x000000010002282d rb_eval + 2205 (eval.c:3910)
132 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
133 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
134 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
135 libruby.dylib                   0x0000000100022548 rb_eval + 1464 (eval.c:4100)
136 libruby.dylib                   0x000000010002282d rb_eval + 2205 (eval.c:3910)
137 libruby.dylib                   0x000000010002219d rb_eval + 525 (eval.c:3859)
138 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
139 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
140 libruby.dylib                   0x0000000100030bdb rb_f_send + 139 (eval.c:6357)
141 libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
142 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
143 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
144 libruby.dylib                   0x0000000100022548 rb_eval + 1464 (eval.c:4100)
145 libruby.dylib                   0x000000010002219d rb_eval + 525 (eval.c:3859)
146 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
147 libruby.dylib                   0x00000001000283c7 eval_rescue + 311 (eval.c:3237)
148 libruby.dylib                   0x00000001000222e5 rb_eval + 853 (eval.c:3991)
149 libruby.dylib                   0x0000000100023ce7 eval_ensure + 231 (eval.c:3291)
150 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
151 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
152 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
153 libruby.dylib                   0x000000010002ccd4 block_pass + 868 (eval.c:9341)
154 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
155 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
156 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
157 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
158 libruby.dylib                   0x000000010002219d rb_eval + 525 (eval.c:3859)
159 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
160 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
161 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
162 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
163 libruby.dylib                   0x00000001000283c7 eval_rescue + 311 (eval.c:3237)
164 libruby.dylib                   0x00000001000222e5 rb_eval + 853 (eval.c:3991)
165 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
166 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
167 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
168 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
169 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
170 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
171 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
172 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
173 libruby.dylib                   0x0000000100004b7e rb_ary_each + 46 (array.c:1260)
174 libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
175 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
176 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
177 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
178 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
179 libruby.dylib                   0x0000000100025d3d proc_invoke + 1181 (eval.c:9043)
180 libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
181 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
182 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
183 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
184 libruby.dylib                   0x0000000100004b7e rb_ary_each + 46 (array.c:1260)
185 libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
186 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
187 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
188 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
189 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
190 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
191 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
192 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
193 libruby.dylib                   0x0000000100023ce7 eval_ensure + 231 (eval.c:3291)
194 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
195 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
196 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
197 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
198 libruby.dylib                   0x00000001000283c7 eval_rescue + 311 (eval.c:3237)
199 libruby.dylib                   0x00000001000222e5 rb_eval + 853 (eval.c:3991)
200 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
201 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
202 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
203 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
204 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
205 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
206 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
207 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
208 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
209 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
210 libruby.dylib                   0x0000000100004b7e rb_ary_each + 46 (array.c:1260)
211 libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
212 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
213 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
214 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
215 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
216 libruby.dylib                   0x00000001000283c7 eval_rescue + 311 (eval.c:3237)
217 libruby.dylib                   0x00000001000222e5 rb_eval + 853 (eval.c:3991)
218 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
219 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
220 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
221 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
222 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
223 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
224 libruby.dylib                   0x0000000100022c93 rb_eval + 3331 (eval.c:4059)
225 libruby.dylib                   0x0000000100024f8f rb_yield_0 + 1135 (eval.c:5239)
226 libruby.dylib                   0x00000001000283c7 eval_rescue + 311 (eval.c:3237)
227 libruby.dylib                   0x00000001000222e5 rb_eval + 853 (eval.c:3991)
228 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
229 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
230 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
231 libruby.dylib                   0x0000000100031a15 eval_iter + 1029 (eval.c:3200)
232 libruby.dylib                   0x0000000100026c03 rb_call0 + 3267 (eval.c:6211)
233 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
234 libruby.dylib                   0x00000001000311ab eval_call + 347 (eval.c:3382)
235 libruby.dylib                   0x00000001000339e4 rb_load + 1492 (eval.c:7200)
236 libruby.dylib                   0x00000001000340b5 rb_f_load + 53 (eval.c:7270)
237 libruby.dylib                   0x0000000100026cac rb_call0 + 3436 (eval.c:6058)
238 libruby.dylib                   0x0000000100026fec rb_call + 188 (eval.c:6309)
239 libruby.dylib                   0x0000000100030eea eval_fcall + 330 (eval.c:3397)
240 libruby.dylib                   0x000000010003520b ruby_exec_internal + 171 (eval.c:1687)
241 libruby.dylib                   0x0000000100035248 ruby_exec + 24 (eval.c:1706)
242 libruby.dylib                   0x0000000100035270 ruby_run + 32 (eval.c:1716)
243 ruby                            0x0000000100000ee4 DYLD-STUB$$exit + 0
244 ruby                            0x0000000100000ea4 start + 52

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x0000000000000078  rcx: 0x00007fff5f50cae8  rdx: 0x0000000000000000
  rdi: 0x0000000000011551  rsi: 0x0000000000000006  rbp: 0x00007fff5f50cb00  rsp: 0x00007fff5f50cae8
   r8: 0x00007fffffe0082c   r9: 0x0000000000000000  r10: 0x00007fff821030fa  r11: 0x0000000000000206
  r12: 0x00007fff7033f250  r13: 0x00007fff5f50cb30  r14: 0x00000001000a9898  r15: 0x0000000000000000
  rip: 0x00007fff821070b6  rfl: 0x0000000000000206  cr2: 0x0000000000000011

Binary Images:
       0x100000000 -        0x100000ff7 +ruby ??? (???) <4E103F75-D42B-14BD-E60A-E24B6F18F8D2> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/bin/ruby
       0x100003000 -        0x1000dbfff +libruby.dylib 1.8.7 (compatibility 1.8.0) <7589947B-408C-2FE4-E265-E2A463785103> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/libruby.dylib
       0x100154000 -        0x100154fff +libsystem_allocator.dylib ??? (???) <86A3E7A6-B947-2918-3570-69D8FB11B4A8> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/libsystem_allocator.dylib
       0x1001ec000 -        0x1001edfff +etc.bundle ??? (???) <3440A153-5CF9-472E-04D9-63F9EDB893C5> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/etc.bundle
       0x1001f2000 -        0x1001f5fff +stringio.bundle ??? (???) <0B5EFDB1-6C7C-F174-A993-3221859612DD> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/stringio.bundle
       0x1001fa000 -        0x1001fafff +rational.bundle ??? (???) <9178BB73-1E95-ECD9-8B45-FA8CEDE8893F> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/rational.bundle
       0x1001fd000 -        0x1001fdff7 +sha1.bundle ??? (???) <AEF3524B-56FA-5527-0D67-4FCC83E4D32B> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/digest/sha1.bundle
       0x1003c4000 -        0x1003dbfff +syck.bundle ??? (???) <1DC7C556-AA8A-825E-B2DD-4ACD4D451202> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/syck.bundle
       0x1003e8000 -        0x1003e9fff +digest.bundle ??? (???) <7384C0C0-D175-C132-BD80-4DDB53DDBAAE> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/digest.bundle
       0x1003ed000 -        0x1003f4fff +zlib.bundle ??? (???) <6C9D743D-4DC0-C5F1-D7B1-6B3748C90F51> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/zlib.bundle
       0x100674000 -        0x100677fff +strscan.bundle ??? (???) <A94B32DE-7442-B471-1D86-875319E52243> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/strscan.bundle
       0x1006aa000 -        0x1006d8ff7 +nkf.bundle ??? (???) <130AA26F-F12B-7067-53FF-8A8965713B30> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/nkf.bundle
       0x1006f2000 -        0x1006fbff7 +bigdecimal.bundle ??? (???) <0E4F412E-E978-CAFD-6FBC-69355146EB16> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/bigdecimal.bundle
       0x100701000 -        0x100703ff7 +iconv.bundle ??? (???) <EA8EAE33-FBCD-C3FE-07A6-5C46385889FC> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/site_ruby/1.8/i686-darwin10.6.0/iconv.bundle
       0x100707000 -        0x100707fef +fast_xs.bundle ??? (???) <97FB4516-833A-3997-ACEB-6842FF459DC7> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/hpricot-0.8.4/lib/fast_xs.bundle
       0x10070a000 -        0x10070dfff +thread.bundle ??? (???) <2BB00B55-5B7D-AD5F-D13B-69B457DD2CC6> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/thread.bundle
       0x100712000 -        0x100723fff +nokogiri.bundle ??? (???) <8CB19E10-5574-3C36-8C83-3A0DDEECDAB0> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/nokogiri-1.5.0/lib/nokogiri/nokogiri.bundle
       0x100735000 -        0x100742fe7  libexslt.0.dylib 9.13.0 (compatibility 9.0.0) <DA37BDEF-8F50-077E-399C-82306BACB3F7> /usr/lib/libexslt.0.dylib
       0x100748000 -        0x10074aff7 +cparse.bundle ??? (???) <6FF64525-C5D2-5181-1915-9B721CA6770B> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/racc/cparse.bundle
       0x10074e000 -        0x100757fff +socket.bundle ??? (???) <239B8641-82D3-FFEA-70DC-683597B77C1F> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/socket.bundle
       0x10075e000 -        0x100793ff7 +openssl.bundle ??? (???) <059D6A91-C826-4EB1-5061-B0DE143675B8> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/openssl.bundle
       0x1007be000 -        0x1007befff +fcntl.bundle ??? (???) <05274276-6985-D330-60AE-6D6B20A81141> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/fcntl.bundle
       0x1007c1000 -        0x1007d5fff +mysql_api.bundle ??? (???) <7B197884-022F-33FF-B9D9-82FBE6000D9B> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/mysql-2.8.1/lib/mysql_api.bundle
       0x1007de000 -        0x1007dfff7 +system_timer_native.bundle ??? (???) <6B540E11-39CD-3A9A-86BA-8DD4B2181353> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/system_timer-1.0/lib/system_timer_native.bundle
       0x1007e2000 -        0x1007f9ff7 +hpricot_scan.bundle ??? (???) <44AD2AB8-93F2-31D1-972B-854845E3D3A8> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/hpricot-0.8.4/lib/hpricot_scan.bundle
       0x1013b0000 -        0x1013b0ff7 +md5.bundle ??? (???) <4A141F73-CF3E-B82B-0833-2A44BF25CA4B> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/digest/md5.bundle
       0x1013b3000 -        0x1013c3fff +curb_core.bundle ??? (???) <AF365507-0ED4-39BE-8378-06EA4BFB69C1> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/curb-0.7.14/lib/curb_core.bundle
       0x1013d2000 -        0x1013d7ff7 +bzip2_ext.bundle ??? (???) <5B20304F-7CD5-3FE6-9E96-9A07A9F02144> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/bzip2-ruby-0.2.7/lib/bzip2_ext.bundle
       0x1013dd000 -        0x1013e3fff +amatch.bundle ??? (???) <A7A70CF3-9C91-362D-A31E-64BFD17BFDB1> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/amatch-0.2.7/lib/amatch.bundle
       0x1013ea000 -        0x1013f3fe7 +yajl.bundle ??? (???) <1D00B119-38FA-32EC-ADDB-307A9269C8EB> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/yajl-ruby-1.0.0/lib/yajl/yajl.bundle
       0x101aea000 -        0x101af0ff7 +hiredis_ext.bundle ??? (???) <C3C7ED11-6E2A-345C-9099-60738DB1B09C> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/hiredis-0.3.1/lib/hiredis/ext/hiredis_ext.bundle
       0x101af8000 -        0x101afafff +readline.bundle ??? (???) <D870F670-C81C-B48B-492F-CA39DD01C4DE> /Users/jlecour/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/i686-darwin10.6.0/readline.bundle
       0x103000000 -        0x10323ffef +libmysqlclient.18.dylib 18.0.0 (compatibility 18.0.0) <EF0C0799-0AF9-3248-8888-C130BDED8C7C> /usr/local/lib/libmysqlclient.18.dylib
       0x104b00000 -        0x104b1fff7 +libxml_ruby.bundle ??? (???) <80630BCA-C8B4-3653-814C-33A9AA404D0C> /Users/jlecour/.rvm/gems/ree-1.8.7-2011.03@dbadmin/gems/libxml-ruby-1.1.3/lib/libxml_ruby.bundle
       0x104b95000 -        0x104bc2fff +libreadline.6.1.dylib 6.1.0 (compatibility 6.0.0) <2E4B2F35-72CC-41CB-5545-55C2B713153D> /usr/local/Cellar/readline/6.1/lib/libreadline.6.1.dylib
    0x7fff5fc00000 -     0x7fff5fc3be0f  dyld 132.1 (???) <29DECB19-0193-2575-D838-CF743F0400B2> /usr/lib/dyld
    0x7fff801a7000 -     0x7fff802befef  libxml2.2.dylib 10.3.0 (compatibility 10.0.0) <1B27AFDD-DF87-2009-170E-C129E1572E8B> /usr/lib/libxml2.2.dylib
    0x7fff802bf000 -     0x7fff80375ff7  libobjc.A.dylib 227.0.0 (compatibility 1.0.0) <03140531-3B2D-1EBA-DA7F-E12CC8F63969> /usr/lib/libobjc.A.dylib
    0x7fff80df2000 -     0x7fff80e04fe7  libsasl2.2.dylib 3.15.0 (compatibility 3.0.0) <76B83C8D-8EFE-4467-0F75-275648AFED97> /usr/lib/libsasl2.2.dylib
    0x7fff81582000 -     0x7fff815bfff7  libssl.0.9.8.dylib 0.9.8 (compatibility 0.9.8) <F743389F-F25A-A77D-4FCA-D6B01AF2EE6D> /usr/lib/libssl.0.9.8.dylib
    0x7fff815c0000 -     0x7fff815fcfe7  libcurl.4.dylib 6.1.0 (compatibility 6.0.0) <1E041185-131C-C237-C250-38BE933A269A> /usr/lib/libcurl.4.dylib
    0x7fff81899000 -     0x7fff81a57fff  libicucore.A.dylib 40.0.0 (compatibility 1.0.0) <4274FC73-A257-3A56-4293-5968F3428854> /usr/lib/libicucore.A.dylib
    0x7fff81f76000 -     0x7fff81f87ff7  libz.1.dylib 1.2.3 (compatibility 1.0.0) <97019C74-161A-3488-41EC-A6CA8738418C> /usr/lib/libz.1.dylib
    0x7fff820b8000 -     0x7fff82279fef  libSystem.B.dylib 125.2.11 (compatibility 1.0.0) <9AB4F1D1-89DC-0E8A-DC8E-A4FE4D69DB69> /usr/lib/libSystem.B.dylib
    0x7fff82372000 -     0x7fff8237efff  libbz2.1.0.dylib 1.0.5 (compatibility 1.0.0) <9AB864FA-9197-5D48-A0EC-EC8330D475FC> /usr/lib/libbz2.1.0.dylib
    0x7fff8252a000 -     0x7fff825e3fff  libsqlite3.dylib 9.6.0 (compatibility 9.0.0) <2C5ED312-E646-9ADE-73A9-6199A2A43150> /usr/lib/libsqlite3.dylib
    0x7fff82a2c000 -     0x7fff82ba3fe7  com.apple.CoreFoundation 6.6.6 (550.44) <BB4E5158-E47A-39D3-2561-96CB49FA82D4> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
    0x7fff837b2000 -     0x7fff837b6ff7  libmathCommon.A.dylib 315.0.0 (compatibility 1.0.0) <95718673-FEEE-B6ED-B127-BCDBDB60D4E5> /usr/lib/system/libmathCommon.A.dylib
    0x7fff837e6000 -     0x7fff83832fff  libauto.dylib ??? (???) <F7221B46-DC4F-3153-CE61-7F52C8C293CF> /usr/lib/libauto.dylib
    0x7fff83c7b000 -     0x7fff83cf8fef  libstdc++.6.dylib 7.9.0 (compatibility 7.0.0) <35ECA411-2C08-FD7D-11B1-1B7A04921A5C> /usr/lib/libstdc++.6.dylib
    0x7fff847a1000 -     0x7fff84899ff7  libiconv.2.dylib 7.0.0 (compatibility 7.0.0) <44AADE50-15BC-BC6B-BEF0-5029A30766AC> /usr/lib/libiconv.2.dylib
    0x7fff84a91000 -     0x7fff84abcff7  libxslt.1.dylib 3.24.0 (compatibility 3.0.0) <8AB4CA9E-435A-33DA-7041-904BA7FA11D5> /usr/lib/libxslt.1.dylib
    0x7fff8519e000 -     0x7fff851ddfef  libncurses.5.4.dylib 5.4.0 (compatibility 5.4.0) <9D53BE03-6D81-D0CB-F657-4E842E69A66A> /usr/lib/libncurses.5.4.dylib
    0x7fff85bce000 -     0x7fff85beffff  libresolv.9.dylib 41.0.0 (compatibility 1.0.0) <9F322F47-0584-CB7D-5B73-9EBD670851CD> /usr/lib/libresolv.9.dylib
    0x7fff86541000 -     0x7fff86660fe7  libcrypto.0.9.8.dylib 0.9.8 (compatibility 0.9.8) <14115D29-432B-CF02-6B24-A60CC533A09E> /usr/lib/libcrypto.0.9.8.dylib
    0x7fff8800b000 -     0x7fff880bbfff  edu.mit.Kerberos 6.5.11 (6.5.11) <085D80F5-C9DC-E252-C21B-03295E660C91> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
    0x7fff89f11000 -     0x7fff8a199fef  com.apple.security 6.1.2 (55002) <015C9A08-3D07-9462-8E91-DB1924349621> /System/Library/Frameworks/Security.framework/Versions/A/Security
    0x7fff8a404000 -     0x7fff8a441fff  com.apple.LDAPFramework 2.0 (120.1) <54A6769E-D7E2-DBE2-EA61-87B9EA355DA4> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
    0x7fff8a46c000 -     0x7fff8a46dff7  com.apple.TrustEvaluationAgent 1.1 (1) <5952A9FA-BC2B-16EF-91A7-43902A5C07B6> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent
    0x7fffffe00000 -     0x7fffffe01fff  libSystem.B.dylib ??? (???) <9AB4F1D1-89DC-0E8A-DC8E-A4FE4D69DB69> /usr/lib/libSystem.B.dylib

Model: MacBookPro5,5, BootROM MBP55.00AC.B03, 2 processors, Intel Core 2 Duo, 2.53 GHz, 8 GB, SMC 1.47f2
Graphics: NVIDIA GeForce 9400M, NVIDIA GeForce 9400M, PCI, 256 MB
Memory Module: global_name
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x8D), Broadcom BCM43xx 1.0 (5.10.131.42.4)
Bluetooth: Version 2.4.5f3, 2 service, 12 devices, 1 incoming serial ports
Network Service: Ethernet, Ethernet, en0
Network Service: AirPort, AirPort, en1
Serial ATA Device: Hitachi HTS545032B9SA02, 298,09 GB
Serial ATA Device: HL-DT-ST DVDRW  GS23N
USB Device: Keyboard Hub, 0x05ac  (Apple Inc.), 0x1006, 0x26200000 / 3
USB Device: Razer 1600dpi Mouse, 0x1532, 0x0001, 0x26210000 / 5
USB Device: Apple Keyboard, 0x05ac  (Apple Inc.), 0x0221, 0x26220000 / 4
USB Device: Internal Memory Card Reader, 0x05ac  (Apple Inc.), 0x8403, 0x26500000 / 2
USB Device: BRCM2046 Hub, 0x0a5c  (Broadcom Corp.), 0x4500, 0x06100000 / 2
USB Device: Bluetooth USB Host Controller, 0x05ac  (Apple Inc.), 0x8213, 0x06110000 / 3
USB Device: Built-in iSight, 0x05ac  (Apple Inc.), 0x8507, 0x24400000 / 2
USB Device: Apple Internal Keyboard / Trackpad, 0x05ac  (Apple Inc.), 0x0237, 0x04600000 / 3
USB Device: IR Receiver, 0x05ac  (Apple Inc.), 0x8242, 0x04500000 / 2

Is it a coincidence that the only two calls to free() are both in pair.c?

ext/pair.c
75:    free(pair_array->pairs);
76:    free(pair_array);

If only I had a test case that always blows up... but maybe somebody knows off the top of their head?

They should be xfrees by now, but it seems I overlooked them in a previous patch. I just released the 0.2.10 version, that should get this right. Maybe enterprise ruby doesn't alias free as xfree and this would explain the REE crashes? Anyway I feel pretty stupid now...

great, thanks, i'll test this right now!

i'm on ruby 1.9.2 (heroku) and was still seeing segfaults on pair_distance_similar.

perhaps this issue should be renamed to "Segfaults"

45db1b4

that appears to have fixed segfaults on Pair Distance for me. thank you!

I've just had a SEGFAULT on the same setup as before, but with Amatch 0.2.10 :-/

I'll tell you if I get more

It is strange! I've just written a small stress test (https://gist.github.com/1770127) and I can't crash it.

But in my real world app, with a very similar use case, it still crashes with 0.2.10.

I'll try to reproduce and let you know.

Running the stress test 4 times yielded 3 different results...

  1. EXC_CRASH (SIGABRT)
  2. EXC_BAD_ACCESS (SIGABRT)
  3. EXC_BAD_ACCESS (SIGABRT)
  4. ran just fine until I killed it

Here are all the crash reports:

https://gist.github.com/1772342

For (2) and (3), I found these lines:

4 libSystem.B.dylib 0x00007fff8429d1ba _sigtramp + 26
5 libruby.1.9.1.dylib 0x0000000100110133 st_free_table + 67 (st.c:255)
6 libruby.1.9.1.dylib 0x0000000100057263 slot_sweep + 1155 (gc.c:2301)
7 libruby.1.9.1.dylib 0x000000010005bfaf garbage_collect + 511 (gc.c:2218)
8 libruby.1.9.1.dylib 0x000000010005c586 vm_xmalloc + 150 (gc.c:729)
9 libruby.1.9.1.dylib 0x000000010010fc25 st_insert + 533 (st.c:463)

@flori maybe we can ask @wyhaines to look at the memory-handling code?

Hey again. You piqued my interest.

I observed failures using 0.2.10 atop MRI 1.9.2-p290 + OS X 10.7.3 using the stress test. Ran several times, most failed, typically in the jaro routines.

Reverted to 0.2.5, could not reproduce. Moved to 0.2.6, reproduced several times, easily. Looked at code, the only interesting thing was the addition of some free calls pulled by Florian from another author.

Forked the code. Removing these frees did help with the issue, though there is nothing wrong with them and they are indeed necessary to prevent a big memory leak.

Turned to Valgrind. Noticed many invalid read/write errors. Moved macros around so I could debug a bit better and when reading through COMPUTE_JARO, noticed this code:

...
high = (i + max_dist < b_len ? i + max_dist : b_len);
for(j = low; j <= high; j++) {
  if (!l[1][j] && a_ptr[i] == b_ptr[j]) {
...

Can cause a buffer overflow since high is limited by b_len, but the arrays l[1] and b_ptr are both of b_len length. Since these arrays are zero-indexed (C language) referring to the jth index will result in an overflow with unpredictable results - particularly in the assignment a couple lines down:

l[1][j] = 1;

Without knowing the Jaro algorithm well I'd hesitate to say that changing the <= to a strict < is the correct solution, but it should stop the oveflows and seems like a reasonable solution for these segfaults.

After changing the <= to a strict < I can no longer reproduce the issue. I've forked and patched the issue in my own repository (@redbeardenterprises/amatch). I'm going to keep using my fork and see if any more trouble arises.

Same issue here, MRI 1.9.2-p290 + OS X 10.7.3. Switching to @redbeardenterprises 's fork resolved the issue for me. Hopefully this is a solution and not just a bandaid :/

Did you have issues with either the Jaro or the Jaro-Winkler algorithm before?

I can't say that my segfaults were specifically due to Jaro or Jarowinkler.

This is my first usage of the gem; We're only using Jaro-Winkler thus far, it seemed to be the one we wanted to use, though I didn't try others. Some members of the team were getting segfaults similar to above.

It seems pretty difficult to find a common pattern in all of these reports, so there might be different causes for the segfaults. Also, if a segfault happens during garbage collection, this might have been caused by a bug in some other ruby extension or ruby itself. The actual reason is sometimes difficult to figure out. I will look into the Jaro-Winkler computation and release a new version soon, though.

We were using Jaro-Winkler and Substring. Substring never gave any problems and Jaro-Winkler did consistently.

I haven't noticed any issues since I've patched it but we're not going to be using heavily for another few days.

I saw segfaults with Pair Distance, but they seem to be fixed after

45db1b4

Haven't tried Jaro Winkler in production (except that I did run @jlecour's stress test, which was NOT fixed by the above commit)

Shoot, the segfaults are still happening with Pair Distance.

https://gist.github.com/8bfe1132e31ba97a3102

As you can see, this is happening on Heroku Celadon Cedar running ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-linux]

Yes, remember I mentioned that unless the interpreter was built with the CALC_EXACT_MALLOC_SIZE, the ALLOC/xfree mismatches wouldn't cause a problem (at least in the version of ruby source I was looking at).

Can you reproduce this without your app? I would be willing to use valgrind to investigate what is happening.

For everyone using Jaro/Jaro-Winkler, I just updated @redbeardenterprises/amatch with the correct solution after reviewing the algorithm.

The strict < is incorrect because the match window becomes lop-sided, shrinking on the positive side of i by 1 element in all cases except those where the match window meets the end of the array.

The two obvious ways to fix the overflow while preserving behavior are:

  • use a strict < and increase high in the non boundary case like this high = (i + max_dist < b_len ? i + max_dist + 1 : b_len);
  • use <= and decrease high in the boundary case like this high = (i + max_dist < b_len ? i + max_dist : b_len - 1);

I chose the latter because it seemed more intuitive. The overflow/segfault should still be fixed (tested with @jelcour's stress test and the test case provided in #5).

As an update, we just used the @redbeardenterprises fork and jaro winkler heavily in our application for hours and observed no segfaults. Previously they presented within minutes - so at least in our case, that overflow appears to have been the main culprit.

Hi, tonight, I had many SEGFAULTs, but one of them gave me more information than usual :

ruby(23463) malloc: *** error for object 0x1135b6be0: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug

It might be useful.
I'm still using REE (2012.03), on Mac OS X 10.6.8, and Amatch 0.2.10

@redbeardenterprises you rock, thanks for the patch, I'm using your branch now :)

@redbeardenterprises can you open a Pull Request for that?

👍 for a pull-request and a new release

Since this morning, I've been running some tasks that use intensively Amatch, and every few minutes I've had a segfault.
I've changed my code to use @redbeardenterprises fork/patch, and I've not had a single segfault yet.

Have a look: https://rubygems.org/gems/amatch/versions/0.2.11 I have just merged the @redbeardenterprise changes and released a new version.

Thanks guys, I missed the message from @felipecsl over the holiday. Was going to do the pull request but you beat me to it!

No, worries, I am much worse than you in this regard. ;)

Thanks to everyone involved in this epic issue. I'm really glad we have finally got it fixed.