Hello Johannes,
On Tue, Mar 13, 2018 at 11:01:02AM +0100, Johannes Kliemann wrote:
I have sent this mail before but it was timed unfortunately and got lost in the 18.02 release.
Sorry for leaving you in the lurch! I read your last posting but was distracted in the middle of my investigation.
While testing the IO_MEM session on Linux with ACPI I noticed that the acpi_drv segfaults when freeing its io memory on repos/os/src/drivers/acpi/acpi.cc:1304 [1]. The crash happens then in repos/base/include/base/allocator.h:319 [2] at
operator delete (obj, dealloc);
I noticed that this is called many times without problems but not from free_io_mem. Unfortunately I have to admit that my C++ knowledge is insufficient to really grasp what happens in this expression. Is there any difference in how io memory is freed or should there be any (at least on Linux)?
The intention of free_io_mem() is to free all Io_mem objects which were accumulated in previous calls to phys_to_virt(). Those objects reside in the _heap and must therefore be delete'd, which means all destructors are executed and memory is deallocated. The unanswered question is: What is the reason for the segmentation fault as delete should always work? Is it a dangling pointer in Io_mem (incl. its members)?
Do you have any chance to run GDB on the target platform to produce a backtrace or investigate online? Did you try to instrument the destructors of Io_mem and its aggregated objects?
Sorry that I have more questions than answers but you see me in the dark currently.
Greets