触发问题时,函数位置0x481e00。反汇编后是CodeHeap的largest_free_block函数中的遍历链表的位置。和这个函数有关的BUG有一些,主要都和内存碎片有关

e0ab5f95985a202dcc83d104cb4b8eb9.png

反汇编地址

(gdb) disassemble 0x481e00

Dump of assembler code for function _ZNK8CodeHeap18largest_free_blockEv:

0x0000000000481d88 :stpx29, x30, [sp,#-48]!

0x0000000000481d8c :movx29, sp

0x0000000000481d90 :stpx19, x20, [sp,#16]

0x0000000000481d94 :strx21, [sp,#32]

0x0000000000481d98 :ldrw1, [x0,#248]

0x0000000000481d9c :ldrx20, [x0,#272]

0x0000000000481da0 :movx19, x0

0x0000000000481da4 :lslx20, x20, x1

0x0000000000481da8 :bl0x8180b4 <_znk12virtualspace13reserved_sizeev>

0x0000000000481dac :movx21, x0

0x0000000000481db0 :movx0, x19

0x0000000000481db4 :bl0x8180a4 <_znk12virtualspace14committed_sizeev>

0x0000000000481db8 :ldrx3, [x19,#224]

0x0000000000481dbc :ldrx2, [x19,#256]

0x0000000000481dc0 :ldrw5, [x19,#248]

0x0000000000481dc4 :subx2, x3, x2

0x0000000000481dc8 :ldrx1, [x19,#272]

0x0000000000481dcc :lslx2, x2, x5

0x0000000000481dd0 :subx0, x0, x2

0x0000000000481dd4 :lslx1, x1, x5

0x0000000000481dd8 :subx4, x0, x1

0x0000000000481ddc :subx4, x21, x4

0x0000000000481de0 :subx4, x4, x20

0x0000000000481de4 :cmpx4, x20

0x0000000000481de8 :movx0, x4

0x0000000000481dec :b.cs0x481e1c <_znk8codeheap18largest_free_blockev>

0x0000000000481df0 :ldrx1, [x19,#264]

0x0000000000481df4 :cbzx1, 0x481e2c <_znk8codeheap18largest_free_blockev>

0x0000000000481df8 :movx2, #0x0 // #0

0x0000000000481dfc :ldrx3, [x1]

0x0000000000481e00 :ldrx1, [x1,#16]

0x0000000000481e04 :cmpx2, x3

0x0000000000481e08 :cselx2, x2, x3, cs

0x0000000000481e0c :cbnzx1, 0x481dfc <_znk8codeheap18largest_free_blockev>

0x0000000000481e10 :lslx0, x2, x5

0x0000000000481e14 :cmpx0, x4

0x0000000000481e18 :cselx0, x0, x4, cs

0x0000000000481e1c :ldpx19, x20, [sp,#16]

0x0000000000481e20 :ldrx21, [sp,#32]

0x0000000000481e24 :l

free_sz足够的,但是FreeBlock链表中没有足够长的连续长度。

size_t CodeHeap::largest_free_block() const {

// First check unused space excluding free blocks.

size_t free_sz = size(_free_segments);

size_t unused = max_capacity() - allocated_capacity() - free_sz;

if (unused >= free_sz)

return unused;

// Now check largest free block.

size_t len = 0;

for (FreeBlock* b = _freelist; b != NULL; b = b->link()) {

if (b->length() > len)

len =b->length();

}

return MAX2(unused, size(len));

}

下面是其中一个相关的Bug,解决版本是7u101。

b0b44fba3b5661616da67463503cea83.png

Logo
华为开发者空间

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐

cover

解决AI算法开发和存储难题,华为云DTSE助力文华云技术架构升级

avatar 华为开发者空间
cover

技术共生,商业共赢,华为云携手伙伴开发者共话 AI 新机遇

avatar 华为开发者空间
cover

支持128TB超大存储,GaussDB(for MySQL)如何轻松应对海量数据挑战

avatar 华为开发者空间