We Keep Coding

Fortran memory error on assignment from polymorphic variable

The following code produces a memory error when compiled with recent versions of gfortran (10.3 or later):
module distributed_array
implicit none
type :: darray_segment
integer::rank
integer::offset
integer::length
real(kind=8), allocatable::data(:)
contains
end type darray_segment
type :: darray
type(darray_segment), allocatable::segments(:)
end type darray
contains
function new_darray(segments)
class(darray_segment), intent(in)::segments(:)
type(darray)::new_darray
new_darray%segments = segments
end function new_darray
end module distributed_array
program test_darray
use distributed_array, ONLY: darray, darray_segment, new_darray
implicit none
integer, parameter::np_src = 4
integer, parameter::np_dest = 3
type(darray)::src_darray
type(darray)::dest_darray
type(darray_segment)::src_segments(np_src)
type(darray_segment)::dest_segments(np_dest)
src_darray = new_darray(src_segments)
dest_darray = new_darray(dest_segments)
end program test_darray
The output produced is as follows:
darray_test: malloc.c:2385: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.
Program received signal SIGABRT: Process abort signal.
Backtrace for this error:
#0 0x7f727c59fbf0 in ???
#1 0x7f727c59ee45 in ???
#2 0x7f727c20d83f in ???
at /build/glibc-vjB4T1/glibc-2.28/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
#3 0x7f727c20d7bb in __GI_raise
at ../sysdeps/unix/sysv/linux/raise.c:51
#4 0x7f727c1f8534 in __GI_abort
at /build/glibc-vjB4T1/glibc-2.28/stdlib/abort.c:79
#5 0x7f727c255a67 in __malloc_assert
at /build/glibc-vjB4T1/glibc-2.28/malloc/malloc.c:298
#6 0x7f727c257e6e in sysmalloc
at /build/glibc-vjB4T1/glibc-2.28/malloc/malloc.c:2382
#7 0x7f727c2592c8 in _int_malloc
at /build/glibc-vjB4T1/glibc-2.28/malloc/malloc.c:4133
#8 0x7f727c25a3e2 in __GI___libc_malloc
at /build/glibc-vjB4T1/glibc-2.28/malloc/malloc.c:3049
#9 0x401f10 in __distributed_array_MOD_new_darray
at /test/src/test/darray_tests.F90:23
#10 0x402933 in test_darray
at /test/src/test/darray_tests.F90:44
#11 0x402aaf in main
at /test/src/test/darray_tests.F90:31
The code runs without error when compiled with gfortran 4.9.4 and 10.2, but the above error occurs with versions 10.3 and 11.
The problem appears to be related to the assignment operation new_darray%segments = segments. If I declare segments as type(darray_segment) instead of class(darray_segment), then the program no longer crashes. So apparently the problem is triggered by assignment from a polymorphic variable. Is such assignment supposed to be allowed per the Fortran standard?

Memory corruption in f90

I have the following code.
PROGRAM CTS
implicit none
!C driver for routine fourn
INTEGER NDAT,NDIM
PARAMETER(NDIM=1,NDAT=1024)
INTEGER i,idum,isign,j,k,l,nn(NDIM)
REAL data1(NDAT),data2(NDAT),ran1 ,x,dx
REAL,DIMENSION(:),ALLOCATABLE::F,F1
allocate(F(NDAT),F1(NDAT))
x=1.
dx = (200.-1.)/real(NDAT)
nn(1)=NDAT
do i=1,NDAT
F1(i) =atan(x-100)
x= x + dx
enddo
x=1.
x=1.
isign=1
call fo(F1,nn,1,isign)
open(1,file="zresult.dat",status="replace")
do i=1,NDAT
write(1,*)x,F1(i)*dx
x= x + dx
enddo
stop
END
!!!!!!!!!!!!!!!!!!!!!!!!!!
SUBROUTINE fo(data,nn,ndim,isign)
INTEGER isign,ndim,nn(ndim)
REAL data(*)
INTEGER i1,i2,i2rev,i3,i3rev,ibit,idim,ifp1,ifp2,ip1,ip2,ip3,k1,&
k2,n,nprev,nrem,ntot
REAL tempi,tempr
DOUBLE PRECISION theta,wi,wpi,wpr,wr,wtemp
ntot=1
do 11 idim=1,ndim
ntot=ntot*nn(idim)
11 continue
nprev=1
do 18 idim=1,ndim
n=nn(idim)
nrem=ntot/(n*nprev)
ip1=2*nprev
ip2=ip1*n
ip3=ip2*nrem
i2rev=1
do 14 i2=1,ip2,ip1
if(i2.lt.i2rev)then
do 13 i1=i2,i2+ip1-2,2
do 12 i3=i1,ip3,ip2
i3rev=i2rev+i3-i2
tempr=data(i3)
tempi=data(i3+1)
data(i3)=data(i3rev)
data(i3+1)=data(i3rev+1)
data(i3rev)=tempr
data(i3rev+1)=tempi
12 continue
13 continue
endif
ibit=ip2/2
1 if ((ibit.ge.ip1).and.(i2rev.gt.ibit)) then
i2rev=i2rev-ibit
ibit=ibit/2
goto 1
endif
i2rev=i2rev+ibit
14 continue
ifp1=ip1
2 if(ifp1.lt.ip2)then
ifp2=2*ifp1
theta=isign*6.28318530717959d0/(ifp2/ip1)
wpr=-2.d0*sin(0.5d0*theta)**2
wpi=sin(theta)
wr=1.d0
wi=0.d0
do 17 i3=1,ifp1,ip1
do 16 i1=i3,i3+ip1-2,2
do 15 i2=i1,ip3,ifp2
k1=i2
k2=k1+ifp1
tempr=sngl(wr)*data(k2)-sngl(wi)*data(k2+1)
tempi=sngl(wr)*data(k2+1)+sngl(wi)*data(k2)
data(k2)=data(k1)-tempr
data(k2+1)=data(k1+1)-tempi
data(k1)=data(k1)+tempr
data(k1+1)=data(k1+1)+tempi
15 continue
16 continue
wtemp=wr
wr=wr*wpr-wi*wpi+wr
wi=wi*wpr+wtemp*wpi+wi
17 continue
ifp1=ifp2
goto 2
endif
nprev=n*nprev
18 continue
return
END
!!!!!!!!!!!
The problem is If I do not allocate F1 and put REAL F1(NDAT), the code runs without any problem, but when I allocate F1 I will get the following error
I have tried all possibilities to understand what is happening -fcheck=all etc. it seems memory corruption.
*** Error in `./out': free(): invalid next size (normal): 0x088a7f20 ***
Program received signal SIGABRT: Process abort signal.
Backtrace for this error:
#0 0xB76BE133
#1 0xB76BE7D0
#2 0xB77C73FF
#3 0xB77C7424
#4 0xB74E4686
#5 0xB74E7AB2
#6 0xB751EFD2
#7 0xB75294C9
#8 0xB752A13C
#9 0xB7777607
#10 0xB776EECF
#11 0xB776EFB9
#12 0xB76BDA93
#13 0xB77D733B
#14 0xB74E9230
#15 0xB74E928C
#16 0xB76C09E7
#17 0x80496D4 in cts at z2.f90:33
Aborted (core dumped)
Could you please help me to find out where the problem is.
Thank you so much

If you move the END after the subroutine, put CONTAINS before the subroutine to make it internal the program, change assumed size array
data(*)
to assumed shape array
data(:)
(just using data(NDAT) would also help)
then you can compile your code as
gfortran-7 -Wall -Wno-unused-variable -fcheck=all memcorr.f90
and get clear message
> ./a.out
At line 63 of file memcorr.f90
Fortran runtime error: Index '1025' of dimension 1 of array 'data' above upper bound of 1024
That means your are accessing your array out of bounds.
Line 63 is:
data(i3)=data(i3rev)
so i3 or i3rev is too large (larger than NDAT). You must find out why and fix that.
The point is: use explicit interfaces, assumed shape arrays and all other Fortran 90 stuff that will help you find bugs.
The best thing is to use modules for all your subroutines and functions.

Received message "Program received signal SIGSEGV: Segmentation fault - invalid memory reference"

I'm currenlty learning modern Fortran, I use the TDM-GCC compiler on Windows 10 64bit.
After compiling correcly my code, I received this message when trying to run the output .exe
Program received signal SIGSEGV: Segmentation fault - invalid memory reference.
Backtrace for this error:
#0 ffffffffffffffff
#1 ffffffffffffffff
#2 ffffffffffffffff
#3 ffffffffffffffff
#4 ffffffffffffffff
#5 ffffffffffffffff
#6 ffffffffffffffff
#7 ffffffffffffffff
#8 ffffffffffffffff
#9 ffffffffffffffff
#10 ffffffffffffffff
#11 ffffffffffffffff
#12 ffffffffffffffff
#13 ffffffffffffffff
#14 ffffffffffffffff
#15 ffffffffffffffff
#16 ffffffffffffffff
#17 ffffffffffffffff
#18 ffffffffffffffff
I understood the problem may be caused by reading I/O files. Here's the code (it's not mine, it's from the course teacher, he told me it's a runtime error, but has no idea why I get the error while reading a file):
program golden_ratio
! experiments with the golden ratio iterative relation
implicit none
integer, parameter :: rk = kind(1.0d0)
real(rk) :: phi, phi_old
real(rk) :: phi_start, tol
integer :: i, max_iter
open(11,FILE='goldenfile.in',STATUS='old')
read(11,*) phi_start, tol, max_iter
close(11)
! how I wrote the input file
! 5.0
! 0.0001
! 1000
phi_old = phi_start
do i=1,max_iter
phi = 1.0d0/phi_old + 1.0d0
if (abs(phi - phi_old) < tol) exit
phi_old = phi
end do
open(12,FILE='goldenfile.out',STATUS='replace')
write(12,100) 'Start value:',phi_start
write(12,100) 'Tolerance:',tol
write(12,'(2(A," ",I11," "))') 'Ended at iteration:', i, 'of', max_iter
write(12,100) 'Final value:',phi
close(12)
print *, 'Output file created'
100 format(A," ",F13.10)
end program golden_ratio
So this problem occurs when I try to open the input file 'goldenfile.in' (which is present in the same directory, defined as I wrote in the commented section, obviously it doesn't contain the comment marks).
It also occurs when I forgo using the input file, and I try to overwrite the output file 'goldenfile.out' after having obtained it a first time. Using 'replace' or not doesn't change the situation.
The strange thing is that the compilation goes right.

Segfault when using time.h

Ok I've been trying just about everything I know to get this program to stop crashing, but I just can't see why. I was able to isolate the problem to code with ctime, and just made a small program to demonstrate what's wrong. This code compiles without a problem.
#include<iostream>
#include<ctime>
int main();
time_t getDay(time_t t);
int diffDay(time_t end,time_t begin);
int main()
{
time_t curTime=time(NULL); //Assign current time
time_t curDay=getDay(curTime); //Assign beginning of day
time_t yesterday=curDay-16*60*60; //Assign a time that's within yesterday
time_t dif=diffDay(curTime,yesterday); //Assign how many days are between yesterday and curTime
std::cout << "Cur Time: " << curTime << '\n'
<< "Cur Day: " << curDay << '\n'
<< "Yes Day: " << dif << '\n' << std::flush;
char a;
std::cin >> a; ///Program crashes after here.
return 0;
}
///Get beginning of day that t is a part of
time_t getDay(time_t t)
{
//Get current time
struct tm* loctim=localtime(&t);
if(loctim==0)
return 0;
//Set loctim to beginning of day
loctim->tm_sec=0;
loctim->tm_min=0;
loctim->tm_hour=0;
//Create a int from the new time
int reval=mktime(loctim);
//Free memory
delete loctim;
return reval;
}
///Calculate how many days are between begin and end
int diffDay(time_t end,time_t begin)
{
time_t eDay=getDay(end); //Get beginning of day end is a part of
time_t bDay=getDay(begin); //Get beginning of day begin is a part of
time_t dif=(eDay-bDay)/(24*60*60); //Get how many days (86400 seconds)
return dif;
}
Here is some text I got from debugging.
Call Stack
#0 77BC3242 ntdll!LdrLoadAlternateResourceModuleEx() (C:\Windows\system32\ntdll.dll:??)
#1 00000000 0x6d067ad3 in ??() (??:??)
#2 00000000 0x00000018 in ??() (??:??)
#3 77BC3080 ntdll!LdrLoadAlternateResourceModuleEx() (C:\Windows\system32\ntdll.dll:??)
#4 00000000 0x00000018 in ??() (??:??)
#5 77C60FCB ntdll!TpCheckTerminateWorker() (C:\Windows\system32\ntdll.dll:??)
#6 00000000 0x007f0000 in ??() (??:??)
#7 00000000 0x50000163 in ??() (??:??)
#8 00000000 0x00000018 in ??() (??:??)
#9 77C1AC4B ntdll!RtlReAllocateHeap() (C:\Windows\system32\ntdll.dll:??)
#10 00000000 0x007f0000 in ??() (??:??)
#11 00000000 0x50000163 in ??() (??:??)
#12 00000000 0x00000018 in ??() (??:??)
#13 77BC3080 ntdll!LdrLoadAlternateResourceModuleEx() (C:\Windows\system32\ntdll.dll:??)
#14 00000000 0x00000018 in ??() (??:??)
#15 769A9D45 msvcrt!malloc() (C:\Windows\syswow64\msvcrt.dll:??)
#16 769AF5D3 strcpy_s() (C:\Windows\syswow64\msvcrt.dll:??)
#17 769B2B18 open_osfhandle() (C:\Windows\syswow64\msvcrt.dll:??)
#18 00000000 0x00000018 in ??() (??:??)
#19 769B3C7D msvcrt!_get_fmode() (C:\Windows\syswow64\msvcrt.dll:??)
#20 769BA6A0 msvcrt!_fsopen() (C:\Windows\syswow64\msvcrt.dll:??)
#21 00000000 0xc3458a06 in ??() (??:??)
#22 00000000 0x00000000 in ??() (??:??)
Also here's another call stack from the same build.
#0 77BE708C ntdll!RtlTraceDatabaseLock() (C:\Windows\system32\ntdll.dll:??)
#1 00000000 0x6ccdaf66 in ??() (??:??)
#2 00000000 0x00000000 in ??() (??:??)
Is it some special build option? I was using -std=c++0x but decided to try the program without it and it still crashed. Thanks for any help, I've been trying to fix this all day.

I think that the problem is here:
struct tm* loctim=localtime(&t);
delete loctim;
localtime returns a pointer to a static buffer. You shall not free it. This is causing an "undefined behaviour". i.e. some data are put into an inconsistent state and may cause crash at another place of program which may seem not to be directly related to the problem.

A nice way to find such problems is to run the program under valgrind. It gives you very accurate information about what is going wrong -
vlap:~/src $ valgrind ./a.out
==29314== Memcheck, a memory error detector
==29314== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==29314== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==29314== Command: ./a.out
==29314==
==29314== Invalid free() / delete / delete[] / realloc()
==29314== at 0x4C29E6C: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29314== by 0x400D2A: getDay(long) (test.cpp:44)
==29314== by 0x400BEE: main (test.cpp:11)
==29314== Address 0x59f5560 is 0 bytes inside data symbol "_tmbuf"
==29314==
==29314== Invalid free() / delete / delete[] / realloc()
==29314== at 0x4C29E6C: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29314== by 0x400D2A: getDay(long) (test.cpp:44)
==29314== by 0x400D4D: diffDay(long, long) (test.cpp:52)
==29314== by 0x400C13: main (test.cpp:13)
==29314== Address 0x59f5560 is 0 bytes inside data symbol "_tmbuf"
==29314==
==29314== Invalid free() / delete / delete[] / realloc()
==29314== at 0x4C29E6C: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29314== by 0x400D2A: getDay(long) (test.cpp:44)
==29314== by 0x400D5D: diffDay(long, long) (test.cpp:53)
==29314== by 0x400C13: main (test.cpp:13)
==29314== Address 0x59f5560 is 0 bytes inside data symbol "_tmbuf"
==29314==
Cur Time: 1395580379
Cur Day: 1395529200
Yes Day: 1
a
==29314==
==29314== HEAP SUMMARY:
==29314== in use at exit: 0 bytes in 0 blocks
==29314== total heap usage: 12 allocs, 15 frees, 1,846 bytes allocated
==29314==
==29314== All heap blocks were freed -- no leaks are possible
==29314==
==29314== For counts of detected and suppressed errors, rerun with: -v
==29314== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 3 from 3)

You cant use delete, which is a c++ operator, to free the result of localtime() which doesnt use c++ memory management. In any case, you dont actually need to release the value returned by localtime.

You can use the cmd or the terminal to get the time in a file on cmd: echo %time% > time.txt and on linux terminal: date > time.txt
You can run the commsnd with: system(command)
And than you read the file.

Writing to vector beyond size causes panic [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have the following simple C++ program that uses the vector container from STL
1
2 #include <iostream>
3 #include <vector>
4
5 using namespace std;
6
7 #define SIZE 10
8
9 int main()
10 {
11 vector<int> v(SIZE);
12
13 // for (int i = 0; i < SIZE; i++)
14 // for (int i = 0; i < SIZE + 1; i++)
15 for (int i = 0; i < SIZE + 2; i++)
16 v[i] = i * i;
17
18 for (int i = 0; i < SIZE; i++)
19 cout << v[i] << " ";
20 cout << endl;
21
22 return 0;
23 }
When I uncomment line (a), all is good.
When I enable line (b), I don't get an error/panic. I am guessing this is because vector class dose not do bound checking, and the code is writing to memory on stack it should not be. Right?
However, when I enable line (c), I get a panic. Why am I getting a panic, when the code is writing to an additional int on the stack? But more oddly, the backtrace says the panic occurred on line 22? I figured the panic should have happened on line 16. Can someone please help me understand.
(gdb) bt
#0 0x00007fd1494fe475 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007fd1495016f0 in *__GI_abort () at abort.c:92
#2 0x00007fd14953952b in __libc_message (do_abort=<optimized out>, fmt=<optimized out>)
at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x00007fd149542d76 in malloc_printerr (action=3, str=0x7fd14961b190 "free(): invalid next size (fast)",
ptr=<optimized out>) at malloc.c:6283
#4 0x00007fd149547aac in *__GI___libc_free (mem=<optimized out>) at malloc.c:3738
#5 0x0000000000401098 in __gnu_cxx::new_allocator<int>::deallocate (this=0x7fff792fc320, __p=0x1370010)
at /usr/include/c++/4.7/ext/new_allocator.h:100
#6 0x0000000000400fc2 in std::_Vector_base<int, std::allocator<int> >::_M_deallocate (this=0x7fff792fc320, __p=0x1370010,
__n=10) at /usr/include/c++/4.7/bits/stl_vector.h:175
#7 0x0000000000400e3d in std::_Vector_base<int, std::allocator<int> >::~_Vector_base (this=0x7fff792fc320,
__in_chrg=<optimized out>) at /usr/include/c++/4.7/bits/stl_vector.h:161
#8 0x0000000000400d28 in std::vector<int, std::allocator<int> >::~vector (this=0x7fff792fc320, __in_chrg=<optimized out>)
at /usr/include/c++/4.7/bits/stl_vector.h:404
#9 0x0000000000400bbb in main () at ./main.cc:22
Thank you,
Ahmed.

Writing beyond the bounds of your vector causes undefined behaviour. Anything could happen. In your case, it looks like in case (c) that you overwrite some of the memory allocator's bookkeeping information, which causes a crash when your vector's destructor tries to free memory at the end of the function.