CCS C Software and Maintenance Offers
FAQFAQ   FAQForum Help   FAQOfficial CCS Support   SearchSearch  RegisterRegister 

ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

CCS does not monitor this forum on a regular basis.

Please do not post bug reports on this forum. Send them to CCS Technical Support
Misbehaving malloc and free functions?

 
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion
View previous topic :: View next topic  
Author Message
A.Agiannidis



Joined: 04 Jun 2005
Posts: 2

View user's profile Send private message

Misbehaving malloc and free functions?
PostPosted: Fri Jun 10, 2005 5:30 am     Reply with quote
Hi all,

THE TASK:

in my attempt to dynamically create a list of custom structures representing messages to be sent out, i wrote this piece of code. I defined a struct List and a struct Message. The intention was to create a linked list.

THE PROBLEM:

calling malloc returns a pointer to an address (say 0x48). I then initialise the elements (locations 0x48, 0x49). I then call free with pointer pointing to 0x48 but when I trace the memory management code it attempts to free a node starting from 0x42. Anyone knows why? Also if you check the memory map below you will see that nodes are not created in consecutive memory locations. malloc will give me addresses like 48,53,5B etc. However, the size of the structure message is only 5 bytes long so I would expect to get locations like 43, 48, 4C etc.

The problem was realised when attempting to push it to the limits and use the whole available memory. For a couple of calls to malloc you cant see any problem. But once you have created a list with say 10 nodes and then attempt to free them, although creating them gives no problems, freeing the memory brings a problem that crashes mplab at almost the start of the process.

Any thoughts?

THE CODE:

Code:
#include <16F876.h>
#include <STDLIBM.h>
#use delay(clock=4000000)
#fuses XT,WDT,NOPROTECT,PUT,BROWNOUT, NOLVP
#use rs232(baud=9600,xmit=PIN_C6,bits=8,parity=N,stream=rs232
#use i2c(SLAVE,SCL=PIN_C3,SDA=PIN_C4,ADDRESS=0xd2,RESTART_WDT,FORCE_HW,FAST)


   struct LiFIFOBuffer{
      int16 firstmsg;
      int16 lastmsg;
      int8 msgcount;
   } Lififo;

   struct    LiMessage {
      int byte1;
      int byte2;
      int wantsreply;
      int16 nextmessage;
   } ;

void addNewEntry(struct LiMessage *ptrNewMessage)
{
   struct LiMessage *lastMsg;

   if (Lififo.msgcount==0)
   {
      Lififo.firstmsg = ptrNewMessage;
      Lififo.lastmsg = ptrNewMessage;
   }
   else
   {
      lastMsg = Lififo.lastmsg;
      lastMsg->nextmessage = ptrNewMessage;
      Lififo.lastmsg = ptrNewMessage;
   }

   Lififo.msgcount++;
}

int16 getAndRemoveEntry()
{
   struct LiMessage *firstMsg;

   if (Lififo.msgcount==0)
   {
      Lififo.firstmsg = 0x00;
      Lififo.lastmsg = 0x00;
      return 0;
   }

   firstMsg = Lififo.firstmsg;
   Lififo.firstmsg = firstmsg->nextmessage;
   Lififo.msgcount--;

   return firstMsg;
}


int16 newMessage(int a, int b, int c)
{
   struct LiMessage *ptrMsg;
   
   ptrMsg = malloc(sizeof(struct LiMessage));
   ptrMsg->byte1 = 0x0a;
   ptrMsg->byte2 = 0x0b;
   ptrMsg->wantsreply = 0x0c;
   ptrMsg->nextmessage = 0x0000;

   return ptrMsg;
}

void main()
{
int16 *ptrMsg;
//struct LiMessage *ptrMsg;

     
   ptrMsg = (struct LiMessage*) malloc(sizeof(struct LiMessage));
         // At this point ptrMsg = 0x0047

         // Filling memory locations 0x0048, 0x0049
   ((struct LiMessage*) ptrMsg)->byte1 = 0x77;     
   ((struct LiMessage*) ptrMsg)->byte2 = 0x77;

         // calling free. ptrMsg still points at 0x0047.
         // see what happens bellow inside the free function in STDLIBM
   free((struct LiMessage*) ptrMsg);

   lififo.firstmsg = 0;
   lififo.lastmsg =0 ;
   lififo.msgcount =0;   

   for ([censored]=1;[censored]<10;[censored]++)
   {
      ptrMsg = newMessage([censored],[censored]+1,[censored]+2);
      addNewEntry(ptrMsg);
   }

   [censored] = 1;

   for ([censored]=1;[censored]<10;[censored]++)
   {
      ptrMsg = getAndRemoveEntry();
      free(ptrMsg);
   }

}


void free( void * ptr)
{
   node_t *node,*temp;
   long nsize,nextsize;


   // ptr is still 0x0047
   if(ptr==NULL) // not a valid pointer
      return;
   else
   {
      // At this point node goes back to 0x0042. Why is that?
      node=ptr-sizeof(node_t);
      if(bit_test(node->size,pos))// node occupied
      {
         nsize=node->size-csize;
         update_node(node,nsize);
         ptr=NULL;

      }
      else // wrong input, return
      {
         ptr=NULL;
         return;
      }
   }
   traverse();
}

Nodes have been created at locations:

4B, 53,5B, 63, 6B, A3, AB, B3.

When attempting to free the node in memory location AB MPLAB crashes inside the

void remove_node(node_t *node) {// remove the given node from the memlist
   node_t *ptr;

[color=red]  for(ptr=__DYNAMIC_HEAD;ptr->next!=node;++ptr);[/color]

   ptr->next=node->next;
   node=NULL;
}


 Address  00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F      ASCII     

   0000   -- 00 F4 1B 4E 00 00 00 -- -- 00 00 00 00 00 00 -...N... --......
   0010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   0020   48 00 53 00 BB 00 08 4B 00 01 4B 00 B3 00 0B BB H.S....K ..K.....
   0030   00 05 00 B8 00 C0 00 35 00 B8 00 C0 00 10 00 10 .......5 ........
   0040   00 2D C0 00 C0 00 00 00 85 50 00 0A 0B 0C 53 00 .-...... .P....S.
   0050   85 58 00 0A 0B 0C 5B 00 85 60 00 0A 0B 0C 63 00 .X....[. .`....c.
   0060   85 68 00 0A 0B 0C 6B 00 85 A0 00 0A 0B 0C A3 00 .h....k. ........
   0070   00 00 00 00 00 00 00 00 4B 00 00 00 00 00 00 00 ........ K.......
   0080   -- FF F4 1B 4E 3F FF FF -- -- 00 00 00 00 00 -- -...N?.. --.....-
   0090   -- 00 FF 00 00 -- -- -- 02 00 -- -- 07 00 00 07 -....--- ..--....
   00A0   85 A8 00 0A 0B 0C AB 00 85 B0 00 0A 0B 0C B3 00 ........ ........
   00B0   85 B8 00 0A 0B 0C BB 00 85 C0 00 0A 0B 0C 00 00 ........ ........
   00C0   2D 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 -....... ........
   00D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   00E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   00F0   00 00 00 00 00 00 00 00 4B 00 00 00 00 00 00 00 ........ K.......
   0100   -- 00 F4 1B 4E -- 00 -- -- -- 00 00 00 00 00 00 -...N-.- --......
   0110   5D 90 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ]....... ........
   0120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   0130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   0140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   0150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   0160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   0170   00 00 00 00 00 00 00 00 4B 00 00 00 00 00 00 00 ........ K.......
   0180   -- FF F4 1B 4E -- FF -- -- -- 00 00 00 00 -- -- -...N-.- --....--
   0190   56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 V....... ........
   01A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   01B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   01C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   01D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   01E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
   01F0   00 00 00 00 00 00 00 00 4B 00 00 00 00 00 00 00 ........ K.......




    treitmey



    Joined: 23 Jan 2004
    Posts: 1094
    Location: Appleton,WI USA

    View user's profile Send private message Visit poster's website

    PostPosted: Fri Jun 10, 2005 8:12 am     Reply with quote
    This won't compile for me.
    Guest
    PostPosted: Fri Jun 10, 2005 12:07 pm     Reply with quote
    Please do not include the free function towards the end of the code. The code ends at the end of the main function. The Free() function is put there as an example of where things go wrong (I think) in the stdlibm file. If you are trying to run the code in a different PIC make sure you comment out the #use rs232 and #use i2c directives as your hardware may not support that. Many thanks. Let me know what you found.

    COMPILER VERSION: 3.212
    HARDWARE: PIC16F876A
    Display posts from previous:   
    Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion All times are GMT - 6 Hours
    Page 1 of 1

     
    Jump to:  
    You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot vote in polls in this forum


    Powered by phpBB © 2001, 2005 phpBB Group