Skip to content

[Bioc-devel] Segfault/Valgrind/bgx

5 messages · Martin Morgan, Seth Falcon, Ernest Turro +1 more

Original
Ernest Turro
# 
Dear all,

my package ( svn co https://hedgehog.fhcrc.org/bioconductor/trunk/ 
madman/Rpacks/bgx ) segfaults sometimes. I say sometimes because, for  
instance, on lamb1 it doesn't, and on wellington it does, on my own  
machine it doesn't - except if I run it through valgrind...). When I  
run the code as a standalone binary, there are no segfaults. Anyway,  
the problem according to valgrind's stack trace appears to be in  
libR.so - not directly in my own C code. I think it occurs when calling:

   # bgx/R/mcmc.R:36
   # free allocated memory on user interrupt/end of simulation
   on.exit(.C("freeBGXMemory", as.integer(out.ind), as.integer 
(numberGenesToWatch), PACKAGE = "bgx"))

Specifically, when calling as.integer(numberGenesToWatch).

The relevant part of valgrind's stack trace is below. The full trace  
is below that. Does anyone have any ideas? I've been debugging for  
quite a while and I really don't know what more to do..

Many thanks!

#######

==15885== Conditional jump or move depends on uninitialised value(s)
==15885==    at 0x4105D34: Rf_allocVector (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113194: Rf_usemethod (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113668: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DA74E: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9A1D: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x408C17D: Rf_endcontext (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCEDF: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==
==15885== Use of uninitialised value of size 4
==15885==    at 0x4105D44: Rf_allocVector (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113194: Rf_usemethod (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113668: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DA74E: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9A1D: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x408C17D: Rf_endcontext (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCEDF: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4105D44: Rf_allocVector (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113194: Rf_usemethod (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113668: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DA74E: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9A1D: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x408C17D: Rf_endcontext (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCEDF: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0x8 is not stack'd, malloc'd or (recently) free'd

*** caught segfault ***
address 0x8, cause 'memory not mapped'

Traceback:
1: as.integer(numberGenesToWatch)
2: mcmc.bgx(pm, mm, samplesets, probesets, numberOfCategories,  
categories,     unknownProbeSeqs, numberOfUnknownProbeSeqs,  
numberOfGenesToWatch,     genesToWatch, firstProbeInEachGeneToWatch,  
iter, burnin,     adaptive, output = output, samplenames = sampleNames 
(aData),     basepath = basepath)
3: bgx(Dilution, samplesets = c(2, 2), probeAff = FALSE, burnin =  
1024,     iter = 1024, genes = c(12500:12549), output = "all")
aborting ...
==15885==
==15885== ERROR SUMMARY: 21 errors from 14 contexts (suppressed: 197  
from 1)
==15885== malloc/free: in use at exit: 54,925,394 bytes in 20,541  
blocks.
==15885== malloc/free: 241,570 allocs, 221,029 frees, 133,688,648  
bytes allocated.
==15885== For counts of detected errors, rerun with: -v
==15885== searching for pointers to 20,541 not-freed blocks.
==15885== checked 52,933,860 bytes.




#################
######
###### Full trace below
######
#################

et04 at fh-et04:~/Desktop$ R -d "valgrind --tool=memcheck --leak- 
check=full" --vanilla < /usr/local/lib/R/site-library/bgx/R-ex/bgx.R
==15885== Memcheck, a memory error detector.
==15885== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et  
al.
==15885== Using LibVEX rev 1658, a library for dynamic binary  
translation.
==15885== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==15885== Using valgrind-3.2.1-Debian, a dynamic binary  
instrumentation framework.
==15885== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et  
al.
==15885== For more details, rerun with: -v
==15885==
==15885== Syscall param socketcall.send(msg) points to uninitialised  
byte(s)
==15885==    at 0x40007F2: (within /lib/ld-2.5.so)
==15885==    by 0x440FF66: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x440DE43: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x440E157: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x439CF24: getpwuid_r (in /lib/tls/i686/cmov/ 
libc-2.5.so)
==15885==    by 0x439C867: getpwuid (in /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x4137B13: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DAEE6: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0xBEA56143 is on thread 1's stack
==15885==
==15885== Syscall param socketcall.send(msg) points to uninitialised  
byte(s)
==15885==    at 0x40007F2: (within /lib/ld-2.5.so)
==15885==    by 0x440FF66: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x440E206: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x440E6D7: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x439BA14: getgrgid_r (in /lib/tls/i686/cmov/ 
libc-2.5.so)
==15885==    by 0x439B167: getgrgid (in /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x4137B74: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DAEE6: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0xBEA56112 is on thread 1's stack
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014770: (within /lib/ld-2.5.so)
==15885==    by 0x4005B69: (within /lib/ld-2.5.so)
==15885==    by 0x4007995: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0x5488678 is 40 bytes inside a block of size 43  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4006EB4: (within /lib/ld-2.5.so)
==15885==    by 0x40078D9: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)

R version 2.5.0 (2007-04-23)
Copyright (C) 2007 The R Foundation for Statistical Computing
ISBN 3-900051-07-0

R is free software and comes with ABSOLUTELY NO WARRANTY.
You are welcome to redistribute it under certain conditions.
Type 'license()' or 'licence()' for distribution details.

   Natural language support but running in an English locale

R is a collaborative project with many contributors.
Type 'contributors()' for more information and
'citation()' on how to cite R or R packages in publications.

Type 'demo()' for some demos, 'help()' for on-line help, or
'help.start()' for an HTML browser interface to help.
Type 'q()' to quit R.

==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014787: (within /lib/ld-2.5.so)
==15885==    by 0x4005B69: (within /lib/ld-2.5.so)
==15885==    by 0x4007995: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0x4EBB90C is 44 bytes inside a block of size 47  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4006EB4: (within /lib/ld-2.5.so)
==15885==    by 0x40078D9: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014759: (within /lib/ld-2.5.so)
==15885==    by 0x4005B69: (within /lib/ld-2.5.so)
==15885==    by 0x4007995: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0x4A87224 is 36 bytes inside a block of size 39  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4006EB4: (within /lib/ld-2.5.so)
==15885==    by 0x40078D9: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
 > ### Name: bgx
 > ### Title: Fully Bayesian integrated approach to the analysis of  
Affymetrix
 > ###   GeneChip data
 > ### Aliases: bgx standalone.bgx
 > ### Keywords: manip
 >
 > ### ** Examples
 > library(bgx)
Loading required package: Biobase
Loading required package: tools

Welcome to Bioconductor

     Vignettes contain introductory material. To view, type
     'openVignette()' or start with 'help(Biobase)'. For details
     on reading vignettes, see the openVignette help page.

Loading required package: affy
Loading required package: affyio
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014787: (within /lib/ld-2.5.so)
==15885==    by 0x44133D2: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x4413639: _dl_sym (in /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x45EFDE7: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFD72: dlsym (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x42114D6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x404503B: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4045517: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==  Address 0x518DE7C is 12 bytes inside a block of size 14  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4044FFA: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4045517: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DAEE6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
Loading required package: gcrma
Loading required package: matchprobes
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014743: (within /lib/ld-2.5.so)
==15885==    by 0x44133D2: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x4413639: _dl_sym (in /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x45EFDE7: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFD72: dlsym (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x42114D6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x404503B: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4045517: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==  Address 0x4C62ED8 is 16 bytes inside a block of size 19  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4044FFA: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4045517: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DAEE6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014787: (within /lib/ld-2.5.so)
==15885==    by 0x400D2A9: (within /lib/ld-2.5.so)
==15885==    by 0x4009812: (within /lib/ld-2.5.so)
==15885==    by 0x44133D2: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x4413639: _dl_sym (in /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x45EFDE7: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFD72: dlsym (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x42114D6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x404503B: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4045517: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0x4BF67C4 is 60 bytes inside a block of size 62  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4006EB4: (within /lib/ld-2.5.so)
==15885==    by 0x40078D9: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
Loading required package: splines
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014743: (within /lib/ld-2.5.so)
==15885==    by 0x4005B69: (within /lib/ld-2.5.so)
==15885==    by 0x4007995: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0x52573E0 is 48 bytes inside a block of size 50  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4006EB4: (within /lib/ld-2.5.so)
==15885==    by 0x40078D9: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014743: (within /lib/ld-2.5.so)
==15885==    by 0x400D2A9: (within /lib/ld-2.5.so)
==15885==    by 0x4009812: (within /lib/ld-2.5.so)
==15885==    by 0x44133D2: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x4413639: _dl_sym (in /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x45EFDE7: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFD72: dlsym (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x42114D6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x404503B: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4045517: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0x52573E0 is 48 bytes inside a block of size 50  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4006EB4: (within /lib/ld-2.5.so)
==15885==    by 0x40078D9: (within /lib/ld-2.5.so)
==15885==    by 0x4010D94: (within /lib/ld-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x40108ED: (within /lib/ld-2.5.so)
==15885==    by 0x45EFC2C: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFB63: dlopen (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x4211515: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4044EB8: (within /usr/lib/R/lib/libR.so)
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4014770: (within /lib/ld-2.5.so)
==15885==    by 0x44133D2: (within /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x4413639: _dl_sym (in /lib/tls/i686/cmov/libc-2.5.so)
==15885==    by 0x45EFDE7: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x400CFA5: (within /lib/ld-2.5.so)
==15885==    by 0x45F02AB: (within /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x45EFD72: dlsym (in /lib/tls/i686/cmov/libdl-2.5.so)
==15885==    by 0x42114D6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x404503B: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4045517: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==  Address 0x4FBD070 is 8 bytes inside a block of size 11  
alloc'd
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x4044FFA: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4045517: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DAEE6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
 >   if(require(affydata) && require(hgu95av2cdf)) {
+     data(Dilution)
+     eset <- bgx(Dilution, samplesets=c(2,2), probeAff=FALSE,  
burnin=1024, iter=1024,
+       genes=c(12500:12549), output="all")
+   }
Loading required package: affydata
Loading required package: hgu95av2cdf
Analysing 4 array(s) in 2 condition(s):
         - condition 1: 2 array(s)
         - condition 2: 2 array(s)
Analysing genes  12500:12549
Starting MCMC simulation...
1024 burnin sweeps completed.
1024 post burn-in sweeps completed.
MCMC duration: 0h 36m 7s
==15885==
==15885== Conditional jump or move depends on uninitialised value(s)
==15885==    at 0x4105D34: Rf_allocVector (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113194: Rf_usemethod (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113668: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DA74E: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9A1D: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x408C17D: Rf_endcontext (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCEDF: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==
==15885== Use of uninitialised value of size 4
==15885==    at 0x4105D44: Rf_allocVector (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113194: Rf_usemethod (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113668: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DA74E: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9A1D: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x408C17D: Rf_endcontext (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCEDF: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==
==15885== Invalid read of size 4
==15885==    at 0x4105D44: Rf_allocVector (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113194: Rf_usemethod (in /usr/lib/R/lib/libR.so)
==15885==    by 0x4113668: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DA74E: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9A1D: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x408C17D: Rf_endcontext (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCEDF: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==  Address 0x8 is not stack'd, malloc'd or (recently) free'd

*** caught segfault ***
address 0x8, cause 'memory not mapped'

Traceback:
1: as.integer(numberGenesToWatch)
2: mcmc.bgx(pm, mm, samplesets, probesets, numberOfCategories,  
categories,     unknownProbeSeqs, numberOfUnknownProbeSeqs,  
numberOfGenesToWatch,     genesToWatch, firstProbeInEachGeneToWatch,  
iter, burnin,     adaptive, output = output, samplenames = sampleNames 
(aData),     basepath = basepath)
3: bgx(Dilution, samplesets = c(2, 2), probeAff = FALSE, burnin =  
1024,     iter = 1024, genes = c(12500:12549), output = "all")
aborting ...
==15885==
==15885== ERROR SUMMARY: 21 errors from 14 contexts (suppressed: 197  
from 1)
==15885== malloc/free: in use at exit: 54,925,394 bytes in 20,541  
blocks.
==15885== malloc/free: 241,570 allocs, 221,029 frees, 133,688,648  
bytes allocated.
==15885== For counts of detected errors, rerun with: -v
==15885== searching for pointers to 20,541 not-freed blocks.
==15885== checked 52,933,860 bytes.
==15885==
==15885==
==15885== 88 bytes in 22 blocks are definitely lost in loss record 27  
of 64
==15885==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==15885==    by 0x40216AA: realloc (vg_replace_malloc.c:306)
==15885==    by 0x417F049: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x417F1B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4180C62: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4180DE1: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x4181716: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x406A73F: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x411030D: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DB986: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==
==15885==
==15885== 556 bytes in 1 blocks are possibly lost in loss record 32  
of 64
==15885==    at 0x4021A55: operator new[](unsigned)  
(vg_replace_malloc.c:195)
==15885==    by 0x637A121: bgx (bgx.cc:263)
==15885==    by 0x40AD099: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9BBA: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DAEE6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==
==15885==
==15885== 572 bytes in 1 blocks are possibly lost in loss record 33  
of 64
==15885==    at 0x4021A55: operator new[](unsigned)  
(vg_replace_malloc.c:195)
==15885==    by 0x6379CDF: bgx (bgx.cc:249)
==15885==    by 0x40AD099: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9BBA: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DAEE6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==
==15885==
==15885== 1,108 bytes in 1 blocks are possibly lost in loss record 40  
of 64
==15885==    at 0x4021A55: operator new[](unsigned)  
(vg_replace_malloc.c:195)
==15885==    by 0x637A3C4: bgx (bgx.cc:270)
==15885==    by 0x40AD099: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9BBA: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DAEE6: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DCF36: Rf_applyClosure (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40D97A7: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==    by 0x40DC5B7: (within /usr/lib/R/lib/libR.so)
==15885==    by 0x40D9941: Rf_eval (in /usr/lib/R/lib/libR.so)
==15885==
==15885== LEAK SUMMARY:
==15885==    definitely lost: 88 bytes in 22 blocks.
==15885==      possibly lost: 2,236 bytes in 3 blocks.
==15885==    still reachable: 54,923,070 bytes in 20,516 blocks.
==15885==         suppressed: 0 bytes in 0 blocks.
==15885== Reachable blocks (those to which a pointer was found) are  
not shown.
==15885== To see them, rerun with: --show-reachable=yes
Segmentation fault (core dumped)
Martin Morgan
# 
Ernest,

I wonder if the problem comes from writing to your C variable dirname
in bgx.cc:243 ?

At the risk of spreading mis-information, from looking at the code for
.C, in src/main/dotcode.c:do_dotCode and RObjToCPtr, it looks like
what happens is that 'gobbledigook' is copied to dirname[0], with
allocation for strlen(gobbledigook)+1 space; you'll then overwite this
with the return path, and bad things happen when the return path is
longer than gobbledigook.

Perhaps pass the return path in from R?

Hope that helps,

Martin

Ernest Turro <ernest.turro at ic.ac.uk> writes:

  
    

      
      
    

  


  


      

    

    

      
      

        


  

        

      Seth Falcon
    

    

      
      #
    

  


  

      
Hi Martin, Ernest,

Martin Morgan <mtmorgan at fhcrc.org> writes:

            

      
      
      
    

        
Nice catch, Martin.  I think there is a real issue there.
Overwritting the char* buffer is a problem, but you won't always see a
crash because it depends on what you overwrite.  Below are extracts
from a small test package that can be used to demonstrate this.

Now, while we are taking a look at bgx, one comment for Ernest:

   R provides nice random number and statistical distribution
   functions and you might consider using them (instead of
   bgx/src/qnorm.c, for example) -- at least when running as an R
   package.  I encourage you to consider using .Call instead of .C as
   you will have a lot more control over the inputs and what you
   return to R.


+ seth

### hello.R ###

    hello <- function(x) {
        .C("dotc_hello", x=as.character(x),
           out="HELLO1234",
           PACKAGE="hello")$out
    }

### hello.c ###

    #include <stdio.h>
    #include <string.h>
    #include <Rinternals.h>
    #include <R_ext/Rdynload.h>
    
    void dotc_hello(char **name, char **out);
    
    static const R_CMethodDef cMethods[] = {
        {"dotc_hello", (DL_FUNC)&dotc_hello, 2},
        {NULL, NULL, 0}
    };
    
    void R_init_hello(DllInfo *info)
    {
      R_registerRoutines(info, cMethods, NULL, NULL, NULL);
    }
    
    void dotc_hello(char **name, char **out)
    {
        int nprinted, navail;
        navail = strlen(out[0]);
        nprinted = sprintf(out[0], "hello, %s", name[0]);
        if (nprinted > navail) {
            Rprintf("used %d, but only %d available\n", nprinted, navail);
        }
    }

            

      
      
      
    

        

      
      
    

        

  
    

      
      
    

  


  


      

    

    

      
      

        


  

        

      Ernest Turro
    

    

      
      #
    

  


  

      
Hi Martin, Seth,

        
On 6 May 2007, at 18:45, Seth Falcon wrote:

        

            

      
      
      
    

        
Thanks so much - that was indeed it. In the past, the dirname string  
was "run.1", "run.2", etc... so in practice no more than 5 characters  
long. But just before the package was accepted, I had to change it to  
file.path(tempdir(),"bgx") by default, thus making it potentially a  
lot longer. I forgot to increase the length of of dirname  
apporpriately. Well spotted - thank you!

            

      
      
      
    

        
Thanks Seth. I'll definitely look into this for the next release.

Cheers,

Ernest

            

      
      
      
    

        

      
      
    

            

      
      
      
    

  
  


  


      

    

    
1 day later

    

      
      

        


  

        

      Hervé Pagès
    

    

      
      #
    

  


  

      
Hi Ernest,

Maybe you want to use snprintf() instead of sprintf(), that would be _much_ safer!

Cheers,
H.

        
Ernest Turro wrote: