debugging budgetting [was: devel questions]
Chris Shoemaker
c.shoemaker at cox.net
Thu Sep 30 15:45:13 EDT 2004
On Sat, Sep 18, 2004 at 06:41:25PM -0400, Derek Atkins wrote:
> Chris Shoemaker <c.shoemaker at cox.net> writes:
>
> > Later, I'll rerun with larger --num-callers.
> >
> > Oddly, it doesn't SEGV under valgrind. Is that normal?
>
> Yes. Valgrind is going to keep the memory alive so it wont segv...
> But yes, this is definitely a double-free. Most likely there's two
> hooks that destroy the object, one the gtk_container and the other is
> some other free-hook. Increasing the --num-callers would definitely
> help.
Which gives:
<< snipped a bunch of earlier, unrelated (I believe) errors >>
==7799== Use of uninitialised value of size 4
==7799== at 0x1BCDF3F2: g_hash_table_lookup (in /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BE61084: qof_collection_lookup_entity (qofid.c:210)
==7799== by 0x1BE3973B: gnc_budget_lookup (gnc-budget.c:511)
==7799== by 0x1C755A1D: gnc_budget_list_tree_model_event_handler (gnc-budget-list-tree-model.c:502)
==7799== by 0x1BE4D45F: gnc_engine_generate_event_internal (gnc-event.c:188)
==7799== by 0x1BE4D4C9: gnc_engine_gen_event (gnc-event.c:211)
==7799== by 0x1BE38D36: gnc_budget_new (gnc-budget.c:89)
==7799== by 0x1BD814CB: create_budget_druid (druid-budget-create.c:259)
==7799== by 0x1BD81919: gnc_budget_druid_create (druid-budget-create.c:323)
==7799== by 0x1BD689B1: new_button_clicked (dialog-budget-list.c:163)
==7799== by 0x1BCA8120: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93C1F: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA7C24: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6BE6: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6EE3: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1C363214: gtk_button_clicked (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C36422A: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BCA8120: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93FB6: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93C1F: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA744D: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6BE6: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6EE3: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1C363164: gtk_button_released (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C3640AA: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C420663: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BC93FB6: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93C1F: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA7654: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA69BD: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.400.6)
Creating dummy category. Budget 0x1dc03450
Adding inflow category...
Adding outflow category...
NumCols: 8
Creating new Category... Budget: 0x1dc03450
(gnucash:7799): Gtk-CRITICAL **: file gtkentry.c: line 3643 (gtk_entry_set_text): assertion `text != NULL' failed
(gnucash:7799): Gtk-CRITICAL **: file gtkentry.c: line 3643 (gtk_entry_set_text): assertion `text != NULL' failed
Related Accouts: 0
(gnucash:7799): GLib-GObject-WARNING **: invalid cast from `GncTreeModelAccount' to `GtkTreeModelSort'
(gnucash:7799): Gtk-CRITICAL **: file gtktreemodelsort.c: line 2016 (gtk_tree_model_sort_get_model): assertion `GTK_IS_TREE_MODEL_SORT (tree_model)' failed
==7799==
==7799== Invalid read of size 4
==7799== at 0x1C523312: gtk_widget_get_toplevel (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C522474: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C5225E4: gtk_widget_has_screen (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C3BAE64: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BCECCF2: (within /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCE9931: (within /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCEAA27: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCEAD5F: (within /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCEB3A2: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1C41D212: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BDA603E: gnc_ui_start_event_loop (top-level.c:514)
==7799== by 0x1BC7BBFF: gw__tmp791_gnc_ui_start_event_loop_wrapper (gw-gnc.c:280)
==7799== by 0x1B93340A: scm_ceval (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B931F07: scm_ceval (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B931F07: scm_ceval (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B931E85: scm_ceval (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B93546A: scm_i_eval_x (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B935509: scm_primitive_eval_x (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B9355FE: (within /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B92B4BA: scm_internal_dynamic_wind (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B93566D: scm_eval_x (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B962576: scm_shell (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B949537: (within /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B9494FE: (within /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B94920A: scm_boot_guile (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x804898B: main (in /usr/bin/guile-1.6)
==7799== Address 0x1DF10338 is 56 bytes inside a block of size 100 free'd
==7799== at 0x1B907460: free (vg_replace_malloc.c:153)
==7799== by 0x1BCF02A3: g_free (in /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCAD13A: g_type_free_instance (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC963B0: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC9651E: g_object_run_dispose (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1C43D238: gtk_object_destroy (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C51C6E4: gtk_widget_destroy (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C361CD4: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C39C9CD: gtk_container_foreach (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C39B9CD: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BCA8120: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93FB6: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93C1F: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA7845: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6BE6: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6EE3: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1C43D304: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C52437E: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BC96516: g_object_run_dispose (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1C43D238: gtk_object_destroy (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C51C6E4: gtk_widget_destroy (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C361CD4: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C39C9CD: gtk_container_foreach (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C39B9CD: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BCA8120: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93FB6: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93C1F: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA7845: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6BE6: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6EE3: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799==
==7799== Invalid read of size 1
==7799== at 0x1C522475: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C5225E4: gtk_widget_has_screen (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C3BAE64: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BCECCF2: (within /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCE9931: (within /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCEAA27: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCEAD5F: (within /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCEB3A2: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1C41D212: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BDA603E: gnc_ui_start_event_loop (top-level.c:514)
==7799== by 0x1BC7BBFF: gw__tmp791_gnc_ui_start_event_loop_wrapper (gw-gnc.c:280)
==7799== by 0x1B93340A: scm_ceval (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B931F07: scm_ceval (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B931F07: scm_ceval (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B931E85: scm_ceval (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B93546A: scm_i_eval_x (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B935509: scm_primitive_eval_x (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B9355FE: (within /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B92B4BA: scm_internal_dynamic_wind (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B93566D: scm_eval_x (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B962576: scm_shell (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B949537: (within /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B9494FE: (within /usr/lib/libguile.so.12.3.0)
==7799== by 0x1B94920A: scm_boot_guile (in /usr/lib/libguile.so.12.3.0)
==7799== by 0x804898B: main (in /usr/bin/guile-1.6)
==7799== Address 0x1DF1030C is 12 bytes inside a block of size 100 free'd
==7799== at 0x1B907460: free (vg_replace_malloc.c:153)
==7799== by 0x1BCF02A3: g_free (in /usr/lib/libglib-2.0.so.0.400.6)
==7799== by 0x1BCAD13A: g_type_free_instance (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC963B0: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC9651E: g_object_run_dispose (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1C43D238: gtk_object_destroy (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C51C6E4: gtk_widget_destroy (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C361CD4: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C39C9CD: gtk_container_foreach (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C39B9CD: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BCA8120: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93FB6: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93C1F: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA7845: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6BE6: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6EE3: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1C43D304: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C52437E: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BC96516: g_object_run_dispose (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1C43D238: gtk_object_destroy (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C51C6E4: gtk_widget_destroy (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C361CD4: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C39C9CD: gtk_container_foreach (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1C39B9CD: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==7799== by 0x1BCA8120: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93FB6: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BC93C1F: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA7845: (within /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6BE6: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.400.6)
==7799== by 0x1BCA6EE3: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.400.6)
So, it seems that free of free'd may be the gtk_container's
self-destruction. What's the next step? Figure out exactly which
object is getting destroyed? It's likely something in the "modify
category dialog" since this crash happens when I close that dialog. I
suppose I should be searching for any use of a free-hook. But I don't
know exactly how. Any hints?
-chris
More information about the gnucash-devel
mailing list