Rust: Segfault using `vec!` when running under valgrind

Another code that doesn't crash:

fn main() {
    let mut data = vec![1; 0x2001];
    // or Vec::with_capacity(0x2001)
}

If I read the source correctly, that means the offending part is located within RawVec::with_capacity_zeroed https://github.com/rust-lang/rust/blob/63739ab7b210c1a8c890c2ea5238a3284877daa3/src/liballoc/vec.rs#L1460-L1465

Does valgrind work properly with jemalloc?

Using the system allocator, this doesn't crash:

#![feature(alloc_system, global_allocator, allocator_api)]

extern crate alloc_system;

use alloc_system::System;

#[global_allocator]
static A: System = System;

fn main() {
    let mut data = vec![0; 0x2001];
}

It likely messes with it somehow, quite curiously valgrind reports 32,804 bytes in 2 blocks but we have 0x2001*4 = 32772 and that should be a single block. Where do the remaining bytes come from, does valgrinds alloc prepend/append trace data?

jemalloc does not support valgrind in the sense that its allocations will not be tracked, but I've never seen Valgrind cause it to crash.

There is some code in jemalloc which explicitely works together with Valgrind, informing it about allocations as well as undefined and defined sections (VALGRIND_MALLOCLIKE_BLOCK). Another macro (VALGRIND_FREELIKE_BLOCK) gets called when the block is freed. This is invoked for every one of its internal allocations functions, malloc and calloc alike, for example je_calloc .

Then why are the statistics given by valgrind (see the above comment) not what I'd expect. Notice how valgrind only reports 6 allocations when running with let mut data: Vec<i32> = Vec::with_capacity(0x2001); but reports 7 before the crash with the given code. Somehow that seems very dubious.

@HeroicKatora we don't enable valgrind support when building jemalloc.

jemalloc does not work and it does not intend to work with valgrind; valgrind support was completely removed from jemalloc in version 5.0 (https://github.com/jemalloc/jemalloc/issues/369).

@HeroicKatora valgrind needs a special allocator to work properly, and it appears that it segfaults if the wrong allocator is used. Therefore, valgrind should detect whether the allocator is appropriate, and if it isn't, either emit a nice error message, or workaround this somehow. There is nothing we can do about it from the Rust side, so I think you should report this to valgrind upstream and @Centril can just close this issue here (BTW @Centril how is this unsound? AFAICT it is just a crash. It would be cool if we had a flag to distinguish between unsound stable Rust issues and unsound nightly Rust issues since the unsound flag is being used a lot..).

@HeroicKatora can you try with jemallocator ? That is, by adding this to your Cargo.toml:

[dependencies]
jemallocator = "0.1.9"

and this to your main file:

extern crate jemallocator;

#[global_allocator]
static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;

I can reproduce this on linux with rust's jemalloc, but I can't reproduce this with jemallocator.

I also get a completely different error on MacOSX with both rust's jemalloc and jemallocator.

I have dumps of all outputs in this (gist).

I've also tried by enabling alloc_trait feature in jemallocator just in case this issue is triggered by vec! calling some of the non-std jemalloc APIs which are not used if Jemallocator does not implement the Alloc trait (IIUC how all of this works, cc @SimonSapin ).

The alloc_trait feature does not make any difference as far as #[global_allocator] is concerned.

I can reproduce this on linux with rust's jemalloc, but I can't reproduce this with jemallocator.

They are different versions of jemalloc, for what it’s worth.

They are different versions of jemalloc, for what it’s worth.

Yeah, I forgot to mention that (rustc uses jemalloc 4.5, and jemallocator uses jemalloc 5.1).

@SimonSapin my point was that the impl of Alloc for Global implements everything on top of a couple of methods, and that might mean that through Alloc only the parts of the malloc-API of jemalloc get called. If valgrind intercepts those correctly, then things might work fine. The moment the Alloc impl is overriden to use xallocx or what not, if valgrind does not intercept those correctly, then you are allocating/freeing through valgrind, but reallocating through jemalloc directly, and that might cause issues.

@gnzlbg I can not reproduce this with jemallocator either.

Also, in case the allocator integration was fully disabled, would that not mean that valgrind simply observes the effects of the underlying allocator? I don't see why it would falsely detect uninitialized reads in these cases. In any case, since rust still uses a version of jemalloc from before the complete removal, I suspect this might instead be related to one of the reasons motivating the integration removal. Namely that it was not reliable in all system configurations etc.

@gnzlbg Currently the behavior of Global is not specialized based on whether the static under #[global_allocator] also implements the Alloc trait. And I suspect it won’t ever be, rather we’d add more methods to GlobalAlloc with defaults that call the existing methods.

As to what is or isn’t a valid use of valgrind + jemalloc together, I don’t know anything so I can’t help there.

Jemalloc was removed in https://github.com/rust-lang/rust/pull/55238 so I'm going to close this

The jemallocator crate should work fine with valgrind in the supported platforms.

@gnzlbg is there any chance I would be accidentally using jemalloc with this version of Rust?

https://github.com/PistonDevelopers/image/issues/719#issuecomment-468258882 Comment reproduced below:

I ran into this last night/today/whatever

rustc 1.34.0-nightly (633d75ac1 2019-02-21)

changing any vec![0u8; N] and vec.resize(N, 0u8) calls to vec![1u8; N] and vec.resize(N, 1u8) followed by writing all the zeroes in a for loop caused it to stop.