SDK ESP8266 bug in realloc? with lambda assignments create crash cause: 4

[itguru]

The Code ...

Code: Select all

#include <functional>
typedef std::function<void ()> reqHandler;
reqHandler *l;

void setup() {
  Serial.begin(115200);
  Serial.printf("Start realloc lambda test ...\n");
 
  l=(reqHandler *) malloc(2*sizeof(reqHandler));    // set 0
  Serial.printf("start assign 0 in set 0 l=%0x\n",l);
  l[0]=[](){ Serial.printf("lambda 0\n"); };
  l[1]=[](){ Serial.printf("lambda 1\n"); };
 
  l=(reqHandler *) realloc(l,4*sizeof(reqHandler)); // set 1
  Serial.printf("start assign 2 in set 1 l=%0x\n",l);
  l[2]=[](){ Serial.printf("lambda 2\n"); };
  l[3]=[](){ Serial.printf("lambda 3\n"); };

  l=(reqHandler *) realloc(l,6*sizeof(reqHandler)); // set 2
  Serial.printf("start assign 4 in set 2 l=%0x\n",l);
  l[4]=[](){ Serial.printf("lambda 4\n"); };  // creates a crash
  l[5]=[](){ Serial.printf("lambda 5\n"); };

  Serial.printf("... End realloc lambda test.\n");
}

void loop() { }

... creates the following output:

Code: Select all

Start realloc lambda test ...
start assign 0 in set 0 l=3fff086c
start assign 2 in set 1 l=3fff08a4
start assign 4 in set 2 l=3fff08a4

 ets Jan  8 2013,rst cause:4, boot mode:(1,6)

wdt reset

It seems, the realloc function is not working correct. The "cause: 4" (=Level1InterruptCause) seems to make no sense at the point of the code which creates the crash.

I'm using the ardunio IDE 1.6.8 and the ESP8266 Plugin https://github.com/esp8266/Arduino/rele ... -2.3.0.zip. My Hardware is a normal ESP-01 .

The IDE Parameters :
Board: Generic ESP8266 Module
Flash Mode: QIO
Flash Frequenze: 40MHz
CPU Frequenze: 80MHz
Flash Size: 1M (192k SPIFFS)

[pratik]

Are you sure it is the printf line?

It seems like you are not letting the WDT be fed in time.
Use the soft wdt feed API to feed the WDT often, so that is does not time out and cause reset...

[eriksl]

No the whole malloc/free/realloc stuff is broken. I have been using these for 30 years now (...), and as soon I started using them on esp8266, I got memory corruption and crashes exactly the same. When I replace the malloc/free/allow with statically allocated memory, it worked just fine. I recommend simply not using them and use static arrays.

[itguru]

No the whole malloc/free/realloc stuff is broken. I have been using these for 30 years now (...

I don't think soo. If you know to work with these posix functions, they are really working great! - but you need to know what you do!

[itguru]

It seems like you are not letting the WDT be fed in time.

OK, i haven't play around with the WDT API. You think, the reset is reasoned by a Watch-Dog Problem?

I will try to feed the watchdog and test it out.
(But is mysteries, why the problem is reproducable exaktly with the posted test program)

[pratik]

Please do let me know if you could fix that, otherwise I will pass this information on to the SDK developers.
The memory allocation functions are not broken. Problems are mostly caused by incorrect toolchain or makefile configuration, or simply incorrect use of the functions/dynamic objects.

[itguru]

Please do let me know if you could fix that,....

OK, i have now modifiy the code in this way:

Code: Select all

#include <functional>
typedef std::function<bool()> reqHandler;
reqHandler *l;

void setup() {
  Serial.begin(115200);
  Serial.printf("Start realloc lambda test ...\n");
 
  l=(reqHandler *) malloc(2*sizeof(reqHandler));    // set 0
  Serial.printf("start assigning 0 in set 0 l=%0x\n",l);
  l[0]=[]()->bool{ Serial.printf("lambda 0\n"); };
  l[1]=[]()->bool{ Serial.printf("lambda 1\n"); };
  yield();
 
  l=(reqHandler *) realloc(l,4*sizeof(reqHandler)); // set 1
  Serial.printf("start assigning 2 in set 1 l=%0x\n",l);
  l[2]=[]()->bool{ Serial.printf("lambda 2\n"); };
  l[3]=[]()->bool{ Serial.printf("lambda 3\n"); };
  yield();

  l=(reqHandler *) realloc(l,6*sizeof(reqHandler)); // set 2
  Serial.printf("start assigning 4 in set 2 l=%0x\n",l);
  l[4]=[]()->bool{ Serial.printf("lambda 4\n"); };  // creates a crash
  l[5]=[]()->bool{ Serial.printf("lambda 5\n"); };
  yield();

  Serial.printf("... End realloc lambda test.\n");
}

void loop() { }



The "yield();" calls did NOT solve the problem. I still get ...

Code: Select all


realloc lambda test ...
start assigning 0 in set 0 l=3fff02a4
start assigning 2 in set 1 l=3fff02dc
start assigning 4 in set 2 l=3fff02dc

 ets Jan  8 2013,rst cause:4, boot mode:(3,6)

wdt reset
load 0x4010f000, len 1384, room 16
tail 8
chksum 0x2d
csum 0x2d
v6000001c



The problem sometimes already occurs in the first "start assigning 0 in set 0 ...". I'm agree, there is no obviously bug in realloc. But it seems to be a special problem in combination with lambda function calls.


If i modify the program not to assign/realloc lambda pointer to write on long points in a 16 Byte structure, all works fine:

Code: Select all

#include <functional>

typedef struct dummylong{
  long ldata[4];
} dl;

dl *l;

void setup() {
  Serial.begin(115200);
  Serial.printf("Start realloc non lambda test sizeof %d...\n",sizeof(dl));
 
  l=(dl *) malloc(2*sizeof(dl));    // set 0
  Serial.printf("start assigning 0 in set 0 l=%0x\n",l);
  l[0].ldata[0]=123414234L;
  l[1].ldata[0]=123414234L;
  l=(dl *) realloc(l,4*sizeof(dl)); // set 1
  Serial.printf("start assigning 2 in set 1 l=%0x\n",l);
  l[2].ldata[0]=3478563478L;
  l[3].ldata[0]=3465872463L;
 
  l=(dl *) realloc(l,6*sizeof(dl)); // set 2
  Serial.printf("start assigning 4 in set 2 l=%0x\n",l);
  l[4].ldata[0]=3465873246L;
  l[5].ldata[0]=356223478L;
 
  Serial.printf("... End realloc non lambda test.\n");
}

void loop() { }


Results in:

Code: Select all

Start realloc non lambda test sizeof 16...
start assigning 0 in set 0 l=3fff0274
start assigning 2 in set 1 l=3fff0274
start assigning 4 in set 2 l=3fff0274
... End realloc non lambda test.


The size of the allocated elements are 16bytes in both cases.