AIX: malloc in _snw(unsigned long)?

StackOverflow https://stackoverflow.com/questions/22872997

Question

I'm trying to track malloc allocations in a test program in AIX. As such, I've substituted malloc with a new_malloc that calls the old system malloc, then prints out the call stack using a call to system("procstack pid"). Curiously, in some of the calls I get this:

0x09000000000ae23c  waitpid(??, ??, ??) + 0x190
0x090000000018d8e0  system(??) + 0x1fc
0x0000000100011a34  PrintCallStack__()() + 0x34
0x000000010000167c  malloc(0x80) + 0x3c
0x0000000100011acc  __snw(unsigned long)(0x80) + 0x4c
0x0000000100011eac  __svn(unsigned long)(0x80) + 0x4c
0x000000010000ac84  main(0x100000001, 0xffffffffffff568) + 0xc4
0x00000001000002d8  __start() + 0x98

What are the __snw(unsigned long) and __svn(unsigned long) calls coming from, which are calling malloc (unexpectedly)? They appear to occur after the malloc but before the printf.

My test code:

char* y = (char*) malloc(128);
memset(y, 0, 128);
memset(y, 'Z', 15);
printf("y=%s %p\n", y, y);
free(y);
Was it helpful?

Solution

This doesn't answer the question but it does (I hope) teach a few techniques.

I did:

ls /usr/lib/*.a | while read lib ; do echo $lib ; nm $lib 2>/dev/null| egrep '__svn|__snw' ; done

which showed me that these are coming from libC.a. I then did:

mkdir /tmp/dog
cd /tmp/dog
ar x /usr/lib/libC.a
for i in * ; do echo $i ; nm $i 2> /dev/null | egrep '__svn|__snw' ; done

which shows me that it came from ansicore_32.o

lslpp -w /usr/lib/libC.a

tells me that it comes from xlC.rte -- which comes from the compiler people.

So... not directly answering your question, but it appears this has come something to do with C++. It would be curious to run the test with a C program. C++ has all sorts of oddities and its not surprising that it calls malloc. I'm still confused with my previous questions. If you have something called new_malloc, why would a precompile entity start using it?

Finally, on your bigger question, AIX's malloc has tons of features. They do not necessarily come as a recommendation from me. I'm a kernel space guy, not an application space type guy. The little I've used them, I've been frustrated. But here is a link to the IBM pubs: 6.1 AIX Pubs. Search for "mallocdebug" and also for "mallocoptions" and you will find various features that you can use. There are (as I recall) 3 different malloc algorithms to pick from and multiple debugging options.

IBM also has Purify. I've never used it (I'm kernel level) but an apps person I highly respect loves it.

Last, AIX has tracing facilities which are usually called "kernel trace" but they can be used up in application space too. These are by far the least invasive technique to use. With a little bit of crafting, you can leave them off with almost no impact to the running code but you are still able to turn them on (e.g. in the field when a user has an issue that only he can recreate). To get started, go to pubs (above) and search for trchook. /etc/trcfmt also has a lot of information that is not documented anywhere else.

Good luck

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top