[ace-users] Segmentation faultinACE_Select_Reactor_T::handle_error (with ACE 5.5.9)

Jules d'Entremont Jules.dEntremont at SolaceSystems.com
Fri Jun 29 12:18:53 CDT 2007


Actually, I spoke too soon.  Here's something I got from valgrind:

 

==29898== Invalid read of size 4

==29898==    at 0x1B9EAA57:
ACE_Event_Handler::Reference_Counting_Policy::value() const
(Event_Handler.cpp:232)

==29898==    by 0x1B9CF219:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::remove_handler_i(int, unsigned long) (Select_Reactor_T.cpp:1012)

==29898==    by 0x1B9CFDA9:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token> >::check_handles()
(Select_Reactor_T.cpp:1526)

==29898==    by 0x1B9CFE1A:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token> >::handle_error()
(Select_Reactor_T.cpp:788)

==29898==    by 0x1B9CCFDD:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::wait_for_multiple_events(ACE_Select_Reactor_Handle_Set&,
ACE_Time_Value*) (Select_Reactor_T.cpp:1104)

==29898==    by 0x1B9D124F:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::handle_events_i(ACE_Time_Value*) (Select_Reactor_T.cpp:1443)

==29898==    by 0x1B9CD226:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::handle_events(ACE_Time_Value*) (Select_Reactor_T.cpp:1424)

==29898==    by 0x1BA28A05: ACE_Reactor::run_reactor_event_loop(int
(*)(ACE_Reactor*)) (Reactor.cpp:233)

==29898==    by 0x8079D68: (anonymous namespace)::ReactorThread::svc()
(CSMPFactory.cpp:131)

==29898==    by 0x1BA3DE23: ACE_Task_Base::svc_run(void*) (Task.cpp:271)

==29898==    by 0x1BA3E29B: ACE_Thread_Adapter::invoke_i()
(Thread_Adapter.cpp:146)

==29898==    by 0x1BA3E1F5: ACE_Thread_Adapter::invoke()
(Thread_Adapter.cpp:95)

==29898==    by 0x1B9D3650: ace_thread_adapter
(Base_Thread_Adapter.cpp:116)

==29898==    by 0x6C1B7F: start_thread (in /lib/libpthread-2.3.5.so)

==29898==    by 0x619DED: clone (in /lib/libc-2.3.5.so)

==29898==  Address 0x1BBC6A3C is 20 bytes inside a block of size 52
free'd

==29898==    at 0x1B9098CF: operator delete(void*)
(vg_replace_malloc.c:155)

==29898==    by 0x80A7791:
solace::cppcsmp::impl::MessageReader::~MessageReader()
(MessageReader.cpp:92)

==29898==    by 0x80A80D5:
solace::cppcsmp::impl::MessageReader::handle_close(int, unsigned long)
(MessageReader.cpp:276)

==29898==    by 0x1BA2B769:
ACE_Select_Reactor_Handler_Repository::unbind(int, ACE_Event_Handler**,
unsigned long) (Select_Reactor_Base.cpp:397)

==29898==    by 0x1B9CF219:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::remove_handler_i(int, unsigned long) (Select_Reactor_T.cpp:1012)

==29898==    by 0x1B9D035B:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::notify_handle(int, unsigned long, ACE_Handle_Set&,
ACE_Event_Handler*, int (ACE_Event_Handler::*)(int))
(Select_Reactor_T.cpp:820)

==29898==    by 0x1B9D0117:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::dispatch_io_set(int, int&, int, ACE_Handle_Set&, ACE_Handle_Set&, int
(ACE_Event_Handler::*)(int)) (Select_Reactor_Base.inl:45)

==29898==    by 0x1B9D0266:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::dispatch_io_handlers(ACE_Select_Reactor_Handle_Set&, int&, int&)
(Select_Reactor_T.cpp:1263)

==29898==    by 0x1B9CFEC9:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token> >::dispatch(int,
ACE_Select_Reactor_Handle_Set&) (Select_Reactor_T.cpp:1367)

==29898==    by 0x1B9D1265:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::handle_events_i(ACE_Time_Value*) (Select_Reactor_T.cpp:1447)

==29898==    by 0x1B9CD226:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::handle_events(ACE_Time_Value*) (Select_Reactor_T.cpp:1424)

==29898==    by 0x1BA28A05: ACE_Reactor::run_reactor_event_loop(int
(*)(ACE_Reactor*)) (Reactor.cpp:233)

==29898==    by 0x8079D68: (anonymous namespace)::ReactorThread::svc()
(CSMPFactory.cpp:131)

==29898==    by 0x1BA3DE23: ACE_Task_Base::svc_run(void*) (Task.cpp:271)

==29898==    by 0x1BA3E29B: ACE_Thread_Adapter::invoke_i()
(Thread_Adapter.cpp:146)

==29898==    by 0x1BA3E1F5: ACE_Thread_Adapter::invoke()
(Thread_Adapter.cpp:95)

==29898==    by 0x1B9D3650: ace_thread_adapter
(Base_Thread_Adapter.cpp:116)

==29898==    by 0x6C1B7F: start_thread (in /lib/libpthread-2.3.5.so)

==29898==    by 0x619DED: clone (in /lib/libc-2.3.5.so)

                   

This seems to indicate that a MessageReader (which is derived from
ACE_Event_Handler) gets deleted while still registered with the reactor.
But it should get cleaned up in handle_close():

 

int MessageReader::handle_close(

    ACE_HANDLE       handle, 

    ACE_Reactor_Mask close_mask)

{

    if (close_mask == ACE_Event_Handler::WRITE_MASK) return 0;

    

    LOG(LM_DEBUG, 

        "MessageReader %d: closing", 

        readerId_m);

        

    // Remove this handler from the reactor.

    this->reactor()->remove_handler(this, 

        ACE_Event_Handler::ALL_EVENTS_MASK |
ACE_Event_Handler::DONT_CALL);

    

    ACE_Message_Block* mb;

    ACE_Time_Value nowait(ACE_OS::gettimeofday());

 

    // Free all the messages on the message queue.

    while (channel_m.dequeueHead(mb, &nowait) >= 0)

    {

        freeMsg(mb);

    }

 

    observer_m.handleClose();

    delete this;

    return 0;

}

 

Am I doing something wrong?

 

Jules.

 

 

-----Original Message-----
From: ace-users-bounces at cse.wustl.edu
[mailto:ace-users-bounces at cse.wustl.edu] On Behalf Of Jules d'Entremont
Sent: Friday, June 29, 2007 12:49 PM
To: Steve Huston; ace-users at cse.wustl.edu
Subject: Re: [ace-users] Segmentation
faultinACE_Select_Reactor_T::handle_error (with ACE 5.5.9)

 

I've run it dozens of times under valgrind, but can't reproduce the

problem.  It appears to be a race condition somewhere.

 

Jules.

 

 

-----Original Message-----

From: Steve Huston [mailto:shuston at riverace.com] 

Sent: Friday, June 29, 2007 12:40 PM

To: Jules d'Entremont; ace-users at cse.wustl.edu

Subject: RE: [ace-users] Segmentation fault

inACE_Select_Reactor_T::handle_error (with ACE 5.5.9)

 

Hi Jules,

 

> Is there some way to turn on debug logging in the reactor so I can

see

> what it's up to?  Might that shed some light on the problem?

 

You can rebuild ACE with tracing on, but that'll produce a ton of

output. It'd be much quicker to run with valgrind and let it do the

hard work for you.

 

> Jules.

> 

> 

> -----Original Message-----

> From: Steve Huston [mailto:shuston at riverace.com] 

> Sent: Friday, June 29, 2007 12:15 PM

> To: Jules d'Entremont; ace-users at cse.wustl.edu

> Subject: RE: [ace-users] Segmentation fault

> inACE_Select_Reactor_T::handle_error (with ACE 5.5.9)

> 

> > What qualifies as a bad handle?

> 

> Anything that select() doesn't like ;-)

> 

> > Is a closed ACE_SOCK_Stream a bad handle?

>  

> Yes.

> 

> -Steve

> 

> 

> From: Steve Huston [mailto:shuston at riverace.com] 

> Sent: Friday, June 29, 2007 11:57 AM

> To: Jules d'Entremont; ace-users at cse.wustl.edu

> Subject: RE: [ace-users] Segmentation fault

> inACE_Select_Reactor_T::handle_error (with ACE 5.5.9)

>  

> Hi Jules,

>  

> Thanks for the PROBLEM-REPORT-FORM.

>  

> >From the looks of the args in the stack trace, your reactor is (at

> least partly) smashed. And, it's trying to recover from a bad handle

> in the registered handle set. If that doesn't shed any light on

> things, try running this under valgrind to see if it can focus you

on

> the problem area.

>  

> -Steve

> --

> Steve Huston, Riverace Corporation

> Would you like ACE to run great on your platform?

> See http://www.riverace.com/sponsor.htm

> -----Original Message-----

> From: ace-users-bounces at cse.wustl.edu

> [mailto:ace-users-bounces at cse.wustl.edu] On Behalf Of Jules

> d'Entremont

> Sent: Friday, June 29, 2007 11:38 AM

> To: ace-users at cse.wustl.edu

> Subject: [ace-users] Segmentation fault

> inACE_Select_Reactor_T::handle_error (with ACE 5.5.9)

>     ACE VERSION: 5.5.9

>  

>     HOST MACHINE and OPERATING SYSTEM:

>         Linux dev228 2.6.11.11sol-pe #1 SMP Thu Aug 25 13:56:24 EDT

> 2005 i686 i686 i386 GNU/Linux

>  

>     TARGET MACHINE and OPERATING SYSTEM, if different from HOST:

>     COMPILER NAME AND VERSION (AND PATCHLEVEL):  

>       g++ (GCC) 3.3.2

>  

>     THE $ACE_ROOT/ace/config.h FILE [if you use a link to a

> platform-specific file, simply state which one]:  

>        #include "config-linux.h"

>  

>     THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE [if

you

>     use a link to a platform-specific file, simply state which one

>     (unless this isn't used in this case, e.g., with Microsoft

Visual

>     C++)]:   platform_linux.GNU

>  

>     CONTENTS OF

> $ACE_ROOT/bin/MakeProjectCreator/config/default.features

>     (used by MPC when you generate your own makefiles):

>  

>     AREA/CLASS/EXAMPLE AFFECTED:

>  

>     DOES THE PROBLEM AFFECT:

>         COMPILATION?

>         LINKING?

>             On Unix systems, did you run make realclean first?

>         EXECUTION?  yes

>         OTHER (please specify)?

>  

>     SYNOPSIS:

>  

>     DESCRIPTION:

> I've recently been getting segmentation faults in my ACE

application,

> which I'm at a loss to explain.  Here's the stack trace:

>  

> (gdb) where

> #0  0xb7f9a767 in ACE_Select_Reactor_Handler_Repository::unbind

> (this=0x8108074, handle=135368392, pos=0x8118ec8, mask=511) at

> Select_Reactor_Base.cpp:397

> #1  0xb7f3e21a in

ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>

> >::remove_handler_i (this=0x8108070, handle=5, mask=135368408)

>     at

> 

/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:

> 1012

> #2  0xb7f3edaa in

ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>

> >::check_handles (this=0x8108070) at

> 

/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:

> 1526

> #3  0xb7f3ee1b in

ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>

> >::handle_error (this=0x8108070) at

> 

/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:

> 788

> #4  0xb7f3bfde in

ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>

> >::wait_for_multiple_events (this=0x8108070,

dispatch_set=@0x810808c,

> max_wait_time=0x0)

>     at

> 

/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:

> 1104

> #5  0xb7f40250 in

ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>

> >::handle_events_i (this=0x8108070, max_wait_time=0x1ff)

>     at

> 

/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:

> 1443

> #6  0xb7f3c227 in

ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>

> >::handle_events (this=0x8108070, max_wait_time=0x0)

>     at

> 

/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:

> 1424

> #7  0xb7f97a06 in ACE_Reactor::run_reactor_event_loop

(this=0x8107180,

> eh=0) at Reactor.cpp:233

> #8  0x08079d69 in (anonymous namespace)::ReactorThread::svc

> (this=0x8110d00) at

> 

/home/jdentremont/svn/branches/d14_branch/cppcsmp/CSMPFactory.cpp:131

> #9  0xb7face24 in ACE_Task_Base::svc_run (args=0x8110d00) at

> Task.cpp:271

> #10 0xb7fad29c in ACE_Thread_Adapter::invoke_i (this=0x8118ed8) at

> Thread_Adapter.cpp:146

> #11 0xb7fad1f6 in ACE_Thread_Adapter::invoke (this=0x810fab0) at

> Thread_Adapter.cpp:95

> #12 0xb7f42651 in ace_thread_adapter (args=0x1ff) at

> Base_Thread_Adapter.cpp:116

> #13 0x006c1b80 in start_thread () from /lib/libpthread.so.0

> #14 0x00619dee in clone () from /lib/libc.so.6

>  

> I don't know where to start to try to debug this.  Any insight that

> anyone could offer would be greatly appreciated.  I was hoping that

> this was caused by bug 2653, but I'm still seeing it with ACE 5.5.9.

>  

> Thanks.

>  

> Jules d'Entremont

>  

>  

> 

> 

> 

 

 

_______________________________________________

ace-users mailing list

ace-users at mail.cse.wustl.edu

http://mail.cse.wustl.edu/mailman/listinfo/ace-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.isis.vanderbilt.edu/pipermail/ace-users/attachments/20070629/0c8a32e2/attachment-0001.htm


More information about the Ace-users mailing list