[ace-users] Segmentation
faultinACE_Select_Reactor_T::handle_error (with ACE 5.5.9)
Jules d'Entremont
Jules.dEntremont at SolaceSystems.com
Fri Jun 29 12:18:53 CDT 2007
Actually, I spoke too soon. Here's something I got from valgrind:
==29898== Invalid read of size 4
==29898== at 0x1B9EAA57:
ACE_Event_Handler::Reference_Counting_Policy::value() const
(Event_Handler.cpp:232)
==29898== by 0x1B9CF219:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::remove_handler_i(int, unsigned long) (Select_Reactor_T.cpp:1012)
==29898== by 0x1B9CFDA9:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token> >::check_handles()
(Select_Reactor_T.cpp:1526)
==29898== by 0x1B9CFE1A:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token> >::handle_error()
(Select_Reactor_T.cpp:788)
==29898== by 0x1B9CCFDD:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::wait_for_multiple_events(ACE_Select_Reactor_Handle_Set&,
ACE_Time_Value*) (Select_Reactor_T.cpp:1104)
==29898== by 0x1B9D124F:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::handle_events_i(ACE_Time_Value*) (Select_Reactor_T.cpp:1443)
==29898== by 0x1B9CD226:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::handle_events(ACE_Time_Value*) (Select_Reactor_T.cpp:1424)
==29898== by 0x1BA28A05: ACE_Reactor::run_reactor_event_loop(int
(*)(ACE_Reactor*)) (Reactor.cpp:233)
==29898== by 0x8079D68: (anonymous namespace)::ReactorThread::svc()
(CSMPFactory.cpp:131)
==29898== by 0x1BA3DE23: ACE_Task_Base::svc_run(void*) (Task.cpp:271)
==29898== by 0x1BA3E29B: ACE_Thread_Adapter::invoke_i()
(Thread_Adapter.cpp:146)
==29898== by 0x1BA3E1F5: ACE_Thread_Adapter::invoke()
(Thread_Adapter.cpp:95)
==29898== by 0x1B9D3650: ace_thread_adapter
(Base_Thread_Adapter.cpp:116)
==29898== by 0x6C1B7F: start_thread (in /lib/libpthread-2.3.5.so)
==29898== by 0x619DED: clone (in /lib/libc-2.3.5.so)
==29898== Address 0x1BBC6A3C is 20 bytes inside a block of size 52
free'd
==29898== at 0x1B9098CF: operator delete(void*)
(vg_replace_malloc.c:155)
==29898== by 0x80A7791:
solace::cppcsmp::impl::MessageReader::~MessageReader()
(MessageReader.cpp:92)
==29898== by 0x80A80D5:
solace::cppcsmp::impl::MessageReader::handle_close(int, unsigned long)
(MessageReader.cpp:276)
==29898== by 0x1BA2B769:
ACE_Select_Reactor_Handler_Repository::unbind(int, ACE_Event_Handler**,
unsigned long) (Select_Reactor_Base.cpp:397)
==29898== by 0x1B9CF219:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::remove_handler_i(int, unsigned long) (Select_Reactor_T.cpp:1012)
==29898== by 0x1B9D035B:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::notify_handle(int, unsigned long, ACE_Handle_Set&,
ACE_Event_Handler*, int (ACE_Event_Handler::*)(int))
(Select_Reactor_T.cpp:820)
==29898== by 0x1B9D0117:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::dispatch_io_set(int, int&, int, ACE_Handle_Set&, ACE_Handle_Set&, int
(ACE_Event_Handler::*)(int)) (Select_Reactor_Base.inl:45)
==29898== by 0x1B9D0266:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::dispatch_io_handlers(ACE_Select_Reactor_Handle_Set&, int&, int&)
(Select_Reactor_T.cpp:1263)
==29898== by 0x1B9CFEC9:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token> >::dispatch(int,
ACE_Select_Reactor_Handle_Set&) (Select_Reactor_T.cpp:1367)
==29898== by 0x1B9D1265:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::handle_events_i(ACE_Time_Value*) (Select_Reactor_T.cpp:1447)
==29898== by 0x1B9CD226:
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
>::handle_events(ACE_Time_Value*) (Select_Reactor_T.cpp:1424)
==29898== by 0x1BA28A05: ACE_Reactor::run_reactor_event_loop(int
(*)(ACE_Reactor*)) (Reactor.cpp:233)
==29898== by 0x8079D68: (anonymous namespace)::ReactorThread::svc()
(CSMPFactory.cpp:131)
==29898== by 0x1BA3DE23: ACE_Task_Base::svc_run(void*) (Task.cpp:271)
==29898== by 0x1BA3E29B: ACE_Thread_Adapter::invoke_i()
(Thread_Adapter.cpp:146)
==29898== by 0x1BA3E1F5: ACE_Thread_Adapter::invoke()
(Thread_Adapter.cpp:95)
==29898== by 0x1B9D3650: ace_thread_adapter
(Base_Thread_Adapter.cpp:116)
==29898== by 0x6C1B7F: start_thread (in /lib/libpthread-2.3.5.so)
==29898== by 0x619DED: clone (in /lib/libc-2.3.5.so)
This seems to indicate that a MessageReader (which is derived from
ACE_Event_Handler) gets deleted while still registered with the reactor.
But it should get cleaned up in handle_close():
int MessageReader::handle_close(
ACE_HANDLE handle,
ACE_Reactor_Mask close_mask)
{
if (close_mask == ACE_Event_Handler::WRITE_MASK) return 0;
LOG(LM_DEBUG,
"MessageReader %d: closing",
readerId_m);
// Remove this handler from the reactor.
this->reactor()->remove_handler(this,
ACE_Event_Handler::ALL_EVENTS_MASK |
ACE_Event_Handler::DONT_CALL);
ACE_Message_Block* mb;
ACE_Time_Value nowait(ACE_OS::gettimeofday());
// Free all the messages on the message queue.
while (channel_m.dequeueHead(mb, &nowait) >= 0)
{
freeMsg(mb);
}
observer_m.handleClose();
delete this;
return 0;
}
Am I doing something wrong?
Jules.
-----Original Message-----
From: ace-users-bounces at cse.wustl.edu
[mailto:ace-users-bounces at cse.wustl.edu] On Behalf Of Jules d'Entremont
Sent: Friday, June 29, 2007 12:49 PM
To: Steve Huston; ace-users at cse.wustl.edu
Subject: Re: [ace-users] Segmentation
faultinACE_Select_Reactor_T::handle_error (with ACE 5.5.9)
I've run it dozens of times under valgrind, but can't reproduce the
problem. It appears to be a race condition somewhere.
Jules.
-----Original Message-----
From: Steve Huston [mailto:shuston at riverace.com]
Sent: Friday, June 29, 2007 12:40 PM
To: Jules d'Entremont; ace-users at cse.wustl.edu
Subject: RE: [ace-users] Segmentation fault
inACE_Select_Reactor_T::handle_error (with ACE 5.5.9)
Hi Jules,
> Is there some way to turn on debug logging in the reactor so I can
see
> what it's up to? Might that shed some light on the problem?
You can rebuild ACE with tracing on, but that'll produce a ton of
output. It'd be much quicker to run with valgrind and let it do the
hard work for you.
> Jules.
>
>
> -----Original Message-----
> From: Steve Huston [mailto:shuston at riverace.com]
> Sent: Friday, June 29, 2007 12:15 PM
> To: Jules d'Entremont; ace-users at cse.wustl.edu
> Subject: RE: [ace-users] Segmentation fault
> inACE_Select_Reactor_T::handle_error (with ACE 5.5.9)
>
> > What qualifies as a bad handle?
>
> Anything that select() doesn't like ;-)
>
> > Is a closed ACE_SOCK_Stream a bad handle?
>
> Yes.
>
> -Steve
>
>
> From: Steve Huston [mailto:shuston at riverace.com]
> Sent: Friday, June 29, 2007 11:57 AM
> To: Jules d'Entremont; ace-users at cse.wustl.edu
> Subject: RE: [ace-users] Segmentation fault
> inACE_Select_Reactor_T::handle_error (with ACE 5.5.9)
>
> Hi Jules,
>
> Thanks for the PROBLEM-REPORT-FORM.
>
> >From the looks of the args in the stack trace, your reactor is (at
> least partly) smashed. And, it's trying to recover from a bad handle
> in the registered handle set. If that doesn't shed any light on
> things, try running this under valgrind to see if it can focus you
on
> the problem area.
>
> -Steve
> --
> Steve Huston, Riverace Corporation
> Would you like ACE to run great on your platform?
> See http://www.riverace.com/sponsor.htm
> -----Original Message-----
> From: ace-users-bounces at cse.wustl.edu
> [mailto:ace-users-bounces at cse.wustl.edu] On Behalf Of Jules
> d'Entremont
> Sent: Friday, June 29, 2007 11:38 AM
> To: ace-users at cse.wustl.edu
> Subject: [ace-users] Segmentation fault
> inACE_Select_Reactor_T::handle_error (with ACE 5.5.9)
> ACE VERSION: 5.5.9
>
> HOST MACHINE and OPERATING SYSTEM:
> Linux dev228 2.6.11.11sol-pe #1 SMP Thu Aug 25 13:56:24 EDT
> 2005 i686 i686 i386 GNU/Linux
>
> TARGET MACHINE and OPERATING SYSTEM, if different from HOST:
> COMPILER NAME AND VERSION (AND PATCHLEVEL):
> g++ (GCC) 3.3.2
>
> THE $ACE_ROOT/ace/config.h FILE [if you use a link to a
> platform-specific file, simply state which one]:
> #include "config-linux.h"
>
> THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE [if
you
> use a link to a platform-specific file, simply state which one
> (unless this isn't used in this case, e.g., with Microsoft
Visual
> C++)]: platform_linux.GNU
>
> CONTENTS OF
> $ACE_ROOT/bin/MakeProjectCreator/config/default.features
> (used by MPC when you generate your own makefiles):
>
> AREA/CLASS/EXAMPLE AFFECTED:
>
> DOES THE PROBLEM AFFECT:
> COMPILATION?
> LINKING?
> On Unix systems, did you run make realclean first?
> EXECUTION? yes
> OTHER (please specify)?
>
> SYNOPSIS:
>
> DESCRIPTION:
> I've recently been getting segmentation faults in my ACE
application,
> which I'm at a loss to explain. Here's the stack trace:
>
> (gdb) where
> #0 0xb7f9a767 in ACE_Select_Reactor_Handler_Repository::unbind
> (this=0x8108074, handle=135368392, pos=0x8118ec8, mask=511) at
> Select_Reactor_Base.cpp:397
> #1 0xb7f3e21a in
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
> >::remove_handler_i (this=0x8108070, handle=5, mask=135368408)
> at
>
/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:
> 1012
> #2 0xb7f3edaa in
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
> >::check_handles (this=0x8108070) at
>
/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:
> 1526
> #3 0xb7f3ee1b in
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
> >::handle_error (this=0x8108070) at
>
/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:
> 788
> #4 0xb7f3bfde in
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
> >::wait_for_multiple_events (this=0x8108070,
dispatch_set=@0x810808c,
> max_wait_time=0x0)
> at
>
/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:
> 1104
> #5 0xb7f40250 in
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
> >::handle_events_i (this=0x8108070, max_wait_time=0x1ff)
> at
>
/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:
> 1443
> #6 0xb7f3c227 in
ACE_Select_Reactor_T<ACE_Reactor_Token_T<ACE_Token>
> >::handle_events (this=0x8108070, max_wait_time=0x0)
> at
>
/home/jdentremont/src/ACE-5.5.9/ACE_wrappers/ace/Select_Reactor_T.cpp:
> 1424
> #7 0xb7f97a06 in ACE_Reactor::run_reactor_event_loop
(this=0x8107180,
> eh=0) at Reactor.cpp:233
> #8 0x08079d69 in (anonymous namespace)::ReactorThread::svc
> (this=0x8110d00) at
>
/home/jdentremont/svn/branches/d14_branch/cppcsmp/CSMPFactory.cpp:131
> #9 0xb7face24 in ACE_Task_Base::svc_run (args=0x8110d00) at
> Task.cpp:271
> #10 0xb7fad29c in ACE_Thread_Adapter::invoke_i (this=0x8118ed8) at
> Thread_Adapter.cpp:146
> #11 0xb7fad1f6 in ACE_Thread_Adapter::invoke (this=0x810fab0) at
> Thread_Adapter.cpp:95
> #12 0xb7f42651 in ace_thread_adapter (args=0x1ff) at
> Base_Thread_Adapter.cpp:116
> #13 0x006c1b80 in start_thread () from /lib/libpthread.so.0
> #14 0x00619dee in clone () from /lib/libc.so.6
>
> I don't know where to start to try to debug this. Any insight that
> anyone could offer would be greatly appreciated. I was hoping that
> this was caused by bug 2653, but I'm still seeing it with ACE 5.5.9.
>
> Thanks.
>
> Jules d'Entremont
>
>
>
>
>
_______________________________________________
ace-users mailing list
ace-users at mail.cse.wustl.edu
http://mail.cse.wustl.edu/mailman/listinfo/ace-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.isis.vanderbilt.edu/pipermail/ace-users/attachments/20070629/0c8a32e2/attachment-0001.htm
More information about the Ace-users
mailing list