[tao-bugs] Memory leak in Any_Impl::marshal

Dan Kempenich plainhamburger at hotmail.com
Tue Jun 26 14:37:44 CDT 2018 

I'm looking at what looks to me to be a memory leak when using the any type and looking for some help resolving.


   TAO VERSION: 2.2a_p14

    HOST MACHINE and OPERATING SYSTEM: Should be an issue on all platforms.  I found on RHEL 7.5 using valgrind/gdb.

    TARGET MACHINE and OPERATING SYSTEM, if different from HOST: Nope
    COMPILER NAME AND VERSION (AND PATCHLEVEL):  gcc version 4.4.7 20120313 (Red Hat 4.4.7-17)

    CONTENTS OF $ACE_ROOT/ace/config.h [if you use a link to a platform-
    specific file, simply state which one]:

    CONTENTS OF $ACE_ROOT/include/makeinclude/platform_macros.GNU [if you
    use a link to a platform-specific file, simply state which one
    (unless this isn't used in this case, e.g., with Microsoft Visual
    C++)]:

    CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features
    (used by MPC when you generate your own makefiles):

    LEVEL OF URGENCY (LOW, MEDIUM, or HIGH): MEDIUM

    AREA/CLASS/EXAMPLE AFFECTED:
AnyTypeCode

    DOES THE PROBLEM AFFECT:
        COMPILATION? Nope
        LINKING? Nope
            On Unix systems, did you run make realclean first?
        EXECUTION? Yes, memory leak found during execution
        OTHER (please specify)?


    SYNOPSIS:
Memory/reference leaked in Any_Impl::marshal.  ValueBase pointer is set via to_value() function and never freed or decremented in the function or any function called by Any_Impl::marshal.


    DESCRIPTION:


TAO::Any_Impl::marshal calls the to_value function with a ValueBase pointer.  This function can allocate memory using a factory or increment a reference count.  Neither the marshal or the to_value function appear to have any current means to clean-up the reference.

CORBA::Boolean
TAO::Any_Impl::marshal (TAO_OutputCDR &cdr)
{
CORBA::ValueBase * vb = 0;
if (this->to_value (vb) && vb)
{
// Since we ARE a value type, we need to
// send the ACTUAL derived typecode for
// the type we are marshaling NOT the
// typecode of the base pointer that may
// have been inserted into the any.
if ((cdr << TAO_ORB_Core_instance ()
->valuetype_adapter()
->derived_type (vb)) == 0)
{
return false;
}
}
// Otherwise send the typecode of the inserted type.
else if ((cdr << this->type_) == 0)
{
return false;
}

// Once the typecode has been marshaled send the actual
// value (this is polymorphic for valuetypes)
return this->marshal_value (cdr);
}

The to_value function as generated here: be/be_visitor_valuetype/any_op_cs.cpp:48 show the reference count is incremented

*os << be_nl_2
<< "namespace TAO" << be_nl
<< "{" << be_idt_nl
<< "template<>" << be_nl
<< "::CORBA::Boolean" << be_nl
<< "Any_Impl_T<" << node->name () << ">::to_value ("
<< be_idt << be_idt_nl
<< "::CORBA::ValueBase *&_tao_elem) const" << be_uidt
<< be_uidt_nl
<< "{" << be_idt_nl
<< "::CORBA::add_ref (this->value_);" << be_nl
<< "_tao_elem = this->value_;" << be_nl
<< "return true;" << be_uidt_nl
<< "}" << be_uidt_nl
<< "}" << be_nl_2;

and I believe via the TAO::Unknown_IDL_Type::to_value() we can also get a new object via a factory method.  In my case I found the issue via the generated to_value function in my idl generated C.cpp file implementation which incremented the reference count.

    REPEAT BY:

I can work on providing a small sample test case if needed.



    SAMPLE FIX/WORKAROUND:

I would propose a fix of modifying the ::marshal function to use a ValueBase_var type to track the reference count:

--CORBA::ValueBase * vb = 0;
++CORBA::ValueBase_var vb;
--if (this->to_value (vb) && vb)
++if (this->to_value(vb.out())) && (0 != vb.ptr()))
{
// Since we ARE a value type, we need to
// send the ACTUAL derived typecode for
// the type we are marshaling NOT the
// typecode of the base pointer that may
// have been inserted into the any.
if ((cdr << TAO_ORB_Core_instance ()
->valuetype_adapter()
--   ->derived_type (vb)) == 0)
++ ->derived_type(vb.in())) == 0)

However, this introduces a new dependency on TAO_ValueType for TAO_AnyTypeCode and this would create a circular dependency between the two libraries.

I'm looking for some advice on how best to resolve;
Do I look to separate library creation steps on windows to create the import library/export file as a separate step from the link and keep the AnyTypeCode/ValueType structure (I'm not quite sure how to do that yet with MPC)?
Or do I look to combine the two into a single dll and eliminate the circular dependency?
Or is there some other solution that resolves the memory leak while avoiding circular dependency that I haven't been able to see or a work-around that others have used to avoid leaking memory here?

Thanks,
Dan Kempenich.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/tao-bugs/attachments/20180626/10d35ba7/attachment-0001.html>

More information about the tao-bugs mailing list