False leak reports from CoInitialize #18
Comments
|
From timurrrr@google.com on July 25, 2011 06:55:09 As of r410 , the reports look like this: [W7] Error Error Error Summary: False reports from CoInitialize |
|
From timurrrr@google.com on July 27, 2011 03:13:56 the XP UNINITs filed as issue #511 Summary: False leak reports from CoInitialize |
|
From rnk@google.com on January 06, 2012 11:02:13 These CoInitialize leaks look related to https://code.google.com/p/chromium/issues/detail?id=109278 , I'm investigating. I think we can remove the CoInitialize_/CoCreateInstace_ uninit suppressions from t/v/drm/suppressions_full.txt now; they don't show up for me. My first guess at these leaks from TLSAllocData is that they are allocated and rooted into the TEB, but sometime during shutdown the link from the TEB to these objects is severed, either by setting the TLS entry to NULL, or if there is some indirect array in the library, it is freed and the objects rooted in its entries are not. If so, it's a native Windows bug and we should suppress. Owner: rnk@google.com |
|
From rnk@google.com on January 06, 2012 12:16:05 Here's my analysis of the CreatePoolEntry leak: ole32!EventPoolEntry::CreatePoolEntry: ole32!EventPoolEntry::CreatePoolEntry+0x1f: ole32!EventPoolEntry::CreatePoolEntry+0x2b: ole32!EventPoolEntry::CreatePoolEntry+0x34: ole32!EventPoolEntry::CreatePoolEntry+0x38: ole32!EventPoolEntry::CreatePoolEntry+0x43: # Call EventPoolEntry ctor ole32!EventPoolEntry::CreatePoolEntry+0x54: # null check after ctor ole32!EventPoolEntry::CreatePoolEntry+0x68: # Check some arg ole32!EventPoolEntry::CreatePoolEntry+0x6d: ole32!EventPoolEntry::CreatePoolEntry+0x7c: ole32!EventPoolEntry::CreatePoolEntry+0x7e: # Cleanup, ret Untaken error paths:ole32!EventPoolEntry::CreatePoolEntry+0x52: # Error path, not taken ole32!EventPoolEntry::CreatePoolEntry+0x58: # Error path, not executed Also, running with loglevel 3 shows that there is a mid-chunk pointer from a global: defined range 0x75126000-0x7512a000 It also says this doesn't point to a vtable. Looking at the ctor, it doesn't look like it's initializing a vptr member either. IMO this one should just be suppressed. I'll investigate the other leak now. |
|
From rnk@google.com on January 09, 2012 08:34:15 The other leak looks like a true one time leak. I wrote a client to try to trace out the relevant TLS calls in ole32.dll and got the following trace: Running main() from gtest_main.cc [----------] Global test environment tear-down YOU HAVE 1 DISABLED TEST pre CleanupTlsMap From the above it looks like LockEntry::ThreadInit allocates some pool of locks, and then one is stored some tls map. LockEntry::ThreaCleanup looks like it will do the corresponding free of the pool, but it is never called at process end, and all references to the pool are lost during finalization. IMO this is a true, one-time-per-process leak, and we should suppress it. |
|
From rnk@google.com on January 10, 2012 12:50:42 This issue was closed by revision r701 . Status: Fixed |
|
From rnk@google.com on January 10, 2012 13:24:18 This will still show up on other versions of Windows or other patch levels, so I'm going to leave this open to cover suppressing these leaks there. Also see issue #741 for ideas on how to write better suppressions. Status: Accepted |
AArch64 port of drmemory. Only contains slowpath support with shared_slowpath off. Pattern mode and fastpath modes are being worked on separately. Depends on: https://github.com/DynamoRIO/dynamorio/tree/mem-ref-for-clean-calls-aarch64/core Current tests we have analysed: Test project /home/grecaw01/APD-testing/drmem-upstream3/drmemory/build Start 1: drmf_proj 1/49 Test #1: drmf_proj ......................... Passed 0.45 sec Start 2: unit_tests 2/49 Test #2: unit_tests ........................ Passed 0.02 sec Start 3: hello 3/49 Test #3: hello ............................. Passed 3.55 sec Start 4: free 4/49 Test #4: free .............................. Passed 3.67 sec Start 5: malloc 5/49 Test #5: malloc ............................ Passed 3.88 sec Start 6: leak_indirect 6/49 Test #6: leak_indirect ..................... Passed 3.52 sec Start 7: patterns 7/49 Test #7: patterns .......................... Passed 3.93 sec Start 8: free.exitcode 8/49 Test #8: free.exitcode ..................... Passed 3.64 sec Start 9: track_origins 9/49 Test #9: track_origins .....................***Failed 0.34 sec Start 10: free.pattern 10/49 Test #10: free.pattern ......................***Failed 0.35 sec Start 11: malloc.pattern 11/49 Test #11: malloc.pattern ....................***Failed 0.34 sec Start 12: track_origins.pattern 12/49 Test #12: track_origins.pattern .............***Failed 0.34 sec Start 13: fuzz_corpus 13/49 Test #13: fuzz_corpus ....................... Passed 3.56 sec Start 14: fuzz_buffer 14/49 Test #14: fuzz_buffer ....................... Passed 4.62 sec Start 15: fuzz_buffer.replace_buffer 15/49 Test #15: fuzz_buffer.replace_buffer ........ Passed 4.62 sec Start 16: fuzz_buffer.overflow 16/49 Test #16: fuzz_buffer.overflow ..............***Failed 0.34 sec Start 17: fuzz_buffer.mutator.o-b-s-3 17/49 Test #17: fuzz_buffer.mutator.o-b-s-3 ....... Passed 4.59 sec Start 18: fuzz_buffer.mutator.r-b-s-3 18/49 Test #18: fuzz_buffer.mutator.r-b-s-3 ....... Passed 4.63 sec Start 19: fuzz_buffer.mutator.o-b-3 19/49 Test #19: fuzz_buffer.mutator.o-b-3 ......... Passed 4.60 sec Start 20: fuzz_buffer.mutator.r-n 20/49 Test #20: fuzz_buffer.mutator.r-n ........... Passed 4.54 sec Start 21: fuzz_buffer.mutator.random_seed 21/49 Test #21: fuzz_buffer.mutator.random_seed ... Passed 4.57 sec Start 22: fuzz_buffer.one-input 22/49 Test #22: fuzz_buffer.one-input ............. Passed 3.82 sec Start 23: fuzz_buffer.load_input 23/49 Test #23: fuzz_buffer.load_input ............ Passed 3.81 sec Start 24: fuzz_buffer.skip_initial 24/49 Test #24: fuzz_buffer.skip_initial .......... Passed 4.01 sec Start 25: fuzz_buffer.fixed_size 25/49 Test #25: fuzz_buffer.fixed_size ............ Passed 5.36 sec Start 26: fuzz_buffer.offset 26/49 Test #26: fuzz_buffer.offset ................ Passed 5.42 sec Start 27: fuzz_buffer.module_name 27/49 Test #27: fuzz_buffer.module_name ........... Passed 4.58 sec Start 28: fuzz_buffer.dictionary 28/49 Test #28: fuzz_buffer.dictionary ............ Passed 4.20 sec Start 29: fuzz_buffer.cpp 29/49 Test #29: fuzz_buffer.cpp ................... Passed 17.77 sec Start 30: fuzz_custom_mutator 30/49 Test #30: fuzz_custom_mutator ............... Passed 4.57 sec Start 31: drsyscall_test 31/49 Test #31: drsyscall_test .................... Passed 0.22 sec Start 32: strace_test 32/49 Test #32: strace_test ....................... Passed 0.22 sec Start 33: drfuzz_test_empty 33/49 Test #33: drfuzz_test_empty ................. Passed 0.22 sec Start 34: drfuzz_test_mutator 34/49 Test #34: drfuzz_test_mutator ............... Passed 2.38 sec Start 35: drfuzz_test_repeat 35/49 Test #35: drfuzz_test_repeat ................***Failed Start 36: drfuzz_test_segfault 36/49 Test #36: drfuzz_test_segfault .............. Passed 0.20 sec Start 37: drfuzz_test_app_abort 37/49 Test #37: drfuzz_test_app_abort ............. Passed 0.22 sec Start 38: drfuzz_test_no_crash 38/49 Test #38: drfuzz_test_no_crash .............. Passed 0.22 sec Start 39: umbra_test_empty 39/49 Test #39: umbra_test_empty .................. Passed 0.22 sec Start 40: umbra_test_overlap 40/49 Test #40: umbra_test_overlap ................ Passed 0.23 sec Start 41: umbra_test_shadow_mem 41/49 Test #41: umbra_test_shadow_mem ............. Passed 0.30 sec Start 42: umbra_test_insert_app_to_shadow 42/49 Test #42: umbra_test_insert_app_to_shadow ... Passed 0.29 sec Start 43: umbra_test_consistency 43/49 Test #43: umbra_test_consistency ............ Passed 0.30 sec Start 44: umbra_test_allscales 44/49 Test #44: umbra_test_allscales .............. Passed 0.39 sec Start 45: drltrace 45/49 Test #45: drltrace .......................... Passed 0.35 sec Start 46: drltrace_libcalls 46/49 Test #46: drltrace_libcalls ................. Passed 0.36 sec Start 47: drltrace_symargs 47/49 Test #47: drltrace_symargs .................. Passed 0.36 sec Start 48: drltrace_libargs 48/49 Test #48: drltrace_libargs .................. Passed 0.35 sec Start 49: strace_sample 49/49 Test #49: strace_sample ..................... Passed 0.22 sec 88% tests passed, 6 tests failed out of 49
AArch64 port of drmemory. Only contains slowpath support with shared_slowpath off. Pattern mode and fastpath modes are being worked on separately. Currently this build does break some x86 functionality. Depends on: https://github.com/DynamoRIO/dynamorio/tree/mem-ref-for-clean-calls-aarch64/core Current tests we have analysed: Test project /home/grecaw01/APD-testing/drmem-upstream3/drmemory/build Start 1: drmf_proj 1/49 Test #1: drmf_proj ......................... Passed 0.45 sec Start 2: unit_tests 2/49 Test #2: unit_tests ........................ Passed 0.02 sec Start 3: hello 3/49 Test #3: hello ............................. Passed 3.55 sec Start 4: free 4/49 Test #4: free .............................. Passed 3.67 sec Start 5: malloc 5/49 Test #5: malloc ............................ Passed 3.88 sec Start 6: leak_indirect 6/49 Test #6: leak_indirect ..................... Passed 3.52 sec Start 7: patterns 7/49 Test #7: patterns .......................... Passed 3.93 sec Start 8: free.exitcode 8/49 Test #8: free.exitcode ..................... Passed 3.64 sec Start 9: track_origins 9/49 Test #9: track_origins .....................***Failed 0.34 sec Start 10: free.pattern 10/49 Test #10: free.pattern ......................***Failed 0.35 sec Start 11: malloc.pattern 11/49 Test #11: malloc.pattern ....................***Failed 0.34 sec Start 12: track_origins.pattern 12/49 Test #12: track_origins.pattern .............***Failed 0.34 sec Start 13: fuzz_corpus 13/49 Test #13: fuzz_corpus ....................... Passed 3.56 sec Start 14: fuzz_buffer 14/49 Test #14: fuzz_buffer ....................... Passed 4.62 sec Start 15: fuzz_buffer.replace_buffer 15/49 Test #15: fuzz_buffer.replace_buffer ........ Passed 4.62 sec Start 16: fuzz_buffer.overflow 16/49 Test #16: fuzz_buffer.overflow ..............***Failed 0.34 sec Start 17: fuzz_buffer.mutator.o-b-s-3 17/49 Test #17: fuzz_buffer.mutator.o-b-s-3 ....... Passed 4.59 sec Start 18: fuzz_buffer.mutator.r-b-s-3 18/49 Test #18: fuzz_buffer.mutator.r-b-s-3 ....... Passed 4.63 sec Start 19: fuzz_buffer.mutator.o-b-3 19/49 Test #19: fuzz_buffer.mutator.o-b-3 ......... Passed 4.60 sec Start 20: fuzz_buffer.mutator.r-n 20/49 Test #20: fuzz_buffer.mutator.r-n ........... Passed 4.54 sec Start 21: fuzz_buffer.mutator.random_seed 21/49 Test #21: fuzz_buffer.mutator.random_seed ... Passed 4.57 sec Start 22: fuzz_buffer.one-input 22/49 Test #22: fuzz_buffer.one-input ............. Passed 3.82 sec Start 23: fuzz_buffer.load_input 23/49 Test #23: fuzz_buffer.load_input ............ Passed 3.81 sec Start 24: fuzz_buffer.skip_initial 24/49 Test #24: fuzz_buffer.skip_initial .......... Passed 4.01 sec Start 25: fuzz_buffer.fixed_size 25/49 Test #25: fuzz_buffer.fixed_size ............ Passed 5.36 sec Start 26: fuzz_buffer.offset 26/49 Test #26: fuzz_buffer.offset ................ Passed 5.42 sec Start 27: fuzz_buffer.module_name 27/49 Test #27: fuzz_buffer.module_name ........... Passed 4.58 sec Start 28: fuzz_buffer.dictionary 28/49 Test #28: fuzz_buffer.dictionary ............ Passed 4.20 sec Start 29: fuzz_buffer.cpp 29/49 Test #29: fuzz_buffer.cpp ................... Passed 17.77 sec Start 30: fuzz_custom_mutator 30/49 Test #30: fuzz_custom_mutator ............... Passed 4.57 sec Start 31: drsyscall_test 31/49 Test #31: drsyscall_test .................... Passed 0.22 sec Start 32: strace_test 32/49 Test #32: strace_test ....................... Passed 0.22 sec Start 33: drfuzz_test_empty 33/49 Test #33: drfuzz_test_empty ................. Passed 0.22 sec Start 34: drfuzz_test_mutator 34/49 Test #34: drfuzz_test_mutator ............... Passed 2.38 sec Start 35: drfuzz_test_repeat 35/49 Test #35: drfuzz_test_repeat ................***Failed Start 36: drfuzz_test_segfault 36/49 Test #36: drfuzz_test_segfault .............. Passed 0.20 sec Start 37: drfuzz_test_app_abort 37/49 Test #37: drfuzz_test_app_abort ............. Passed 0.22 sec Start 38: drfuzz_test_no_crash 38/49 Test #38: drfuzz_test_no_crash .............. Passed 0.22 sec Start 39: umbra_test_empty 39/49 Test #39: umbra_test_empty .................. Passed 0.22 sec Start 40: umbra_test_overlap 40/49 Test #40: umbra_test_overlap ................ Passed 0.23 sec Start 41: umbra_test_shadow_mem 41/49 Test #41: umbra_test_shadow_mem ............. Passed 0.30 sec Start 42: umbra_test_insert_app_to_shadow 42/49 Test #42: umbra_test_insert_app_to_shadow ... Passed 0.29 sec Start 43: umbra_test_consistency 43/49 Test #43: umbra_test_consistency ............ Passed 0.30 sec Start 44: umbra_test_allscales 44/49 Test #44: umbra_test_allscales .............. Passed 0.39 sec Start 45: drltrace 45/49 Test #45: drltrace .......................... Passed 0.35 sec Start 46: drltrace_libcalls 46/49 Test #46: drltrace_libcalls ................. Passed 0.36 sec Start 47: drltrace_symargs 47/49 Test #47: drltrace_symargs .................. Passed 0.36 sec Start 48: drltrace_libargs 48/49 Test #48: drltrace_libargs .................. Passed 0.35 sec Start 49: strace_sample 49/49 Test #49: strace_sample ..................... Passed 0.22 sec 88% tests passed, 6 tests failed out of 49
From timurrrr@google.com on August 03, 2010 11:17:30
On Windows XP ( r378 / r24 ), the following code
#include <windows.h>
#include <Objbase.h>
#include <stdio.h>
#pragma comment(lib, "Ole32.lib")
int main() {
CoInitialize(NULL);
CoUninitialize();
printf("PASS\n");
}
gives ~30 reports (example is attached)
Original issue: http://code.google.com/p/drmemory/issues/detail?id=18
The text was updated successfully, but these errors were encountered: