DEADLOCK base_unittests: msvcrt heap lock used when unnecessary #30
Comments
|
From derek.br...@gmail.com on August 22, 2010 19:00:22 fixed in r38 Status: Verified |
This was referenced Nov 28, 2014
Closed
gregcawthorne
added a commit
that referenced
this issue
Apr 17, 2021
AArch64 port of drmemory. Only contains slowpath support with shared_slowpath off. Pattern mode and fastpath modes are being worked on separately. Depends on: https://github.com/DynamoRIO/dynamorio/tree/mem-ref-for-clean-calls-aarch64/core Current tests we have analysed: Test project /home/grecaw01/APD-testing/drmem-upstream3/drmemory/build Start 1: drmf_proj 1/49 Test #1: drmf_proj ......................... Passed 0.45 sec Start 2: unit_tests 2/49 Test #2: unit_tests ........................ Passed 0.02 sec Start 3: hello 3/49 Test #3: hello ............................. Passed 3.55 sec Start 4: free 4/49 Test #4: free .............................. Passed 3.67 sec Start 5: malloc 5/49 Test #5: malloc ............................ Passed 3.88 sec Start 6: leak_indirect 6/49 Test #6: leak_indirect ..................... Passed 3.52 sec Start 7: patterns 7/49 Test #7: patterns .......................... Passed 3.93 sec Start 8: free.exitcode 8/49 Test #8: free.exitcode ..................... Passed 3.64 sec Start 9: track_origins 9/49 Test #9: track_origins .....................***Failed 0.34 sec Start 10: free.pattern 10/49 Test #10: free.pattern ......................***Failed 0.35 sec Start 11: malloc.pattern 11/49 Test #11: malloc.pattern ....................***Failed 0.34 sec Start 12: track_origins.pattern 12/49 Test #12: track_origins.pattern .............***Failed 0.34 sec Start 13: fuzz_corpus 13/49 Test #13: fuzz_corpus ....................... Passed 3.56 sec Start 14: fuzz_buffer 14/49 Test #14: fuzz_buffer ....................... Passed 4.62 sec Start 15: fuzz_buffer.replace_buffer 15/49 Test #15: fuzz_buffer.replace_buffer ........ Passed 4.62 sec Start 16: fuzz_buffer.overflow 16/49 Test #16: fuzz_buffer.overflow ..............***Failed 0.34 sec Start 17: fuzz_buffer.mutator.o-b-s-3 17/49 Test #17: fuzz_buffer.mutator.o-b-s-3 ....... Passed 4.59 sec Start 18: fuzz_buffer.mutator.r-b-s-3 18/49 Test #18: fuzz_buffer.mutator.r-b-s-3 ....... Passed 4.63 sec Start 19: fuzz_buffer.mutator.o-b-3 19/49 Test #19: fuzz_buffer.mutator.o-b-3 ......... Passed 4.60 sec Start 20: fuzz_buffer.mutator.r-n 20/49 Test #20: fuzz_buffer.mutator.r-n ........... Passed 4.54 sec Start 21: fuzz_buffer.mutator.random_seed 21/49 Test #21: fuzz_buffer.mutator.random_seed ... Passed 4.57 sec Start 22: fuzz_buffer.one-input 22/49 Test #22: fuzz_buffer.one-input ............. Passed 3.82 sec Start 23: fuzz_buffer.load_input 23/49 Test #23: fuzz_buffer.load_input ............ Passed 3.81 sec Start 24: fuzz_buffer.skip_initial 24/49 Test #24: fuzz_buffer.skip_initial .......... Passed 4.01 sec Start 25: fuzz_buffer.fixed_size 25/49 Test #25: fuzz_buffer.fixed_size ............ Passed 5.36 sec Start 26: fuzz_buffer.offset 26/49 Test #26: fuzz_buffer.offset ................ Passed 5.42 sec Start 27: fuzz_buffer.module_name 27/49 Test #27: fuzz_buffer.module_name ........... Passed 4.58 sec Start 28: fuzz_buffer.dictionary 28/49 Test #28: fuzz_buffer.dictionary ............ Passed 4.20 sec Start 29: fuzz_buffer.cpp 29/49 Test #29: fuzz_buffer.cpp ................... Passed 17.77 sec Start 30: fuzz_custom_mutator 30/49 Test #30: fuzz_custom_mutator ............... Passed 4.57 sec Start 31: drsyscall_test 31/49 Test #31: drsyscall_test .................... Passed 0.22 sec Start 32: strace_test 32/49 Test #32: strace_test ....................... Passed 0.22 sec Start 33: drfuzz_test_empty 33/49 Test #33: drfuzz_test_empty ................. Passed 0.22 sec Start 34: drfuzz_test_mutator 34/49 Test #34: drfuzz_test_mutator ............... Passed 2.38 sec Start 35: drfuzz_test_repeat 35/49 Test #35: drfuzz_test_repeat ................***Failed Start 36: drfuzz_test_segfault 36/49 Test #36: drfuzz_test_segfault .............. Passed 0.20 sec Start 37: drfuzz_test_app_abort 37/49 Test #37: drfuzz_test_app_abort ............. Passed 0.22 sec Start 38: drfuzz_test_no_crash 38/49 Test #38: drfuzz_test_no_crash .............. Passed 0.22 sec Start 39: umbra_test_empty 39/49 Test #39: umbra_test_empty .................. Passed 0.22 sec Start 40: umbra_test_overlap 40/49 Test #40: umbra_test_overlap ................ Passed 0.23 sec Start 41: umbra_test_shadow_mem 41/49 Test #41: umbra_test_shadow_mem ............. Passed 0.30 sec Start 42: umbra_test_insert_app_to_shadow 42/49 Test #42: umbra_test_insert_app_to_shadow ... Passed 0.29 sec Start 43: umbra_test_consistency 43/49 Test #43: umbra_test_consistency ............ Passed 0.30 sec Start 44: umbra_test_allscales 44/49 Test #44: umbra_test_allscales .............. Passed 0.39 sec Start 45: drltrace 45/49 Test #45: drltrace .......................... Passed 0.35 sec Start 46: drltrace_libcalls 46/49 Test #46: drltrace_libcalls ................. Passed 0.36 sec Start 47: drltrace_symargs 47/49 Test #47: drltrace_symargs .................. Passed 0.36 sec Start 48: drltrace_libargs 48/49 Test #48: drltrace_libargs .................. Passed 0.35 sec Start 49: strace_sample 49/49 Test #49: strace_sample ..................... Passed 0.22 sec 88% tests passed, 6 tests failed out of 49
gregcawthorne
added a commit
that referenced
this issue
Apr 17, 2021
AArch64 port of drmemory. Only contains slowpath support with shared_slowpath off. Pattern mode and fastpath modes are being worked on separately. Currently this build does break some x86 functionality. Depends on: https://github.com/DynamoRIO/dynamorio/tree/mem-ref-for-clean-calls-aarch64/core Current tests we have analysed: Test project /home/grecaw01/APD-testing/drmem-upstream3/drmemory/build Start 1: drmf_proj 1/49 Test #1: drmf_proj ......................... Passed 0.45 sec Start 2: unit_tests 2/49 Test #2: unit_tests ........................ Passed 0.02 sec Start 3: hello 3/49 Test #3: hello ............................. Passed 3.55 sec Start 4: free 4/49 Test #4: free .............................. Passed 3.67 sec Start 5: malloc 5/49 Test #5: malloc ............................ Passed 3.88 sec Start 6: leak_indirect 6/49 Test #6: leak_indirect ..................... Passed 3.52 sec Start 7: patterns 7/49 Test #7: patterns .......................... Passed 3.93 sec Start 8: free.exitcode 8/49 Test #8: free.exitcode ..................... Passed 3.64 sec Start 9: track_origins 9/49 Test #9: track_origins .....................***Failed 0.34 sec Start 10: free.pattern 10/49 Test #10: free.pattern ......................***Failed 0.35 sec Start 11: malloc.pattern 11/49 Test #11: malloc.pattern ....................***Failed 0.34 sec Start 12: track_origins.pattern 12/49 Test #12: track_origins.pattern .............***Failed 0.34 sec Start 13: fuzz_corpus 13/49 Test #13: fuzz_corpus ....................... Passed 3.56 sec Start 14: fuzz_buffer 14/49 Test #14: fuzz_buffer ....................... Passed 4.62 sec Start 15: fuzz_buffer.replace_buffer 15/49 Test #15: fuzz_buffer.replace_buffer ........ Passed 4.62 sec Start 16: fuzz_buffer.overflow 16/49 Test #16: fuzz_buffer.overflow ..............***Failed 0.34 sec Start 17: fuzz_buffer.mutator.o-b-s-3 17/49 Test #17: fuzz_buffer.mutator.o-b-s-3 ....... Passed 4.59 sec Start 18: fuzz_buffer.mutator.r-b-s-3 18/49 Test #18: fuzz_buffer.mutator.r-b-s-3 ....... Passed 4.63 sec Start 19: fuzz_buffer.mutator.o-b-3 19/49 Test #19: fuzz_buffer.mutator.o-b-3 ......... Passed 4.60 sec Start 20: fuzz_buffer.mutator.r-n 20/49 Test #20: fuzz_buffer.mutator.r-n ........... Passed 4.54 sec Start 21: fuzz_buffer.mutator.random_seed 21/49 Test #21: fuzz_buffer.mutator.random_seed ... Passed 4.57 sec Start 22: fuzz_buffer.one-input 22/49 Test #22: fuzz_buffer.one-input ............. Passed 3.82 sec Start 23: fuzz_buffer.load_input 23/49 Test #23: fuzz_buffer.load_input ............ Passed 3.81 sec Start 24: fuzz_buffer.skip_initial 24/49 Test #24: fuzz_buffer.skip_initial .......... Passed 4.01 sec Start 25: fuzz_buffer.fixed_size 25/49 Test #25: fuzz_buffer.fixed_size ............ Passed 5.36 sec Start 26: fuzz_buffer.offset 26/49 Test #26: fuzz_buffer.offset ................ Passed 5.42 sec Start 27: fuzz_buffer.module_name 27/49 Test #27: fuzz_buffer.module_name ........... Passed 4.58 sec Start 28: fuzz_buffer.dictionary 28/49 Test #28: fuzz_buffer.dictionary ............ Passed 4.20 sec Start 29: fuzz_buffer.cpp 29/49 Test #29: fuzz_buffer.cpp ................... Passed 17.77 sec Start 30: fuzz_custom_mutator 30/49 Test #30: fuzz_custom_mutator ............... Passed 4.57 sec Start 31: drsyscall_test 31/49 Test #31: drsyscall_test .................... Passed 0.22 sec Start 32: strace_test 32/49 Test #32: strace_test ....................... Passed 0.22 sec Start 33: drfuzz_test_empty 33/49 Test #33: drfuzz_test_empty ................. Passed 0.22 sec Start 34: drfuzz_test_mutator 34/49 Test #34: drfuzz_test_mutator ............... Passed 2.38 sec Start 35: drfuzz_test_repeat 35/49 Test #35: drfuzz_test_repeat ................***Failed Start 36: drfuzz_test_segfault 36/49 Test #36: drfuzz_test_segfault .............. Passed 0.20 sec Start 37: drfuzz_test_app_abort 37/49 Test #37: drfuzz_test_app_abort ............. Passed 0.22 sec Start 38: drfuzz_test_no_crash 38/49 Test #38: drfuzz_test_no_crash .............. Passed 0.22 sec Start 39: umbra_test_empty 39/49 Test #39: umbra_test_empty .................. Passed 0.22 sec Start 40: umbra_test_overlap 40/49 Test #40: umbra_test_overlap ................ Passed 0.23 sec Start 41: umbra_test_shadow_mem 41/49 Test #41: umbra_test_shadow_mem ............. Passed 0.30 sec Start 42: umbra_test_insert_app_to_shadow 42/49 Test #42: umbra_test_insert_app_to_shadow ... Passed 0.29 sec Start 43: umbra_test_consistency 43/49 Test #43: umbra_test_consistency ............ Passed 0.30 sec Start 44: umbra_test_allscales 44/49 Test #44: umbra_test_allscales .............. Passed 0.39 sec Start 45: drltrace 45/49 Test #45: drltrace .......................... Passed 0.35 sec Start 46: drltrace_libcalls 46/49 Test #46: drltrace_libcalls ................. Passed 0.36 sec Start 47: drltrace_symargs 47/49 Test #47: drltrace_symargs .................. Passed 0.36 sec Start 48: drltrace_libargs 48/49 Test #48: drltrace_libargs .................. Passed 0.35 sec Start 49: strace_sample 49/49 Test #49: strace_sample ..................... Passed 0.22 sec 88% tests passed, 6 tests failed out of 49
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From derek.br...@gmail.com on August 22, 2010 19:36:17
it's b/c operator delete (debug version only, and delete only: debug
version of oprator new does not) grabs the same heap lock as free (so
similar to issue #26 problem where operator delete is ignoring abstraction
barrier of malloc layer):
base_unittests!operator delete+0x3d [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgdel.cpp @ 45]:
45 0074a2dd 6a04 push 0x4
45 0074a2df e88c060200 call base_unittests!_lock (0076a970)
malloc/free:
_mlock(_HEAP_LOCK);
#define _mlock(l) _lock(l)
#define _HEAP_LOCK 4 /* lock for heap allocator routines */
now that all mallocs are stored in a hashtable, unless this is pre-us, if
no size in redzone (which is the case for dbgcrt due to issue #26) should use
hashtable preferentially.
2 Id: 18f7c.153cc Suspend: 1 Teb: 7efd7000 Unfrozen
ChildEBP RetAddr Args to Child
22659b90 7d62884f 000002c4 00000000 00000000 ntdll!ZwWaitForSingleObject+0x15
22659bcc 7d62889f 00000000 00000004 00000001 ntdll!RtlpWaitOnCriticalSection+0x19c
22659bec 0076a9ad 00a51dc8 22659c38 00762bc2 ntdll!RtlEnterCriticalSection+0xa8
22659bf8 00762bc2 00000004 56ab68b0 0628fba0 base_unittests!_lock+0x3d [f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c @ 349]
22659c38 00762ab0 05b2ce80 00000001 22659ca4 base_unittests!_msize_dbg+0x102 [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c @ 1503]
22659c48 1007ce76 05b2ce80 000002a8 21351414 base_unittests!_msize+0x10 [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c @ 1459]
22659ca4 1007c40e 00000000 05b2ce80 22659ee0 drmemorylib!get_alloc_size+0x4b6 [e:\derek\dr\win32\oss-clients\drmemory\common\alloc.c @ 665]
22659d90 1007b59c 22595ec0 22659e38 00000000 drmemorylib!handle_free_pre+0x96e [e:\derek\dr\win32\oss-clients\drmemory\common\alloc.c @ 2079]
22659f08 10085aff 00426587 0074a420 00000000 drmemorylib!handle_alloc_pre_ex+0x9ec [e:\derek\dr\win32\oss-clients\drmemory\common\alloc.c @ 3018]
22659f3c 21e13d76 00426587 0074a420 00000000 drmemorylib!handle_alloc_pre+0x22f [e:\derek\dr\win32\oss-clients\drmemory\common\alloc.c @ 3102]
0:002> dt RTL_CRITICAL_SECTION 00a51dc8
+0x000 DebugInfo : 0x0023b890
+0x004 LockCount : -22
+0x008 RecursionCount : 1
+0x00c OwningThread : 0x00018e64
+0x010 LockSemaphore : 0x000002c4
+0x014 SpinCount : 0xfa0
ChildEBP RetAddr
00 22529c34 7108edc2 ntdll!ZwWaitForSingleObject+0x15
01 22529c44 710809b3 dynamorio!nt_wait_event_with_timeout+0x12 [e:\derek\dr\win32\opensource\core\win32\ntdll.c @ 3268]
02 22529c68 71080b83 dynamorio!os_wait_event+0x393 [e:\derek\dr\win32\opensource\core\win32\os.c @ 6341]
03 22529c84 710385e8 dynamorio!mutex_wait_contended_lock+0x53 [e:\derek\dr\win32\opensource\core\win32\os.c @ 6371]
04 22529c94 71079a13 dynamorio!mutex_lock+0x58 [e:\derek\dr\win32\opensource\core\utils.c @ 867]
05 22529ca0 10074ad6 dynamorio!dr_mutex_lock+0x33 [e:\derek\dr\win32\opensource\core\x86\instrument.c @ 2367]
06 22529cb0 1007be13 drmemorylib!malloc_lock+0x16 [e:\derek\dr\win32\oss-clients\drmemory\common\alloc.c @ 1110]
07 22529d90 1007b59c drmemorylib!handle_free_pre+0x373 [e:\derek\dr\win32\oss-clients\drmemory\common\alloc.c @ 2035]
08 22529f08 10085aff drmemorylib!handle_alloc_pre_ex+0x9ec [e:\derek\dr\win32\oss-clients\drmemory\common\alloc.c @ 3018]
09 22529f3c 21902595 drmemorylib!handle_alloc_pre+0x22f [e:\derek\dr\win32\oss-clients\drmemory\common\alloc.c @ 3102]
WARNING: Frame IP not in any known module. Following frames may be wrong.
0a 0618f97c 00422fa7 0x21902595
0b 0618f98c 00423548 base_unittests!std::allocator::deallocate+0x17 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\xmemory @ 140]
0c 0618f9a4 00421a1f base_unittests!std::basic_stringbuf<char,std::char_traits,std::allocator >::_Tidy+0x68 [c:\program files (x86)\microsoft visual studio 9.0\vc\include\sstream @ 305]
0d 0618f9b0 0044a5ad base_unittests!std::basic_stringbuf<char,std::char_traits,std::allocator >::~basic_stringbuf<char,std::char_traits,std::allocator >+0x1f [c:\program files (x86)\microsoft visual studio 9.0\vc\include\sstream @ 44]
0e 0618f9bc 0044a559 base_unittests!std::basic_ostringstream<char,std::char_traits,std::allocator >::~basic_ostringstream<char,std::char_traits,std::allocator >+0x2d [c:\program files (x86)\microsoft visual studio 9.0\vc\include\sstream @ 432]
0f 0618f9c8 0069df8c base_unittests!std::basic_ostringstream<char,std::char_traits,std::allocator >::`vbase destructor'+0x19
10 0618fba0 00440650 base_unittests!logging::LogMessage::~LogMessage+0x3dc [c:\users\timurrrr\desktop\chromium\src\base\logging.cc @ 598]
...
Original issue: http://code.google.com/p/drmemory/issues/detail?id=30
The text was updated successfully, but these errors were encountered: