crashes in ipAddrToAsciiAsynchronous (pure virtual method called)

Initial indications point to irregularities here.

The dump below says that the crash occurred at ipAddrToAsciiAsynchronous.cpp:278 yet it also indicates that "this-> callbackInProgress" is false. Looking at the source I know that "this-> callbackInProgress" is set to true just prior to ipAddrToAsciiAsynchronous.cpp:278 and set to false just after that line. The only other line in the source that modifies this variable is the constructor for ipAddrToAsciiEnginePrivate.

Therefore, I can conclude that one of two circumstances is occurring.
1) The implementation of "this->thread.exitWait ();" isn't working correctly (and the destructor is allowed to return before the ipAddrToAsciiEnginePrivate thread exits).
2) Some other agent is illegitimately modifying (corrupting) the ipAddrToAsciiEnginePrivate data structure.

I am inclined to conclude that number (2) is probably the correct deduction because every non-static field in ipAddrToAsciiEnginePrivate is zero. The fields "laborEvent = {id = 0x0}, destructorBlockEvent = {id = 0x0}" both being zero is particularly suspicious. No doubt this might be allowed to occur if "this->thread.exitWait ();" wasn’t working, but since "epicsThread::exitWait()" is depended upon by many threads in base then I am inclined to conclude that the probability of that outcome would be quite small.

edited on: 2005-05-31 10:06

> I'm running the engine under valgrind.
> None of this should matter in the real world.

The problem always is forcing the bug to be reproduced. Have you seen it crash while the code was instrumented with valgrind?

I have used this type of tool from two different commercial sources and I notice that each of them excelled in different areas. There were real differences in what was detected. That was a few years ago. The technology might be maturing at this point. However, if valgrind isn’t using some form of object code insertion it may be ineffective compared to tools that do. Object code insertion technologies seem to provide a good combination of strong detection with minimized impact on runtime dynamics.

If your DNS system is (was) temporarily flaky, turned off, or inaccessible that could cause dramatic changes in runtime dynamics, and also open up new opportunities for bugs of course.

> What I don't understand: Sometimes that message uses '172.31.72.95' and
> sometimes 'lin-vac-srv01.ics.sns.gov'

For R3.14 I stripped all direct calls to DNS out of the CA. I converted many instances (the most important ones) to use ipAddrToAsciiAsynchronous, but since this was a hassle I didn’t use ipAddrToAsciiAsynchronous for every single one of them. Also, if a high water mark on ipAddrToAsciiAsynchronous's queue is reached, or if ipAddrToAsciiAsynchronous is being shut down when items are pending in its queue, then raw IP addresses are printed.

> What should I do to get ipAddrToAsciiAsynchronous to run and to see
> Messages with resolved names?

Connect to an soft IOC, and then stop the soft IOC. That ought to get a message printed with a host name in it, but as I mentioned before runtime dynamics can change.

> Any hint on what I need to prepare in order to get
> the ipAddrToAsciiAsynchronous code to run?

When the CA client library needs to print a diagnostic message we would prefer to include ASCII names, and not raw IP addresses.

That code interposes an asynchronous wrapper around the DNS API which is a dumb synchronous blocking interface. We have seen in the past that the CA client can be come compromised if the DNS server isn’t available on the network. The client library could get hung for a very long time waiting for a IP address to host name conversion call to complete.

> What's supposed to be behind the callback?

A CA client library specific diagnostic message printing function

> What else is waiting on the 'guard' and thus might cause
> the memory corruption as soon as the 'unguard' runs?

Not much. Primarily, the guard is there to protect the queue from other threads that may be adding or deleting items to it. All of the interactions are in that one source file. Fortunately, it’s a small and easily understood source code.

> Does the chid contain the ipAddrToAsciiAsynchronous memory structure?

The client library obtains a reference to the ipAddrToAsciiAsynchronous facility when it starts up. Multiple client contexts can share the same ipAddrToAsciiAsynchronous instance. The instance is reference counted so the last CA context to go way also destroys the ipAddrToAsciiAsynchronous instance.

The entries in the ipAddrToAsciiAsynchronous queue are dynamically allocated from a free list whenever the client library decides that it needs to print a diagnostic message with a host name in it.

> any idea how the engine would obtain a pointer to it so that it could
> zero > it all out?

My best guess is some sort of random corruption.

> Should I start & stop ca servers to provoke CA disconnects or ??

Couldn’t (shouldn’t) hurt (this wont hurt a bit) ;-)

From Kay,

As a side note, I haven't had another archive engine
crash in the CA client's IP-to-name resolution
with - I think - the same IOC and archive config,
so that might have been caused by the behavior
of the DNS server connection which is no longer reproducible.

Perhaps the next step here will be to test on Linux when the DNS entry isnt available.

I can think of three situations:
1) Configured DNS server does not respond
2) Configured DNS server is slow responding
3) Configured DNS server is responding but the specified host name isnt in the db

I suspect that (3) is frequently encountered, but its conceivable that there is a failure related to one of the other two which was not uncovered during regression testing.

4 years and 4 versions ago, re-submit if its still a problem.

R3.14.11 released.