Experimental Physics and Industrial Control System
Problem: softIoc.exe runs into fatal exception after caput call from local host.
When running the test, there's a 40% chance for this exception to occur.
Waiting between starting the softIoc and caput, and/or waiting between
caput calls does not change the behavior.
Error message: "softIoc has encountered a problem and needs to close. We are sorry for the
inconvience."
Error details: AppName: softioc.exe; AppVer:0.0.0.0; ModName: com.dll; ModVer: 3.14.12.0;
Offset: 0000a613
System: EPICS 3.14.12 plus all published patches (8 Feb. 2011), no local changes
(compiled with MVS 2010 professional - without any error)
Host: Windows XP SP3 @ Pentium 4 with 3.2GHz and 3GB RAM
AND
Windows XP SP3 @ VMWARE 3.5.0
AND
Windows XP SP3 @ VIRTUALBOX 3.2.12
AND
Windows XP SP3 @ KVM
Test setup: The following configuration files have been used:
startDemo.bat:
set EPICS_CA_ADDR_LIST=localhost
set EPICS_CA_AUTO_ADDR_LIST=NO
start DemoIOC.cmd
caput demoHost:double1 3.141
caput demoHost:double2 2.718
caput demoHost:long 12345
DemoIOC.cmd:
softIoc.exe -D dbd\softIoc.dbd -d db\demo.db
demo.db:
record(ao, "demoHost:double1")
{
field(DESC, "Double output with range infos")
field(EGU, "mm")
field(HOPR, "10")
field(LOPR, "0")
field(HIHI, "8")
field(HIGH, "6")
field(LOW, "4")
field(LOLO, "2")
field(HHSV, "MAJOR")
field(HSV, "MINOR")
field(LSV, "MINOR")
field(LLSV, "MAJOR")
}
record(ao, "demoHost:double2")
{
field(DESC, "Double output without range infos")
field(EGU, "nm")
}
record(longout, "demoHost:long")
{
field(DESC, "Long output without range infos")
field(EGU, "m")
}
call stack:
Com.dll!ellDelete(ELLLIST * pList=0x00a22ed0, ELLNODE * pNode=0x00cf0d08) Zeile 82 + 0xb Bytes C
Com.dll!epicsParmCleanupWIN32(epicsThreadOSD * pParm=0x00cf0d08) Zeile 246 + 0x10 Bytes C
Com.dll!epicsWin32ThreadEntry(void * lpParameter=0x00cf0d08) Zeile 516 + 0x9 Bytes C
msvcr100d.dll!_callthreadstartex() Zeile 314 + 0xf Bytes C
msvcr100d.dll!_threadstartex(void * ptd=0x00cf1500) Zeile 297 C
kernel32.dll!_BaseThreadStart@8() + 0x37 Bytes
exception occurred here:
void ellDelete (ELLLIST *pList, ELLNODE *pNode)
{
if (pList->node.previous == pNode)
pList->node.previous = pNode->previous;
else
pNode->next->previous = pNode->previous; <== "pNode->next" is a NULL pointer in error case!
(s. memory map)
if (pList->node.next == pNode)
pList->node.next = pNode->next;
else
pNode->previous->next = pNode->next;
pList->count--;
return;
}
This function was called from "static void epicsParmCleanupWIN32 ( win32ThreadParam * pParm )" of
osdThread.c
memory maps:
- pList 0x00a22ed0 {node={...} count=23 } ELLLIST *
- node {next=0x00a24728 previous=0x00cf0c60 } ELLNODE
- next 0x00a24728 {next=0x00a26340 previous=0x00000000 } ELLNODE *
- next 0x00a26340 {next=0x00adbd90 previous=0x00a24728 } ELLNODE *
[... 20 thread parameter blocks in this list without address 0x00cf0d08]
- next 0x00cf0c60 {next=0x00000000 previous=0x00cf0de0 } ELLNODE *
- next 0x00000000 {next=??? previous=??? } ELLNODE *
next CXX0030: Fehler: Ausdruck kann nicht ausgewertet werden
previous CXX0030: Fehler: Ausdruck kann nicht ausgewertet werden
+ previous 0x00cf0de0 {next=0x00cf0c60 previous=0x00cf0b40 } ELLNODE *
+ previous 0x00cf0b40 {next=0x00cf0de0 previous=0x00af1ac0 } ELLNODE *
[... 20 thread parameter blocks in this list without address 0x00cf0d08]
count 23 int
- pNode 0x00cf0d08 {next=0x00000000 previous=0x00000000 } ELLNODE *
+ next 0x00000000 {next=??? previous=??? } ELLNODE *
next CXX0030: Fehler: Ausdruck kann nicht ausgewertet werden
previous CXX0030: Fehler: Ausdruck kann nicht ausgewertet werden
+ previous 0x00000000 {next=??? previous=??? } ELLNODE *
next CXX0030: Fehler: Ausdruck kann nicht ausgewertet werden
previous CXX0030: Fehler: Ausdruck kann nicht ausgewertet werden
0x00CF0C80 00 00 00 00 43 41 53 2d 65 76 65 6e 74 00 fd fd fd fd dd dd dd dd dd dd 09 00 0c 00 a1
01 0c 02 a0 12 ....CAS-event.ýýýýÝÝÝÝÝÝ....¡... .
0x00CF0CA2 cf 00 e8 0c cf 00 00 00 00 00 00 00 00 00 18 00 00 00 01 00 00 00 fd 26 00 00 fd fd fd
fd 00 00 00 00 Ï.è.Ï.................ý&..ýýýý....
This looks like there is a situation (with a 40% chance), in which the thread parameter block of a
CAS-event task is not added to the thread list when the client connects. When the clients
disconnects and the thread gets shut down, it tries to remove its parameter block from the thread
list by calling ellDelete() with a node that is not in the list. ellDelete() behaves fragile and
crashes the softIoc (by dereferencing a null pointer). This exception seems to occur only when caput
has been called from local host.
Has anyone seen this behavior?
________________________________
Helmholtz-Zentrum Berlin für Materialien und Energie GmbH
Mitglied der Hermann von Helmholtz-Gemeinschaft Deutscher Forschungszentren e.V
Aufsichtsrat: Vorsitzender Prof. Dr. Dr. h.c. mult. Joachim Treusch, stv. Vorsitzende Dr. Beatrix Vierkorn- Rudolph
Geschäftsführer: Prof. Dr. Anke Rita Kaysser-Pyzalla, Prof. Dr. Dr. h.c. Wolfgang Eberhardt, Dr. Ulrich Breuer
Sitz Berlin, AG Charlottenburg, 89 HRB 5583
Postadresse:
Hahn-Meitner-Platz 1
D-14109 Berlin
http://www.helmholtz-berlin.de
- Replies:
- RE: soft ioc runs into fatal exception (base-3.14.12) Jeff Hill
- Navigate by Date:
- Prev:
USB4000 Szalata, Zenon M.
- Next:
Re: UML model of EPICS haquin
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
<2011>
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: USB4000 Brands Helge
- Next:
RE: soft ioc runs into fatal exception (base-3.14.12) Jeff Hill
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
<2011>
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024