I'm making a NodeJS addon using the Nan library, and I'm running into an issue where calling a callback (created on the javascript side and passed to the addon to be executed asyncronously) will cause a segfault - but only about once every 10 thousand or so runs.
There's quite a bit of complexity involved in how everything operates, but I'm hoping that someone will see something I missed or be able to figure out what's going on.
The C++ callback function is created from the javascript callback like this:
auto nodeFunc = val.As<v8::Function>();
auto nodeCb = std::make_shared<Nan::Callback>(nodeFunc);
auto callback = [nodeCb] (std::string err, std::string val) -> void {
Nan::HandleScope scope;
v8::Local<v8::Value> argv[2];
if (err.length() == 0) {
auto isolate = v8::Isolate::GetCurrent();
auto json = v8::JSON::Parse(isolate, Nan::New(val).ToLocalChecked());
auto object = json.ToLocalChecked();
argv[0] = Nan::Null();
argv[1] = object;
} else {
argv[0] = Nan::Error(err.c_str());
argv[1] = Nan::Null();
}
try {
nodeCb->Call(2, argv);
} catch (std::exception& ex) {
std::cout << ex.what() << std::endl;
Nan::ThrowReferenceError(ex.what());
}
};
After creation, it is passed to a separate thread which eventually sends the callback to the main libuv thread using uv_async_send() and executes it. This works fine the vast majority of the time, but will very rarely segfault on the nodeCb->Call(2, argv) line.
If anyone has any insight into what's happening here, I'd really appreciate it.
Also, here's the call stack from gdb in case that's any help:
#0 0x00000000009870e0 in v8::Function::Call(v8::Local<v8::Value>, int, v8::Local<v8::Value>*) ()
#1 0x00000000010a562c in node::MakeCallback(node::Environment*, v8::Local<v8::Value>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*) ()
#2 0x00000000010a5a98 in node::MakeCallback(v8::Isolate*, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*) ()
#3 0x00007ffff47b4b30 in Nan::Callback::Call_ (this=0x20c3500, isolate=0x1ded750, target=..., argc=2,
argv=0x7fffffffa430) at ../node_modules/nan/nan.h:1477
#4 0x00007ffff47b4a93 in Nan::Callback::Call (this=0x20c3500, argc=2, argv=0x7fffffffa430)
at ../node_modules/nan/nan.h:1443
#5 0x00007ffff47b194b in detail::info::__lambda1::operator() (__closure=0x1e40710, err="",
val="{\"index\":1,\"status\":1}") at ../node/utils.hpp:125
#6 0x00007ffff47b37f2 in std::_Function_handler<void(std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::basic_string<char, std::char_traits<char>, std::allocator<char> >), detail::info::setElementValue(T&, v8::Local<v8::Value>, size_t) [with T = std::function<void(std::basic_string<char>, std::basic_string<char>)>; size_t = long unsigned int]::__lambda1>::_M_invoke(const std::_Any_data &, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::basic_string<char, std::char_traits<char>, std::allocator<char> >) (__functor=..., __args#0="", __args#1="")
at /usr/include/c++/4.8.2/functional:2071
#7 0x00007ffff44cd339 in std::function<void (std::string, std::string)>::operator()(std::string, std::string) const (this=0x1e29c80, __args#0="", __args#1="")
at /opt/rh/devtoolset-4/root/usr/include/c++/5.2.1/functional:2271
#8 0x00007ffff44e172c in std::_Bind<std::function<void (std::string, std::string)> (char const*, std::string)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) (this=0x1e29c80,
__args=<unknown type in /usr/local/lib/libSCPlay.so, CU 0x0, DIE 0x83e21>)
at /opt/rh/devtoolset-4/root/usr/include/c++/5.2.1/functional:1074
#9 0x00007ffff44daec8 in std::_Bind<std::function<void (std::string, std::string)> (char const*, std::string)>::operator()<, void>() (this=0x1e29c80)
at /opt/rh/devtoolset-4/root/usr/include/c++/5.2.1/functional:1133
#10 0x00007ffff44d3b58 in std::_Function_handler<void (), std::_Bind<std::function<void (std::string, std::string)> (char const*, std::string)> >::_M_invoke(std::_Any_data const&) (__functor=...)
at /opt/rh/devtoolset-4/root/usr/include/c++/5.2.1/functional:1871
#11 0x00007ffff44fab0a in std::function<void ()>::operator()() const (this=0x7fffffffa650)
at /opt/rh/devtoolset-4/root/usr/include/c++/5.2.1/functional:2271
#12 0x00007ffff44f890c in DeviceThread::asyncListener (handle=0x1efb9f0)
at /home/scl37510/Projects/SCPlay2/lib/device_thread.cpp:124
#13 0x0000000001316b0b in uv__async_event (loop=0x1de7fe0 <default_loop_struct>, w=<optimized out>,
nevents=<optimized out>) at ../deps/uv/src/unix/async.c:98
#14 0x0000000001316be3 in uv__async_io (loop=0x1de7fe0 <default_loop_struct>,
w=0x1de81a8 <default_loop_struct+456>, events=<optimized out>) at ../deps/uv/src/unix/async.c:138
#15 0x00000000013271b0 in uv__io_poll (loop=loop#entry=0x1de7fe0 <default_loop_struct>, timeout=0)
at ../deps/uv/src/unix/linux-core.c:380
#16 0x00000000013176c6 in uv_run (loop=0x1de7fe0 <default_loop_struct>, mode=UV_RUN_ONCE)
at ../deps/uv/src/unix/core.c:354
#17 0x00000000010aabe0 in node::Start(int, char**) ()
#18 0x00007ffff6bf5b35 in __libc_start_main () from /lib64/libc.so.6
#19 0x00000000007b1f1d in _start ()
Edit: I've created a much smaller test program to see if I could pinpoint the source of the bug, and I've discovered that I can prevent it by changing the Callback shared_ptr to a regular pointer, deleting it immediately after the nodeCb->Call(2,argv) line.
Is there some semantic difference between the two that could cause this?
The usage of shared_ptr to wrap a Callback is suspicious:
std::make_shared<Nan::Callback>(nodeFunc);
I don't think V8 would like references being handled that way.
Nan::Callback itself contains a Persistent that it uses to store the function's value, so you need not worry about persistence.
...I just noticed your edit after I already wrote out this answer. The shared_ptr is potentially dangerous to mix with V8 internal handles and references.
If your intention is to store the callback and delete it immediately, maybe you could benefit by refactoring your code to use Nan::AsyncWorker instead.
Related
Here is a simple example for using std::condition_variable. When using clang+tsan for building the following code,
#include <cassert>
#include <chrono>
#include <condition_variable>
#include <iostream>
#include <mutex>
#include <thread>
class WaitSignalLock {
private:
std::condition_variable conditionVariable;
std::mutex mtx;
bool condition = false;
public:
bool wait(const std::chrono::milliseconds& timeout);
void signal();
private:
bool conditionMet() const;
bool waitForConditionVariableSignal(std::unique_lock<std::mutex>& lck, const std::chrono::milliseconds& timeout);
};
bool WaitSignalLock::wait(const std::chrono::milliseconds& timeout) {
std::unique_lock<std::mutex> lck(this->mtx);
const auto result = waitForConditionVariableSignal(lck, timeout);
condition = false;
return result;
}
void WaitSignalLock::signal() {
// the variable used for checking the condition has to be modified under a lock (even if the variable is atomic),
// and the condition variable should not be notified under a lock
{
std::lock_guard<std::mutex> lck(this->mtx);
condition = true;
}
conditionVariable.notify_one();
}
bool WaitSignalLock::conditionMet() const {
// do not lock, method will be called under the lock already
return condition;
}
bool WaitSignalLock::waitForConditionVariableSignal(std::unique_lock<std::mutex>& lck, const std::chrono::milliseconds& timeout) {
assert(lck.owns_lock());
if(this->conditionVariable.wait_for(lck, timeout, [this]() {
return this->conditionMet();
})) {
return true;
}
else {
return false;
}
}
int main(int, char**) {
WaitSignalLock waitSignalLock;
std::thread sendSignal([&waitSignalLock]() {
std::this_thread::sleep_for(std::chrono::milliseconds(500));
waitSignalLock.signal();
});
const auto result = waitSignalLock.wait(std::chrono::seconds(1));
sendSignal.join();
return !result;
}
tsan reports the following two issues:
WARNING: ThreadSanitizer: double lock of a mutex (pid=16421)
#0 pthread_mutex_lock <null> (a.out+0x7e358)
#1 __gthread_mutex_lock(pthread_mutex_t*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/x86_64-pc-linux-gnu/bits/gthr-default.h:749:12 (a.out+0xd39a6)
#2 std::mutex::lock() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/std_mutex.h:100:17 (a.out+0xd45e9)
#3 std::lock_guard<std::mutex>::lock_guard(std::mutex&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/std_mutex.h:159:19 (a.out+0xd4148)
#4 WaitSignalLock::signal() /home/jae/projects/condition_variable/main.cpp:38:37 (a.out+0xd367e)
#5 main::$_1::operator()() const /home/jae/projects/condition_variable/main.cpp:67:24 (a.out+0xd3f2f)
#6 void std::__invoke_impl<void, main::$_1>(std::__invoke_other, main::$_1&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/invoke.h:60:14 (a.out+0xd3eb1)
#7 std::__invoke_result<main::$_1>::type std::__invoke<main::$_1>(main::$_1&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/invoke.h:95:14 (a.out+0xd3e01)
#8 void std::thread::_Invoker<std::tuple<main::$_1> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:264:13 (a.out+0xd3db9)
#9 std::thread::_Invoker<std::tuple<main::$_1> >::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:271:11 (a.out+0xd3d69)
#10 std::thread::_State_impl<std::thread::_Invoker<std::tuple<main::$_1> > >::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:215:13 (a.out+0xd3c9d)
#11 execute_native_thread_routine /build/gcc/src/gcc/libstdc++-v3/src/c++11/thread.cc:80:18 (libstdc++.so.6+0xcfb73)
Location is stack of main thread.
Location is global '??' at 0x7ffd19818000 ([stack]+0x00000001ec48)
Mutex M12 (0x7ffd19836c48) created at:
#0 pthread_mutex_lock <null> (a.out+0x7e358)
#1 __gthread_mutex_lock(pthread_mutex_t*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/x86_64-pc-linux-gnu/bits/gthr-default.h:749:12 (a.out+0xd39a6)
#2 std::mutex::lock() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/std_mutex.h:100:17 (a.out+0xd45e9)
#3 std::unique_lock<std::mutex>::lock() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/unique_lock.h:138:17 (a.out+0xd46df)
#4 std::unique_lock<std::mutex>::unique_lock(std::mutex&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/unique_lock.h:68:2 (a.out+0xd40b3)
#5 WaitSignalLock::wait(std::chrono::duration<long, std::ratio<1l, 1000l> > const&) /home/jae/projects/condition_variable/main.cpp:28:34 (a.out+0xd3563)
#6 main /home/jae/projects/condition_variable/main.cpp:70:40 (a.out+0xd3860)
SUMMARY: ThreadSanitizer: double lock of a mutex (/home/jae/projects/condition_variable/a.out+0x7e358) in pthread_mutex_lock
==================
==================
WARNING: ThreadSanitizer: data race (pid=16421)
Write of size 1 at 0x7ffd19836c70 by thread T1 (mutexes: write M12):
#0 WaitSignalLock::signal() /home/jae/projects/condition_variable/main.cpp:39:19 (a.out+0xd3687)
#1 main::$_1::operator()() const /home/jae/projects/condition_variable/main.cpp:67:24 (a.out+0xd3f2f)
#2 void std::__invoke_impl<void, main::$_1>(std::__invoke_other, main::$_1&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/invoke.h:60:14 (a.out+0xd3eb1)
#3 std::__invoke_result<main::$_1>::type std::__invoke<main::$_1>(main::$_1&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/invoke.h:95:14 (a.out+0xd3e01)
#4 void std::thread::_Invoker<std::tuple<main::$_1> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:264:13 (a.out+0xd3db9)
#5 std::thread::_Invoker<std::tuple<main::$_1> >::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:271:11 (a.out+0xd3d69)
#6 std::thread::_State_impl<std::thread::_Invoker<std::tuple<main::$_1> > >::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:215:13 (a.out+0xd3c9d)
#7 execute_native_thread_routine /build/gcc/src/gcc/libstdc++-v3/src/c++11/thread.cc:80:18 (libstdc++.so.6+0xcfb73)
Previous read of size 1 at 0x7ffd19836c70 by main thread (mutexes: write M12):
#0 WaitSignalLock::conditionMet() const /home/jae/projects/condition_variable/main.cpp:46:12 (a.out+0xd36ea)
#1 WaitSignalLock::waitForConditionVariableSignal(std::unique_lock<std::mutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&)::$_0::operator()() const /home/jae/projects/condition_variable/main.cpp:52:18 (a.out+0xd3af1)
#2 bool std::condition_variable::wait_until<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> >, WaitSignalLock::waitForConditionVariableSignal(std::unique_lock<std::mutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&)::$_0>(std::unique_lock<std::mutex>&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > > const&, WaitSignalLock::waitForConditionVariableSignal(std::unique_lock<std::mutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&)::$_0) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/condition_variable:157:10 (a.out+0xd3a37)
#3 bool std::condition_variable::wait_for<long, std::ratio<1l, 1000l>, WaitSignalLock::waitForConditionVariableSignal(std::unique_lock<std::mutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&)::$_0>(std::unique_lock<std::mutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, WaitSignalLock::waitForConditionVariableSignal(std::unique_lock<std::mutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&)::$_0) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/condition_variable:185:9 (a.out+0xd378e)
#4 WaitSignalLock::waitForConditionVariableSignal(std::unique_lock<std::mutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&) /home/jae/projects/condition_variable/main.cpp:51:32 (a.out+0xd3608)
#5 WaitSignalLock::wait(std::chrono::duration<long, std::ratio<1l, 1000l> > const&) /home/jae/projects/condition_variable/main.cpp:29:25 (a.out+0xd3572)
#6 main /home/jae/projects/condition_variable/main.cpp:70:40 (a.out+0xd3860)
As if synchronized via sleep:
#0 nanosleep <null> (a.out+0x6aadc)
#1 void std::this_thread::sleep_for<long, std::ratio<1l, 1000l> >(std::chrono::duration<long, std::ratio<1l, 1000l> > const&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:405:9 (a.out+0xd556a)
#2 main::$_1::operator()() const /home/jae/projects/condition_variable/main.cpp:66:9 (a.out+0xd3f1f)
#3 void std::__invoke_impl<void, main::$_1>(std::__invoke_other, main::$_1&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/invoke.h:60:14 (a.out+0xd3eb1)
#4 std::__invoke_result<main::$_1>::type std::__invoke<main::$_1>(main::$_1&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/invoke.h:95:14 (a.out+0xd3e01)
#5 void std::thread::_Invoker<std::tuple<main::$_1> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:264:13 (a.out+0xd3db9)
#6 std::thread::_Invoker<std::tuple<main::$_1> >::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:271:11 (a.out+0xd3d69)
#7 std::thread::_State_impl<std::thread::_Invoker<std::tuple<main::$_1> > >::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/thread:215:13 (a.out+0xd3c9d)
#8 execute_native_thread_routine /build/gcc/src/gcc/libstdc++-v3/src/c++11/thread.cc:80:18 (libstdc++.so.6+0xcfb73)
Location is stack of main thread.
Location is global '??' at 0x7ffd19818000 ([stack]+0x00000001ec70)
Mutex M12 (0x7ffd19836c48) created at:
#0 pthread_mutex_lock <null> (a.out+0x7e358)
#1 __gthread_mutex_lock(pthread_mutex_t*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/x86_64-pc-linux-gnu/bits/gthr-default.h:749:12 (a.out+0xd39a6)
#2 std::mutex::lock() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/std_mutex.h:100:17 (a.out+0xd45e9)
#3 std::unique_lock<std::mutex>::lock() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/unique_lock.h:138:17 (a.out+0xd46df)
#4 std::unique_lock<std::mutex>::unique_lock(std::mutex&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/10.1.0/../../../../include/c++/10.1.0/bits/unique_lock.h:68:2 (a.out+0xd40b3)
#5 WaitSignalLock::wait(std::chrono::duration<long, std::ratio<1l, 1000l> > const&) /home/jae/projects/condition_variable/main.cpp:28:34 (a.out+0xd3563)
#6 main /home/jae/projects/condition_variable/main.cpp:70:40 (a.out+0xd3860)
Thread T1 (tid=16423, running) created by main thread at:
#0 pthread_create <null> (a.out+0x8dbce)
#1 __gthread_create /build/gcc/src/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663:35 (libstdc++.so.6+0xcfe49)
#2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /build/gcc/src/gcc/libstdc++-v3/src/c++11/thread.cc:135:37 (libstdc++.so.6+0xcfe49)
#3 main /home/jae/projects/condition_variable/main.cpp:65:17 (a.out+0xd3816)
SUMMARY: ThreadSanitizer: data race /home/jae/projects/condition_variable/main.cpp:39:19 in WaitSignalLock::signal()
==================
ThreadSanitizer: reported 2 warnings
I neither understand why the first nor the second warning is reported.
The first warning claims that the mutex is locked twice, but how is this even possible? The mutex is not locked by the same thread while holding it, which is, as far as I understand, what tsan is claiming.
The second warning indicates that the variable 'condition' is not read/written in a thread-safe manner. However, it is only read and written when the mutex is locked. Or is the lock not locked after condition_variable::wait_for returns? According to https://en.cppreference.com/w/cpp/thread/condition_variable/wait_for, the lock should be locked.
Is it possible that this is a bug in clang/tsan? I couldn't find a bug report for this issue, and have a hard time believing that this is the case. But I simply don't see what's wrong with the code above.
I used the following command for compiling the source:
clang++ -O1 -g -fsanitize=thread -fno-omit-frame-pointer -lpthread main.cpp
The clang version is
$ clang --version
clang version 10.0.0
I have a strange segmentation fault I am unable to properly understand. I am creating a function object with std::bind, then assign this to a std::function object, this apparently results in a segfault.
std::function<ara::com::Future<SetShapeOutput>(const
messages::test::SetShapeParams&)> SetShape_callback_;
void set_SetShape_callback(const std::function<ara::com::Future<SetShapeOutput>(
const messages::test::SetShapeParams&)>& callback) {
SetShape_callback_ = callback;
}
[somewhere else]
algo_service_.GetshapeServiceSkeleton()->set_SetShape_callback(
std::bind(&ShapeServerAraBinding::on_call_serviceshapeService_methodSetShape,
this, std::placeholders::_1));
// definition
ara::com::Future<adaptiveautosarapplication::shapeServiceSkeleton::SetShapeOutput>
on_call_serviceshapeService_methodSetShape(
const messages::test::SetShapeParams& araSetShapeParams);
And the stacktrace from gdb showing the assignment causes a segfault:
#0 0x000055c45c268839 in std::swap<std::_Any_data> (__a=..., __b=...) at /usr/include/c++/6/bits/move.h:191
#1 0x000055c45c267781 in std::function<ara::com::Future<serviceInterfaces::test::shapeService::SetShapeOutput> (messages::test::SetShapeParams const&)>::swap(s
td::function<ara::com::Future<serviceInterfaces::test::shapeService::SetShapeOutput> (messages::test::SetShapeParams const&)>&) (this=0x7fffea5d6be0, __x=...)
at /usr/include/c++/6/functional:2016
#2 0x000055c45c263934 in std::function<ara::com::Future<serviceInterfaces::test::shapeService::SetShapeOutput> (messages::test::SetShapeParams const&)>::operat
or=(std::function<ara::com::Future<serviceInterfaces::test::shapeService::SetShapeOutput> (messages::test::SetShapeParams const&)> const&) (this=0x58, __x=...)
at /usr/include/c++/6/functional:1931
#3 0x000055c45c26009f in shapeServer::adaptiveautosarapplication::shapeServiceSkeleton::set_SetShape_callback(std::function<ara::com::Future<serviceInterfaces:
:test::shapeService::SetShapeOutput> (messages::test::SetShapeParams const&)> const&) (this=0x0, callback=...)
at /app/tests/eclipseProject/projects/shapeRPC/build/autogen/algos/shape/server/ara/include/shapeServer_service.h:40
#4 0x000055c45c260508 in shapeServer::ShapeServerAraBinding::Initialize (this=0x7fffea5d6dd0)
at /app/tests/eclipseProject/projects/shapeRPC/build/autogen/algos/shape/server/ara/include/shapeServerAraBinding.h:69
#5 0x000055c45c25854c in main (argc=1, argv=0x7fffea5d6fd8)
at /app/tests/eclipseProject/projects/shapeRPC/build/autogen/algos/shape/server/ara/src/shapeServerAraMain.cpp:108
The problem cause is shown in the following line:
#3 0x000055c45c26009f in shapeServer::adaptiveautosarapplication::shapeServiceSkeleton::set_SetShape_callback(std::function<ara::com::Future<serviceInterfaces:
:test::shapeService::SetShapeOutput> (messages::test::SetShapeParams const&)> const&) (this=0x0, callback=...)
Note shapeServiceSkeleton this=0x0.
I have a C++ program in Code::Block with gcc and wxWidgets.
After my working thread throws a wxThreadEvent with a struct as payload my program crashes (actually not at the throw, but at the moment I want to get the payload in the main).
Does anyone have an idea what is wrong?
The working thread part:
wxThread::ExitCode NavigationThread::Entry()
{
wxThreadEvent event(wxEVT_THREAD, ID_REFRESH_DIRECTION);
position_variables positionPayload;
positionPayload.latitude = latDouble;
positionPayload.longitude = lonDouble;
positionPayload.direction = direction;
event.SetPayload(&positionPayload);
m_parent->GetEventHandler()->AddPendingEvent(event);
}
The struct:
struct position_variables{
double latitude;
double longitude;
wxString direction;
};
class NavigationThread : public wxThread
{
...
}
The main.cpp
WindowsDgpsGUIFrame::WindowsDgpsGUIFrame(wxWindow* parent,wxWindowID id)
{
Bind(wxEVT_THREAD, &WindowsDgpsGUIFrame::onRefreshDirections, this, ID_REFRESH_DIRECTION);
}
void WindowsDgpsGUIFrame::onRefreshDirections(wxThreadEvent& event)
{
position_variables answerDirections = event.GetPayload<position_variables>(); //Here it crashes
}
When the crash occurs in normal "run" mode, a windows opens saying the program stopped working. In debug mode there is a small window in Code::blocks saying something about SIGSEGV, segmentation fault (or something like that) and this is the Call Stack:
#0 00877A54 std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::basic_string(std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&) () (??:??)
#1 04A1E550 ?? () (??:??)
#2 007ED139 position_variables::position_variables(this=0x4a1e588) (D:/WindowsDgps/WindowsDgpsGUI/NavigationThread.h:54)
#3 00851B54 wxAny::As<position_variables>(this=0x4c6fe70) (C:/wxWidgets-3.0.2/include/wx/any.h:979)
#4 0084E70C wxEventAnyPayloadMixin::GetPayload<position_variables>(this=0x4c6fe58) (C:/wxWidgets-3.0.2/include/wx/event.h:1219)
#5 0043320E WindowsDgpsGUIFrame::onRefreshDirections(this=0x4be2a68, event=...) (D:\WindowsDgps\WindowsDgpsGUI\WindowsDgpsGUIMain.cpp:440)
#6 0063AA48 wxAppConsoleBase::HandleEvent (this=0x4b2bde0, handler=0x4be2a68, func=(void (wxEvtHandler::*)(wxEvtHandler * const, wxEvent &) (../../src/common/appbase.cpp:611)
#7 0063AAD9 wxAppConsoleBase::CallEventHandler(this=0x4b2bde0, handler=0x4be2a68, functor=..., event=...) (../../src/common/appbase.cpp:623)
#8 0062DEA1 wxEvtHandler::ProcessEventIfMatchesId(entry=..., handler=0x4be2a68, event=...) (../../src/common/event.cpp:1392)
#9 0062EB3A wxEvtHandler::SearchDynamicEventTable(this=0x4be2a68, event=...) (../../src/common/event.cpp:1751)
#10 0062E318 wxEvtHandler::TryHereOnly(this=0x4be2a68, event=...) (../../src/common/event.cpp:1585)
#11 007C50A0 wxEvtHandler::TryBeforeAndHere(this=0x4be2a68, event=...) (../../include/wx/event.h:3671)
#12 0062E157 wxEvtHandler::ProcessEventLocally(this=0x4be2a68, event=...) (../../src/common/event.cpp:1522)
#13 0062E0FF wxEvtHandler::ProcessEvent(this=0x4be2a68, event=...) (../../src/common/event.cpp:1495)
#14 0062DCEC wxEvtHandler::ProcessPendingEvents(this=0x4be2a68) (../../src/common/event.cpp:1359)
#15 0063A69C wxAppConsoleBase::ProcessPendingEvents(this=0x4b2bde0) (../../src/common/appbase.cpp:520)
#16 007F0883 wxIdleWakeUpModule::MsgHookProc(nCode=0, wParam=1, lParam=77720172) (../../src/msw/window.cpp:7454)
#17 746BE1A1 USER32!TrackMouseEvent() (C:\WINDOWS\SysWOW64\user32.dll:??)
#18 ?? ?? () (??:??)
with #2 highlighted red.
Maybe it has something to do with the Clone() part in SetPayload()? Though I don't quite get how I should use it or why my accessing of the payload would be problematic...
You can't use a pointer to a local variable, which will be destroyed as soon as you exit the function containing it, thus making the pointer invalid, as the payload. Use the object itself, not a pointer to it, instead.
I tried to overload QDebug::operator<< for std::string. I know that we can debug (using qDebug()) std::string objects using its std::string::c_str() function but I want to avoid typing .c_str each time.
Here is my attempt
#include <QDebug>
#include <string>
inline const QDebug& operator<< (const QDebug& qDebugObj, const std::string& str) {
return qDebugObj << str.c_str();
}
int main()
{
std::string s = "4444555";
qDebug() << s;
}
This program produces segmentation fault. What is incorrect with this code?
Here is the stack:
#1 0x00000037c407a911 in malloc () from /lib64/libc.so.6
#2 0x00000037ca8bd09d in operator new(unsigned long) () from /usr/lib64/libstdc++.so.6
#3 0x00000037ca89c3c9 in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) ()
from /usr/lib64/libstdc++.so.6
#4 0x00000037ca89cde5 in ?? () from /usr/lib64/libstdc++.so.6
#5 0x00000037ca89cf33 in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) () from /usr/lib64/libstdc++.so.6
#6 0x00000000004012ca in operator<< (qDebugObj=..., str="4444555") at main.cpp:5
If you look at every overloaded output operator, you will see that none have a const qualifier. Which is your problem, you try to modify a constant object. Remove the const qualification of the qDebugObject and the return value.
You should have compiler warnings screaming about it, and if not then you need to enable more warnings (at least use -Wall when compiling with GCC/clang).
The actual problem, as answered by Mike Seymour in a comment, is that your overload will be called recursively until you get a stack overflow.
A way of bypassing that might be to convert the string to something else, like for example a QString:
return qDebugObj << QString::fromStdString(str);
In addition to your attempt to make an output stream const, you also failed to follow the instructions in the QT documentation
// with the fixed output operator
inline QDebug operator<<(QDebug dbg, const std::string& str)
{
dbg.nospace() << QString::fromStdString(str);
return dbg.space();
}
QT wants the output operator passed by copy (not by reference). There used to be a reason for that, but I cannot remember what it was.
I recently read about using GCC's code generation features (specifically, the -finstrument-functions compiler flag) to easily add instrumentation to my programs. I thought it sounded really cool and went to try it out on a previous C++ project. After several revisions of my patch, I found that any time I tried to use an STL container or print to stdout using C++ stream I/O, my program would immediately crash with a segfault. My first idea was to maintain a std::list of Event structs
typedef struct
{
unsigned char event_code;
intptr_t func_addr;
intptr_t caller_addr;
pthread_t thread_id;
timespec ts;
}Event;
list<Event> events;
which would be written to a file when the program terminated. GDB told me that when I tried to add an Event to the list, calling events.push_back(ev) itself initiated an instrumentation call. This wasn't terrible surprising and made sense after I thought about it for a bit, so on to plan 2.
The example in the blog which got me involved in all this mess didn't do anything crazy, it simply wrote a string to a file using fprintf(). I didn't think there would be any harm in using C++'s stream-based I/O instead of the older (f)printf(), but that assumption proved to be wrong. This time, instead of a nearly-infinite death spiral, GDB reported a fairly normal-looking descent into the standard library... followed by a segfault.
A Short Example
#include <list>
#include <iostream>
#include <stdio.h>
using namespace std;
extern "C" __attribute__ ((no_instrument_function)) void __cyg_profile_func_enter(void*, void*);
list<string> text;
extern "C" void __cyg_profile_func_enter(void* /* unused */, void* /* unused */)
{
// Method 1
text.push_back("NOPE");
// Method 2
cout << "This explodes" << endl;
// Method 3
printf("This works!");
}
Sample GDB Backtrace
Method 1
#0 _int_malloc (av=0x7ffff7380720, bytes=29) at malloc.c:3570
#1 0x00007ffff704ca45 in __GI___libc_malloc (bytes=29) at malloc.c:2924
#2 0x00007ffff7652ded in operator new(unsigned long) ()
from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3 0x00007ffff763ba89 in std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#4 0x00007ffff763d495 in char* std::string::_S_construct<char const*>(char const*, char const*, std::allocator<char> const&, std::forward_iterator_tag) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#5 0x00007ffff763d5e3 in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#6 0x00000000004028c1 in __cyg_profile_func_enter () at src/instrumentation.cpp:82
#7 0x0000000000402c6f in std::move<std::string&> (__t=...) at /usr/include/c++/4.6/bits/move.h:82
#8 0x0000000000402af5 in std::list<std::string, std::allocator<std::string> >::push_back(std::string&&) (this=0x6055c0, __x=...) at /usr/include/c++/4.6/bits/stl_list.h:993
#9 0x00000000004028d2 in __cyg_profile_func_enter () at src/instrumentation.cpp:82
#10 0x0000000000402c6f in std::move<std::string&> (__t=...) at /usr/include/c++/4.6/bits/move.h:82
#11 0x0000000000402af5 in std::list<std::string, std::allocator<std::string> >::push_back(std::string&&) (this=0x6055c0, __x=...) at /usr/include/c++/4.6/bits/stl_list.h:993
#12 0x00000000004028d2 in __cyg_profile_func_enter () at src/instrumentation.cpp:82
#13 0x0000000000402c6f in std::move<std::string&> (__t=...) at /usr/include/c++/4.6/bits/move.h:82
#14 0x0000000000402af5 in std::list<std::string, std::allocator<std::string> >::push_back(std::string&
...
Method 2
#0 0x00007ffff76307d1 in std::ostream::sentry::sentry(std::ostream&) ()
from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#1 0x00007ffff7630ee9 in std::basic_ostream<char, std::char_traits<char> >& std::__ostream_insert<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*, long) ()
from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#2 0x00007ffff76312ef in std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*) ()
from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3 0x000000000040251e in __cyg_profile_func_enter () at src/instrumentation.cpp:81
#4 0x000000000040216d in _GLOBAL__sub_I__ZN8GLWindow7attribsE () at src/glwindow.cpp:164
#5 0x0000000000402f2d in __libc_csu_init ()
#6 0x00007ffff6feb700 in __libc_start_main (main=0x402cac <main()>, argc=1, ubp_av=0x7fffffffe268,
init=0x402ed0 <__libc_csu_init>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffffe258) at libc-start.c:185
#7 0x0000000000401589 in _start ()
Environment:
Ubuntu Linux 12.04 (x64)
GCC 4.6.3
Intel 3750K CPU
8GB RAM
The problem with using cout in the instrumentation function is that the instrumentation function is being called by __libc_csu_init() which is a very early part of the runtime's initialization - before global C++ objects get a chance to be constructed (in fact, I think __libc_csu_init() is responsible for kicking off those constructors - at least indirectly).
So cout hasn't had a chance to be constructed yet and trying to use it doesn't work very well...
And that may well be the problem you run into with trying to use std::List after fixing the infinite recursion (mentioned in Dave S' answer).
If you're willing to lose some instrumentation during initialization, you can do something like:
#include <iostream>
#include <stdio.h>
int initialization_complete = 0;
using namespace std;
extern "C" __attribute__ ((no_instrument_function)) void __cyg_profile_func_enter(void*, void*);
extern "C" void __cyg_profile_func_enter(void* /* unused */, void* /* unused */)
{
if (!initialization_complete) return;
// Method 2
cout << "This explodes" << endl;
// Method 3
printf("This works! ");
}
void foo()
{
cout << "foo()" << endl;
}
int main()
{
initialization_complete = 1;
foo();
}
The first case seems to be an infinite loop, resulting in stack overflow. This is probably because std::list is a template, and it's code is generated as part of the translation unit where you're using it. This causes it to get instrumented as well. So you call push_back, which calls the handler, which calls push_back, ...
The second, if I had to guess, might be similar, though it's harder to tell.
The solution is to compile the instrumentation functions separately, without the -finstrument-functions. Note, the example blog compiled the trace.c separately, without the option.