StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PODebug Win32 application hang
text
Body
copied!<p>I'm having trouble finding the cause for a hang in a Win32 application. The software renders some data to an OpenGL visual in a tight loop:</p> <pre><code>std::vector<uint8_t> indices; glPolygonMode(GL_FRONT_AND_BACK, GL_FILL); glEnableClientState(GL_VERTEX_ARRAY); glVertexPointer(2, GL_DOUBLE, 0, vertexDataBuffer); while (...) { // get index type (1, 2, 4) and index count indices.resize(indexType * count); // get indices into "indices" buffer getIndices(indices.data(), indices.size()); //< seems to hang here! // draw (I'm using the correct parameters) glDrawElements(GL_TRIANGLES_*, count, GL_UNSIGNED_*); } glDisableClientState(GL_VERTEX_ARRAY); </code></pre> <p>The code is compiled using VC11 Update 1 (CTP 3). When running the optimized binary, it hangs inside the call to <code>getIndices()</code> (more about this below) after a few of those loops. I already have...</p> <ul> <li>triple validated all buffers, even appended CRCs to make sure I'm not having any buffer overruns</li> <li>Added a call to <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa366708%28v=vs.85%29.aspx" rel="nofollow">HeapValidate()</a> inside the loop to ensure the heap is not corrupt</li> <li>used ApplicationVerifier</li> <li>Enabled heap allocation monitoring using <a href="http://msdn.microsoft.com/en-us/library/ff549561.aspx" rel="nofollow">GFlags and PageHeap</a>.</li> <li>broke into WinDbg when the application locks up</li> </ul> <p>I did <strong>not</strong> find any problems with the code accessing the allocated buffer, nor any heap corruption. However, if I disable the <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa366750%28v=vs.85%29.aspx" rel="nofollow">low-fragmentation heap</a>, the issue vanishes. It also vanishes, if I use a separate (low-fragmentation) heap for the <code>indices</code> buffer.</p> <p>Anyway, here is the stack trace leading to the dead-lock:</p> <pre><code>0:000> kb ChildEBP RetAddr Args to Child 0034e328 77b039c3 00000000 0034e350 00000000 ntdll!ZwWaitForKeyedEvent+0x15 0034e394 77b062bc 77b94724 080d36a8 0034e464 ntdll!RtlAcquireSRWLockExclusive+0x12e 0034e3c0 77aeb652 0034e464 0034e4b4 00000000 ntdll!RtlpCallVectoredHandlers+0x58 0034e3d4 77aeb314 0034e464 0034e4b4 77b94724 ntdll!RtlCallVectoredExceptionHandlers+0x12 0034e44c 77aa0133 0034e464 0034e4b4 0034e464 ntdll!RtlDispatchException+0x19 0034e44c 77b062c5 0034e464 0034e4b4 0034e464 ntdll!KiUserExceptionDispatcher+0xf 0034e7bc 77aeb652 0034e860 0034e8b0 00000000 ntdll!RtlpCallVectoredHandlers+0x61 0034e7d0 77aeb314 0034e860 0034e8b0 0034ec28 ntdll!RtlCallVectoredExceptionHandlers+0x12 0034e848 77aa0133 0034e860 0034e8b0 0034e860 ntdll!RtlDispatchException+0x19 0034e848 1c43c666 0034e860 0034e8b0 0034e860 ntdll!KiUserExceptionDispatcher+0xf 0034ebe8 1c43c4e5 0034ec28 080d35d0 080d35d6 lcdb4!lc::db::PackedIndices::unpackIndices<unsigned char>+0x86 0034ec14 1c45922d 0034ec28 080d35d0 00000006 lcdb4!lc::db::PackedIndices::unpack+0xb5 ... xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx getIndices </code></pre> <p>For completeness, I posted the code of <code>lc::db::PackedIndices::unpackIndices()</code>, including all code added for debugging, to <a href="http://ideone.com/sVVXX7" rel="nofollow">http://ideone.com/sVVXX7</a>.</p> <p>The code triggering the call to <code>KiUserExceptionDispatcher</code> is <code>(*p++) = static_cast<T>(index);</code> (<code>mov dword ptr [esp+10h],eax</code>).</p> <p>I just can't seem to figure out what's going on. An exception seems to have been thrown, but none of my exception handlers are called. The application just hangs. I checked for any deadlocked critical sections (<code>!lock</code>) but found none. Furthermore, I don't see why an exception should be raised, as the memory locations are all valid. Could anyone give me some hints?</p> <h2>Update</h2> <p>I tried to find the type of exception being thrown:</p> <pre><code>0:000> s -d esp L1000 1003f 0028ebdc 0001003f 00000000 00000000 00000000 ?............... 0028efd8 0001003f 00000000 00000000 00000000 ?............... 0:000> .cxr 0028ebdc eax=77b94724 ebx=0804be30 ecx=00000002 edx=00000004 esi=77b94724 edi=0804be28 eip=77b062c5 esp=0028eec4 ebp=0028eee4 iopl=0 nv up ei ng nz na pe cy cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010287 ntdll!RtlpCallVectoredHandlers+0x61: 77b062c5 ff03 inc dword ptr [ebx] ds:002b:0804be30=00000001 0:000> .cxr 0028efd8 eax=0000003b ebx=00000001 ecx=0804bd98 edx=0028f340 esi=0028f340 edi=04b77580 eip=1c43c296 esp=0028f2c0 ebp=0028f2fc iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202 lcdb4!lc::db::PackedIndices::unpackIndices<unsigned char>+0x36: 1c43c296 8801 mov byte ptr [ecx],al ds:002b:0804bd98=3e </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload