c++ - Threads looping system() and cout corrupt the stack -


the process running following code crashes segmentation fault:

#include <stdlib.h> #include <iostream> #include <pthread.h>  void* f( void* ) {    while( true )    {       // crashes inside call (with cerr, too).       std::cout << 0;    }    return null; }  int main() {    pthread_t t;    pthread_create( &t, null, &f, null );     while( true )    {       // crashes script/app; true simple.       system( "true" );    }    return 0; }

it crashes every other execution within few seconds (output has anywhere thousands millions of '0's). crashes few functions deep in cout << 0 call above code. depending on functions called or data put on stack in f(), crashes in different places. in gdb, stack doesn't make sense regard order of function calls. deduce stack corrupted.

i found there problems multi-threaded applications calling fork() (see 2 of comments mentioning stack corruption). forking/cloning process copies file descriptors if aren't set fd_cloexec. however, there no explicitly created file descriptors. (i tried setting fd_cloexec on fileno( stdout ) , fileno( stderr ) no positive change.)

even without explicit file descriptors can not mix threads , fork()? need replace system() call equivalent functionality? or there bug in kernel causes crash , has been fixed after 2.6.30?

other details

i running on arm at91 processor (armv5tejl) linux 2.6.30 (with overlays , patches specific set of peripherals) compiled gcc 4.3.2.

linux 2.6.30 #1 thu may 29 15:43:04 cdt 2014 armv5tejl gnu/linux

i had been [cross] compiling -g , -o0, without still crashes:

arm-atmel-linux-gnueabi-g++ -o system_thread system_thread.cpp -lpthread

i've tried -fstack-protector-all flag: crashes in __stack_chk_fail(), other function pointers or data corrupted , crashes earlier.

the libraries loads (from strace):

libpthread.so.0 libstdc++.so.6 libm.so.6 libgcc_s.so.1 libc.so.6

note: since not crash , not responsive ^c, typically run in background:

$ killall -9 system_thread; rm -f log; system_thread >log &

i have compiled program few different architectures , linux kernel versions, have not seen crash anywhere else:

linux 3.10.29 #1 wed feb 12 17:12:39 cst 2014 armv5tejl gnu/linux linux 3.6.0-dirty #3 wed may 28 13:53:56 cdt 2014 microblaze gnu/linux linux 3.13.0-27-generic #50-ubuntu smp thu may 15 18:06:16 utc 2014 x86_64 x86_64 gnu/linux linux 3.8.0-35-generic #50~precise1-ubuntu smp wed dec 4 17:25:51 utc 2013 x86_64 x86_64 x86_64 gnu/linux

edit: note on same architecture (armv5tejl) not crash linux 3.10.29. also, not crash when running on earlier version of "appliance" (older server , client applications), having same version of linux - 2.6.30. environment of os has effect.

busybox v1.20.1 provides sh system() calls.

this reproducible on arm processor using 2.6.30 kernel mentioned, not in master. can use git bisect find bug fixed (it took 16 iterations). note that, since git bisect meant find regressions, in case master "good" past version "bad," need reverse meanings of "good" , "bad".

the culprit found bisection this commit, fix "an instance of userspace data corruption" involving fork(). symptom similar symptom describe, , corrupt memory outside of stack. after backporting commit , the required parent 2.6.30 kernel, code posted no longer crashes.


Comments

Post a Comment

Popular posts from this blog

commonjs - How to write a typescript definition file for a node module that exports a function? -

consider, toml node module can use: // toml.d.ts declare module toml { export function parse(value:string):any; } declare module "toml" { export = toml; } then: /// <reference path="../../../../../defs/toml/toml.d.ts"/> import toml = require('toml'); toml.parse(...); however, node module export single function, such 'glob' ( https://github.com/isaacs/node-glob ). the node usage of module be: var glob = require("glob") glob("*.js", {}, callback(err, files) { ... }); you'd naively expect this: // glob.d.ts declare function globs(paths:string, options:any, callback:{(err:any, files:string[]):void; ...but because typescripts 'import' semantics bit strange, seems can use 'import .. = require()' statement alias modules . trying call: /// <reference path="../../../../../defs/glob/glob.d.ts"/> import blog = require('glob'); results in: error ts2072: mod
Read more

openid - Okta: Failed to get authorization code through API call -

i'm integrating okta own idp server using okta's api. i'm implementing authorization code flow following steps below: in own server, use /api/v1/authn endpoint sessiontoken. use sessiontoken obtain authorization calling endpoint: /oauth2/v1/authorize?client_id=" + clientid + "&sessiontoken=" + sessiontoken + "&response_type=code&response_mode=query&scope=openid&redirect_uri=" + redirecturl + "&state=evanyang&nonce=" it's supposed return response status code 302 , location header containing redirect url code value. however, keep getting response status code 200 , without location header, html body saying "you using unsupported browser." , "javascript disabled on browser." according api documentation: http://developer.okta.com/docs/api/resources/oidc.html#authentication-request , sessiontoken parameter sufficient this: an okta one-time sessiontoken. allows api-based
Read more

thorough guide for profiling racket code -

did googling ("racket profiling", "racket measure performance"), didn't find , there no examples in docs. did google "profile" search on htdp - no luck. (profile (f ...)) output isn't obvious other small snippets. ideally want python's python -m cprofile usage examples. when search "python profiling", both duckduckgo , google give top result: 26.4. python profilers . (although scanned quickly, seems more of reference "thorough usage guide" examples. if had else in mind, perhaps please link that?) the equivalent racket documentation be: profile: statistical profiler . a usage example: #lang racket (require profile) (profile-thunk (thunk (function-to-profile arg0 arg1) )) here (thunk e) convenience (lambda () e) . bigger example: #lang racket (module mod racket (provide f) (define (f) (for/list ([i 10000]) i))) (require (prefix-in mod: 'mod)) (define (f) (for ([i 10000
Read more