GNOME.org
 

gvariant threading snafu ?

Hi there,

	Just trying to get GDBus into a good state for evolution; and I was
(still am) getting some really tangled threading crashers :-) exciting
stuff.

	One of them is from the slightly unfortunate weak-reference /
hash-table scheme in gvarianttypeinfo.c (patch attached). Of course, a
truly 31337 solution starts to look like g_object_unref [ which is a
fierce piece of code ], and makes you wonder: why not just use a
GObject :-)

	Stack trace proof appended [ I was lucky to catch it so clearly ]. I'm
also getting some other really unusual memory corruption goodness, that
is just too fun :-) of course running under valgrind hides the races so
it doesn't happen anymore.

	Anyone that has a perverse delight in such things is most welcome to
help out at:

	git clone git://github.com/mmeeks/gdbus-standalone.git
	cd gdbus-standalone
	git checkout gvariantinclude
	./autogen.sh
	make check

	etc. ;-)

	Thanks,

		Michael.

Thread 4 (Thread 0xb7379b70 (LWP 21562)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb7c13c10 in raise () from /lib/libc.so.6
#2  0xb7c15545 in abort () from /lib/libc.so.6
#3  0xb7e09583 in IA__g_assertion_message (domain=0xb7f882af "GLib-DBus-Standalone", file=0xb7f8a75f "gvarianttypeinfo.c", line=164, func=
    0xb7f8a9b0 "g_variant_type_info_check", message=0x806b910 "assertion failed (container->ref_count > 0): (0 > 0)") at gtestutils.c:1302
#4  0xb7e09a0f in IA__g_assertion_message_cmpnum (domain=0xb7f882af "GLib-DBus-Standalone", file=0xb7f8a75f "gvarianttypeinfo.c", line=164, func=
    0xb7f8a9b0 "g_variant_type_info_check", expr=0xb7f8a746 "container->ref_count > 0", arg1=0, cmp=0xb7f88ad3 ">", arg2=0, numtype=105 'i')
    at gtestutils.c:1336
#5  0xb7f74afb in g_variant_type_info_check (info=0x8068f08, container_class=<value optimized out>) at gvarianttypeinfo.c:164
#6  0xb7f74e03 in g_variant_type_info_ref (info=0x8068f08) at gvarianttypeinfo.c:800
#7  0xb7f74fad in g_variant_type_info_get (type=0x805b0d8) at gvarianttypeinfo.c:766
#8  0xb7f6c9f2 in g_variant_new_tree (type=0x805b0d8, children=0x0, n_children=0, trusted=-1) at gvariant-core.c:1294
#9  0xb7f70b82 in g_variant_builder_end (builder=0x8067320) at gvariant-util.c:1275
#10 0xb7f86546 in _g_dbus_dbus_1_to_gvariant (message=0x8066f00, error=0xb737916c) at gdbusconversion.c:489
#11 0xb7f77562 in g_dbus_connection_invoke_method_finish (connection=0x8058410 [GDBusConnection], res=0x806e368, error=0xb737916c) at gdbusconnection.c:3509
#12 0xb7f800a9 in reply_cb (connection=0x8058410 [GDBusConnection], res=0x806e368, user_data=0x806e330) at gdbusproxy.c:1125
#13 0xb7f023e9 in IA__g_simple_async_result_complete (simple=0x806e368 [GSimpleAsyncResult]) at gsimpleasyncresult.c:588
#14 0xb7f02451 in complete_in_idle_cb (data=0x806e368) at gsimpleasyncresult.c:598
#15 0xb7de0661 in g_idle_dispatch (source=0x80653a8, callback=0, user_data=0x806e368) at gmain.c:4065
#16 0xb7de2448 in g_main_dispatch (context=<value optimized out>) at gmain.c:1960
#17 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2513
#18 0xb7de5bf3 in g_main_context_iterate (context=0x8066450, block=1, dispatch=1, self=0x80645e8) at gmain.c:2591
#19 0xb7de60ba in IA__g_main_loop_run (loop=0x805fad0) at gmain.c:2799
#20 0x0804a5c3 in test_sleep_in_thread_func (_data=0xbfffead0) at threading.c:312
#21 0xb7e0c9ef in g_thread_create_proxy (data=0x80645e8) at gthread.c:635
#22 0xb7d51725 in start_thread () from /lib/libpthread.so.0
#23 0xb7cbd26e in clone () from /lib/libc.so.6

Thread 3 (Thread 0xb7b7ab70 (LWP 21554)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb7d58059 in __lll_lock_wait () from /lib/libpthread.so.0
#2  0xb7d5340d in _L_lock_903 () from /lib/libpthread.so.0
#3  0xb7d53220 in pthread_mutex_lock () from /lib/libpthread.so.0
#4  0xb7e0c941 in IA__g_static_rec_mutex_lock (mutex=0xb7f91aa0) at gthread.c:313
#5  0xb7f74d06 in g_variant_type_info_unref (info=0x8068f08) at gvarianttypeinfo.c:831
#6  0xb7f6cb0f in g_variant_free (value=<value optimized out>) at gvariant-core.c:165
#7  g_variant_unref (value=<value optimized out>) at gvariant-core.c:1241
#8  0x0804a7cd in sleep_cb (proxy=0x8057400 [GDBusProxy], res=0xb6204450, user_data=0xbfffeaec) at threading.c:278
#9  0xb7f023e9 in IA__g_simple_async_result_complete (simple=0xb6204450 [GSimpleAsyncResult]) at gsimpleasyncresult.c:588
#10 0xb7f800f6 in reply_cb (connection=0x8058410 [GDBusConnection], res=0x806c588, user_data=0xb6204450) at gdbusproxy.c:1142
---Type <return> to continue, or q <return> to quit---
#11 0xb7f023e9 in IA__g_simple_async_result_complete (simple=0x806c588 [GSimpleAsyncResult]) at gsimpleasyncresult.c:588
#12 0xb7f02451 in complete_in_idle_cb (data=0x806c588) at gsimpleasyncresult.c:598
#13 0xb7de0661 in g_idle_dispatch (source=0x806b418, callback=0xfffffe00, user_data=0x806c588) at gmain.c:4065
#14 0xb7de2448 in g_main_dispatch (context=<value optimized out>) at gmain.c:1960
#15 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2513
#16 0xb7de5bf3 in g_main_context_iterate (context=0x80683f8, block=1, dispatch=1, self=0x80645c0) at gmain.c:2591
#17 0xb7de60ba in IA__g_main_loop_run (loop=0x8066fe8) at gmain.c:2799
#18 0x0804a5c3 in test_sleep_in_thread_func (_data=0xbfffeaec) at threading.c:312
#19 0xb7e0c9ef in g_thread_create_proxy (data=0x80645c0) at gthread.c:635
#20 0xb7d51725 in start_thread () from /lib/libpthread.so.0
#21 0xb7cbd26e in clone () from /lib/libc.so.6

-- 
 michael meeks novell com  <><, Pseudo Engineer, itinerant idiot



--- a/glib/gvarianttypeinfo.c
+++ b/glib/gvarianttypeinfo.c
@@ -828,12 +826,12 @@
     {
       ContainerInfo *container = (ContainerInfo *) info;
 
+      g_static_rec_mutex_lock (&g_variant_type_info_lock);
       if (g_atomic_int_dec_and_test (&container->ref_count))
         {
-          g_static_rec_mutex_lock (&g_variant_type_info_lock);
           g_hash_table_remove (g_variant_type_info_table,
                                container->type_string);
-          g_static_rec_mutex_unlock (&g_variant_type_info_lock);
+	  g_static_rec_mutex_unlock (&g_variant_type_info_lock);
 
           g_free (container->type_string);
 
@@ -846,6 +844,8 @@
           else
             g_assert_not_reached ();
         }
+      else
+	g_static_rec_mutex_unlock (&g_variant_type_info_lock);
     }
 }
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]