Re: [xml] 2.4.27 thread problems

From: Igor Zlatkovic <igor stud fh-frankfurt de>
To: xml gnome org
Cc: Gary Pennington <gary pennington sun com>, Daniel Veillard <veillard redhat com>
Subject: Re: [xml] 2.4.27 thread problems
Date: Tue, 19 Nov 2002 22:18:02 +0100

Hi there,

I didn't make any progress on Windows, so I'm debugging on Linux now.

My last modification to threads.c involves exactly two changes to pthreadscode, both the work of the indenter. No change to the instructions, just aspace more or less at the beginning of the line.

One change I made to testThreads.c is Windows specific (Windows/MSVC doesnot have unistd.h) and has nothing to do with Unix or pthreads.

I have recompiled libxml2 with the previous version of threads.c and theerror remains.

Windows implementation of pthreads causes and handles the exception againand again, which results in an infinite loop. No obvious logic on if, whenand where in libxml code it happens, appearantly random.

On Linux, testThreads booms with a segmentation fault sometimes, sometimesit passes. Sometimes it crashes after it creates just a few threads, othertimes it runs for a while until it crashes. It always crashes at about thesame place and the following crash location is interesting:


  Program received signal SIGILL, Illegal instruction.
  [Switching to Thread 29726 (LWP 22306)]
  0x400a3e2b in xmlXPathCompStep (ctxt=0x804e198) at xpath.c:8557
  8557            ctxt->comp->last = -1;
  (gdb) bt
  Reading in symbols for parser.c... and parserInternals.c...done.
  #0  0x400a3e2b in xmlXPathCompStep (...) at xpath.c:8557
  #1  0x40056b68 in xmlParseDocument (...) at parser.c:7754
  #2  0x4005b8d8 in xmlSAXParseFileWithData (...) at parser.c:10296

Hmmm...???? Illegal instruction? The dissasembly of the specified address(0x400a3e2b) reveals that there is no instruction at that address:


  0x400a3e21 <xmlXPathCompStep+1269>:     mov    0x8(%ebp),%eax
  0x400a3e24 <xmlXPathCompStep+1272>:     mov    0x20(%eax),%edx
  0x400a3e27 <xmlXPathCompStep+1275>:     movl   $0xffffffff,0xc(%edx)
  0x400a3e2e <xmlXPathCompStep+1282>:     mov    %esi,%esi
  0x400a3e30 <xmlXPathCompStep+1284>:     mov    0x8(%ebp),%eax
  0x400a3e33 <xmlXPathCompStep+1287>:     mov    (%eax),%edx

Somehow the instruction pointer has been filled with an address which pointsto the limbo between movl and mov.

When I look at the code in parser.c:7754 (stack frame #1), I don't see anexecution path which leads to the xmlXPathCompStep function.

I assume the following: The xmlOnceInit function calls pthread_key_createand gives it the pointer to the xmlFreeGlobalState function. Pthreads savesthis somewhere and calls xmlFreeGlobalState when it is about to destroy thethread-specific data (when the thread exits). It seems that somethingoverwrites the pointer to xmlFreeGlobalState function with an invalidaddress and when pthreads tries to call it, it crashes.

In any case, this is a hard one. It has nothing to do with the recentchanges to threads.c. Anyone has an idea?


Ciao
Igor

References:
- [xml] 2.4.27 thread problems
  - From: Gary . Pennington
- Re: [xml] 2.4.27 thread problems
  - From: Daniel Veillard
- Re: [xml] 2.4.27 thread problems
  - From: Gary . Pennington
- Re: [xml] 2.4.27 thread problems
  - From: Igor Zlatkovic

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]