[omniORB] Re: Access violation in giopRendezvouser::execute() after
ORB->destroy()
Dietmar May
dcmay at dmis.com
Mon Mar 20 17:39:36 GMT 2006
While debugging this and tracing through the calls (in disassembly
mode), I noticed that literally during the call to
giopServer::notifyRzDone() - that is, while values are being pushed onto
the stack - the pd_server object gets deleted.
Looking at other threads active at the time, I couldn't help noticing
one calling "operator delete". The call stack for this thread is
interesting:
operator delete()
omniObjTableEntry::`scalar_deleting_destructor`
omniObjTableEntry::loseRef()
omniObjRef::_setIdentity()
omniObjRef::_disable()
omniObjRef::_shutdown()
omniOrbORB::actual_shutdown()
omniOrbORB::do_shutdown()
omniOrbORB::shutdown()
// ... app code calls ORB->shutdown(1) ...
It appears that at the time that the giopServant is deleted,
omniObjRef::_shutdown() is iterating a list of object references and
deleting the object references stored therein.
omniObjRef::_shutdown() has a couple of mutex locks
(omni_traced_mutex_lock objects), but there don't appear to be any locks
active in the giopRendezvouser::execute() thread at the time it
dereferences its now deleted pd_server object.
Perhaps this will be helpful to someone else. Meanwhile, I'll keep
digging and report any further findings.
Thanks,
Dietmar May
> CORBA::ORB->shutdown(1);
> omni_thread::join(); //wait for ORB->run() thread to end
> CORBA::ORB->destroy();
>
> The first two complete successfully. During the call to destroy(), the
> application pauses for a few seconds, then an access violation occurs.
>
> This occurs during a call to giopRendezvouser::execute(), and is due
> to omniORB's use of an already deleted pd_server object, by calling
> the pd_server->notifyRzDone() method (which is the last line in the
> execute() function). The pointer values looks like it was valid at one
> time (and it was used successfully in the execute() function earlier
> without crashing); but at the time of the access violation, the vtable
> is (already re)set to garbage, as are the other members of the
> pd_server object.
>
> The call stack for the ORB::destroy() thread is:
>
> omniAsyncInvoker::~omniAsyncInvoker()
> omni::ORBAsyncInvoker::~ORBAsyncInvoker()
> omni::ORBAsyncInvoker::`scalar deleting destructor`
> omni::omni_corbaOrb_initialiser::detach()
> omniOrbORB::destroy()
> // ... application code calling ORB->destroy () ...
>
> The call stack for the crashing giopRendezvouser::execute() method is:
>
> omni_mutex_lock::omni_mutex_lock() //mutex 'this' is garbage
> omni::giopServer::notifyRzDone() //giopServer 'this' is garbage
> omni::giopRendezvouser::execute() //everything in 'this' looks OK
> except pd_server
> omniAsyncWorker::real_run()
> omniAsyncWorkerInfo::run()
> omniAsyncWorker::run()
> omni_thread_wrapper()
More information about the omniORB-list
mailing list