Re: [DynInst_API:] closeSymtab() throws a ref count assert in 9.3.1

[Bill Williams <bill@xxxxxxxxxxx>]

Should be fixed on the v9.3.x branch. This doesn't trigger on all binaries, interestingly enough, but it's decently common.

--bw

________________________________________
From: Dyninst-api <dyninst-api-bounces@xxxxxxxxxxx> on behalf of Mark W. Krentel <krentel@xxxxxxxx>
Sent: Sunday, March 5, 2017 11:12 PM
To: dyninst-api@xxxxxxxxxxx
Subject: [DynInst_API:] closeSymtab() throws a ref count assert in 9.3.1

I'm seeing a rather unfortunate bug that causes closeSymtab() to throw
an assert over reference counts.  This got merged into master late last
week.

All it takes to reproduce the bug is:

Symtab * the_symtab = NULL;
Symtab::openFile(the_symtab, filename)
the_symtab->parseTypesNow();
Symtab::closeSymtab(the_symtab);

Apparently, something is not counting the reference counts correctly.
Running the above program on a small binary (eg, itself) with the
current master rev (aa58c29bb1), it throws the assert:

/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Type.C:213:
void Dyninst::SymtabAPI::Type::decrRefCount():
Assertion `refCount > 0' failed.
Aborted (core dumped)

With the following stack trace:

#0  0x00007f2fc911a989 in raise () from /lib64/libc.so.6
#1  0x00007f2fc911c098 in abort () from /lib64/libc.so.6
#2  0x00007f2fc91138f6 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007f2fc91139a2 in __assert_fail () from /lib64/libc.so.6
#4  0x00007f2fcad1d8d2 in Dyninst::SymtabAPI::Type::decrRefCount
(this=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Type.C:213
#5  0x00007f2fcad1d908 in Dyninst::SymtabAPI::derivedType::~derivedType
(this=this@entry=0xf2a0c0, __in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Type.C:1588
#6  0x00007f2fcad237ef in ~typeTypedef (this=0xf2a0c0,
__in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/h/Type.h:461
#7  Dyninst::SymtabAPI::typeTypedef::~typeTypedef (this=0xf2a0c0,
__in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/h/Type.h:461
#8  0x00007f2fcad195d9 in
Dyninst::SymtabAPI::typeCollection::~typeCollection (this=0xf19a00,
__in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Collections.C:326
#9  0x00007f2fcad19719 in
Dyninst::SymtabAPI::typeCollection::~typeCollection (this=0xf19a00,
__in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Collections.C:328
#10 0x00007f2fcad15f25 in Dyninst::SymtabAPI::Module::~Module
(this=0xef86d0, __in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Module.C:356
#11 0x00007f2fcad16029 in Dyninst::SymtabAPI::Module::~Module
(this=0xef86d0, __in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Module.C:358
#12 0x00007f2fcacf3bef in Dyninst::SymtabAPI::Symtab::~Symtab
(this=0xedf0f0, __in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Symtab.C:1848
#13 0x00007f2fcacf4179 in Dyninst::SymtabAPI::Symtab::~Symtab
(this=0xedf0f0, __in_chrg=<optimized out>)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Symtab.C:1875
#14 0x00007f2fcacf0ddd in Dyninst::SymtabAPI::Symtab::closeSymtab
(st=0xedf0f0)
     at
/home/krentel/dyninst/BUILD-master/symtabAPI/dyninst/symtabAPI/src/Symtab.C:2043
#15 0x0000000000401d73 in main (argc=<optimized out>, argv=<optimized
out>) at parse.cpp:304


I tracked down the rev where the bug was created.  It got merged into
master from the v9.3.1 tag.

*   commit aa58c29bb11e8a53f5eda999497d1f18810390dc (HEAD,
origin/master, origin/HEAD, master)
|\  Merge: 86d44d2 3cddbd2
| | Author: Bill Williams <wwilliam47@xxxxxxxxx>
| | Date:   Thu Mar 2 15:44:13 2017 -0600
| |
| |     Merge pull request #341 from dyninst/v9.3.x
| |
| |     v9.3.x
| |
| * commit 3cddbd206a3384765f2aad15fa07ccd0b0944c7f (tag: v9.3.1,
origin/v9.3.x)
| | Author: Bill Williams <bill@xxxxxxxxxxx>
| | Date:   Thu Mar 2 15:38:32 2017 -0600
| |
| |     Brought issues up to date and updated changelog accordingly.
| |
| | M   CHANGELOG.md
| |

Farther down the tree, the bug was created between these two revs.
9de30aa8b6 works and 87f7acf88c fails.  And everything from master
down to 87f7acf88c is broken.

| | * | commit 87f7acf88cc316325e1154620f562ae804c74958
| |/ /  Author: Peter Foley <pefoley2@xxxxxxxxxxx>
| | |   Date:   Thu Nov 24 14:28:29 2016 -0500
| | |
| | |       fix memory leaks
| | |
| | |   M       symtabAPI/src/Collections.C
| | |   M       symtabAPI/src/Type.C
| | |
| * |   commit 9de30aa8b6ff7b518c354667e9f0f835ac5b32f2
| |\ \  Merge: c71015c eae6980
| | | | Author: Bill Williams <wwilliam47@xxxxxxxxx>
| | | | Date:   Tue Feb 14 14:39:18 2017 -0600
| | | |
| | | |     Merge pull request #329 from dyninst/wrwilliams/icf_leaks
| | | |
| | | |     Fix memory leaks in indirect control flow.
| | | |

And indeed, the changes to both Collections.C and Type.C deal with
reference counts.

(It's a bit odd that Feb 2017 happened before Nov 2016.  I guess
somebody rebased something.  Welcome to git.)

Hopefully, there is a clear one-off somewhere that has an easy fix.
But probably, you want to fix this before 9.3.1 goes out.

--Mark


_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api