Thread: [Cppcms-users] SV occurs at json_rpc_server::return_result(cppcms::json::array()) with aio::io_serv
Brought to you by:
artyom-beilis
Menu
▾
▴
cppcms-users
|
From: CN <cn...@fa...> - 2016-03-30 14:12:54
Attachments:
t1.cpp
|
Hi! I have been calling
cppcms::rpc::json_rpc_server::return_result(cppcms::json::array());
without any problem for a long time until the call is performed in the
thread that runs booster::aio::io_service::run().
I have been stuck here for a week. Please help!
Below is the simplified program in question.
A vim formatted .cpp file is also attached to this message.
class report_service
{
private:
booster::aio::io_service io_service;
void m1(booster::shared_ptr<cppcms::rpc::json_call> requester
,int size,cppcms::json::array ja)
{
requester->return_result(cppcms::json::array());
/*
This crashes too:
requester->return_result(ja);
This doesn't crash:
requester->return_result(cppcms::json::value());
*/
} //Program silently terminates here.
public:
void start(){ io_service.run(); }
void stop(){ io_service.stop(); }
void m2(booster::shared_ptr<cppcms::rpc::json_call> requester
,int size,const cppcms::json::array &ja)
{
io_service.post(boost::bind(&report_service::m1,this,requester,size,ja));
/*
This doesn't crash:
requester->return_result(cppcms::json::array());
*/
}
};
class json_app : public cppcms::rpc::json_rpc_server
{
private:
report_service *p_rs;
void json_app::doit()
{
p_rs->m2(release_call(),2,cppcms::json::array());
/*
This crashes too:
p_rs->m2(release_call(),2,cppcms::json::value());
This doesn't crash:
return_result(cppcms::json::array());
*/
}
public:
json_app(cppcms::service &s,report_service *prs)
: cppcms::rpc::json_rpc_server(s)
,p_rs(prs)
{
bind("doit",cppcms::rpc::json_method(&json_app::doit,this),method_role);
}
};
int main(int argc,char **argv)
{
cppcms::service *s=new cppcms::service(argc,argv);
report_service rs;
booster::thread t(boost::bind(&report_service::start,&rs));
s->applications_pool().mount(cppcms::create_pool<my_class>()
,cppcms::mount_point("(.*)",1)
,cppcms::app::synchronous | cppcms::app::prepopulated);
s->run();
rs.stop();
t.join();
}
Both gdb and valgrind reports that segmentation fault occurs at line#
264 in json.cpp.
Below is part of the output from valgrind:
==22832== Invalid read of size 4
==22832== at 0x4212B0D: destroy (json.cpp:264)
==22832== by 0x4212B0D: ~variant (json.cpp:135)
==22832== by 0x4212B0D: ~_data (json.cpp:286)
==22832== by 0x4212B0D: ~copy_ptr (copy_ptr.h:40)
==22832== by 0x4212B0D: cppcms::json::value::copyable::~copyable()
(json.cpp:307)
==22832== by 0x807285B: ~value (json.h:538)
==22832== by 0x807285B: _Destroy<cppcms::json::value>
(stl_construct.h:93)
==22832== by 0x807285B: __destroy<cppcms::json::value*>
(stl_construct.h:103)
==22832== by 0x807285B: _Destroy<cppcms::json::value*>
(stl_construct.h:126)
==22832== by 0x807285B: _Destroy<cppcms::json::value*,
cppcms::json::value> (stl_construct.h:151)
==22832== by 0x807285B: std::vector<cppcms::json::value,
std::allocator<cppcms::json::value> >::~vector() (stl_vector.h:424)
==22832== by 0x80B861B: booster::callback<void
()>::callable_impl<void,
boost::_bi::bind_t<std::vector<cppcms::json::value,
std::allocator<cppcms::json::value> >,
boost::_mfi::mf3<std::vector<cppcms::json::value,
std::allocator<cppcms::json::value> >, report_service,
booster::shared_ptr<cppcms::rpc::json_call>, int,
std::vector<cppcms::json::value, std::allocator<cppcms::json::value> >
>, boost::_bi::list4<boost::_bi::value<report_service*>,
boost::_bi::value<booster::shared_ptr<cppcms::rpc::json_call> >,
boost::_bi::value<int>,
boost::_bi::value<std::vector<cppcms::json::value,
std::allocator<cppcms::json::value> > > > > >::operator()()
(callback.h:219)
==22832== by 0x407CADE:
booster::aio::event_loop_impl::completion_handler::op_handler(booster::aio::event_loop_impl::completion_handler*)
(io_service.cpp:179)
==22832== by 0x407EE09: operator() (io_service.cpp:171)
==22832== by 0x407EE09:
booster::aio::event_loop_impl::run_one(booster::aio::reactor::event*,
unsigned int) (io_service.cpp:555)
==22832== by 0x407BC9E: run (io_service.cpp:232)
==22832== by 0x407BC9E: booster::aio::io_service::run()
(io_service.cpp:722)
==22832== by 0x80B660F: report_service::listen_to_report_server()
(report_service.cpp:305)
==22832== by 0x4109E84: operator() (function.h:168)
==22832== by 0x4109E84: booster_thread_func (pthread.cpp:48)
==22832== by 0x43DBEFA: start_thread (pthread_create.c:309)
==22832== by 0x4691DFD: clone (clone.S:129)
==22832== Address 0x387d0a1 is not stack'd, malloc'd or (recently)
free'd
==22832==
==22832==
==22832== Process terminating with default action of signal 11 (SIGSEGV)
==22832== Access not within mapped region at address 0x387D0A1
==22832== at 0x4212B0D: destroy (json.cpp:264)
==22832== by 0x4212B0D: ~variant (json.cpp:135)
==22832== by 0x4212B0D: ~_data (json.cpp:286)
==22832== by 0x4212B0D: ~copy_ptr (copy_ptr.h:40)
==22832== by 0x4212B0D: cppcms::json::value::copyable::~copyable()
(json.cpp:307)
==22832== by 0x807285B: ~value (json.h:538)
==22832== by 0x807285B: _Destroy<cppcms::json::value>
(stl_construct.h:93)
==22832== by 0x807285B: __destroy<cppcms::json::value*>
(stl_construct.h:103)
==22832== by 0x807285B: _Destroy<cppcms::json::value*>
(stl_construct.h:126)
==22832== by 0x807285B: _Destroy<cppcms::json::value*,
cppcms::json::value> (stl_construct.h:151)
==22832== by 0x807285B: std::vector<cppcms::json::value,
std::allocator<cppcms::json::value> >::~vector() (stl_vector.h:424)
==22832== by 0x80B861B: booster::callback<void
()>::callable_impl<void,
boost::_bi::bind_t<std::vector<cppcms::json::value,
std::allocator<cppcms::json::value> >,
boost::_mfi::mf3<std::vector<cppcms::json::value,
std::allocator<cppcms::json::value> >, report_service,
booster::shared_ptr<cppcms::rpc::json_call>, int,
std::vector<cppcms::json::value, std::allocator<cppcms::json::value> >
>, boost::_bi::list4<boost::_bi::value<report_service*>,
boost::_bi::value<booster::shared_ptr<cppcms::rpc::json_call> >,
boost::_bi::value<int>,
boost::_bi::value<std::vector<cppcms::json::value,
std::allocator<cppcms::json::value> > > > > >::operator()()
(callback.h:219)
==22832== by 0x407CADE:
booster::aio::event_loop_impl::completion_handler::op_handler(booster::aio::event_loop_impl::completion_handler*)
(io_service.cpp:179)
==22832== by 0x407EE09: operator() (io_service.cpp:171)
==22832== by 0x407EE09:
booster::aio::event_loop_impl::run_one(booster::aio::reactor::event*,
unsigned int) (io_service.cpp:555)
==22832== by 0x407BC9E: run (io_service.cpp:232)
==22832== by 0x407BC9E: booster::aio::io_service::run()
(io_service.cpp:722)
==22832== by 0x80B660F: report_service::listen_to_report_server()
(report_service.cpp:305)
==22832== by 0x4109E84: operator() (function.h:168)
==22832== by 0x4109E84: booster_thread_func (pthread.cpp:48)
==22832== by 0x43DBEFA: start_thread (pthread_create.c:309)
==22832== by 0x4691DFD: clone (clone.S:129)
==22832== If you believe this happened as a result of a stack
==22832== overflow in your program's main thread (unlikely but
==22832== possible), you can try to increase the size of the
==22832== main thread stack using the --main-stacksize= flag.
==22832== The main thread stack size used in this run was 8388608.
Thank you in advance!
Best regards,
CN
--
http://www.fastmail.com - A no graphics, no pop-ups email service
|
|
From: CN <cn...@fa...> - 2016-04-04 10:14:30
|
The actual json::array passed to boost::bind() is a nested "deep"
object, like so:
void m2(booster::shared_ptr<cppcms::rpc::json_call> requester
,int size,const cppcms::json::array &ja)
{
cppcms::json::array a;
a.resize(3);
a[0]=cppcms::json::array();
a[0].array().push_back("a");
a[0].array().push_back(1);
a[1]=cppcms::json::array();
a[1].array().push_back("b");
a[2]=cppcms::json::array();
a[2].array().push_back("c");
ja.push_back(a);
io_service.post(boost::bind(&report_service::m1,this,requester,size,ja));
}
After restructuring my code, gdb now reports the location of segment
fault at line# 280 in json.cpp:
memset(&m,0,sizeof(m));
If I comment out this line, my progam does not crash here any more.
My question now is:
With the line
static_cast<array *>(ptr())->~array();
in place, is it necessary to call memset()?
Best regards,
CN
--
http://www.fastmail.com - Or how I learned to stop worrying and
love email again
|
|
From: Artyom B. <art...@gm...> - 2016-04-04 10:59:15
|
Do you provide a full sample that reproduces the issue? For example in
m2 below you can't call ja.push_back(a) as ja is const.
According to the crash it looks like you are derefenecing deleted
object, i.e. something passed by reference and out of stack
or something like that.
Full sample would help me to check the issue.
Artyom
On Mon, Apr 4, 2016 at 1:14 PM, CN <cn...@fa...> wrote:
> The actual json::array passed to boost::bind() is a nested "deep"
> object, like so:
>
> void m2(booster::shared_ptr<cppcms::rpc::json_call> requester
> ,int size,const cppcms::json::array &ja)
> {
> cppcms::json::array a;
> a.resize(3);
> a[0]=cppcms::json::array();
> a[0].array().push_back("a");
> a[0].array().push_back(1);
> a[1]=cppcms::json::array();
> a[1].array().push_back("b");
> a[2]=cppcms::json::array();
> a[2].array().push_back("c");
> ja.push_back(a);
> io_service.post(boost::bind(&report_service::m1,this,requester,size,ja));
> }
>
> After restructuring my code, gdb now reports the location of segment
> fault at line# 280 in json.cpp:
>
> memset(&m,0,sizeof(m));
>
> If I comment out this line, my progam does not crash here any more.
>
> My question now is:
>
> With the line
> static_cast<array *>(ptr())->~array();
> in place, is it necessary to call memset()?
>
> Best regards,
> CN
>
> --
> http://www.fastmail.com - Or how I learned to stop worrying and
> love email again
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Cppcms-users mailing list
> Cpp...@li...
> https://lists.sourceforge.net/lists/listinfo/cppcms-users
|
|
From: CN <cn...@fa...> - 2016-04-04 11:41:13
|
On Mon, Apr 4, 2016, at 06:59 PM, Artyom Beilis wrote: > Do you provide a full sample that reproduces the issue? For example in > m2 below you can't call ja.push_back(a) as ja is const. > > According to the crash it looks like you are derefenecing deleted > object, i.e. something passed by reference and out of stack > or something like that. > > Full sample would help me to check the issue. I have run out my wisdom. Is it OK with you if I send the actual source files in private directly to your e-mail box? Best regards, CN -- http://www.fastmail.com - Accessible with your email software or over the web |
|
From: Artyom B. <art...@gm...> - 2016-04-04 11:48:17
|
>> Full sample would help me to check the issue. > > I have run out my wisdom. > Is it OK with you if I send the actual source files in private directly > to your e-mail box? Yes, no problem Artyom |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X