View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0022115FPCRTLpublic2012-05-24 15:272014-03-02 13:22
ReporterPaul W 
Assigned ToSven Barth 
PrioritynormalSeveritymajorReproducibilitysometimes
StatusassignedResolutionopen 
PlatformOSWindows x86OS Version7
Product Version2.6.0Product Build 
Target VersionFixed in Version 
Summary0022115: BeginThread started in dll started from thread = random crashes
DescriptionIf you use BeginThread inside FPC dll that is launched from thread itself, you will crash in FPC RTL.
Additional Informationto reproduce:
1.Compile attached source to test.dll
2.Compile & run this: http://pastebin.com/BjpRqjik [^] or inject test.dll into any process you desire (it will also run test.dll from thread)
3.You will usually see 'test' messagebox once or twice, then it will crash inside ntdll.dll (due to uninitialized CriticalSection entering).

Crash happens inside newly created thread, before first line of procedure is executed, in FPC initialization.
Stack:
#0 ntdll!EtwNotificationUnregister at :0 ;inc [eax+14h] => inc [0+14h] => crash
0000001 ntdll!EtwNotificationUnregister at :0
0000002 SYSTEM_SYSENTERCRITICALSECTION$formal at :0
0000003 SYSTEM_ENTERCRITICALSECTION$TRTLCRITICALSECTION at :0
0000004 SYSTEM_WAITFREE_FIXED$PMEMCHUNK_FIXED$POSCHUNK at :0
0000005 ?? at :0
0000006 KERNEL32!AcquireSRWLockExclusive at :0 ;thread begin
0000007 ntdll!RtlInsertElementGenericTableAvl at :0
0000008 ntdll!RtlInsertElementGenericTableAvl at :0
0000009 ?? at :0
TagsNo tags attached.
FPCOldBugId0
Fixed in Revision
Attached Files? file icon dll.pas [^] (510 bytes) 2012-05-24 15:27
patch file icon heap_v1.patch [^] (1,478 bytes) 2013-03-18 20:28 [Show Content]
patch file icon heap.inc.patch [^] (2,161 bytes) 2013-03-22 14:51 [Show Content]

- Relationships
related to 0006355new Thread create in dll causes delayed access violation. 

-  Notes
(0059994)
Paul W (reporter)
2012-05-27 13:35

Sorry for mistake, it's of course related to RTL, not Compiler.

I have tried reproducing it on revision 21396 - same error.
(0060219)
Paul W (reporter)
2012-06-03 14:14
edited on: 2012-06-06 16:05

I think i found what causes this problem. It's related to heap.
When new thread is started, it calls initialization, where heap_lock is initialized. But after that somehow it calls FinalizeHeap which clear heap_lock (last_thread is true). I don't know why this happens.
When i changed behavior to never call DoneCriticalSection at rtl\inc\heap.inc:1575, everything works as expected. So this is workaround at least.
If anybody got a solution, feel free to help me out :) .
Edit: workaround i posted before doesn't work, but it seems like it decreased chance that it'll crash or it was pure luck. I'm still trying to find workaround.
Edit 0000002: I Found out that fix i made is correct, it works. I just wrongly interpreted output by my programs that had bug which crashed in very similar way. So my workaround WORKS, but it doesn't fix problem. Sorry for publishing wrong information, it is my first attempt to patch FPC.

(0066378)
Paul W (reporter)
2013-03-18 20:32

I attached patch that resolves this problem, but on the other hand ignores RelocateHeap comment that it should be only called from main thread. From my brief tests nothing worrying came out about this patch. Anyway, it's yet another solution to resolve this heap misbehavior.
(0073381)
Thaddy de Koning (reporter)
2014-03-02 06:28

function BeginThread(ThreadFunction : tthreadfunc;p : pointer;var ThreadId : TThreadID) : TThreadID;
    
Look at the sourcecode in thread.inc why your example code fails. You oversimplified.
Using the above overloaded function will probably work.

The memory allocation is based on the thread id. The memorymanager needs to know where and in which thread the memory belongs. The version of beginthread that you are using *must* be called from the main thread. Hence there are several overloads.
(0073383)
Paul W (reporter)
2014-03-02 13:22

"Look at the sourcecode in thread.inc why your example code fails. You oversimplified.
Using the above overloaded function will probably work." - Why do you think so? Minimal version will just call this version you mentioned, in fact they both call same main "BeginThread" with all parameters just replaced by defaults.

"The version of beginthread that you are using *must* be called from the main thread." - Well, it seems like I just don't need to specify stack size, parameter to send and I don't need thread ID back. This is what this version does, check out thread.inc, it doesn't expect any more parameters other than custom pointer to be sent to called function. Nor do I see any warnings that this have to be called from main thread.

You can of course try to write counter-example using function you mentioned, but you will see you will fail, because it's bug in heap management (in fact, it's related to main thread not being present all time in DLL).

- Issue History
Date Modified Username Field Change
2012-05-24 15:27 Paul W New Issue
2012-05-24 15:27 Paul W File Added: dll.pas
2012-05-27 13:35 Paul W Note Added: 0059994
2012-05-27 15:59 Jonas Maebe FPCOldBugId => 0
2012-05-27 15:59 Jonas Maebe Category Compiler => RTL
2012-06-03 14:14 Paul W Note Added: 0060219
2012-06-05 20:36 Paul W Note Edited: 0060219
2012-06-06 16:05 Paul W Note Edited: 0060219
2012-06-06 21:04 Jonas Maebe Relationship added related to 0006355
2013-03-18 20:28 Paul W File Added: heap_v1.patch
2013-03-18 20:32 Paul W Note Added: 0066378
2013-03-22 14:51 Marco van de Voort File Added: heap.inc.patch
2014-03-01 23:25 Sven Barth Assigned To => Sven Barth
2014-03-01 23:25 Sven Barth Status new => assigned
2014-03-02 04:32 Thaddy de Koning Note Added: 0073378
2014-03-02 04:37 Thaddy de Koning Note Edited: 0073378 View Revisions
2014-03-02 04:40 Thaddy de Koning Note Edited: 0073378 View Revisions
2014-03-02 04:43 Thaddy de Koning Note Edited: 0073378 View Revisions
2014-03-02 04:50 Thaddy de Koning Note Added: 0073379
2014-03-02 05:02 Thaddy de Koning Note Edited: 0073378 View Revisions
2014-03-02 05:36 Thaddy de Koning Note Deleted: 0073379
2014-03-02 05:36 Thaddy de Koning Note Deleted: 0073378
2014-03-02 06:10 Thaddy de Koning Note Added: 0073380
2014-03-02 06:13 Thaddy de Koning Note Deleted: 0073380
2014-03-02 06:28 Thaddy de Koning Note Added: 0073381
2014-03-02 13:22 Paul W Note Added: 0073383



MantisBT 1.2.12[^]
Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker