I''m looking for some advice on how to approach fixing a bug in DTrace.
The following script will cause dtrace(1M) to core dump:
#!/usr/sbin/dtrace -s
#pragma D option version=1.0
this zio_t *io;
inline char io_type = (this->io->io_type == ZIO_TYPE_NULL) ?
''.'' : ''?'';
BEGIN
{
exit(0);
}
(Jon started seeing this core dump with a build using my fix to
6779011: "libdtrace sometimes dumps core when running test.1.0.d".)
The problem is that the dt_ident_t for io is referenced in the
dt_node_t for the RHS of io_type _after_ dt_idhash_destroy() is called
to blow away the dt_ident_t for io.
One thought I had to fix this is to post-process the RHS dt_node_t,
making a copy of any dt_ident_t with DT_IDFLG_LOCAL to avoid this
case. I''ve thrown up a webrev including these changes here:
http://cr.opensolaris.org/~cmynhier/6795386-globalize/. The changes
specific to this bug are in dt_parser.c and dt_ident.c.
Is this the right approach, or should I be fixing this some other way?
Chad
On Wed, May 13, 2009 at 8:47 AM, Chad Mynhier <cmynhier at gmail.com> wrote:> I''m looking for some advice on how to approach fixing a bug in DTrace. > > The following script will cause dtrace(1M) to core dump: > > #!/usr/sbin/dtrace -s > > #pragma D option version=1.0 > > this zio_t *io; > > inline char io_type = (this->io->io_type == ZIO_TYPE_NULL) ? ''.'' : ''?''; > > BEGIN > { > ? ? exit(0); > }To add some more information here, in case anyone tries to reproduce the problem: I''m able to reproduce this core dump consistently on SPARC, but I have trouble reproducing it consistently on x86, although I have seen it on x86. Jon Haslam noticed that he could reproduce it consistently on x86 after removing the version reduction (snv_115 for him.) (But he did see at least one occurrence with the version reduction in place.) Chad
Hey Chad, That looks like the right solution. Note that if you use libumem, and set UMEM_DEBUG=guards, this happens every time due to the attempted double free of the dt_ident_t. Adam On May 13, 2009, at 5:47 AM, Chad Mynhier wrote:> I''m looking for some advice on how to approach fixing a bug in DTrace. > > The following script will cause dtrace(1M) to core dump: > > #!/usr/sbin/dtrace -s > > #pragma D option version=1.0 > > this zio_t *io; > > inline char io_type = (this->io->io_type == ZIO_TYPE_NULL) ? ''.'' : > ''?''; > > BEGIN > { > exit(0); > } > > (Jon started seeing this core dump with a build using my fix to > 6779011: "libdtrace sometimes dumps core when running test.1.0.d".) > > The problem is that the dt_ident_t for io is referenced in the > dt_node_t for the RHS of io_type _after_ dt_idhash_destroy() is called > to blow away the dt_ident_t for io. > > One thought I had to fix this is to post-process the RHS dt_node_t, > making a copy of any dt_ident_t with DT_IDFLG_LOCAL to avoid this > case. I''ve thrown up a webrev including these changes here: > http://cr.opensolaris.org/~cmynhier/6795386-globalize/. The changes > specific to this bug are in dt_parser.c and dt_ident.c. > > Is this the right approach, or should I be fixing this some other way? > > Chad > _______________________________________________ > dtrace-discuss mailing list > dtrace-discuss at opensolaris.org-- Adam Leventhal, Fishworks http://blogs.sun.com/ahl