Identify Heap Contention Errors
Learn to identify heap contention wait chains, synchronization issues, and advanced techniques for disassembling and dumping arrays.
Application source code
We’ll be analyzing the core dump generated from the following file:
// Build:// gcc main.c -pthread -static -o App10#include <stdio.h>#include <pthread.h>#include <unistd.h>#include <string.h>#include <stdlib.h>#define ARR_SIZE 10000char *pAllocBuf[ARR_SIZE] = {0};void proc(){while (1){int idx = rand() % ARR_SIZE;int malloc_size = rand() % ARR_SIZE;if (pAllocBuf[idx]){free(pAllocBuf[idx]);pAllocBuf[idx] = 0;}pAllocBuf[idx] = malloc(malloc_size);}}#define THREAD_DECLARE(num, func) \void bar_##num() \{ \func; \} \\void foo_##num() \{ \bar_##num(); \} \\void *thread_##num(void *arg) \{ \foo_##num(); \return 0; \}THREAD_DECLARE(one, proc())THREAD_DECLARE(two, proc())THREAD_DECLARE(three, proc())THREAD_DECLARE(four, proc())THREAD_DECLARE(five, proc())#define THREAD_CREATE(num) \{ \pthread_t threadID_##num; \pthread_create(&threadID_##num, NULL, thread_##num, NULL); \}int main(int argc, const char *argv[]){THREAD_CREATE(one)THREAD_CREATE(two)THREAD_CREATE(three)THREAD_CREATE(four)THREAD_CREATE(five)sleep(-1);return 0;}
We can see that several threads are allocating and freeing memory using a shared array of pointers. If you execute this application, you’ll get the double free error:
Double free errors occur when the free() function is called twice on a pointer. In this lesson, we’ll learn how to identify such errors in a multithreaded environment.
Loading the core dump
Let’s begin by loading the generated core dump:
gdb -c core.App10 -se App10
The above command will output the following to the terminal:
Listing all threads
Let’s take a look at the list of threads and identify the top frames at the time of the crash:
info threads
The above command will output the following ...