473,320 Members | 2,083 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

access violation (win specific)

Hello all, i have a problem with some code written by other that I
need to fix.
This is windows specific, but I post it here anyways (simply I always
visit complangc++).

I have a class that has a reference member. The problem I'm facing
happens frequently on WinCE mobile phone. And the problem is that at
some point the reference becomes invalid. This reference actually
points to a singleton object and I can find out it's memory address.
The problem is that at some point address of referenced object changes
(basically memory cell that stores the reference is changed). So, I
have to put asserts all over the place to check that address of
referenced object is correct (equals to the address of the singleton)
and even if code asserts then it's of no use to me - I really need to
trap the code that actually modifies this memory cell and not the code
that tries to access modified reference. All the values of the object
are correct, except the reference itself. So... it's a bit weird why
it happens. I may remove that reference completely and use global
singleton, but still I really want to find out why reference gets
changed (even if I remove something else may get changed instead of
this reference)

I tried to use VirtualProtect win api to set PAGE_READONLYflag on
these 4 bytes to trap attempt to owerwrite memory but this doesn't
work, since it changes to readonly entire page and it code brakes
everywhere else.
Is there any other way I can find out how this reference becomes
corrupted

Aug 17 '07 #1
11 1645
__PPS__ <i-*********@yandex.ruwrote in news:1187371275.053089.291820@
22g2000hsm.googlegroups.com:
I tried to use VirtualProtect win api to set PAGE_READONLYflag on
these 4 bytes to trap attempt to owerwrite memory but this doesn't
work, since it changes to readonly entire page and it code brakes
everywhere else.
Put the reference in a page by itself:

struct foo
{
char sentinel1[2048];
X& x;
char sentinel2[2048];
};

This will also catch an overwrite that's touching neighboring addresses.
Set the sentinels to a known pattern and periodically make sure the pattern
is unscathed.

What CPU are you using? Does it support a per-word data watch? You might be
able to use the CPU's debugging features to trap accesses to that address.
Aug 17 '07 #2
__PPS__ wrote:
Hello all, i have a problem with some code written by other that I
need to fix.
This is windows specific, but I post it here anyways (simply I always
visit complangc++).
Right. Maybe those C++ people will learn a thing or two about Windows,
after all! We're are honoured by your generousity. <bows>
I have a class that has a reference member. The problem I'm facing
happens frequently on WinCE mobile phone. And the problem is that at
some point the reference becomes invalid. This reference actually
points to a singleton object and I can find out it's memory address.
The problem is that at some point address of referenced object changes
[..]
Is there any other way I can find out how this reference becomes
corrupted
It sounds like a memory corruption defect in your program (unless it
is in the system on which you're running, which I doubt). The usual
way to find out when it happens is to put a special breakpoint in
your debugger, which should allow to watch for changes in the data
at an arbitrary location in memory. If it doesn't, you're in for
a long session of trying to find who is changing that memory by
stepping through your program and watching the value of the reference.

Put a breakpoint somewhere halfway between the start of the program
and the point at which you know it happens. When your debugger hits
that new breakpoint, see if it has happened. If it didn't, put the
second breakpoint in the middle (approx) of the second part of your
range. Continue. If it has actually happen, put another breakpoint
in the middle of the first half. Restart. This is how most of us
who use subpar debuggers find where sh!t happens in our programs.

Another way is to figure out the true address of the reference member
and put a whole lot of debug printouts in an attempt to narrow it
down, but that means changing your code which can suddenly stop
exhibiting the wrong behaviour.

Good luck!

V
--
Please remove capital 'A's when replying by e-mail
I do not respond to top-posted replies, please don't ask
Aug 17 '07 #3

Victor Bazarov wrote:

Put a breakpoint somewhere halfway between the start of the program
and the point at which you know it happens. When your debugger hits
that new breakpoint, see if it has happened. If it didn't, put the
second breakpoint in the middle (approx) of the second part of your
range.
Hmmm, my program has a million lines of code, and have 20-50 threads
running simultaneously, communicating with 10 other sub-systems who
can send data at arbitrary moments in time (asynchronously). Where
shall I put that breakpoint. The middle of what and what? :-)

Aug 17 '07 #4
On Aug 17, 1:35 pm, Kenneth Porter <shiva.blackl...@sewingwitch.com>
wrote:
Put the reference in a page by itself:

struct foo
{
char sentinel1[2048];
X& x;
char sentinel2[2048];

};

This will also catch an overwrite that's touching neighboring addresses.
Set the sentinels to a known pattern and periodically make sure the pattern
is unscathed.

What CPU are you using? Does it support a per-word data watch? You might be
able to use the CPU's debugging features to trap accesses to that address.


I was thinking of that, but I don't think it would work. Because the
structure is changed and reference itself most likely won't be changed
anymore.
I'm using HTC mobiles phones with samsung 2442 400mhr ARMV4I cpu

On Aug 17, 1:40 pm, "Victor Bazarov" <v.Abaza...@comAcast.netwrote:
It sounds like a memory corruption defect in your program (unless it
is in the system on which you're running, which I doubt). The usual
way to find out when it happens is to put a special breakpoint in
your debugger, which should allow to watch for changes in the data
at an arbitrary location in memory. If it doesn't, you're in for
a long session of trying to find who is changing that memory by
stepping through your program and watching the value of the reference.

Put a breakpoint somewhere halfway between the start of the program
and the point at which you know it happens. When your debugger hits
that new breakpoint, see if it has happened. If it didn't, put the
second breakpoint in the middle (approx) of the second part of your
range. Continue. If it has actually happen, put another breakpoint
in the middle of the first half. Restart. This is how most of us
who use subpar debuggers find where sh!t happens in our programs.

Another way is to figure out the true address of the reference member
and put a whole lot of debug printouts in an attempt to narrow it
down, but that means changing your code which can suddenly stop
exhibiting the wrong behaviour.


All this was an option, but I can't use it. Defect is in the code for
sure. Code sucks BIG time, it's a monster framework from a big
telephony company, written by MANY employees around the globe. So,
original developers cannot be contacted... nobody knows what's up etc.
So, I'm working on it now.
Why I can't use VS debugger. It was an option, but the problem is that
this reference is part of a small class that's often created/deleted
in MANY places. It's a Timer (which actually works as a timeout - runs
a function after xxx milliseconds) object and it has a reference to
TimerManager object. For now I removed some crap from there just to
fix the problem, but still source of problem is unknown and unlikely
to be caught any soon :)

Debug printouts really work... and it always crashes in exactly the
same place. Printouts show that value gets magically changed just
before the crash... but who changed it I have no idea. More over after
it becomes corrupted vs debugger shows some strange stuff in debugger.
The TimerManager is a virtual class, and when it's corrupted vs shows
v_ptr as 0. Is vptr a part of object itself? Seems to be so to resolve
the final object.

Aug 17 '07 #5

__PPS__ wrote:

All this was an option, but I can't use it. Defect is in the code for
sure. Code sucks BIG time, it's a monster framework from a big
telephony company, written by MANY employees around the globe. So,
original developers cannot be contacted... nobody knows what's up etc.
So, I'm working on it now.
Why I can't use VS debugger. It was an option, but the problem is that
this reference is part of a small class that's often created/deleted
in MANY places. It's a Timer (which actually works as a timeout - runs
a function after xxx milliseconds) object and it has a reference to
TimerManager object.
Does the timer manager always exist? Is the timer in any way
associated with the Manager? Does the timer get removed
from some kind of list when it gets deleted? Does the timer
get accessed from more than one thread? Does it get destroyed
from another thread, invalidating the managers reference? etc...

Aug 17 '07 #6
On Aug 17, 3:44 pm, werasm <wer...@gmail.comwrote:

That's a good shot!! I think you had the same code or problems :)
Overall, that's a bit overkill since windows by itself provides
"timermanager" inside of multimedia timers. I rewrote that code
completely some time ago, but it just cannot be accepted for now into
the main three (too many changes)
Does the timer manager always exist?
Yes.
>Is the timer in any way associated with the Manager?
Yes.
Does the timer get removed from some kind of list when it gets deleted?
Yes.
Does the timer get accessed from more than one thread?
Yes. For example network timeout happens which triggers BIG framework
event that creates it's own handler thread that eventually deletes the
timer itself. That's crazy ugly code. I absolutely hate it.
Does it get destroyed from another thread, invalidating the managers reference? etc...
Yes... that's most likely the case, but the problem is that all other
members (like time in ms to wait) are correct. It's possible that in
this area of memory a new object created by another thread and it just
happens so that all the mem cells stay uninitialized but the place
that matches the reference is overwritten. Also... in debug mode if
object is deleted then it's memory is overwritten with 0xcdcdcdcd or
whatever, but as I say I see that all the other members have correct
values.

Aug 17 '07 #7

__PPS__ wrote:

Does the timer get removed from some kind of list when it gets deleted?
:-).

OK, does the timer remove itself from the list, or does the
manager remove the timer from the list? If the timer removes
itself from the list, is there a chance that the manager is
iterating over that same list in another thread (in which
case iterators are invalidated). Is the list protected for
access from various threads simultaneously (although
that's probably bad design).

Scenario - manager iterates over list to decrement. One
of the timers get deleted as result of another event, which
perhaps invalidates iterators (depending on container
type). But even with a std::list, the actual iterator could
probably be invalidated if deletion occurs from another
context...

Aug 17 '07 #8
werasm wrote:
Victor Bazarov wrote:

>Put a breakpoint somewhere halfway between the start of the program
and the point at which you know it happens. When your debugger hits
that new breakpoint, see if it has happened. If it didn't, put the
second breakpoint in the middle (approx) of the second part of your
range.

Hmmm, my program has a million lines of code, and have 20-50 threads
running simultaneously, communicating with 10 other sub-systems who
can send data at arbitrary moments in time (asynchronously). Where
shall I put that breakpoint. The middle of what and what? :-)
Really? Million lines of code for a damn cell phone? I doubt it.
Aug 17 '07 #9

Victor Bazarov wrote:
Hmmm, my program has a million lines of code, and have 20-50 threads
running simultaneously, communicating with 10 other sub-systems who
can send data at arbitrary moments in time (asynchronously). Where
shall I put that breakpoint. The middle of what and what? :-)

Really? Million lines of code for a damn cell phone? I doubt it.
His probably does not have a million lines, but
who knows? Cellphones are becoming sophisticated.
Does the program have a deterministic route that it
follows when the crash happens? Does it have a begin
and and end? Does not sound like it, but if it had your
idea would have been good.

Aug 17 '07 #10
"__PPS__" <i-*********@yandex.ruwrote in message
news:11**********************@57g2000hsv.googlegro ups.com...
On Aug 17, 1:35 pm, Kenneth Porter <shiva.blackl...@sewingwitch.com>
wrote:
>Put the reference in a page by itself:

struct foo
{
char sentinel1[2048];
X& x;
char sentinel2[2048];

};

This will also catch an overwrite that's touching neighboring addresses.
Set the sentinels to a known pattern and periodically make sure the
pattern
is unscathed.

What CPU are you using? Does it support a per-word data watch? You might
be
able to use the CPU's debugging features to trap accesses to that
address.

I was thinking of that, but I don't think it would work. Because the
structure is changed and reference itself most likely won't be changed
anymore.
I'm using HTC mobiles phones with samsung 2442 400mhr ARMV4I cpu

On Aug 17, 1:40 pm, "Victor Bazarov" <v.Abaza...@comAcast.netwrote:
>It sounds like a memory corruption defect in your program (unless it
is in the system on which you're running, which I doubt). The usual
way to find out when it happens is to put a special breakpoint in
your debugger, which should allow to watch for changes in the data
at an arbitrary location in memory. If it doesn't, you're in for
a long session of trying to find who is changing that memory by
stepping through your program and watching the value of the reference.

Put a breakpoint somewhere halfway between the start of the program
and the point at which you know it happens. When your debugger hits
that new breakpoint, see if it has happened. If it didn't, put the
second breakpoint in the middle (approx) of the second part of your
range. Continue. If it has actually happen, put another breakpoint
in the middle of the first half. Restart. This is how most of us
who use subpar debuggers find where sh!t happens in our programs.

Another way is to figure out the true address of the reference member
and put a whole lot of debug printouts in an attempt to narrow it
down, but that means changing your code which can suddenly stop
exhibiting the wrong behaviour.

All this was an option, but I can't use it. Defect is in the code for
sure. Code sucks BIG time, it's a monster framework from a big
telephony company, written by MANY employees around the globe. So,
original developers cannot be contacted... nobody knows what's up etc.
So, I'm working on it now.
Why I can't use VS debugger. It was an option, but the problem is that
this reference is part of a small class that's often created/deleted
in MANY places. It's a Timer (which actually works as a timeout - runs
a function after xxx milliseconds) object and it has a reference to
TimerManager object. For now I removed some crap from there just to
fix the problem, but still source of problem is unknown and unlikely
to be caught any soon :)

Debug printouts really work... and it always crashes in exactly the
same place. Printouts show that value gets magically changed just
before the crash... but who changed it I have no idea. More over after
it becomes corrupted vs debugger shows some strange stuff in debugger.
The TimerManager is a virtual class, and when it's corrupted vs shows
v_ptr as 0. Is vptr a part of object itself? Seems to be so to resolve
the final object.
It sounds like something is overflowing memory and overwriting your
instance. One thing you *might* be able to do is attempt to look at what is
now residing in that memory and see if you can figure out what
class/instance it is by it's pattern. Just get the address of the referenc
and output the bytes located there so you can see them. Try to determine
what class is it, then you'll have somewhere to look at least. It could be
a class, it could be data, coudl be anythign overflowing memory.
Aug 17 '07 #11
On Aug 17, 6:08 pm, "Jim Langston" <tazmas...@rocketmail.comwrote:
.....
what class is it, then you'll have somewhere to look at least. It could be
a class, it could be data, coudl be anythign overflowing memory.
That's the scary thing... it could be anything, including acts of god
or whatever :) I tried lots of stuff... but it seems that the only
thing could help me is the OS itself if it was capable of restricting
access to certain bytes of ram instead of pages.

On Aug 17, 5:15 pm, "Victor Bazarov" <v.Abaza...@comAcast.netwrote:
Really? Million lines of code for a damn cell phone? I doubt it.
Did he say that he has that much code for a cell phone?? I didn't see
that.

Currently, I have 1467 (*.cpp, *.cc, *.c, *.h, *.hh) files with total
size of 10.3MB, more over our code uses some libraries in form of
source code or precompiled libraries (audio/video codecs, atl-wtl,
ffmpeg). And on top of that entire candy/animation rich gui is NOT
written in c++. So... I think it's not small at all. Sure cell phone
code becomes more complicated since it has to go around missing
functionality that's present as-is in normal PC... More over, there's
a widely used no-windows based cell phone os that's a total CRAP,
that's is entirely c++ based and almost no c++ code will ever compile
for it! It absolutely doesn't have std c++ lib (no streams, no stl).
Obviously boost/ace will never work for it. And on top of that this
crapOS has different programming concepts and entire framework has to
adjust itself to be compilable for wince and this crap os. Personally
I hope that this OS dies ASAP!!!! I've heard that even top managers
hate it... because nobody likes it :) I'm sure you guessed right that
I'm talking about symbian here. My personal opinion is that it would
be much easier to port some complicated software from windows to linux
or vice versa, than to port some not very complicated software from
one version of symbian to another... I think that Symbian has WAY more
c++ classes that win32 has api functions (not to mention that all
these classes have around 10 methods or in some extreme cases even
around 50-100 methods)!!!
So... cell phone code not complicated?!?? We have to have all the code
for lists, arrays, strings... and it's all really written EXTREMELY
BAD, any student would do a better job writing this simple containers
(imagine what java coders could write in c++?!??). Then, one of many
developers just for no reason decides to put windows specific code
entire project brakes... then in platform specific code you have to
convert between all these home cooked containers to something more
specific to the system. Then at some point you get the mysterious
crash (see my original post) that some developers spent weeks trying
to fix (unsuccessfully), some developers were sent across continent to
work on it and obviously it won't ever be fixed :) Oh yes, I forgot to
mention that all the code is full of hacks (__try/__except to trap
access violation and avoid program crash in windows!!, tons of places
where scoped_locks were manually unlocked to fix deadlocks, etc...)
I'm loving it... this project could go on forever on improving
itself...

Aug 19 '07 #12

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Steven Reddie | last post by:
In article <slrnbnj19j.av.juergen@monocerus.manannan.org>, Juergen Heinzl wrote: >In article <f93791bd.0309282133.650da850@posting.google.com>, Steven Reddie wrote: >> I understand that access...
1
by: szudor | last post by:
Hi, When I start db2cc, the program hangs with memory access violation in javaw.exe. Strating with trace option, in java trace file I found the following information: 0SECTION TITLE...
0
by: Dalan | last post by:
This is more or less a general question that long time Access developers could easily answer. I have developed an Access 97 SR2b Runtime database on a Windows 98 SE machine and have started testing...
8
by: Stephen K. Young | last post by:
If you have not seen it, this recent Microsoft Knowledge Base article is worth reading: http://support.microsoft.com/kb/889588 "How to optimize Office Access and Jet database engine...
7
by: souravmallik | last post by:
Hello, I am using MS VC++ 6.0 in a win xp sp2 os. I'm getting a error NTDLL.DLL - 0xC00000005: Access Violation. Can any one tell me whats this error means? Is there any patch related...
6
by: nmehring | last post by:
I have an MFC app with 2000 users. I have one user that experiences a crash in our software anywhere from 1 to 5 times a week when opening a particular module. No other users have reported this...
2
by: =?Utf-8?B?c29jYXRvYQ==?= | last post by:
Hi, I have a DLL in VC6, when a specific function is called it will spawns a few threads and then return. The threads stay running and inside one of these threads an event is created using the...
39
by: Martin | last post by:
I have an intranet-only site running in Windows XPPro, IIS 5.1, PHP 5.2.5. I have not used or changed this site for several months - the last time I worked with it, all was well. When I tried it...
0
by: vwood | last post by:
I have a program, written with Borland 5.0c with CodeGuard running, and I get an access violation on exit about half the time. Sometimes it happens in various places in my destructor, sometimes it...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.