Argonne National Laboratory

Experimental Physics and
Industrial Control System

2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017 Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
<== Date ==> <== Thread ==>

Subject: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element
From: Michael Davidsaver <mdavidsaver@gmail.com>
To: "Kasemir, Kay" <kasemirk@ornl.gov>, "core-talk@aps.anl.gov" <core-talk@aps.anl.gov>
Date: Sat, 1 Apr 2017 12:12:56 -0400
I've opened https://bugs.launchpad.net/epics-base/+bug/1678494

On 04/01/2017 09:20 AM, Kasemir, Kay wrote:
> Hi:
> 
> 
> When reading a "long string" PV as DBR_CTRL_CHAR with 1 array element,
> an EPICS 3.15.5 IOC crashes.
> 
> Has been OK with R3.14.x.
> 
> 
> Example C client and stack trace of server is below. Basically, CA
> server seems to try return all elements of the CHAR array, but the
> buffer only allows for the 1 requested.
> 
> 
> Why I ran into this:
> 
> Older IOCs, i.e. most of those in operation ;-),  don't support
> DBE_PROPERTY.
> 
> So clients fetch the DBR_CTRL_native_type once, then subscribe to
> for example DBR_STS_* for the complete array.
> 
> When fetching the initial meta data, they don't need the complete value.
> In fact for large arrays it would be wasteful to keep a copy of the
> whole outdated array, just need the meta data and then one instance of
> the 'current' array.
> 
> 
> Thanks,
> 
> Kay
> 
> 
> Example C code that crashes IOC:
> ````
> /* USAGE: cademo SomePV.INP$
>  *
>  * Fetches a "long string" channel as DBR_CTRL_CHAR[1].
>  * OK for R4.14.*, crashes R3.15.5
>  */
> #include <stdio.h>
> #include <string.h>
> #include <epicsStdlib.h>
> #include <epicsString.h>
> #include <cadef.h>
> 
> int main (int argc, char *argv[])
> {
>     const char *name = argv[1];
>     int result;
>     chid chid;
>     struct dbr_ctrl_char value;
> 
>     puts(name);
> 
>     result = ca_context_create(ca_disable_preemptive_callback);
>     SEVCHK(result, "connect");
>     result = ca_create_channel(name, 0, 0, 0, &chid);
>     SEVCHK(result, "create");
>     result = ca_pend_io(2.0);
>     SEVCHK(result, "pend create");
>     result = ca_array_get(DBR_CTRL_CHAR, 1, chid, &value);
>     SEVCHK(result, "get");
>     result = ca_pend_io(2.0);
>     SEVCHK(result, "pend get");
> 
>     ca_context_destroy();
> 
>     return result;
> }
> ````
> 
> For an IOC created via `makeBaseApp.pl -t example`, when reading
> `$(user):ai1.INP$`, the IOC crashes while placing the value,
> `$(user):calcExample1.VAL NPP NMS`, in the ca-get return buffer:
> ````
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fffd75f8700 (LWP 4974)]
> 0x00007ffff66eb795 in __strncpy_sse2_unaligned () from /lib64/libc.so.6
> Missing separate debuginfos, use: debuginfo-install
> glibc-2.17-157.el7.x86_64 libgcc-4.8.5-11.el7.x86_64
> libstdc++-4.8.5-11.el7.x86_64 ncurses-libs-5.9-13.20130511.el7.x86_64
> readline-6.2-9.el7.x86_64
> (gdb) bt
> #0  0x00007ffff66eb795 in __strncpy_sse2_unaligned () from /lib64/libc.so.6
> #1  0x00007ffff7735ebf in getLinkValue (paddr=0x7fffe4013020,
> paddr=0x7fffe4013020, 
>     nRequest=<optimized out>, pbuf=0x7ffff7e53035
> "training:calcExample1.VAL NPP NMS", 
>     dbrType=<optimized out>) at ../../../src/ioc/db/dbAccess.c:773
> #2  dbGet (paddr=paddr@entry=0x7fffe4013020, dbrType=dbrType@entry=2,
> pbuffer=<optimized out>, 
>     options=options@entry=0x7fffd75f76e0,
> nRequest=nRequest@entry=0x7fffd75f7c30, 
>     pflin=pflin@entry=0x0) at ../../../src/ioc/db/dbAccess.c:857
> #3  0x00007ffff773888c in dbChannelGet (chan=chan@entry=0x7fffe4013018,
> type=type@entry=2, 
>     pbuffer=<optimized out>, options=options@entry=0x7fffd75f76e0, 
>     nRequest=nRequest@entry=0x7fffd75f7c30, pfl=pfl@entry=0x0)
>     at ../../../src/ioc/db/dbChannel.c:668
> #4  0x00007ffff774b8d3 in dbChannel_get_count
> (chan=chan@entry=0x7fffe4013018, 
>     buffer_type=<optimized out>, pbuffer=0x7ffff7e53020,
> nRequest=nRequest@entry=0x7fffd75f7c30, 
>     pfl=pfl@entry=0x0) at ../../../src/ioc/db/db_access.c:685
> #5  0x00007ffff776f6c2 in read_reply (pfl=0x0, eventsRemaining=1,
> dbch=0x7fffe4013018, 
>     pArg=0x7fffd75f7c50) at ../../../src/ioc/rsrv/camessage.c:587
> #6  read_notify_action (mp=<optimized out>, pPayload=<optimized out>,
> client=<optimized out>)
>     at ../../../src/ioc/rsrv/camessage.c:800
> #7  0x00007ffff77708df in camessage (client=client@entry=0x7fffec000f90)
>     at ../../../src/ioc/rsrv/camessage.c:2628
> #8  0x00007ffff776d26c in camsgtask (pParm=0x7fffec000f90)
>     at ../../../src/ioc/rsrv/camsgtask.c:129
> #9  0x00007ffff727a58c in start_routine (arg=0x7fffe0001130)
>     at ../../../src/libCom/osi/os/posix/osdThread.c:403
> #10 0x00007ffff6441dc5 in start_thread () from /lib64/libpthread.so.0
> #11 0x00007ffff674d73d in clone () from /lib64/libc.so.6
> ````
> 
> 
> 


Replies:
Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
References:
EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay

Navigate by Date:
Prev: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
Next: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
Navigate by Thread:
Prev: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
Next: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
ANJ, 02 Apr 2017 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·