Argonne National Laboratory

Experimental Physics and
Industrial Control System

2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017 Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
<== Date ==> <== Thread ==>

Subject: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element
From: Michael Davidsaver <mdavidsaver@gmail.com>
To: "Kasemir, Kay" <kasemirk@ornl.gov>
Cc: "core-talk@aps.anl.gov" <core-talk@aps.anl.gov>
Date: Sun, 2 Apr 2017 11:58:23 -0400
On 04/01/2017 12:12 PM, Michael Davidsaver wrote:
> I've opened https://bugs.launchpad.net/epics-base/+bug/1678494

Now with a patch to be tested.


> On 04/01/2017 09:20 AM, Kasemir, Kay wrote:
>> Hi:
>>
>>
>> When reading a "long string" PV as DBR_CTRL_CHAR with 1 array element,
>> an EPICS 3.15.5 IOC crashes.
>>
>> Has been OK with R3.14.x.
>>
>>
>> Example C client and stack trace of server is below. Basically, CA
>> server seems to try return all elements of the CHAR array, but the
>> buffer only allows for the 1 requested.
>>
>>
>> Why I ran into this:
>>
>> Older IOCs, i.e. most of those in operation ;-),  don't support
>> DBE_PROPERTY.
>>
>> So clients fetch the DBR_CTRL_native_type once, then subscribe to
>> for example DBR_STS_* for the complete array.
>>
>> When fetching the initial meta data, they don't need the complete value.
>> In fact for large arrays it would be wasteful to keep a copy of the
>> whole outdated array, just need the meta data and then one instance of
>> the 'current' array.
>>
>>
>> Thanks,
>>
>> Kay
>>
>>
>> Example C code that crashes IOC:
>> ````
>> /* USAGE: cademo SomePV.INP$
>>  *
>>  * Fetches a "long string" channel as DBR_CTRL_CHAR[1].
>>  * OK for R4.14.*, crashes R3.15.5
>>  */
>> #include <stdio.h>
>> #include <string.h>
>> #include <epicsStdlib.h>
>> #include <epicsString.h>
>> #include <cadef.h>
>>
>> int main (int argc, char *argv[])
>> {
>>     const char *name = argv[1];
>>     int result;
>>     chid chid;
>>     struct dbr_ctrl_char value;
>>
>>     puts(name);
>>
>>     result = ca_context_create(ca_disable_preemptive_callback);
>>     SEVCHK(result, "connect");
>>     result = ca_create_channel(name, 0, 0, 0, &chid);
>>     SEVCHK(result, "create");
>>     result = ca_pend_io(2.0);
>>     SEVCHK(result, "pend create");
>>     result = ca_array_get(DBR_CTRL_CHAR, 1, chid, &value);
>>     SEVCHK(result, "get");
>>     result = ca_pend_io(2.0);
>>     SEVCHK(result, "pend get");
>>
>>     ca_context_destroy();
>>
>>     return result;
>> }
>> ````
>>
>> For an IOC created via `makeBaseApp.pl -t example`, when reading
>> `$(user):ai1.INP$`, the IOC crashes while placing the value,
>> `$(user):calcExample1.VAL NPP NMS`, in the ca-get return buffer:
>> ````
>> Program received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x7fffd75f8700 (LWP 4974)]
>> 0x00007ffff66eb795 in __strncpy_sse2_unaligned () from /lib64/libc.so.6
>> Missing separate debuginfos, use: debuginfo-install
>> glibc-2.17-157.el7.x86_64 libgcc-4.8.5-11.el7.x86_64
>> libstdc++-4.8.5-11.el7.x86_64 ncurses-libs-5.9-13.20130511.el7.x86_64
>> readline-6.2-9.el7.x86_64
>> (gdb) bt
>> #0  0x00007ffff66eb795 in __strncpy_sse2_unaligned () from /lib64/libc.so.6
>> #1  0x00007ffff7735ebf in getLinkValue (paddr=0x7fffe4013020,
>> paddr=0x7fffe4013020, 
>>     nRequest=<optimized out>, pbuf=0x7ffff7e53035
>> "training:calcExample1.VAL NPP NMS", 
>>     dbrType=<optimized out>) at ../../../src/ioc/db/dbAccess.c:773
>> #2  dbGet (paddr=paddr@entry=0x7fffe4013020, dbrType=dbrType@entry=2,
>> pbuffer=<optimized out>, 
>>     options=options@entry=0x7fffd75f76e0,
>> nRequest=nRequest@entry=0x7fffd75f7c30, 
>>     pflin=pflin@entry=0x0) at ../../../src/ioc/db/dbAccess.c:857
>> #3  0x00007ffff773888c in dbChannelGet (chan=chan@entry=0x7fffe4013018,
>> type=type@entry=2, 
>>     pbuffer=<optimized out>, options=options@entry=0x7fffd75f76e0, 
>>     nRequest=nRequest@entry=0x7fffd75f7c30, pfl=pfl@entry=0x0)
>>     at ../../../src/ioc/db/dbChannel.c:668
>> #4  0x00007ffff774b8d3 in dbChannel_get_count
>> (chan=chan@entry=0x7fffe4013018, 
>>     buffer_type=<optimized out>, pbuffer=0x7ffff7e53020,
>> nRequest=nRequest@entry=0x7fffd75f7c30, 
>>     pfl=pfl@entry=0x0) at ../../../src/ioc/db/db_access.c:685
>> #5  0x00007ffff776f6c2 in read_reply (pfl=0x0, eventsRemaining=1,
>> dbch=0x7fffe4013018, 
>>     pArg=0x7fffd75f7c50) at ../../../src/ioc/rsrv/camessage.c:587
>> #6  read_notify_action (mp=<optimized out>, pPayload=<optimized out>,
>> client=<optimized out>)
>>     at ../../../src/ioc/rsrv/camessage.c:800
>> #7  0x00007ffff77708df in camessage (client=client@entry=0x7fffec000f90)
>>     at ../../../src/ioc/rsrv/camessage.c:2628
>> #8  0x00007ffff776d26c in camsgtask (pParm=0x7fffec000f90)
>>     at ../../../src/ioc/rsrv/camsgtask.c:129
>> #9  0x00007ffff727a58c in start_routine (arg=0x7fffe0001130)
>>     at ../../../src/libCom/osi/os/posix/osdThread.c:403
>> #10 0x00007ffff6441dc5 in start_thread () from /lib64/libpthread.so.0
>> #11 0x00007ffff674d73d in clone () from /lib64/libc.so.6
>> ````
>>
>>
>>
> 


Replies:
Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
References:
EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver

Navigate by Date:
Prev: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
Next: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
Navigate by Thread:
Prev: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
Next: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
ANJ, 03 Apr 2017 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·