tags:

views:

119

answers:

1
+2  Q: 

Fault address when malloc/free pthread_t across threads

Fault address occurred when i malloc pthread_t to save a newly created thread id and free it in another thread. Codes as follows:

typedef struct _TaskInfo { 
    // int dummy_int;
    pthread_t tid;
} TaskInfo;

void* dummy_task(void* pArg) {
    free(pArg);
    return NULL;
}

void create_task() {
    TaskInfo *pInfo;
    pthread_attr_t attr;

    // set detached state stuff ...

    pInfo = (TaskInfo*) malloc(sizeof(TaskInfo));
    pthread_create(&pInfo->tid, &attr, dummy_task, pInfo);

    // destroy pthread attribute stuff ...
}

int main() {
    int i;
    while(i < 10000) {
        create_task();
        ++i;
    }
    return 0;
}

When I uncomment the member dummy_int of TaskInfo it sometimes ran successfully, but sometimes failed. My platform is VMWare + Ubuntu 9.10 + ndk r3

Thanks!

+1  A: 

pthread_create() stores the thread ID (TID) of the created thread in the location pointed to by the first parameter, however it does that after the thread is created (http://opengroup.org/onlinepubs/007908799/xsh/pthread_create.html):

Upon successful completion, pthread_create() stores the ID of the created thread in the location referenced by thread

Since the thread has already been created, it may well get a chance to run and delete that block of memory before pthread_create() gets a chance to store the TID in it.

When you don't have the dummy_int member in the struct you're probably corrupting the heap in a way that crashes early. With the dummy_int member included, you happen to be trashing something less sensitive (so the crashes are a bit less frequent). In either case, you're trashing memory that isn't allocated (or might not be allocated - you have a race condition).

Michael Burr  2010-04-28 07:08:55
Thanks very much! But I'm still wondering why the same codes on Linux just worked fine. Because I read from Robert Love's "Linux Kernel Development" that the kernel runs the child process first and the implementation of process and thread on Linux are the same. Does the thread scheduling on Linux differ from android?
scleung  2010-04-28 07:22:39
I couldn't say - but in either case, since you're dealing with a race condition, you're dealing with code that's going to fail at some point. It may be that the failure is more 'certain' on Android because you're likely dealing with a single processor device, while on Linux you might be running a multiproc device so the original thread has a chance to do it's save of the TID before the `free()` occurs in the newly created thread. Or Linux may have enough of difference in the scheduler to let you get away with it. But it's still bug - you're just not noticing it in some cases.
Michael Burr  2010-04-28 07:33:59

related questions

How do I find the DNS servers in Android from a Java program?
Will JavaFX work on Android?
Android application deployment
How to copy text programatically in my Android app?
Android API for detecting new media from inbuilt camera & mic
What can you not do on the Dalvik VM (Android's VM) that you can in Sun VM?
create Raw socket in Android
Will Google Android ever support .NET?
Is there a way to import a 3D model into Android?
Does Android WebView need permissions for opening external URLs?
Getting started with mobile programming. What is a good platform ?
How do I save an Android application's state?
Porting Android's Java VM to the iPhone?
Making Eclipse behave like Visual Studio
Getting started with Android
Sleep a thread until an event is attended in another thread
How well does the Android Phone Emulator reflect the performance?
Is there any way to run Python on Android ?
moving to android from j2me
What work has been done on cross-platform mobile development?
Updating Android Tab Icons
Is there a multiplatform framework for developing iPhone / Android applications?
Proxy with Android Emulator
Using ItemizedOverlay and OverlayItem In Android Beta 0.9
Android Development