Search⌘ K
Home/
Courses/
Accelerated Linux Core Dump Analysis

Identify Heap Contention Errors

Learn to identify heap contention wait chains, synchronization issues, and advanced techniques for disassembling and dumping arrays.

We'll cover the following...

Application source code

We’ll be analyzing the core dump generated from the following file:

C
// Build:
// gcc main.c -pthread -static -o App10
#include <stdio.h>
#include <pthread.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#define ARR_SIZE 10000
char *pAllocBuf[ARR_SIZE] = {0};
void proc()
{
    while (1)
    {
        int idx = rand() % ARR_SIZE;
        int malloc_size = rand() % ARR_SIZE;
        if (pAllocBuf[idx])
        {
            free(pAllocBuf[idx]);
            pAllocBuf[idx] = 0;
        }
        pAllocBuf[idx] = malloc(malloc_size);
    }
}
#define THREAD_DECLARE(num, func) \
    void bar_##num()               \
    {                              \
        func;                      \
    }                              \
                                   \
    void foo_##num()               \
    {                              \
        bar_##num();               \
    }                              \
                                   \
    void *thread_##num(void *arg) \
    {                              \
        foo_##num();               \
        return 0;                  \
    }
THREAD_DECLARE(one, proc())
THREAD_DECLARE(two, proc())
THREAD_DECLARE(three, proc())
THREAD_DECLARE(four, proc())
THREAD_DECLARE(five, proc())
#define THREAD_CREATE(num)                            \
    {                                                 \
        pthread_t threadID_##num;                     \
        pthread_create(&threadID_##num, NULL, thread_##num, NULL); \
    }
int main(int argc, const char *argv[])
{
    THREAD_CREATE(one)
    THREAD_CREATE(two)
    THREAD_CREATE(three)
    THREAD_CREATE(four)
    THREAD_CREATE(five)
    sleep(-1);
    return 0;
}

We can see that several threads are allocating and freeing memory using a shared array of pointers. If you execute this application, you’ll get the double free error:

Double free errors occur when the free() function is called twice on a pointer. In this lesson, we’ll learn how to identify such errors in a multithreaded environment.

Loading the core dump

Let’s begin by loading the generated core dump:

gdb -c core.App10 -se App10

The above command will output the following to the terminal:

Listing all threads

Let’s take a look at the list of threads and identify the top frames at the time of the crash:

info threads

The above command will output the following to the terminal:

We ...