Re: Wx SEGV's with threads

Sun, 17 May 2009 11:35:44 -0700 

Hi again,

I'm not sure whether anyone is paying attention, but here goes...

Steffen Mueller wrote:
there have been occasional bad crashes of an application in whose development I'm involved in (Padre). With your generous help, I managed to build a debugging perl+wxWidgets+Wx combination and finally obtained a backtraces for such crashes. I always suspected a combination of ithreads with wx to be the culprit and unfortunately, it turns out I was right. It seems to happen only when a background thread is joined. Specifically during the resulting cleanup. I'm wildly speculating now: Maybe some of the Wx objects with underlying non-ithread-aware C++ implementation are being cloned on thread creation and dubiously freed on thread exit. Or maybe it's due to Thaw being called on a window that wasn't Freeze'd (see backtrace). 

You can find an example backtrace with some additional debugging info here:

http://padre.perlide.org/attachment/ticket/287/backtrace
This blog post gave me an idea: http://peter.makholm.net/2009/05/15/persistence-and-objects-from-xs-modules/
What if the WindowUpdateLocker object is cloned as part of a thread creation and the clone is cleaned up on thread exit? This could go wrong in various ways.
Let's suppose the underlying C++ object isn't cloned correctly and just the Perl-level object is cloned. Maybe it shouldn't have been cloned at all in the first place. After all, the Wx stuff shouldn't be in the non-GUI thread. 

Scenario 1:
The thread will DESTROY (=> C++ delete) it on join(). Then, the next access to it from the main/GUI thread should crash with a segmentation fault due to a double free. This is not the case (see backtrace). It crashes in the thread cleanup phase. 

Scenario 2:
The object is destroyed analogously to scenario 1, but by the main/GUI thread *while the worker thread is still running*. After all, a WindowUpdateLocker should be a short-lived object. Then, the crash (i.e. second delete) would appear during global destruction of the interpreter that's running in the thread.
Does this make any sense or am I barking up the wrong tree? Any ideas on how to debug this? Will valgrind catch this? I'm a bit of a newbie in terms of this heavy C debugging, particularly if it involves perl, wx, and concurrency. 

Cheers,
Steffen

Reply via email to