none
WEC7 - Heap corruption Detection Tips RRS feed

  • Question

  • Hi,

    We are using WEC7 on an ARM7 platform and I am observing some heap corruption occurring in the USB stack that came with the BSP. I am trying to debug where in the code this is occurring.

    The problem shows itself by some variables in one of my classes getting overwritten during loading of USB drivers. My class is a logging extension I had added to the USB driver code.

    Any tips/tools that somebody could recommend please? I googled and found references to AppVerifier but I am currently struggling to set it up.

    It is driver level code and due to certain system limitations I can't debug over Ethernet/USB.

    Thanks,

    Samie

    Wednesday, May 25, 2016 6:31 PM

All replies

  • Hi Samie,

    You could look at heap allocations using DevHealth... https://msdn.microsoft.com/en-us/library/jj584887.aspx

    Sincerely,

    IoTGirl 

    Friday, May 27, 2016 6:30 PM
    Moderator
  • Thanks IoTGirl. Generated reports and so far no luck.

    The variable that were getting asynchrnously corrupted, I added a large array in my class immediately after that to see if I could figure out what data is being written, and hopefully find the offending piece of code. In my class constructor, when I memset() to reset with known data (so that any modificaitons during corruption would be obvious) the memset() internally fails with 'data abort' exceptions.

    This is really odd since I don't expect the low level routines in kernel that are involved in memory allocations on heap would have some issues.

    I will post with more updates if/when I have any new information but so far it is proving to be extremely frustrating.

    Monday, May 30, 2016 3:38 PM
  • Hi Samie,

    Good luck on your search. Is your variable a pointer? Are you using any custom data structures that might have alignment issues? There are just so many things it could be!

    Sincerely,

    IoTGirl

    Tuesday, May 31, 2016 5:34 AM
    Moderator
  • Hi IoTGirl,

    I am surely using custom data structures so you are right - it could be alignment issues. I had assumed that it would be more efficient to have any alignment, but it should not cause any memory issues?

    Are there any specific restrictions related to data alignment that I should be aware of?

    Thanks,

    Samie

    Tuesday, May 31, 2016 10:42 AM
  • Hi Samie,

    Depending on the compiler options you use, you will want to opt for data structures that align on addressable boundaries.

    Can you explain what you mean by this? "I had assumed that it would be more efficient to have any alignment",

    For your research, step through the allocation of your structure then watch memory in that region to see when/where it is overwritten.

    Sincerely,

    IoTGirl

    Tuesday, May 31, 2016 3:45 PM
    Moderator
  • Hi IoTGirl,

    My previous comment on "more efficiency due to alignment" was based on the assumption that if data structure is allocated on an address that is not mulitple of size of data type, it will be less efficient to read/write to it. However, I have now learned that some x86 architectures will work but for ARM, it is not just a matter of efficiency but a necessity.

    Having said that, I get data abort exceptions even if I dont declare ANY variable of structure so it is not at least structure alignment problem.

    I have, however, narrowed it down to a TCHAR []. It seems that if the number of elements greater than 4, I get data abort exceptions. This is only when I use this class in the USB classes. If I create an object of this class in other drivers (e.g. SDHC), everything works fine.

    So it does seem to be a memory allocation/access issue during class instantiation for TCHAR[]. This is really curious (but frustrating at the same time as I can't get to the bottom of what is happening under the hood).

    Regards,

    Samie

    Wednesday, June 1, 2016 10:50 PM
  • Is it possible that the USB driver is being built with a different set of compiler options than other drivers, so that memory allocations are handled differently in USB stack than the rest of the system?

    How can I verify this?

    Thursday, June 2, 2016 4:42 PM
  • Hi Samie,

    You will need to work with the BSP provider for the code they provide.  Microsoft provides some prebuilt binaries but it should be pretty clear which code has the alignment problem if that is the cause.They should also be able to help you with your debugging issues.

    Sincerely,

    IoTGirl

    Thursday, June 2, 2016 9:50 PM
    Moderator
  • Thanks IoTGirl.
    Tuesday, June 7, 2016 7:02 PM
  • You are very welcome!
    Tuesday, June 7, 2016 9:22 PM
    Moderator
  • You may try enabling IMGENABLEHEAPSENTINEL in the image. This helps in certain cases for detecting heap corruption.

    https://support.microsoft.com/en-in/kb/977712


    -Pranjal

    Thursday, September 1, 2016 2:24 PM