[英]Find Target Thread of Invocation in Memory Dump Using Windbg
背景
客戶報告了C#應用程序中的掛起。 我在應用程序掛起時有一個內存轉儲。 內存轉儲顯示主UI線程,顯示進度表單和運行的多個后台線程。 其中一個后台線程正在嘗試Control.Invoke回到主線程來更新表單。 CLR堆棧如下所示:
System.Threading.WaitHandle.WaitOneNative(Microsoft.Win32.SafeHandles.SafeWaitHandle, UInt32, Boolean, Boolean)
System.Threading.WaitHandle.WaitOne(Int64, Boolean)
System.Threading.WaitHandle.WaitOne(Int32, Boolean)
System.Windows.Forms.Control.WaitForWaitHandle(System.Threading.WaitHandle)
System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
profdata.com.Library.frmAsyncExec.SetMessageText(System.String)
profdata.com.Library.frmAsyncExec.SetMessage(System.String, System.String)
profdata.com.Library.frmAsyncExec.DoAsyncProcess(System.Object)
System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
System.Threading.ExecutionContext.runTryCode(System.Object)
System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
System.Threading.ThreadHelper.ThreadStart(System.Object)
UI線程處於模態循環中並等待消息:
System.Windows.Forms.UnsafeNativeMethods.WaitMessage()
System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(Int32, Int32, Int32)
System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
System.Windows.Forms.Application.RunDialog(System.Windows.Forms.Form)
System.Windows.Forms.Form.ShowDialog(System.Windows.Forms.IWin32Window)
profdata.com.Library.frmAppletBaseForm.ShowDialog(System.Windows.Forms.IWin32Window)
profdata.com.Library.frmAsyncExec.ExecuteProcess(System.Windows.Forms.IWin32Window)
我驗證了消息隊列中的唯一消息(我可以看到)是一個繪制消息。 消息15對應於WM_PAINT:
0:000> !dso
OS Thread Id: 0x126c (0)
ESP/REG Object Name
ebx 01a688d0 System.Windows.Forms.Application+ThreadContext
esi 01a6eb9c System.Windows.Forms.Application+ComponentManager+ComponentHashtableEntry
edi 1b0c05e0 System.Collections.Hashtable+HashtableEnumerator
0036e244 1b08430c System.Windows.Forms.NativeMethods+MSG[]
0:000> !da 1b08430c
Name: System.Windows.Forms.NativeMethods+MSG[]
MethodTable: 67e0592c
EEClass: 67be89b8
Size: 40(0x28) bytes
Array: Rank 1, Number of elements 1, Type VALUETYPE
Element Methodtable: 67e059dc
0:000> !dumpvc 67e059dc 1b084314
Name: System.Windows.Forms.NativeMethods+MSG
MethodTable 67e059dc
EEClass: 67bbd880
Size: 36(0x24) bytes
(C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll)
Fields:
MT Field Offset Type VT Attr Value Name
691b35f0 4002ba0 0 System.IntPtr 1 instance b02ee hwnd
691b2f74 4002ba1 4 System.Int32 1 instance 15 message
691b35f0 4002ba2 8 System.IntPtr 1 instance 0 wParam
691b35f0 4002ba3 c System.IntPtr 1 instance 0 lParam
691b2f74 4002ba4 10 System.Int32 1 instance 264314085 time
691b2f74 4002ba5 14 System.Int32 1 instance 188 pt_x
691b2f74 4002ba6 18 System.Int32 1 instance 386 pt_y
我知道Control.MarshaledInvoke是作為已知消息的PostMessage實現的:
private object MarshaledInvoke(Control caller, Delegate method, object[] args, bool synchronous)
{
...
System.Windows.Forms.UnsafeNativeMethods.PostMessage(new HandleRef(this, this.Handle), threadCallbackMessage, IntPtr.Zero, IntPtr.Zero);
...
}
MSDN對PostMessage說:
在與創建指定窗口的線程關聯的消息隊列中放置(發布)消息,並返回而不等待線程處理消息。
我懷疑這是后台線程訪問UI對象的經典案例,已知該UI對象會導致應用程序掛起。 我很清楚這是一件壞事。
由於有多個后台線程,我想確定哪個后台線程搞砸了。
題
是否可以使用內存轉儲中的信息確定對Control.Invoke的調用的目標線程?
工作到目前為止
我已經獲得了后台線程的堆棧對象的轉儲:
0:000> ~20s
0:020> !dso
OS Thread Id: 0x5d8 (20)
ESP/REG Object Name
ecx 01a2b2d0 System.Runtime.Remoting.Contexts.Context
0c42e49c 1b083e20 System.Threading.ManualResetEvent
0c42e524 01a2006c System.Collections.Hashtable
0c42e560 1b083e38 Microsoft.Win32.SafeHandles.SafeWaitHandle
0c42e5fc 1b044128 System.Windows.Forms.PropertyStore
0c42e608 1b060b68 System.Collections.Queue
0c42e610 1b083de0 System.Windows.Forms.Control+ThreadMethodEntry
0c42e65c 1b043b30 profdata.com.DailyReporting.frmDRAsyncExec
0c42e66c 1b083cb0 System.Object[] (System.Object[])
0c42e670 1b083c90 profdata.com.Library.frmAsyncExec+SetMessageDelegate
0c42e674 1b083cc4 System.Windows.Forms.Control+MultithreadSafeCallScope
0c42e694 1b043b30 profdata.com.DailyReporting.frmDRAsyncExec
我已經嘗試過在ThreadMethodEntry和Context對象上,但我不確定我在尋找什么:
0:020> !do 1b083de0
Name: System.Windows.Forms.Control+ThreadMethodEntry
MethodTable: 67e05380
EEClass: 67be8454
Size: 52(0x34) bytes
(C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll)
Fields:
MT Field Offset Type VT Attr Value Name
67dff750 40011b9 4 ...ows.Forms.Control 0 instance 1b043b30 caller
67dff750 40011ba 8 ...ows.Forms.Control 0 instance 1b043b30 marshaler
691b118c 40011bb c System.Delegate 0 instance 1b083c90 method
691844f8 40011bc 10 System.Object[] 0 instance 1b083cb0 args
691b0944 40011bd 14 System.Object 0 instance 00000000 retVal
691b0ebc 40011be 18 System.Exception 0 instance 00000000 exception
691847f4 40011bf 2c System.Boolean 1 instance 1 synchronous
691847f4 40011c0 2d System.Boolean 1 instance 0 isCompleted
69197b54 40011c1 1c ....ManualResetEvent 0 instance 1b083e20 resetEvent
691b0944 40011c2 20 System.Object 0 instance 1b083e14 invokeSyncObject
691ada1c 40011c3 24 ....ExecutionContext 0 instance 1b083cd0 executionContext
691aa00c 40011c4 28 ...ronizationContext 0 instance 00000000 syncContext
0:020> !do 01a2b2d0
Name: System.Runtime.Remoting.Contexts.Context
MethodTable: 691a210c
EEClass: 68fcf620
Size: 60(0x3c) bytes
(C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
Fields:
MT Field Offset Type VT Attr Value Name
691844f8 4001f60 4 System.Object[] 0 instance 01a2b3a0 _ctxProps
691a219c 4001f61 8 ...micPropertyHolder 0 instance 00000000 _dphCtx
691a75b4 4001f62 c ...em.LocalDataStore 0 instance 00000000 _localDataStore
69196f18 4001f63 10 ...ging.IMessageSink 0 instance 00000000 _serverContextChain
69196f18 4001f64 14 ...ging.IMessageSink 0 instance 00000000 _clientContextChain
691b1508 4001f65 18 System.AppDomain 0 instance 01a01298 _appDomain
691844f8 4001f66 1c System.Object[] 0 instance 00000000 _ctxStatics
691b35f0 4001f67 20 System.IntPtr 1 instance 551520 _internalContext
691b2f74 4001f68 24 System.Int32 1 instance 0 _ctxID
691b2f74 4001f69 28 System.Int32 1 instance 3 _ctxFlags
691b2f74 4001f6a 2c System.Int32 1 instance 1 _numCtxProps
691b2f74 4001f6b 30 System.Int32 1 instance 0 _ctxStaticsCurrentBucket
691b2f74 4001f6c 34 System.Int32 1 instance 0 _ctxStaticsFreeIndex
691a219c 4001f6d 654 ...micPropertyHolder 0 shared static _dphGlobal
>> Domain:Value 00557ff8:01a2b068 <<
69189944 4001f6e 658 ...LocalDataStoreMgr 0 shared static _localDataStoreMgr
>> Domain:Value 00557ff8:01a2b07c <<
691b2f74 4001f6f b40 System.Int32 1 shared static _ctxIDCounter
>> Domain:Value 00557ff8:0 <<
或者可能有更原生的方法涉及找到窗口句柄與特定線程的關聯,但如果是這樣,我不知道該怎么做。
您需要在ThreadMethodEntry中轉儲在UI線程上執行的委托(方法字段)。 其他成員只在那里,以便UI線程知道發送回調的控件以及執行它的同步上下文。
還有一些標志可以檢查是否有必要進行調用,如果調用失敗則還有一個異常字段,如果通過Invoke調用完成,則可以編組回調用者。 你可以安全地忽略那里的其他東西。
更多信息如何找到當您在此處找到代理實例時調用的方法: http : //geekswithblogs.net/akraus1/archive/2012/05/20/149699.aspx
由於您的回調甚至沒有執行,您還應該查看其他線程。 這種神秘的掛起通常與WM_SETTING_CHANGE窗口消息一起發生,其中非UI線程試圖調用您的控件(請參閱http://ikriv.com/dev/dotnet/MysteriousHang.html#BeginInvokeDance )。
使用WinDbg從崩潰轉儲檢查原始內存中的方法參數
[英]Using WinDbg to Inspect Method Parameters In Raw Memory from Crash Dump
WinDBG:memory 從 WinForms 應用程序轉儲 - 如何獲取文本框的值
[英]WinDBG: memory dump from WinForms application - how to get a value of text box
在Gen2中存在大量對象時,使用WinDbg查找內存泄漏
[英]Find memory leaks with WinDbg when lots of objects are present in Gen2
有沒有一種簡單的方法可以通過線程轉儲來查找線程死鎖的原因?
[英]Is there a simple way to take a thread dump to find cause of thread deadlock?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.