Listen to the Memory Manager

-
Let's say you have a nice, working Delphi application. One fine day, for no reason whatsoever, you decide to run your fine and bug free application with FastMM in full debug mode. Just for fun... and suddenly, out of the blue, the app starts crashing with an AV reading of address 0x80808088. What is going on... ????

When a seemingly working application suddenly starts misbehaving, the first instinct would be to look at the latest code change in searching for clues. In the above case, the only change was turning on FastMM debug mode. Could this be a bug in FastMM?

While all software has bugs and it is perfectly possible that FastMM has bugs, too, it is highly unlikely that this is FastMM's fault.

If turning on the CatchUseOfFreedInterfaces define in FastMM configuration shows an attempt to use an interface on a freed object, you have found the culprit. It may require further debugging and inspecting the code, but at least you will know what to look for.

One of the "problems" with TComponent (and subsequently its descendants, including all visual controls in the VCL and FMX frameworks) is that it implements interfaces, but has reference counting disabled in the _AddRef and _Release methods so that it can be used like a regular class.

However, it is often forgotten that in such cases _AddRef and _Release calls, even though they don't do any actual counting, will still be inserted by the compiler and called for any interface reference to such an object instance. So if there is an alive interface reference to the object after calling Free, that interface reference will contain a dangling pointer and when it goes out of scope, _Release will be called on an already nuked object. While you may get away with such a call without FastMM in debugging mode, if it is turned on it will correctly identify the problem.

The following is a very simple test case that will blow up with FastMM in debug mode:

procedure TestComponent;
var
  Comp: TComponent;
  Intf: IInterface;
begin
  Comp := TComponent.Create(nil);
  Intf := Comp;
  Comp.Free;
end;

Since the interface reference Intf is automatically managed, it will go out of scope (and invoke the reference counting mechanism) in the epilogue of the TestComponent procedure, invoking _Release on the Comp object instance, which had already been released.

If that interface reference is cleared before the component instance is released, the code will work properly.

procedure TestComponent;
var
  Comp: TComponent;
  Intf: IInterface;
begin
  Comp := TComponent.Create(nil);
  Intf := Comp;
  ....
  Intf := nil;
  Comp.Free;
end;

While code accessing a released object instance may work properly because remnants of the object are still sitting in memory and nothing bad actually happens, such code can just as easily cause memory corruption and subtle bugs, if the memory where a particular object instance was occupying was reused for something else in the meantime.

Comments

Post a Comment

Popular posts from this blog

Coming in Delphi 12: Disabled Floating-Point Exceptions

-
Delphi 12 is in the works. One of its small features that will have a huge impact is a change in the default handling of floating-point exceptions, which will now be masked on all platforms. Previously, floating-point exception handling was different across platforms, and most notably on the Windows platform: In VCL and console applications, floating-point exceptions were not masked and would raise an exception. On the other hand, FireMonkey applications had all floating-exceptions masked by default, regardless of which platform they were running on. Basically if you haven't explicitly changed the exception mask in your code to some value other than the default, and you had code that attempted to divide some number with zero, you would get an EZeroDivide exception in previous Delphi versions on the Windows VCL application. In Delphi 12, there is no exception, and the result of such a division will be +INF . So the following code will no longer raise an exception. If you were r
Read more

Beware of loops and tasks

-
Loops and anonymous methods don't go hand in hand. Any variable that changes for each iteration will cause problems if it is used within an anonymous method. I explained the mechanism behind variable capturing in the post Mysterious Case Of Wrong Value , along with the problem it causes with loops and its solution. Commonly, anonymous methods are used as callbacks or event handlers, where there are no loops in the context where variable capture happens. While there is a possibility to have an unexpected—wrong—value in such scenarios, it is rather easy to debug them and understand the order in which some code is called, and why the captured value is wrong in a given place. With the rise of multi-threading usage, and especially the Parallel Programming Library and tasks, writing anonymous methods inside a loop becomes more common, and it is much easier to write code where a captured variable will have the wrong value. The biggest problem with such code is that it will be harder to
Read more

Catch Me If You Can - Part II

-
It has been quite some time since I wrote the Catch Me If You Can post about the inability of LLVM-backed compilers to catch non-call hardware exceptions. In other words, hardware exceptions raised by code written in the same block as the try...except exception handler. Since then, more LLVM-backed compilers have been added to Delphi, and with those, more reasons to change common coding practices... but still, very few developers know about the issue. The original article covered only try...except exception handlers, and exploring what exactly happens with implicit and explicit try...finally handlers was left as an exercise to the readers and to some future, now long overdue, post. And Now: All Hell Breaks Loose When you read about non-call hardware exceptions not being caught by an immediate try...except block, the implications might not look too serious. After all, while plenty of code can raise exceptions, try...except handlers are not that frequently used in places, as mo
Read more