[Tinyos-devel] Bug in TossimActiveMessageC
Philip Levis
pal at cs.stanford.edu
Wed Jan 21 19:17:13 PST 2009
On Jan 21, 2009, at 6:58 PM, Lumir Honus wrote:
> Hello,
>
> I'm working on watchdog technique monitoring and during simulation I
> found a bug in TossimActiveMessageC.
>
> First how to reproduce it. I use ctp and simple application which
> sends a packet firmly in the interval.
> My topology follows next scheme:
>
> 0 ---- 1 ---- 2
> \
> \
> 3
>
> It means 0 is base station, 2 uses 1 for forwarding packets, 1 and 3
> have direct connection to base station.
>
> When I closely watched how node 1 behaves, I found that sometimes it
> forwards a wrong packet which it doesn't have in forwarding queue.
> This occurs just when a node has some messages to forward in his queue
> and it hears (snoops) some other message.
>
> After a very exhaustive debugging :), I found that this is due to line
> 105 in TossimActiveMessageC -- memcpy(bufferPointer, msg,
> sizeof(message_t));
>
> Honestly I don't know exactly why, but bufferPointer points to the
> same space in memory as SendQueue which holds messages for forwarding.
>
> FIX:
> I tried replace lines
> 54. << message_t buffer;
> 55. << message_t* bufferPointer = &buffer;
>
> by
>
> 98 event void Model.receive(message_t* msg) {
> 99 uint8_t len;
> 100 void* payload;
> 101
> 102 >> message_t* bufferPointer =
> (message_t*)malloc(sizeof(message_t));
> 103 memcpy(bufferPointer, msg, sizeof(message_t));
>
> and everything works ok now
Well, this is a memory leak...
The behavior you're seeing occurs if a Receive.receive handler returns
a pointer to a buffer but some other component is still using the
pointer. It's *possible* this is happening within CTP, but it could
also be the application you've put on top of CTP. What does your
application code look like?
Phil
More information about the Tinyos-devel
mailing list