1

我试图调查一个挂着windbg的人,想知道我的假设是否正确。如果我调用命令 !mlocks 我得到以下信息:

0:000> !mlocks
Examining SyncBlocks...
Scanning for ReaderWriterLock instances...
Scanning for holders of ReaderWriterLock locks...
Scanning for ReaderWriterLockSlim instances...
Scanning for holders of ReaderWriterLockSlim locks...
Examining CriticalSections...




ClrThread  DbgThread  OsThread    LockType    Lock              LockLevel 
-------------------------------------------------------------------------- 
0x640064   -1         0xffffffff  RWLock      000000000339a338  Writer  
0x6        7          0x1ea8      thinlock    000000000343ddd8  (recursion:0)

执行 rwlocks 时,我得到以下信息:

 0:000> !rwlock 000000000339a338            
WriterThread:           0x640064 (DEAD) WriterLevel:            115 WaitingWriterCount:     0 
WriterEvent:            0 
WaitingWriterThreadIds: None 
ReaderCount:            116 
CurrentReaderThreadIds:  
WaitingReaderCount:     576 
ReaderEvent:            80400002 
WaitingReaderThreadIds:  
*This lock has 116 orphaned reader locks.

0:007> !rwlock 

Address            ReaderCount   WaitingReaderCount     WriterThread   WaitingWriterCount 
... 
000000000339a338           116                  576            0x640064                 0 
... 
00000000053f0688           568                  499            --                       6 
...

我懂了。当我打电话

    0:000> !dlk Examining SyncBlocks... Scanning for ReaderWriterLock instances... Scanning for holders of ReaderWriterLock locks... Scanning for ReaderWriterLockSlim instances... 
Scanning for holders of ReaderWriterLockSlim locks... 
Examining CriticalSections... 
Scanning for threads waiting on SyncBlocks... 
Scanning for threads waiting on ReaderWriterLock locks... 
Scanning for threads waiting on ReaderWriterLocksSlim locks... 
Scanning for threads waiting on CriticalSections... 
No deadlocks detected.

则不会检测到死锁。我在 Tess 的博客上找到了这个 我的问题是这个线程是否与我挂起的应用程序有关,以及可能的情况。线程死了是什么意思。锁会发生在死线程上吗?还是我必须在其他地方找到我挂起的应用程序的根本原因?请帮我解释这个输出。

问候,伯恩哈德

这是一些附加信息:

0:000> dc 000000000339a338
00000000`0339a338  f2073268 000007fe 00000000 80000000  h2..............
00000000`0339a348  f2066960 000007fe 00000010 00650047  `i..........G.e.
00000000`0339a358  00480074 0073006f 00410074 00640064  t.H.o.s.t.A.d.d.
00000000`0339a368  00650072 00730073 00730065 00000000  r.e.s.s.e.s.....
00000000`0339a378  00000000 00000000 00000000 00000000  ................
00000000`0339a388  f2066960 000007fe 0000001c 00650066  `i..........f.e.
00000000`0339a398  00300038 003a003a 00380034 00310038  8.0.:.:.4.8.8.1.
00000000`0339a3a8  0034003a 00660039 003a0063 00300039  :.4.9.f.c.:.9.0.
0:000> db 000000000339a338
00000000`0339a338  68 32 07 f2 fe 07 00 00-00 00 00 00 00 00 00 80  h2..............
00000000`0339a348  60 69 06 f2 fe 07 00 00-10 00 00 00 47 00 65 00  `i..........G.e.
00000000`0339a358  74 00 48 00 6f 00 73 00-74 00 41 00 64 00 64 00  t.H.o.s.t.A.d.d.
00000000`0339a368  72 00 65 00 73 00 73 00-65 00 73 00 00 00 00 00  r.e.s.s.e.s.....
00000000`0339a378  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0339a388  60 69 06 f2 fe 07 00 00-1c 00 00 00 66 00 65 00  `i..........f.e.
00000000`0339a398  38 00 30 00 3a 00 3a 00-34 00 38 00 38 00 31 00  8.0.:.:.4.8.8.1.
00000000`0339a3a8  3a 00 34 00 39 00 66 00-63 00 3a 00 39 00 30 00  :.4.9.f.c.:.9.0.

0:000> !mdt 000000000339a338  
Can't get name for module 000007ff0068c3c0. Error = 0x80070057.
Can't get name for module 000007ff00791908. Error = 0x80070057.
Can't get name for module 000007ff0068c3c0. Error = 0x80070057.
Can't get name for module 000007ff00791908. Error = 0x80070057.
000000000339a338 (System.Threading.ReaderWriterLock)
    _hWriterEvent:8000000000000000 (System.IntPtr)
    _hReaderEvent:000007fef2066960 (System.IntPtr)
    _hObjectHandle:0065004700000010 (System.IntPtr)
    _dwState:0x480074 (System.Int32)
    _dwULockID:0x73006f (System.Int32)
    _dwLLockID:0x410074 (System.Int32)
    _dwWriterID:0x640064 (System.Int32)
    _dwWriterSeqNum:0x650072 (System.Int32)
    _wWriterLevel:0x0073 (System.Int16)

0:000> !mdt 000000000343ddd8  
Can't get name for module 000007ff0068c3c0. Error = 0x80070057.
Can't get name for module 000007ff00791908. Error = 0x80070057.
000000000343ddd8 (System.Collections.Generic.LinkedList`1[[TAU.GuiAccess.PopupHandler.ClientInfo, TAU.GuiAccess.PopupHandler]])
    head:000000000823e148 (System.Collections.Generic.LinkedListNode`1[[TAU.GuiAccess.PopupHandler.ClientInfo, TAU.GuiAccess.PopupHandler]])
    count:0x1 (System.Int32)
    version:0x3b (System.Int32)
    _syncRoot:NULL (System.Object)
    siInfo:NULL (System.Runtime.Serialization.SerializationInfo)

0:000> !do 000000000343ddd8 
Name:        System.Collections.Generic.LinkedList`1[[TAU.GuiAccess.PopupHandler.ClientInfo, TAU.GuiAccess.PopupHandler]]
MethodTable: 000007ff009ce218
EEClass:     000007ff009dda20
Size:        48(0x30) bytes
File:        C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
000007ff009ced28  4000586        8 ...ss.PopupHandler]]  0 instance 000000000823e148 head
000007fef206c848  4000587       20         System.Int32  1 instance                1 count
000007fef206c848  4000588       24         System.Int32  1 instance               59 version
000007fef2065ab8  4000589       10        System.Object  0 instance 0000000000000000 _syncRoot
000007fef208a1b8  400058a       18 ...SerializationInfo  0 instance 0000000000000000 siInfo
ThinLock owner 6 (0000000000000000), Recursive 0
4

1 回答 1

1

“DEAD”指示表示没有相应的 OS 线程。创建托管线程时,会创建托管线程对象并为其分配线程 ID。在 Windows 上,托管线程和本机线程之间目前始终存在 1:1 映射,因此还分配了一个 OS 线程 ID。当一个线程终止时,托管线程对象和本机线程之间的关联显然被破坏了。但是,托管线程对象需要一段时间才能被清理干净。处于此状态的线程被 sosex 列为“DEAD”,并在 !sos.threads 输出中列为 XXXX。

在这种情况下,CLR 线程 ID (00640064) 看起来很可疑。奇怪的是,它看起来像 Unicode 文本“dd”。托管锁地址周围可能存在损坏。使用调试器的“dc”或“db”命令查看是否有一些文本覆盖了线程 ID 字段。

于 2012-07-24T20:10:34.667 回答