Page 1 of 3

Heap corrupting when using xQueue

Posted: Tue Jun 19, 2018 6:23 pm
by x-8973
I use xQueue to exchange messages between two RTOS tasks. I encountered a problem when using xQueue causes damage to dynamic memory, and sometimes kernel panic. The xQueueCreate(), xQueueSend() and xQueueReceive() functions are used in accordance with the documentation for the RTOS.

Code: Select all

void app_main()
{
	...
	systemEvtQueue = xQueueCreate(10, sizeof(uint8_t));
	...
}

static void task1(void *pvParameters)
{
	uint8_t event = 0;
	while (1)
	{
		event = 3;
		xQueueSend(systemEvtQueue, (void *)&event, (TickType_t)0);
		ESP_LOGI(__func__, "Sending event %i", event);
		
		vTaskDelay(1000 / portTICK_PERIOD_MS);
	}
}

static void task2(void *pvParameters)
{
	uint8_t event = 0;
	while (1)
	{
		if (xQueueReceive(systemEvtQueue, (void *)&event, (TickType_t)0))
		{
			ESP_LOGI(__func__, "Received event %i", event);
		}
		vTaskDelay(100 / portTICK_PERIOD_MS);
	}
}
I determine the memory corruption by the appearance of graphical artifacts on the OLED, for which the framebuffer was created using the function malloc(). Sometimes a kernel panic occurs, indicating the file is multi-heap.c. I can show the console output when the kernel panic reoccurs.

Re: Heap corrupting when using xQueue

Posted: Tue Jun 19, 2018 6:33 pm
by chegewara
How you create both tasks? with xCreateTask or PinnedToCore? What size is tasks stack?

Re: Heap corrupting when using xQueue

Posted: Tue Jun 19, 2018 6:51 pm
by x-8973

Code: Select all

xTaskCreate(&task1, "GUI task", 2048, NULL, 10, NULL);
xTaskCreate(&task2, "Event task", 2048, NULL, 10, NULL);

Re: Heap corrupting when using xQueue

Posted: Wed Jun 20, 2018 12:50 am
by ESP_Angus
Hi x-8973,

I adapted the code from your post into a working main.c. This runs without any immediate problems on the current IDF master branch:
https://gist.github.com/projectgus/f4f4 ... c0b9309d91

I also turned on Comprehensive heap checking but no problems were detected.

If you have some steps & working code to reproduce the crash (maybe a particular IDF version or config) then that would be great.

The other thing to keep in mind is that heap corruption bugs can manifest in very unusual ways which makes them a pain to debug - often the code which crashes is a symptom of the corruption, not the cause - so the stack trace in the crash can be a red herring. There is some more about this, and some tips, in the docs:
https://esp-idf.readthedocs.io/en/lates ... corruption

Angus

Re: Heap corrupting when using xQueue

Posted: Wed Jun 20, 2018 3:26 am
by x-8973
It seems that the matter is still not in xQueue. I think, somewhere I have a pointer, which at some point becomes wrong. In this case, the question is removed. Thanks for answers.
In any case, if I have the opportunity to get a memory dump, I will show it here.

Re: Heap corrupting when using xQueue

Posted: Wed Jun 20, 2018 4:45 pm
by x-8973
I do not think that it will help much, but I have a console output with the next heap damage. I would be very happy if someone could explain to me how to decode it.

Code: Select all

CORRUPT HEAP: multi_heap.c:233 detected at 0x3ffc8c18
abort() was called at PC 0x4008c486 on core 0

Backtrace: 0x4008cbe8:0x3ffc23c0 0x4008cdbf:0x3ffc23e0 0x4008c486:0x3ffc2400 0x4008c724:0x3ffc2420 0x400827c2:0x3ffc2440 0x40082c2a:0x3ffc2460 0x40082cd9:0x3ffc2490 0x400d269d:0x3ffc24b0 0x4014fb17:0x3ffc24d0 0x401157df:0x3ffc24f0 0x40118593:0x3ffc2510 0x4010fc79:0x3ffc2530 0x4010fcb7:0x3ffc2550 0x40110717:0x3ffc2570 0x40086a16:0x3ffc2590
In addition, I found a completely incomprehensible behavior of the program. Sometimes the console displays messages about the wrong GPIO number in the gpio_set_level(). I suspect that the wrong pointer rips memory in completely random places. So far I have not been able to identify him.

Re: Heap corrupting when using xQueue

Posted: Wed Jun 20, 2018 5:19 pm
by chegewara

Re: Heap corrupting when using xQueue

Posted: Wed Jun 20, 2018 6:52 pm
by x-8973
Unfortunately, I do not use Arduino IDE. The search for this for Eclipse did not lead to anything.
However, there is a project EspStackTracesDesoder. I'll try to work with him.

Re: Heap corrupting when using xQueue

Posted: Wed Jun 20, 2018 7:17 pm
by chegewara
I am using this tool even when i am working with esp-idf. Yes, you have to install arduino-ide, but you can use it to decode backtrace from esp-idf app. Just open new arduino project and use this tool. It will ask you for path to elf file. Thats all.

Re: Heap corrupting when using xQueue

Posted: Wed Jun 20, 2018 7:51 pm
by x-8973
I used EspStackTracesDeŅoder. It works from the command line. In addition, he needs to specify the path to "addr2line.exe".