windbg .net 程序的死锁检测 常用方法(个人备份笔记)

//死锁检测

 

.load sosex.dll


0:004> !dlk



0:000> !mk -a

 

The mk command displays a call stack of the currently selected thread (including both managed and unmanaged frames).
The command has now been extended to support the -a switch which outputs both the local variables as well as parameters
(combination of -l and -p switches):

 

 

0:003> !finq

  

The finq command (finalization queue) lists all the objects that are on the finalization queue. An example is shown below:

 

 

 

0:003> !frq -stat

  


The frq command (f-reachable queue) on the other hand, lists all objects that are on the f-reachable queue as shown below:

 


// 200b220 代表线程等待,可能是锁,或者 Sleep(), 这个要进一步检查。

0:046> !threads
ThreadCount:      54
UnstartedThread:  0
BackgroundThread: 22
PendingThread:    0
DeadThread:       9
Hosted Runtime:   no
                                           PreEmptive                                                   Lock
       ID  OSID        ThreadOBJ     State GC       GC Alloc Context                  Domain           Count APT Exception
   9    1  1644 0000000001412de0      8220 Enabled  0000000000000000:0000000000000000 0000000000311a20     0 Ukn
  17    2   528 000000000141f5d0      b220 Enabled  0000000000000000:0000000000000000 0000000000311a20     0 MTA (Finalizer)
  19    4  181c 00000000039853e0   100a220 Enabled  0000000000000000:0000000000000000 0000000000311a20     0 MTA (Threadpool Worker)
  20    5  221c 0000000003998d00      1220 Enabled  0000000000000000:0000000000000000 0000000000311a20     0 Ukn
  21    6  16d8 00000000044484c0   200b220 Enabled  0000000000000000:0000000000000000 00000000039980a0     0 MTA
  22    7  1e54 0000000004460680   200b220 Enabled  0000000000000000:0000000000000000 00000000039980a0     0 MTA
  23    8  1308 000000000445fd20   200b220 Enabled  0000000000000000:0000000000000000 00000000039980a0     0 MTA
XXXX    9       00000000044b0510   1019820 Enabled  0000000000000000:0000000000000000 0000000000311a20     0 MTA (Threadpool Worker)
  25    a  1e50 00000000044e0e80   200b020 Enabled  0000000000000000:0000000000000000 00000000039980a0     0 MTA
  26    b  204c 000000000450b110   200b220 Enabled  0000000000000000:0000000000000000 00000000039980a0     0 MTA

  

 

0:000> !ThreadState 3009220
    Legal to Join
    Background
    CLR Owns
    In Multi Threaded Apartment
    Thread Pool Worker Thread
    Interruptible
0:000> !ThreadState 200b220
    Legal to Join
    Background
    CLR Owns
    CoInitialized
    In Multi Threaded Apartment
    Interruptible
0:000> !ThreadState 8009220 
    Legal to Join
    Background
    CLR Owns
    In Multi Threaded Apartment
    Completion Port Thread

  

// threadstate详细: http://www.parallelfun.com/2012_11_01_archive.html



 0:050> !syncblk
Index         SyncBlock 		MonitorHeld Recursion 	Owning Thread Info          	SyncBlock Owner
   57 		000000000456f9e8            1         1 	0000000004567c30 1c98  46   	00000001800b6e90 System.Object
		Waiting threads:
  141 		00000000045702a8            1         1 	0000000004567c30 1c98  46   	00000001800b6f70 ProtoBufV2.Meta.BasicList
		Waiting threads:
-----------------------------
Total           152
CCW             3
RCW             2
ComClassFactory 0
Free            64

  



// 46号托管线程拥有一个Monitor, MonitorHeld 的计算方法:(MonitorHeld-1)/2 个线程等待 46号线程。
// 例如: 线程91 的 MonitorHeld 是39,则:(39-1)/2=19 表示有19个线程等待线程91
// 这里的MonitorHeld按msdn的解释,拿锁的线程为1,等锁的线程为2; Monitorheld的值是偶数,也说明已经没有线程拿住锁了。

/*
Sync Block 的信息:
通过!syncblk 索引值 可以显示Sync Block的信息,主要有如下信息
Index: Sync Block Table中的Index值
Sync Block: Sync Block的地址
MonitorHeld: numbers of monitor held
Recursion: 该线程获取该sync block的次数
Owning thread info : 总共有三个值,第一个值是线程的数据结构地址,第二个是线程的系统线程ID,第三个值为线程的托管线程ID
SyncBlock Owner:指向拥有该SyncBlock的对象的内存地址,也就是Object的地址
如果有第二个值指这个synblock第二个Held的类型
统计信息:
Total    152   (sync block table的总的sync Lock数量)
CCW    3     (CCW(COM Callable Wrappers)对象拥有的sync block 数量)
RCW    2       (RCW(Runtime Callable Wrappers )对象拥有的sync block 数量)
ComClassFactory 0
Free 64 Sync block table 剩余的空索引的数量

*/


/*

http://blogs.msdn.com/b/oldnewthing/archive/2006/12/12/1266392.aspx

!syncblock 详细解释和 !critsec 使用
http://blogs.msdn.com/b/tess/archive/2006/01/09/a-hang-scenario-locks-and-critical-sections.aspx
*/

0:044> !syncblk
Index         SyncBlock MonitorHeld Recursion Owning Thread Info          SyncBlock Owner
 2193 000000000598fe18            5         1 000000000a4650e0 3038 110   00000001bff69770 System.Object
		Waiting threads: 90 121
 2616 000000000577db08          133         0 0000000000000000     none    000000011fc6aa30 System.RuntimeType+RuntimeTypeCache+MemberInfoCache`1[[System.Reflection.RuntimeMethodInfo, mscorlib]]
		Waiting threads: 39 40 42 48 49 52 53 58 60 63 65 67 69 73 75 76 77 79 81 82 83 85 86 87 88 93 94 95 97 99 100 104 105 107 108 109 110 111 112 114 115 117 120 122 123 124 128 129 132 133 134 135 136
 2910 000000000577bae8            3         1 000000000a5821b0 134bc  78   000000019fc88170 System.Object
		Waiting threads: 64
-----------------------------
Total           3256
CCW             3
RCW             2
ComClassFactory 1
Free            2992

  

//如果知道临界区的地址,可以用一下命令,如果不知道地址,可以用!locks

0:044> !critsec 000000011fc6aa30

DebugInfo for CritSec at 000000011fc6aa30 does not point back to the critical section
NOT an initialized critical section.

CritSec +1fc6aa30 at 000000011fc6aa30
WaiterWoken        Yes
LockCount          -1
RecursionCount     0
OwningThread       0
EntryCount         fef56b35
ContentionCount    2000007
*** Locked

  


// !locks 的输出
// http://msdn.microsoft.com/en-us/library/windows/hardware/ff541979(v=vs.85).aspx

0:105> !locks

CritSec +1192340 at 0000000001192340
WaiterWoken        No
LockCount          0
RecursionCount     1
OwningThread       bad0
EntryCount         0
ContentionCount    46a
*** Locked

  

//直接切换到进程上去:

0:014> ~~[bad0]s

  

//或者用 ~ 列出所有线程,然后切过去
//参考:http://blogs.msdn.com/b/tess/archive/2006/01/09/a-hang-scenario-locks-and-critical-sections.aspx

 

0:105> ~
#  0  Id: d9e0.a700 Suspend: 0 Teb: 000007ff`fffde000 Unfrozen
   1  Id: d9e0.18bac Suspend: 0 Teb: 000007ff`fffdc000 Unfrozen
   2  Id: d9e0.bfa0 Suspend: 0 Teb: 000007ff`fffd7000 Unfrozen
   3  Id: d9e0.bad0 Suspend: 0 Teb: 000007ff`fffd3000 Unfrozen
   4  Id: d9e0.16364 Suspend: 0 Teb: 000007ff`fff9e000 Unfrozen
0:014> ~3s  

  






//

 0:046> .shell -i - -ci "~*e !clrstack" FIND  /i "Monitor.Enter"
0000000002f7d428 0000000076f6171a [HelperMethodFrame: 0000000002f7d428] System.Threading.Monitor.Enter(System.Object)
00000000049ad3e8 0000000076f6171a [HelperMethodFrame: 00000000049ad3e8] System.Threading.Monitor.Enter(System.Object)
0000000016a6d898 000007fef76500b9 [HelperMethodFrame: 0000000016a6d898] System.Threading.Monitor.Enter(System.Object)
0000000016b6e8b8 000007fef76500b7 [HelperMethodFrame: 0000000016b6e8b8] System.Threading.Monitor.Enter(System.Object)
.shell: Process exited
0:046> .shell -i - -ci "~*e !clrstack" FIND  /i "Monitor.TryEnter"
.shell: Process exited
0:046> .shell -i - -ci "~*e !clrstack" FIND  /i "Monitor"
000000000433eae8 0000000076f6186a [HelperMethodFrame_1OBJ: 000000000433eae8] System.Threading.Monitor.ObjWait(Boolean, Int32, System.Object)
000000000504e3b8 0000000076f6186a [HelperMethodFrame_1OBJ: 000000000504e3b8] System.Threading.Monitor.ObjWait(Boolean, Int32, System.Object)
000000000504e4e0 000007fef663d2ae System.Threading.Monitor.Wait(System.Object)
0000000002f7d428 0000000076f6171a [HelperMethodFrame: 0000000002f7d428] System.Threading.Monitor.Enter(System.Object)
00000000049ad3e8 0000000076f6171a [HelperMethodFrame: 00000000049ad3e8] System.Threading.Monitor.Enter(System.Object)
0000000016a6d898 000007fef76500b9 [HelperMethodFrame: 0000000016a6d898] System.Threading.Monitor.Enter(System.Object)
0000000016b6e8b8 000007fef76500b7 [HelperMethodFrame: 0000000016b6e8b8] System.Threading.Monitor.Enter(System.Object)
.shell: Process exited 

  




// 有时候会发现无锁定同步快或死锁,还可以用!mlocks 看看

0:164> !dlk
Examining SyncBlocks...
Scanning for ReaderWriterLock instances...
Scanning for holders of ReaderWriterLock locks...
Scanning for ReaderWriterLockSlim instances...
Scanning for holders of ReaderWriterLockSlim locks...
Examining CriticalSections...
Scanning for threads waiting on SyncBlocks...
Scanning for threads waiting on ReaderWriterLock locks...
Scanning for threads waiting on ReaderWriterLocksSlim locks...
Scanning for threads waiting on CriticalSections...
No deadlocks detected.
0:164> !mlocks
Examining SyncBlocks...
Scanning for ReaderWriterLock instances...
Scanning for holders of ReaderWriterLock locks...
Scanning for ReaderWriterLockSlim instances...
Scanning for holders of ReaderWriterLockSlim locks...
Examining CriticalSections...

ClrThread  DbgThread  OsThread    LockType    Lock              LockLevel
------------------------------------------------------------------------------
0x67       116        0x1e8       thinlock    000000014036a2b0  (recursion:0)
0xab       182        0x268       thinlock    00000001c0724188  (recursion:0)  
0xa4       177        0x14cc      RWLockSlim  000000013ff0a358  Writer          
  
  
0:164> !rwlock 000000013ff0a358
WriteLockOwnerThread:             0xa4
UpgradableReadLockOwnerThread:    None
ReaderCount:                      0
ReaderThreadIds:                  None
WaitingReaderCount:               204
WaitingReaderThreadIds:           0x9,0xa,0x11,0x12,0x13,0x14,0x15,0x16,0x17
WaitingWriterCount:               204
WaitingWriterThreadIds:           0x8,0xf,0x1d,0x21,0x24,0x2b,0x2f,0x30,
WaitingUpgradableReaderCount:     0
WaitingUpgradableReaderThreadIds: None
WaitingWriterUpgradeCount:        0
WaitingWriterUpgradeThreadIds:    None  

ClrThread  DbgThread  OsThread    LockType    Lock              LockLevel
------------------------------------------------------------------------------
0x15       19         0x15e8      thinlock    00000000010b6130  (recursion:0)
0x16c      226        0x1a1c      SyncBlock   0000000000c735a8 

  


// shell 命令:

.shell -ci "!mlocks -d" find "Writer"

  


















参考:
http://weblogs.thinktecture.com/ingo/2006/08/who-is-blocking-that-mutex---fun-with-windbg-cdb-and-kd.html

http://blogs.msdn.com/b/tess/archive/2006/01/09/a-hang-scenario-locks-and-critical-sections.aspx

http://hi.baidu.com/ju_feng/item/e22f06974dafe530326eeb64

http://stackoverflow.com/questions/22037581/determining-which-method-is-holding-a-readerwriterlockslim-writelock

posted @ 2016-09-12 17:26  softfair  阅读(1906)  评论(0编辑  收藏  举报