样例工程
在VS2013里新建一个C#控制台工程,写下如下代码:
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { Thread t1 = new Thread(new ThreadStart(TestMethod)); t1.Start(); t1.Join(); } public static void TestMethod() { while (true) { StringBuilder sb = new StringBuilder(1024*1024); Thread.Sleep(0); } } } }
工程配置如下:
编译生成Exe文件
跟踪分析
用windbg运行
在Event filter里添加异常0xe0434f4e
输入g命令,让程序运行,耐心等待触发异常中断,调试器中断后,有如下输出:
(2dfc.4e1c): Unknown exception - code e0434f4e (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=090bf848 ebx=00aacf28 ecx=00000000 edx=00000000 esi=00000000 edi=00aa8118
eip=762819b2 esp=090bf848 ebp=090bf8a0 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
KERNELBASE!RaiseException+0x62:
762819b2 8b4c2454 mov ecx,dword ptr [esp+54h] ss:002b:090bf89c=2df2f623
输入KV查看当前栈:
0:008> kv
# ChildEBP RetAddr Args to Child
00 090bf8a0 7234a780 e0434f4e 00000000 00000000 KERNELBASE!RaiseException+0x62 (FPO: [4,22,0])
01 090bf8dc 02f1091c 76f1b499 00aacf28 00000000 clr!Thread::RedirectedHandledJITCase+0x1d0 (FPO: [SEH])
WARNING: Frame IP not in any known module. Following frames may be wrong.
02 090bf910 721a10e1 00aacf28 090bf930 02f1091c 0x2f1091c
03 090bf91c 02f1091c 06ea8090 06ea8074 00000001 clr!RedirectedHandledJITCaseForGCThreadControl_Stub+0x1d
04 090bf930 70eb8391 06e62488 090bf9a0 70e8f474 0x2f1091c
05 090bf93c 70e8f474 06e623cc 00000000 00000000 mscorlib_ni+0x468391
06 090bf9a0 70e8f3a7 00000000 06e62400 00000000 mscorlib_ni+0x43f474
07 090bf9b4 70e8f364 00000000 06e62400 00000000 mscorlib_ni+0x43f3a7
08 090bf9d0 70eb82eb 06e62400 00000000 00000000 mscorlib_ni+0x43f364
09 090bf9e8 721af066 00aa8118 090bfa48 721b2375 mscorlib_ni+0x4682eb
0a 090bf9f4 721b2375 090bfa90 090bfa38 7234e800 clr!CallDescrWorkerInternal+0x34
0b 090bfa48 721bb3f5 090bfb54 06e62434 00000004 clr!CallDescrWorkerWithHandler+0x6b (FPO: [Non-Fpo])
0c 090bfabc 7234b377 090bfc00 7dae50c3 090bfd04 clr!MethodDescCallSite::CallTargetWorker+0x16a (FPO: [Non-Fpo])
0d 090bfc2c 7224f756 090bfda0 00aa8118 090bfd44 clr!ThreadNative::KickOffThread_Worker+0x131 (FPO: [Non-Fpo])
0e 090bfc44 7224f7e1 7dae5007 00000001 090bfd44 clr!ManagedThreadBase_DispatchInner+0x71 (FPO: [Non-Fpo])
0f 090bfce8 7224f6d3 7dae51d3 00000001 00aa8118 clr!ManagedThreadBase_DispatchMiddle+0x7e (FPO: [Non-Fpo])
10 090bfd3c 7224f8c1 00000001 00000000 00000001 clr!ManagedThreadBase_DispatchOuter+0x99 (FPO: [Non-Fpo])
11 090bfd60 7234b228 00000001 00000002 7dae510b clr!ManagedThreadBase_FullTransitionWithAD+0x2f (FPO: [Non-Fpo])
12 090bfde4 72334637 00aa7900 00000000 00000000 clr!ThreadNative::KickOffThread+0x260 (FPO: [Non-Fpo])
13 090bff08 74c00419 00aa7928 74c00400 090bff74 clr!Thread::intermediateThreadProc+0x58 (FPO: [Non-Fpo])
14 090bff18 76f2662d 00aa7928 9f537ce9 00000000 KERNEL32!BaseThreadInitThunk+0x19 (FPO: [Non-Fpo])
15 090bff74 76f265fd ffffffff 76f451b5 00000000 ntdll!__RtlUserThreadStart+0x2f (FPO: [SEH])
16 090bff84 00000000 723345e0 00aa7928 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])
可以看到,确实是在进行GC堆垃圾回收时触发了此异常,输入uf clr!Thread::RedirectedHandledJITCase
...
7234a747 33f6 xor esi,esi//对esi清0
7234a749 56 push esi
7234a74a 8bcf mov ecx,edi
7234a74c e805f4ffff call clr!Thread::HandleThreadAbort (72349b56)
7234a751 c785e0ffffff01000000 mov dword ptr [ebp-20h],1
7234a75b 8b83b8000000 mov eax,dword ptr [ebx+0B8h]
7234a761 8985d0ffffff mov dword ptr [ebp-30h],eax
7234a767 898704010000 mov dword ptr [edi+104h],eax
7234a76d 89b708010000 mov dword ptr [edi+108h],esi
7234a773 56 push esi//压第四个参数0
7234a774 56 push esi//压第三个参数0
7234a775 56 push esi//压第二个参数0
7234a776 684e4f43e0 push 0E0434F4Eh//第一个参数直接以立即数压栈
7234a77b ff15e4628f72 call dword ptr [clr!_imp__RaiseException (728f62e4)]//抛出异常
...