TTD HeapAnalysis error, and crash

[soiax]

Hi,

When working with a TTD trace, i encounter this error:

`

0:000> dx -r1 @$cursession.TTD.Data.Heap()
@$cursession.TTD.Data.Heap()
[0x0] : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
[0x1] : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
[0x2] : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
[0x3] : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
[0x4] : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]

`

With PageHeap enabled for enghost.exe, it leads to a crash.
Attached crashdump:
EngHost.exe.47612.dmp

[KenSykes]

Thanks for the report and the dump. The issue here is you are debugging a 32-bit trace which causes the 32-bit engine to be used. Then you are asking for a large amount of data through dx -r1 @$cursession.TTD.Data.Heap() and the process runs out of memory.

You can tell windbg to use the 64-bit engine instead: windbg -debugarch amd64 -z <path\to\your\trace.run>

The reason we match the debugger engine bitness to the bitness of the recorded process is some debugger extensions (i.e. the CLR-related extensions) expect the bitness to match. The 64-bit TTD replay engine itself can open a trace for any architecture without issue. So, provided you don't run into debugger extension issues the above command should work for you.

[0vercl0k]

@KenSykes I took a look at this when investigating 0vercl0k/windbg-scripts#5 and my understanding was that somehow the return (c.Flags === undefined) || ((c.Flags & exemptedFlagMask) == 0); line in HeapAnalaysis.js was triggering the loss of precision; if I use c.Flags.convertToNumber() the problem goes away.

Let me know if we're missing anything!

Cheers

[KenSykes]

Thanks, that makes sense. I only addressed the crashing part of your report, will look at changing this script as you suggest.

[0vercl0k]

Haha, .. and I only looked at the .Heap() issue, apologies if I prematurely jumped in 😅

Cheers

[KenSykes]

HeapAnalysis.txt

I was unable to repro this but made the change suggested above. Here is my copy of the file, can you verify it fixes the issue? Need to rename to .js and .scriptunload / .scriptload this one.

[0vercl0k]

I've attached a .run file (zipped,
Project101.zip) where you should see the issue (in case you want to take a deeper look) - I did verify your fix though and it works 🥳:

0:000> dx @$cursession.TTD.Data.Heap()
@$cursession.TTD.Data.Heap()                
    [0x0]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]
    [0x1]            : Error: 64 bit value loses precision on conversion to number [at HeapAnalysis (line 157 col 60)]

0:000> .scriptunload HeapAnalysis.js
JavaScript script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\TTD\Analyzers\HeapAnalysis.js'
0:000> .scriptload c:\users\over\downloads\heapanalysis.js
JavaScript script successfully loaded from 'c:\users\over\downloads\heapanalysis.js'

0:000> dx @$cursession.TTD.Data.Heap()
@$cursession.TTD.Data.Heap()                
    [0x1]            : [object Object]
    [0x2]            : [object Object]
..

Thank you!

Cheers

[KenSykes]

This fix has been checked in and will be available in next public release, hopefully sometime in January.

[0vercl0k]

Awesome, thank you Ken!

Cheers