Blogs

The Case of the Frozen Clock Gadget

  • Comments 51
  • Likes

Besides Aero Glass, one of the most visible features of Windows Vista is the Sidebar with its set of default Gadgets, like the clock, RSS feed, and photo viewer. The convenience of having frequently-accessed information on the desktop and the ease of their development has led to the availability of literally thousands of third-party Gadgets through sites like the Windows Vista Gadget Gallery. I’ve downloaded and installed a few out of curiosity, and in some cases kept them in my Sidebar’s standard configuration, and never experienced a problem.  A few days after installing a batch of new Gadgets, however, I noticed that a third-party clock Gadget had stopped updating, and so I set out to investigate.

My system was otherwise functioning normally, so my first step was to see if something was amiss with the Sidebar’s configuration. I right-clicked on the Sidebar screen area and selected the Properties menu item, but instead of displaying the Sidebar configuration dialog, the Sidebar crashed:

Gadgets run inside of shared Sidebar processes, so my first thought was that memory corruption in the Sidebar process had caused the clock to stop and subsequent crash, and verifying that theory required that I analyze the crash. The Windows Error Reporting (WER) service creates a crash-dump file, which is the saved state of a faulting process, in case you agree to send information to Microsoft about a problem. I clicked open the View Details area to see where Windows had saved the dump:

The last path displayed by the dialog, WERD8EE.tmp.mdmp, is a dump file, so I launched the Microsoft Debugging Tools for Windows Windbg utility and opened the file. When you open a dump file, Windbg automatically shows you the instruction that ultimately lead to the crash. In this case, it was a memory copy operation in Msvcrt, the Microsoft C Runtime:

The right side of the line showing the instruction indicates that the target address of the copy is 0. When a memory resource is exhausted, memory-allocation functions typically return address 0, also known as a NULL pointer, because that’s an illegal address by default for a Windows process (an application can manually create read/write memory at address zero, but in general it’s not done). The fact that Sidebar referenced address 0 didn’t conclusively mean the crash was due to low-memory instead of corruption, but it appeared likely.

I next looked at the code that led to the crash, which would tell me if it was a Gadget or the Sidebar itself that had passed a NULL pointer to the C Runtime. To do so, I opened Windbg’s stack dialog:

I had previously configured Windbg’s symbol path to point at the Microsoft symbol server so that Windbg reports names of internal functions in Windows images, because knowing function names can often make understanding a dump file easier. The functions listed in the stack trace implied that Sidebar was querying the version of a “package” when it crashed. I’m not sure what the Sidebar calls a package, but the trace did seem to show that Sidebar was the culprit, not a Gadget.

So had Sidebar run out of memory? There are several types of resource exhaustion that can cause a memory allocation to fail. For example, the system could have run out of committable memory, the process could have consumed all the memory in its own address space, or an internal heap could have reached its maximum size.

I started by checking the committed memory, since that was quick. Total commitable memory, also known as the commit limit, is the sum of the paging file(s) and most of physical memory. When commitable memory runs low, Windows Vista’s low-resource watchdog warns you by presenting a list of processes consuming the most memory and gives you the option of terminating them to relieve the memory pressure. I hadn’t seen a warning, so I doubted that this was the cause, but opened Process Explorer’s System Information dialog to check anyway:

 

As I suspected, there was plenty of available Committable memory. I next looked at Sidebar’s virtual memory usage. Memory leaks are caused when a process allocates virtual memory, stores some data in it, uses the data, but doesn’t free the memory when it’s done with the data. Virtual memory that processes allocate to store their own data is called Private Bytes, so I opened Process Explorer and added the Private Bytes column:

On a 32-bit Windows system, processes have 2 GB of address space available to them by default, so the highest possible Private Bytes value is close to 2 GB, which is exactly what the Sidebar process with process ID 4680 had consumed. That confirmed it: a memory leak in Sidebar caused it to run out of address space, which in turned caused a memory allocation to fail, which finally caused a NULL-pointer reference and a crash. I suspect that the clock stopped when Sidebar’s address space was exhausted and the clock Gadget couldn’t allocate resources to update its graphic.

Next I had to determine which Gadget was causing the leak, which may or may not have been the frozen clock Gadget. The Sidebar consists of two processes, one Sidebar.exe process that hosts the Windows Gadgets and a child Sidebar.exe process for third-party Gadgets. At this point I knew that a third-party Gadget had leaked memory or caused the Sidebar to leak, but I had several third-party Gadgets running and I didn’t know which one to blame. Unfortunately, the Sidebar offers no way to track memory usage by Gadget (or any other resource usage for that matter), so I had to apply manual steps to isolate the leak.

After restarting the Sidebar, I removed the third-party Gadgets and added them back one at a time, leaving each to run for a minute or two while I monitored Sidebar’s Private Bytes usage. I added the Private Bytes Delta column to Process Explorer’s display to make it easy to spot increases, and after adding one of the Gadgets I started to see periodic positive Private Bytes Delta values, implicating it as the leaker:

Now that I knew the guilty Gadget, I could have simply uninstalled it and considered the case closed. But I was curious to know how the Gadget had managed to cause a leak in the Sidebar – a leak that persisted even after I removed the Gadget.

I navigated to the Gadget’s install directory and opened its HTML file to see what it was doing. The Gadget consists of around 3-dozen lines of pretty simple Javascript and I didn’t spot anything amiss. To narrow in on the problematic code, I began commenting out pieces and re-adding the Gadget to the Sidebar until the leak disappeared. The code I was left with was a function the Gadget configured to execute every 10 seconds to update its graphics. It called the Sidebar background object’s RemoveObjects method and then added back graphics and text by calling the background’s AddImageObject method. Here’s a simplified version of the relevant code:

The fact that it was using these APIs correctly meant that the leak was in the Sidebar’s code, but a quick Internet search didn’t turn up any mentions of a leak in the background object. If Sidebar APIs had a memory leak, why wasn’t it well known? I scanned the source code to the other Gadget’s on my system and discovered that none of them used the APIs, which explained why the leak isn't commonly encountered. However, comments in the Windows Gadget Gallery for the Gadget that inadvertently caused the leak revealed that other users had noticed it.

Having tracked the original unresponsive Gadget problem down to a leaky Sidebar API, I filed a bug in the Windows bug database and closed the case.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Was the function checking a version just a victim of the memory leak then?

    And when looking at stack traces with lines like:

    sidebar!Package::EnsurePackageMinVersion

    Is the bit after the ! and before the :: a c++ object? Are there any good resources to read to help understand stack traces?

    Great post!!!

  • Yes, the package-version functionality was a victim of the leak.

    The way to read the symbol is:

    <image>!<class>::<method>

    Thanks for the feedback.

  • In my experience - and probably not just my own - the quality of Windows Sidebar is far, _far_ below par for such a prominent feature in such a major release of the world's most popular operating system.

    Like I wrote in March:

    "I don't know who signed off on a Sidebar of this quality going into the Vista release, but whoever it was, it must have been the kind of B category employee that Bill Gates supposedly said Microsoft ought not to employ.

    "The whole Sidebar thing looks like it's been polished by Microsoft, but developed by students. It's just not good enough. Not by a wide margin."

    http://denisbider.blogspot.com/2007/03/doghouse-windows-sidebar.html

  • Great in-depth explanation, as usual.

    Could the repeated use of window.SetTimeout within the same function the source of the problem? Would it be easy to convert the code to use window.setInterval instead, and compare? I could try it myself if I knew which gadget it is! q;-)

  • I expected GetFileVersionInfoExW to return an error instead of using a null-pointer. Why not file a bug for that?

  • A big thanks for taking the time to debug and file a bug report. Otherwise I'm sure all the blame is falling on the gadget's author, and worse, soon there will be a lot of folklore about "don't call RemoveObjects because there's a leak in sidebar.exe ..."

    Two observations:

    1. somebody isn't checking for NULL after calling malloc(). sidebar.exe should never crash.

    2. Microsoft is isolating their gadgets from everyone elses by running two sidebar.exe? Are their gadets more trustworthy than others? Why not isolate every gadget on its own?

  • Your post rocks, as always !

  • Do you think that reporting the bug to Microsoft through the Error reporting service would have lead to the same ? Since this error is due to something local (a gadget) that expose a memory leak in a windows API.

  • I love these thrilling investigations of yours Mark! Very educative and entertaining!

    Thanks a lot!

    /Tommy

  • May I ask what did you write when you filed the issue in the Windows Bug database? I'm just curious on how would you file a bug like this.

  • I wish someone would notice the celsius bug in built-in Weather gadget.

    * If you have it set for showing degrees in celsius, it will only check the weather rougly once a day. You will notice this as your work day progresses and the weather changes outside, but not in the gadget.

    * Change back to fahrenheit anytime, and the weather changes to the correct status.

    * Set it to degrees again and the  wrong weather status (from morning time) returns.

    I have tried to locate the source of the bug but seems to come from the dll  "wlsrvc.dll" in "c:\Program Files\Windows Sidebar", which the gadget uses for weather services.

    Maybe this could be a future case story?

  • As always great post.

  • Man I love this stuff!

    Thanks, Mark.

  • cannot understand one thing, how come such critical APIs passthrough testing with this kind of Bug !!.

  • I know -exactly- which gadget ran into this memory leak, heh. Or, at least, I know of -a- gadget that, if left alone for a few days (say, over the weekend) causes sidebar.exe to start nomming up RAM. And then, when you close it, sidebar ramps up.

    What I find most amusing, though, is that the ending of sidebar.exe doesn't identify the correct gadget that may have caused the problem...