All Projects Gameplay + OpenGL Software Renderer zdoom.org (Site)

View Issue Details

Jump to NotesIssue History
IDProjectCategoryView StatusDate SubmittedLast Update
0000020Gameplay + OpenGL[All Projects] Bugpublic2017-01-10 01:422017-01-13 05:03
ReporterMatthew the Glutton 
Assigned ToEdward-san 
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
PlatformOSDebian JessieOS Version3.16.0-4-amd64
Summary0000020: Crash if quit while in possession of PowerFrightener
DescriptionWas issue 0000199 on the old git bugtracker. Graf's last message on that thread suggested this was a rather deep structural problem with the exit code.

As before, the crash happens with a release and a relwithdebinfo build, but not debug. I am unable to attach the crash logs for some reason.
Steps To Reproducetried with 46179936ec
gzdoom -warp 01 -nomusic -noautoload
give powerfrightener;wait 1;quit
Additional InformationI was able to get a similar crash recently doing something else but I cannot remember or replicate that.
TagsNo tags attached.

Relationships

Activities

Matthew the Glutton

Matthew the Glutton

2017-01-10 01:42

reporter   ~0000008

Trying again.

crashlogs.zip (11,187 bytes)
Matthew the Glutton

Matthew the Glutton

2017-01-10 01:45

reporter   ~0000009

Uh, sorry can someone move this to GZDoom? This interface is really messing me up a lot
Edward-san

Edward-san

2017-01-13 03:40

developer   ~0000055

Last edited: 2017-01-13 04:32

View 2 revisions

 Valgrind report:


==3834== Invalid read of size 8
==3834==    at 0xA9270F: VMFrameStack::Alloc(int) (vmframe.cpp:342)
==3834==    by 0xA92828: VMFrameStack::AllocFrame(VMScriptFunction*) (vmframe.cpp:302)
==3834==    by 0xA92C51: VMFrameStack::Call(VMFunction*, VMValue*, int, VMReturn*, int, VMException**) 
(vmframe.cpp:486)
==3834==    by 0x987F2C: CallEndEffect (a_artifacts.cpp:283)
==3834==    by 0x987F2C: APowerup::OnDestroy() (a_artifacts.cpp:297)
==3834==    by 0x7C6AEC: DObject::Destroy() (dobject.cpp:365)
==3834==    by 0x8C4EF6: AActor::DestroyAllInventory() (p_mobj.cpp:949)
==3834==    by 0x8D7438: AActor::OnDestroy() (p_mobj.cpp:4929)
==3834==    by 0x7C6AEC: DObject::Destroy() (dobject.cpp:365)
==3834==    by 0x7DA50C: DestroyThinkersInList (dthinker.cpp:447)
==3834==    by 0x7DA50C: DThinker::DestroyAllThinkers() (dthinker.cpp:426)
==3834==    by 0x8F1A38: P_FreeLevelData() (p_setup.cpp:3430)
==3834==    by 0x8F213F: P_Shutdown() (p_setup.cpp:4188)
==3834==    by 0x54F2D1: call_terms() (i_main.cpp:127)
==3834==  Address 0xe6cba90 is 16 bytes inside a block of size 4,096 free'd
==3834==    at 0x4C2F74B: operator delete[](void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)

==3834==    by 0xA92B57: VMFrameStack::~VMFrameStack() (vmframe.cpp:273)
==3834==    by 0x73C95FE: __call_tls_dtors (cxa_thread_atexit_impl.c:155)
==3834==    by 0x73C8F26: __run_exit_handlers (exit.c:40)
==3834==    by 0x73C9044: exit (exit.c:104)
==3834==    by 0x554B4F: ST_Endoom() (st_start.cpp:353)
==3834==    by 0x616BC4: DQuitMenu::HandleResult(bool) (messagebox.cpp:416)
==3834==    by 0x616710: DMessageBoxMenu::Responder(event_t*) (messagebox.cpp:250)
==3834==    by 0x60933A: M_Responder(event_t*) (menu.cpp:540)
==3834==    by 0x7A592F: D_ProcessEvents() (d_main.cpp:287)
==3834==    by 0x7AE6A9: NetUpdate() (d_net.cpp:980)
==3834==    by 0x7B0AE9: TryRunTics() (d_net.cpp:1835)
==3834==  Block was alloc'd at
==3834==    at 0x4C2E80F: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)

==3834==    by 0xA92764: VMFrameStack::Alloc(int) (vmframe.cpp:363)
==3834==    by 0xA92828: VMFrameStack::AllocFrame(VMScriptFunction*) (vmframe.cpp:302)
==3834==    by 0xA92C51: VMFrameStack::Call(VMFunction*, VMValue*, int, VMReturn*, int, VMException**) 
(vmframe.cpp:486)
==3834==    by 0x996124: AWeapon::GetUpState() (a_weapons.cpp:853)
==3834==    by 0x8DAFFC: P_BringUpWeapon(player_t*) (p_pspr.cpp:506)
==3834==    by 0x8D57A1: P_SpawnPlayer(FPlayerStart*, int, int) (p_mobj.cpp:5189)
==3834==    by 0x8D659E: P_SpawnMapThing(FMapThing*, int) (p_mobj.cpp:5453)
==3834==    by 0x8EF615: SpawnMapThing (p_setup.cpp:1648)
==3834==    by 0x8EF615: P_SpawnThings(int) (p_setup.cpp:1851)
==3834==    by 0x8F6B9E: P_SetupLevel(char const*, int) (p_setup.cpp:4011)
==3834==    by 0x7F06A8: G_DoLoadLevel(int, bool) (g_level.cpp:1008)
==3834==    by 0x7AA824: D_DoomMain() (d_main.cpp:2646)
==3834==


So yeah, GCC -O3 changes the dtor order.

Unless somebody can investigate it better, the workaround is using clang in place of GCC.

[edit] No, actually also the debug mode executes the dtor in that order. I'm starting to suspect that VMFrameStack::~VMFrameStack is miscompiled. The reason is that in VMFrameStack::Alloc Blocks isn't NULL when it should be when everything is going to be destroyed.
Edward-san

Edward-san

2017-01-13 04:44

developer   ~0000056

I managed to fix with https://github.com/coelckers/gzdoom/pull/214 . Not sure to know why GCC did that miscompilation...
Graf Zahl

Graf Zahl

2017-01-13 05:03

administrator   ~0000057

Good to see that it was a compiler error. It really had me stumped and I was already thinking there was an actual problem with the engine shutdown procedure.

Issue History

Date Modified Username Field Change
2017-01-10 01:42 Matthew the Glutton New Issue
2017-01-10 01:42 Matthew the Glutton File Added: crashlogs.zip
2017-01-10 01:42 Matthew the Glutton Note Added: 0000008
2017-01-10 01:45 Matthew the Glutton Note Added: 0000009
2017-01-10 09:48 _mental_ Project drdteam.org (Site) => Gameplay + OpenGL
2017-01-10 14:39 Graf Zahl Status new => acknowledged
2017-01-13 03:40 Edward-san Note Added: 0000055
2017-01-13 04:32 Edward-san Note Edited: 0000055 View Revisions
2017-01-13 04:44 Edward-san Note Added: 0000056
2017-01-13 04:45 Edward-san Assigned To => Edward-san
2017-01-13 04:45 Edward-san Status acknowledged => assigned
2017-01-13 05:03 Graf Zahl Status assigned => resolved
2017-01-13 05:03 Graf Zahl Resolution open => fixed
2017-01-13 05:03 Graf Zahl Note Added: 0000057