POV-Ray : Newsgroups : povray.beta-test : Random crash in beta.4 Server Time
28 Mar 2024 07:09:39 EDT (-0400)
  Random crash in beta.4 (Message 5 to 14 of 14)  
<<< Previous 4 Messages Goto Initial 10 Messages
From: dick balaska
Subject: Re: Random crash in beta.4
Date: 3 Apr 2017 00:29:23
Message: <58e1cfa3$1@news.povray.org>
Am 2017-04-02 02:50, also sprach dick balaska:

> D:\Projekte\POV-Ray Build Stage\windows\vs2015\bin64\pvengine64.pdb


Here is the call stack of the crash for starters.

povconsole64d.exe!_free_dbg(void * block, int block_use) Line 1009	C++
[External Code]	
povconsole64d.exe!pov::Parser::Destroy_Ident_Data(void * Data, int Type) 
Line 9343	C++
povconsole64d.exe!pov::Parser::Test_Redefine(int Previous, int * 
NumberPtr, void * Data, bool allow_redefine) Line 9570	C++
povconsole64d.exe!pov::Parser::Parse_RValue(int Previous, int * 
NumberPtr, void * * DataPtr, pov::Sym_Table_Entry * sym, bool ParFlag, 
bool SemiFlag, bool is_local, bool allow_redefine, bool allowUndefined, 
int old_table_index) Line 9121	C++
povconsole64d.exe!pov::Parser::Parse_Declare(bool is_local, bool 
after_hash) Line 8804	C++
povconsole64d.exe!pov::Parser::Parse_Directive(int After_Hash) Line 2331	C++
povconsole64d.exe!pov::Parser::Get_Token() Line 458	C++
povconsole64d.exe!pov::Parser::Parse_Frame() Line 6809	C++
povconsole64d.exe!pov::Parser::Run() Line 220	C++
povconsole64d.exe!pov::Task::TaskThread(const boost::function0<void> & 
completion) Line 168	C++
povconsole64d.exe!boost::_mfi::mf1<void,pov::Task,boost::function0<void> 
const & __ptr64>::operator()(pov::Task * p, const boost::function0<void> 
& a1) Line 166	C++
povconsole64d.exe!boost::_bi::list2<boost::_bi::value<pov::Task * 
__ptr64>,boost::_bi::value<boost::function0<void> > 
 >::operator()<boost::_mfi::mf1<void,pov::Task,boost::function0<void> 
const & __ptr64>,boost::_bi::list0>(boost::_bi::type<void> __formal, 
boost::_mfi::mf1<void,pov::Task,boost::function0<void> const &> & f, 
boost::_bi::list0 & a, int __formal) Line 320	C++
povconsole64d.exe!boost::_bi::bind_t<void,boost::_mfi::mf1<void,pov::Task,boost::function0<void>

const & __ptr64>,boost::_bi::list2<boost::_bi::value<pov::Task * 
__ptr64>,boost::_bi::value<boost::function0<void> > > >::operator()() 
Line 1295	C++
povconsole64d.exe!boost::detail::thread_data<boost::_bi::bind_t<void,boost::_mfi::mf1<void,pov::Task,boost::function0<void>

const & __ptr64>,boost::_bi::list2<boost::_bi::value<pov::Task * 
__ptr64>,boost::_bi::value<boost::function0<void> > > > >::run() Line 
117	C++
povconsole64d.exe!boost::`anonymous 
namespace'::thread_start_function(void * param) Line 296	C++
povconsole64d.exe!invoke_thread_procedure(unsigned int(*)(void *) 
procedure, void * const context) Line 92	C++
povconsole64d.exe!thread_start<unsigned int (__cdecl*)(void * 
__ptr64)>(void * const parameter) Line 115	C++

-- 
dik


Post a reply to this message

From: dick balaska
Subject: Unix stack for crash in beta.5
Date: 6 Apr 2017 01:56:44
Message: <58e5d89c$1@news.povray.org>
The stack for this crash on the unix verison.

(gdb) r ttto.ini +sf100 +ef120
Starting program: /home/dick/povray/povray/unix/povray ttto.ini +sf100 
+ef120
...
Persistence of Vision(tm) Ray Tracer Version 3.7.1-beta.5.unofficial 
(g++ 5.4.0
  @ x86_64-pc-linux-gnu)
...

Thread 6 "povray" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffef967700 (LWP 6407)]
__GI___libc_free (mem=0x34) at malloc.c:2949
2949    malloc.c: No such file or directory.
(gdb) back
#0  __GI___libc_free (mem=0x34) at malloc.c:2949
#1  0x00000000005165ee in pov::Parser::Parse_RValue 
(this=this@entry=0x7fffe8004db0, Previous=Previous@entry=67, 
NumberPtr=NumberPtr@entry=0x7fffdc0ac480, 
DataPtr=DataPtr@entry=0x7fffdc0ac478,
     sym=sym@entry=0x0, ParFlag=ParFlag@entry=false, SemiFlag=true, 
is_local=true, allow_redefine=true, allowUndefined=true, 
old_table_index=100) at parser/parser.cpp:9315
#2  0x00000000005179b8 in pov::Parser::Parse_Declare 
(this=this@entry=0x7fffe8004db0, is_local=<optimized out>, 
after_hash=<optimized out>) at parser/parser.cpp:8804
#3  0x000000000061fa07 in pov::Parser::Parse_Directive 
(this=this@entry=0x7fffe8004db0, After_Hash=After_Hash@entry=1) at 
parser/parser_tokenizer.cpp:2330
#4  0x000000000061b1b3 in pov::Parser::Get_Token 
(this=this@entry=0x7fffe8004db0) at parser/parser_tokenizer.cpp:456
#5  0x0000000000620609 in pov::Parser::Get_Token 
(this=this@entry=0x7fffe8004db0) at parser/parser_tokenizer.cpp:323
#6  0x0000000000518978 in pov::Parser::Parse_Frame (this=0x7fffe8004db0) 
at parser/parser.cpp:6809
#7  0x0000000000519424 in pov::Parser::Run (this=0x7fffe8004db0) at 
parser/parser.cpp:217
#8  0x00000000004a54d5 in pov::Task::TaskThread (this=0x7fffe8004db0, 
completion=...) at backend/support/task.cpp:168
#9  0x00007ffff70ae5d5 in ?? () from 
/usr/lib/x86_64-linux-gnu/libboost_thread.so.1.58.0
#10 0x00007ffff63e26ba in start_thread (arg=0x7fffef967700) at 
pthread_create.c:333
#11 0x00007ffff611882d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb)


Post a reply to this message

From: dick balaska
Subject: Re: Unix stack for crash in beta.5
Date: 6 Apr 2017 03:39:04
Message: <58e5f098@news.povray.org>
Am 2017-04-06 01:56, also sprach dick balaska:

I found it.

#range (Start, End)
     #local V=
     #break

I tried this code, but it correctly gives me an "RValue expected"
#version 3.7;
#switch (1)
         #range (0,1)
         #local V=
         #break
#end

So, here's another uber-trimmed tteoac.
wget http://www.buckosoft.com/tteoac/video/ttcrash2.bz2
tar -xvjf ttcrash2.bz2
cd ttto
povray ttto.ini -sf100 -ef100

Note in ttto/direct.inc line 133
	#local _v=
If you comment that out, it doesn't crash
(It also won't render much, because everything is gone)

dik


Post a reply to this message

From: clipka
Subject: Re: Unix stack for crash in beta.5
Date: 6 Apr 2017 04:24:58
Message: <58e5fb5a$1@news.povray.org>
Am 06.04.2017 um 09:39 schrieb dick balaska:
> So, here's another uber-trimmed tteoac.

Whines about "beatdebug.inc" missing.


Post a reply to this message

From: dick balaska
Subject: Re: Unix stack for crash in beta.5
Date: 6 Apr 2017 04:31:41
Message: <58e5fced$1@news.povray.org>
Am 2017-04-06 04:24, also sprach clipka:
> Am 06.04.2017 um 09:39 schrieb dick balaska:
>> So, here's another uber-trimmed tteoac.
>
> Whines about "beatdebug.inc" missing.
>

with -sf100 -ef100?

-- 
dik


Post a reply to this message

From: dick balaska
Subject: Re: Unix stack for crash in beta.5
Date: 6 Apr 2017 04:44:06
Message: <58e5ffd6$1@news.povray.org>
Fixed cut/paste instructions (was a bad cd)

wget http://www.buckosoft.com/tteoac/video/ttcrash2.bz2
tar -xvjf ttcrash2.bz2
cd ttcrash2/ttto
povray ttto.ini -sf100 -ef100


My theory from the stack trace was that it gave up on a #declare's 
rvalue, and double freed it.  That seems to be likely.

This crash also is in 3.7.0, which is what runs when I paste the above 
into ubuntu.
-- 
dik


Post a reply to this message

From: clipka
Subject: Re: Unix stack for crash in beta.5
Date: 6 Apr 2017 05:08:46
Message: <58e6059e$1@news.povray.org>
Am 06.04.2017 um 10:31 schrieb dick balaska:
> Am 2017-04-06 04:24, also sprach clipka:
>> Am 06.04.2017 um 09:39 schrieb dick balaska:
>>> So, here's another uber-trimmed tteoac.
>>
>> Whines about "beatdebug.inc" missing.
>>
> 
> with -sf100 -ef100?

Ah, sorry. Forgot that.

Crashes now. Which is neat, because it means it's reproducible ;)


Post a reply to this message

From: clipka
Subject: Re: Unix stack for crash in beta.5
Date: 6 Apr 2017 06:08:51
Message: <58e613b3$1@news.povray.org>
Am 06.04.2017 um 10:44 schrieb dick balaska:
> 
> Fixed cut/paste instructions (was a bad cd)
> 
> wget http://www.buckosoft.com/tteoac/video/ttcrash2.bz2
> tar -xvjf ttcrash2.bz2
> cd ttcrash2/ttto
> povray ttto.ini -sf100 -ef100
> 
> 
> My theory from the stack trace was that it gave up on a #declare's
> rvalue, and double freed it.  That seems to be likely.

No, not exactly.

It turns out that the "switch" construct around the incomplete
declaration is irrelevant; it's the "#include" that's working the magic.

The recipe for desaster is as follows:

    <start of "local" scope>
    #local <Identifier> = <Valid RValue>
    #local <Identifier> =
    <end of "local" scope>
    <Valid RValue>

For example, the following also causes a crash:

    #macro Foo()
      #local Bar=1;
      #local Bar=
    #end

    Foo()

    sphere {<0,0,0>,1}

The end of local scope causes the identifier and its content to be
ditched, but the code responsible for parsing `#local` statements tries
to ditch the content again in order to replace it with the new content.


Post a reply to this message

From: clipka
Subject: Re: Unix stack for crash in beta.5
Date: 6 Apr 2017 06:17:48
Message: <58e615cc$1@news.povray.org>
Am 06.04.2017 um 12:08 schrieb clipka:

> The recipe for desaster is as follows:
> 
>     <start of "local" scope>
>     #local <Identifier> = <Valid RValue>
>     #local <Identifier> =
>     <end of "local" scope>
>     <Valid RValue>
> 
> For example, the following also causes a crash:
> 
>     #macro Foo()
>       #local Bar=1;
>       #local Bar=
>     #end
> 
>     Foo()
> 
>     sphere {<0,0,0>,1}
> 
> The end of local scope causes the identifier and its content to be
> ditched, but the code responsible for parsing `#local` statements tries
> to ditch the content again in order to replace it with the new content.

The same kind of crash can also be triggered with the following construct:

    #declare Foo=1;
    #declare Foo=
    #undef Foo
    sphere {<0,0,0>,1}


Post a reply to this message

From: clipka
Subject: Re: Random crash in beta.4
Date: 6 Apr 2017 07:14:38
Message: <58e6231e$1@news.povray.org>
Now tracked on GitHub as issue #265
(https://github.com/POV-Ray/povray/issues/265).


Post a reply to this message

<<< Previous 4 Messages Goto Initial 10 Messages

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.