Something in map20 of Community Chest 4 is causing a crash.

Forum rules
Please don't bump threads here if you have a problem - it will often be forgotten about if you do. Instead, make a new thread here.

Post a reply

Smilies
:D :) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :wink: :geek: :ugeek: :!: :?: :idea: :arrow: :| :mrgreen: :3: :wub: >:( :blergh:
View more smilies

BBCode is OFF
Smilies are ON

Topic review
   

Expand view Topic review: Something in map20 of Community Chest 4 is causing a crash.

Re: Something in map20 of Community Chest 4 is causing a cra

by Graf Zahl » Fri Nov 09, 2018 1:21 pm

To fix the movement code you'd have to write a new engine. The original Doom code was so poorly conceived that most attempts at sanitizing it are doomed to fail because they'd break the very essence of it.

Re: Something in map20 of Community Chest 4 is causing a cra

by Major Cooke » Fri Nov 09, 2018 1:12 pm

Meaning that in order to fix it, one would have to carve out at least half of the entire source code potentially?

Re: Something in map20 of Community Chest 4 is causing a cra

by Graf Zahl » Fri Nov 09, 2018 12:06 pm

Looking through the code I think I remember what was the problem: PIT_CheckThing is doing a lot of stuff it shouldn't, if it had been cleanly implemented. Unfortunately it is so full of side effects and bad behavior that it can easily result in a recursive call of P_CheckPosition and leave a filled spechit array behind. And this can turn nasty if there is a portal in the set.
Moving the two array clears below the BlockThingsIterator loop was supposed to clear this residual garbage. Unfortunately this does not account for the exit conditions above and still leaves some garbage behind in other cases.

I wish this could be solved the clean way, i.e. by making the spechit array local to the current function call. Sadly with all the side effects that need to be considered here this is not possible. For example, when something along the way results in a teleport this needs to clear spechit of the current P_CheckPosition call.
This entire code is a mess beyond hope that cannot be fixed because it's one cornerstone of how Doom works.

Re: Something in map20 of Community Chest 4 is causing a cra

by Graf Zahl » Fri Nov 09, 2018 4:29 am

I'll have a closer look this evening. Right now I cannot say anything more.

Re: Something in map20 of Community Chest 4 is causing a cra

by _mental_ » Fri Nov 09, 2018 4:27 am

Graf Zahl wrote:P_FreeLevelData needs to clear spechit as well because whatever is in there at that point will inevitably become invalid.
I was thinking about the same. I fear that it may hide an issue when spechit should be cleared in other cases, not on the first tick.
Anyway, clearing temporary data between maps seems reasonable.

Re: Something in map20 of Community Chest 4 is causing a cra

by Graf Zahl » Fri Nov 09, 2018 4:14 am

I cannot remember why I moved it but there must have been some reason for it. At the very least, P_FreeLevelData needs to clear spechit as well because whatever is in there at that point will inevitably become invalid.

Re: Something in map20 of Community Chest 4 is causing a cra

by _mental_ » Fri Nov 09, 2018 3:53 am

It's hard to explain without ability to check callstack interactively.

In short, on MAP20 there are a few explosive barrels stuck in walls.
The callstack above shows the first tick for one of these barrels, thing #110.

spechit wasn't cleared since previous MAP01 because this line was moved.

Re: Something in map20 of Community Chest 4 is causing a cra

by drfrag » Thu Nov 08, 2018 4:30 am

I guess the executable was still running in the background after the crash. Here's the backtrace:

Code: Select all

>	zdoom.exe!AActor::PosRelative(line_t * line) Line 1278	C++
 	zdoom.exe!CheckForPushSpecial(line_t * line, int side, AActor * mobj, fixedvec2 * posforwindowcheck) Line 1844	C++
->	zdoom.exe!P_TryMove(AActor * thing, int x, int y, int dropoff, const secplane_t * onfloor, FCheckPosition & tm, bool missileCheck) Line 2372	C++
 	zdoom.exe!P_XYMovement(AActor * mo, int scrollx, int scrolly) Line 2003	C++
 	zdoom.exe!AActor::Tick() Line 3772	C++
 	zdoom.exe!DThinker::TickThinkers(FThinkerList * list, FThinkerList * dest) Line 466	C++
 	zdoom.exe!DThinker::RunThinkers() Line 428	C++
 	zdoom.exe!P_Ticker() Line 135	C++
 	zdoom.exe!G_Ticker() Line 1203	C++
 	zdoom.exe!TryRunTics() Line 1944	C++
 	zdoom.exe!D_DoomLoop() Line 1012	C++
 	zdoom.exe!D_DoomMain() Line 2641	C++
 	zdoom.exe!DoMain(HINSTANCE__ * hInstance) Line 1004	C++
 	zdoom.exe!WinMain(HINSTANCE__ * hInstance, HINSTANCE__ * nothing, char * cmdline, int nCmdShow) Line 1300	C++

-		&spec	0x0320682c {line=0x03bf3910 {v1=0x00800000 {x=2020893505 y=32 } v2=0x00000000 <NULL> dx=8388608 ...} ...}	spechit_t *
+		line	0x03bf3910 {v1=0x00800000 {x=2020893505 y=32 } v2=0x00000000 <NULL> dx=8388608 ...}	line_t *
+		oldrefpos	{x=100139008 y=-127926272 }	fixedvec2
+		refpos	{x=100109572 y=-127926272 }	fixedvec2
-		&spec.refpos	0x03206838 {x=100109572 y=-127926272 }	fixedvec2 *
		x	100109572	int
		y	-127926272	int
		numSpecHitTemp	1	int
		side	0	int
-		spec	{line=0x03bf3910 {v1=0x00800000 {x=2020893505 y=32 } v2=0x00000000 <NULL> dx=8388608 ...} oldrefpos=...}	spechit_t &
+		line	0x03bf3910 {v1=0x00800000 {x=2020893505 y=32 } v2=0x00000000 <NULL> dx=8388608 ...}	line_t *
+		oldrefpos	{x=100139008 y=-127926272 }	fixedvec2
+		refpos	{x=100109572 y=-127926272 }	fixedvec2
-		spec.line	0x03bf3910 {v1=0x00800000 {x=2020893505 y=32 } v2=0x00000000 <NULL> dx=8388608 ...}	line_t *
+		v1	0x00800000 {x=2020893505 y=32 }	vertex_t *
+		v2	0x00000000 <NULL>	vertex_t *
		dx	8388608	int
		dy	0	int
		flags	8388608	unsigned long
		activation	0	unsigned long
		special	8388608	int
		Alpha	0	int
+		args	0x03bf3930 {8388608, 0, 8388608, 0, 8388608}	int[5]
+		sidedef	0x03bf3944 {0x00000000 <NULL>, 0x00800000 {sector=0x78746341 {planes=0x78746341 {{xform={xoffs=??? yoffs=...} ...}, ...} ...} ...}}	side_t *[2]
+		bbox	0x03bf394c {0, 8388608, 0, 8388608}	int[4]
+		frontsector	0x00000000 <NULL>	sector_t *
+		backsector	0x00800000 {planes=0x00800000 {{xform={xoffs=2020893505 yoffs=32 xscale=1 ...} Flags=0 Light=20 ...}, ...} ...}	sector_t *
		validcount	0	int
		locknumber	8388608	int
		portalindex	0	unsigned int
-		spec.refpos	{x=100109572 y=-127926272 }	fixedvec2
		x	100109572	int
		y	-127926272	int
		spec.refpos.x	100109572	int
		spec.refpos.y	-127926272	int
-		spechit	{Array=0x03206818 {line=0x03bf4f90 {v1=0x5e666869 {x=??? y=??? } v2=0x605e595a {x=??? y=??? } dx=1785226593 ...} ...} ...}	TArray<spechit_t,spechit_t>
+		Array	0x03206818 {line=0x03bf4f90 {v1=0x5e666869 {x=??? y=??? } v2=0x605e595a {x=??? y=??? } dx=1785226593 ...} ...}	spechit_t *
		Most	16	unsigned int
		Count	2	unsigned int
-		thing	0x03cb9dc8 {snext=0x00000000 <NULL> sprev=0x03cba0ac {0x03cb9dc8 {snext=0x00000000 <NULL> sprev=0x03cba0ac {...} ...}} ...}	AActor *
+		DThinker	{NextThinker=0x02f571d8 {NextThinker=0x03cb0a60 {snext=0x00000000 <NULL> sprev=0x00000000 {???} __pos=...} ...} ...}	DThinker
+		snext	0x00000000 <NULL>	AActor *
+		sprev	0x03cba0ac {0x03cb9dc8 {snext=0x00000000 <NULL> sprev=0x03cba0ac {0x03cb9dc8 {snext=0x00000000 <NULL> ...}} ...}}	AActor * *
+		__pos	{x=-85721088 y=-427032576 z=0 }	fixedvec3
		angle	0	unsigned int
		sprite	91	unsigned short
		frame	0 '\0'	unsigned char
		scaleX	65536	int
		scaleY	65536	int
+		RenderStyle	{BlendOp=1 '\x1' SrcAlpha=2 '\x2' DestAlpha=3 '\x3' ...}	FRenderStyle
+		renderflags	{Value=0 }	TFlags<enum ActorRenderFlag,unsigned int>
+		picnum	{texnum=-1 }	FTextureID
		effects	0	unsigned long
		alpha	65536	int
		fillcolor	0	unsigned long
		pitch	0	int
		roll	0	unsigned int
+		BlockNode	0x0307f308 {Me=0x03cb9dc8 {snext=0x00000000 <NULL> sprev=0x03cba0ac {0x03cb9dc8 {snext=0x00000000 <NULL> ...}} ...} ...}	FBlockNode *
+		Sector	0x053a4c88 {planes=0x053a4c88 {{xform={xoffs=0 yoffs=0 xscale=65536 ...} Flags=0 Light=0 ...}, {xform=...}} ...}	sector_t *
+		subsector	0x055df698 {sector=0x053a4c88 {planes=0x053a4c88 {{xform={xoffs=0 yoffs=0 xscale=65536 ...} Flags=0 ...}, ...} ...} ...}	subsector_t *
		floorz	0	int
		ceilingz	2097152	int
		dropoffz	0	int
+		floorsector	0x053a4c88 {planes=0x053a4c88 {{xform={xoffs=0 yoffs=0 xscale=65536 ...} Flags=0 Light=0 ...}, {xform=...}} ...}	sector_t *
+		floorpic	{texnum=2559 }	FTextureID
		floorterrain	0	int
+		ceilingsector	0x053a4c88 {planes=0x053a4c88 {{xform={xoffs=0 yoffs=0 xscale=65536 ...} Flags=0 Light=0 ...}, {xform=...}} ...}	sector_t *
+		ceilingpic	{texnum=2626 }	FTextureID
		radius	655360	int
		height	2752512	int
		projectilepassheight	0	int
		velx	4608	int
		vely	0	int
		velz	0	int
		tics	6	int
+		state	0x02ec6320 {NextState=0x02ec633c {NextState=0x02ec6320 {NextState=0x02ec633c {NextState=0x02ec6320 {...} ...} ...} ...} ...}	FState *
+		Damage	0x00000000 <NULL>	VMFunction *
		projectileKickback	0	int
+		flags	{Value=524294 }	TFlags<enum ActorFlag,unsigned int>
+		flags2	{Value=8388608 }	TFlags<enum ActorFlag2,unsigned int>
+		flags3	{Value=524288 }	TFlags<enum ActorFlag3,unsigned int>
+		flags4	{Value=524292 }	TFlags<enum ActorFlag4,unsigned int>
+		flags5	{Value=512 }	TFlags<enum ActorFlag5,unsigned int>
+		flags6	{Value=0 }	TFlags<enum ActorFlag6,unsigned int>
+		flags7	{Value=8 }	TFlags<enum ActorFlag7,unsigned int>
		VisibleToTeam	0	unsigned long
		special1	0	int
		special2	0	int
		weaponspecial	0	int
		health	20	int
		movedir	0 '\0'	unsigned char
		visdir	0 '\0'	char
		movecount	0	short
		strafecount	0	short
+		target	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AActor>
+		lastenemy	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AActor>
+		LastHeard	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AActor>
		reactiontime	8	int
		threshold	0	int
		DefThreshold	100	int
+		player	0x00000000 <NULL>	player_t *
+		LastLookActor	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AActor>
+		SpawnPoint	0x03cb9ed4 {-85721088, -427032576, 0}	int[3]
		SpawnAngle	0	unsigned short
		StartHealth	0	int
		WeaveIndexXY	0 '\0'	unsigned char
		WeaveIndexZ	16 '\x10'	unsigned char
		skillrespawncount	0	int
		TIDtoHate	0	int
+		Species	{...}	FNameNoInit
+		tracer	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AActor>
+		master	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AActor>
		floorclip	0	int
		tid	0	int
		special	0	int
+		args	0x03cb9f0c {0, 0, 0, 0, 0}	int[5]
		accuracy	0	int
		stamina	0	int
+		inext	0x00000000 <NULL>	AActor *
+		iprev	0x00000000 {???}	AActor * *
+		goal	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AActor>
		waterlevel	0	int
		boomwaterlevel	0 '\0'	unsigned char
		MinMissileChance	200 'È'	unsigned char
		LastLookPlayerNumber	0 '\0'	char
+		BounceFlags	{Value=0 }	TFlags<enum ActorBounceFlag,unsigned short>
		SpawnFlags	2016	unsigned long
		meleerange	2883584	int
		meleethreshold	0	int
		maxtargetrange	0	int
		bouncefactor	45875	int
		wallbouncefactor	49152	int
		bouncecount	-1	int
		gravity	65536	int
		Friction	65536	int
		FastChaseStrafeCount	0	int
		pushfactor	16384	int
		lastpush	0	int
		activationtype	0	int
		lastbump	0	int
		Score	0	int
+		Tag	0x00000000 <NULL>	FString *
		DesignatedTeam	255	int
+		BlockingMobj	0x056586d8 {snext=0x00000000 <NULL> sprev=0x053b2d08 {0x056586d8 {snext=0x00000000 <NULL> sprev=0x053b2d08 {...} ...}} ...}	AActor *
+		BlockingLine	0x00000000 <NULL>	line_t *
		PoisonDamage	0	int
+		PoisonDamageType	{...}	FNameNoInit
		PoisonDuration	0	int
		PoisonPeriod	0	int
		PoisonDamageReceived	0	int
+		PoisonDamageTypeReceived	{...}	FNameNoInit
		PoisonDurationReceived	0	int
		PoisonPeriodReceived	0	int
+		Poisoner	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AActor>
+		touching_sectorlist	0x03085bf0 {m_sector=0x053b2c5c {planes=0x053b2c5c {{xform={xoffs=-49152 yoffs=0 xscale=65536 ...} Flags=...}, ...} ...} ...}	msecnode_t *
+		Inventory	{p=0x00000000 <NULL> o=0x00000000 <NULL> }	TObjPtr<AInventory>
		InventoryID	0	unsigned long
		smokecounter	0 '\0'	unsigned char
		FloatBobPhase	130 '‚'	unsigned char
		FriendPlayer	0 '\0'	unsigned char
		Translation	0	unsigned long
+		SeeSound	{...}	FSoundIDNoInit
+		AttackSound	{...}	FSoundIDNoInit
+		PainSound	{...}	FSoundIDNoInit
+		DeathSound	{...}	FSoundIDNoInit
+		ActiveSound	{...}	FSoundIDNoInit
+		UseSound	{...}	FSoundIDNoInit
+		BounceSound	{...}	FSoundIDNoInit
+		WallBounceSound	{...}	FSoundIDNoInit
+		CrushPainSound	{...}	FSoundIDNoInit
		Speed	0	int
		FloatSpeed	262144	int
		MaxDropOffHeight	1572864	int
		MaxStepHeight	1572864	int
		Mass	100	int
		PainChance	0	short
		PainThreshold	0	int
+		DamageType	{...}	FNameNoInit
+		DamageTypeReceived	{...}	FNameNoInit
		DamageFactor	65536	int
		DamageMultiply	65536	int
+		PainType	{...}	FNameNoInit
+		DeathType	{...}	FNameNoInit
+		TeleFogSourceType	0x0095e108 {OwnedStates=0x02ee6ec8 {NextState=0x02ee6ee4 {NextState=0x02ee6f00 {NextState=0x02ee6f1c {...} ...} ...} ...} ...}	PClassActor *
+		TeleFogDestType	0x0095e108 {OwnedStates=0x02ee6ec8 {NextState=0x02ee6ee4 {NextState=0x02ee6f00 {NextState=0x02ee6f1c {...} ...} ...} ...} ...}	PClassActor *
		RipperLevel	0	int
		RipLevelMin	0	int
		RipLevelMax	0	int
+		SpawnState	0x02ec6320 {NextState=0x02ec633c {NextState=0x02ec6320 {NextState=0x02ec633c {NextState=0x02ec6320 {...} ...} ...} ...} ...}	FState *
+		SeeState	0x00000000 <NULL>	FState *
+		MeleeState	0x00000000 <NULL>	FState *
+		MissileState	0x00000000 <NULL>	FState *
		ConversationRoot	-1	int
+		Conversation	0x00000000 <NULL>	FStrifeDialogueNode *
+		DecalGenerator	0x00000000 <NULL>	FDecalBase *
		PrevX	-85721088	int
		PrevY	-427032576	int
		PrevZ	0	int
		PrevAngle	0	unsigned int
		PrevPortalGroup	0	int

Re: Something in map20 of Community Chest 4 is causing a cra

by drfrag » Thu Nov 08, 2018 4:10 am

No, somehow the executable was not replaced until i deleted it manually and the last commit was good.
It's the previous one:

Code: Select all

Revision: 8d58d63b6054c7aad9e77e6df6102be43640d7e8
Author: Christoph Oelckers <coelckers@zdoom.fake>
Date: 27/02/2016 1:19:57
Message:
- implemented line portal transition. Not yet tested for arbitrary portals but for static ones it is working - including camera interpolation.

----
Modified: src/p_local.h
Modified: src/p_map.cpp
Modified: src/p_tick.cpp
Modified: src/r_utility.cpp
Modified: src/r_utility.h

Re: Something in map20 of Community Chest 4 is causing a cra

by Graf Zahl » Thu Nov 08, 2018 3:26 am

What precisely happens? Are you saying that there is some code that uses spechit without clearing it first?
My guess is that it has to do with portals. Bisecting the code from back then is bound to fail because of all the branching going on. It probably picked on some merge and got confused. I have seen bisects of code that is this divergent to randomly jump between branches.

If you want to check the commit history for the place where this happened you'll have to do the bisecting manually, I fear.

Re: Something in map20 of Community Chest 4 is causing a cra

by _mental_ » Thu Nov 08, 2018 2:38 am

Are you sure? Reverting that commit didn't fix anything to me. spechit still points to lines from previous map.

Re: Something in map20 of Community Chest 4 is causing a cra

by drfrag » Wed Nov 07, 2018 5:12 pm

It's done.
Spoiler:

Code: Select all

451cac457bab13a72e37972e320ca580f6ddf15a is the first bad commit
commit 451cac457bab13a72e37972e320ca580f6ddf15a
Author: Christoph Oelckers <c.oelckers@zdoom.fake>
Date:   Fri Feb 26 18:05:58 2016 +0100

- added NULL pointer check in AActor::ClearInterpolation.

:040000 040000 272ab8c48cb469ce63c0cc52d5e0045799ffef00 1451062333eb19cc13249bc122572182a422f525 M	src

Re: Something in map20 of Community Chest 4 is causing a cra

by drfrag » Wed Nov 07, 2018 2:12 pm

And obviously that was wrong, it's between FEB 03 and SEP 18. Oops. Trying to bisect it now...

Re: Something in map20 of Community Chest 4 is causing a cra

by drfrag » Sat Nov 03, 2018 5:55 pm

Crashes with 2.2.0 so between SEP 18 and DEC 03.

Re: Something in map20 of Community Chest 4 is causing a cra

by drfrag » Sat Nov 03, 2018 5:28 pm

Just checked again and it crashes, but only happens if you start map20 after map01. So it's between 2.8.0 (FEB 03) and DEC 03.

Top