[Fixed] [ZScript] GC crash

Bugs that have been investigated and resolved somehow.

Moderator: GZDoom Developers

[ZScript] GC crash

Postby RaveYard » Mon May 15, 2017 2:59 pm

Very specific ZScript code that causes crash upon garbage collection.

If struct ChunkSegmentRenderContext (located in "ZScript/DoomCraft/Core/Main.txt") is copy pasted into ZScript.txt, everything works fine.

http://www.mediafire.com/file/eqdbfs6d0 ... _Crash.pk3

Code: Select allExpand view
Code: C0000005 (Access Violation - tried to read address FFFFFFFFFFFFFFFF)


Bad luck... :cry:
RaveYard
 
Joined: 12 Apr 2013

Re: [ZScript] GC crash

Postby Graf Zahl » Fri May 19, 2017 5:08 am

There's a code generation issue with the included struct which breaks the array access in Chunk.Init.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: [ZScript] GC crash

Postby RaveYard » Mon May 22, 2017 8:29 am

Any progress on this?

Another issue like this popped up in my mod and it's now completely unplayable... :|
RaveYard
 
Joined: 12 Apr 2013

Re: [ZScript] GC crash

Postby Graf Zahl » Sat Sep 02, 2017 4:36 am

I just want to note that this is partially fixed, but the generated code still isn't 100% correct - so it looks like there's a second issue at play.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: [ZScript] GC crash

Postby phantombeta » Sat Aug 15, 2020 6:35 am

"Array<struct> [size]" (The internal VM type for structs) is getting the wrong element size for structs. For some reason, the ChunkSegment struct gets an ElementSize of 8, despite taking up 24 bytes.
It appears that the type data at compile time thinks the struct's size is 8, while the final type data doesn't.

Edit: I believe I've found the source of the issue. It's caused by the field compilation function only checking if the type's size is 0 when making sure the type has a known size.
User avatar
phantombeta
In the meadow of sinful thoughts, every flower's a perfect one
 
Joined: 02 May 2013
Location: Brazil, South America, Earth, Orion-Cygnus Arm, Milky Way
Discord: phantombeta#2461
Twitch ID: phantombeta_
Github ID: Doom2fan
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: [ZScript] GC crash

Postby phantombeta » Sat Aug 15, 2020 7:43 am

Sorry for the double post, but IMO it's important enough to warrant a new post:
I've PR'ed a fix - seems to work fine with no issues, but idk, felt safer to PR it.
User avatar
phantombeta
In the meadow of sinful thoughts, every flower's a perfect one
 
Joined: 02 May 2013
Location: Brazil, South America, Earth, Orion-Cygnus Arm, Milky Way
Discord: phantombeta#2461
Twitch ID: phantombeta_
Github ID: Doom2fan
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: [ZScript] GC crash

Postby Graf Zahl » Sat Aug 15, 2020 7:55 am

Have you found out what makes the compiler miscalculate? Adding a patch is fine but this looks a bit like it tries to hide the real bug by ignoring the original value.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: [ZScript] GC crash

Postby phantombeta » Sat Aug 15, 2020 8:20 am

Graf Zahl wrote:Have you found out what makes the compiler miscalculate? Adding a patch is fine but this looks a bit like it tries to hide the real bug by ignoring the original value.

It's not that it was miscalculating, it's because the fields simply hadn't been compiled yet.

So, the compilation of classes' and structs' fields is done in a loop until it has made sure all fields have been compiled. This is for reasons that'll be clear soon.
While compiling "ChunkSegment"'s fields, it'll hit "renderContext". This is of type "ChunkSegmentRenderContext", which is in a include file and hasn't been compiled yet; Since it's not compiled yet, its size is unknown.
This is okay, as it'll stop the struct's compilation for now, and let it try again for the next iteration of the loop, where the field's size should already be known - but note that, by this point, the "Size" member is already non-zero.

Some time after that, it'll reach the "Chunk" class. Note that this is the same iteration as before: that means "ChunkSegment" still hasn't been fully compiled yet, and its actual size is not known. Next, it tries to compile the "segments" array. This would normally fail and defer to the next iteration (like "ChunkSegment" did), but it doesn't as ChunkSegment stopped compiling in the middle of the fields, and because of that, the size is non-zero.
As the only way it checks if a type has a known size is by checking if it's not zero, that means it thinks "ChunkSegment" is done compiling prematurely, and miscompiles "Chunk"'s fields.

There's only two ways to fix this as far as I know: Add a way for it to actually know if the type really has a known size, so it can fail and defer to the next iteration (what I did) or completely rewriting that part of the compiler to work recursively instead of the way it does right now. Both are perfectly valid ways to fix it.
Obviously, the latter is not really feasible, as it would require a fairly massive amount of work.
User avatar
phantombeta
In the meadow of sinful thoughts, every flower's a perfect one
 
Joined: 02 May 2013
Location: Brazil, South America, Earth, Orion-Cygnus Arm, Milky Way
Discord: phantombeta#2461
Twitch ID: phantombeta_
Github ID: Doom2fan
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: [ZScript] GC crash

Postby Graf Zahl » Sat Aug 15, 2020 8:24 am

Thanks for the explanation. Yes, in that case the fix is ok. Rewriting the lookup to be recursive wouldn't really make it any more robust, it'd cause a completely different group of problems, the amount of work required nonwithstanding.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany


Return to Closed Bugs

Who is online

Users browsing this forum: No registered users and 0 guests