search

haxiomic / haxe-c-bridge

Easily interact with haxe classes from C with an automatically generated C header
MIT License
51 stars 5 forks source link

ASAN Crash #5

Closed haxiomic closed 3 years ago

haxiomic commented 3 years ago 
app.c:55: Hello From C
app.c:60: Starting haxe thread
app.c:67: Testing calls to haxe code
Main.hx:26: main()
app.c:69: GC Memory: 0
app.c:111: sleeping 1s to let the haxe thread event loop run (each loop waits 1ms)
app.c:113: -> HaxeLib_Main_getLoopCount() => 722
app.c:117: Trying loads of calls into the haxe main thread to measure synchronization and memory costs ...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==33120==ERROR: AddressSanitizer: BUS on unknown address 0x000104d22118 (pc 0x000104d6c193 bp 0x7000022956d0 sp 0x700002294e60 T1)
    #0 0x104d6c192 in sys::thread::EventLoop_obj::loop() EventLoop.cpp
    #1 0x104d5c1d4 in sys::thread::_Thread::Thread_Impl__obj::processEvents() Thread_Impl_.cpp:65
    #2 0x104db7c4a in __hxcpp_main __main__.cpp:31
    #3 0x104d55aee in HaxeEmbed::runUserMain(cpp::Function<void ()>, cpp::Function<void (char const*)>) HaxeEmbed.cpp:71
    #4 0x104da61dd in haxeMainThreadFunc(void*) __HaxeLib__.cpp:70
    #5 0x7fff79a512ea in _pthread_body (libsystem_pthread.dylib:x86_64+0x32ea)
    #6 0x7fff79a54248 in _pthread_start (libsystem_pthread.dylib:x86_64+0x6248)
    #7 0x7fff79a5040c in thread_start (libsystem_pthread.dylib:x86_64+0x240c)

==33120==Register values:
rax = 0x0000000104d22118  rbx = 0x0000700002295120  rcx = 0x00001000209a4423  rdx = 0x0000100000000000  
rdi = 0x0000700002294f40  rsi = 0x0000100000000000  rbp = 0x00007000022956d0  rsp = 0x0000700002294e60  
 r8 = 0x0000700002294d00   r9 = 0x0000617000010000  r10 = 0x0000617000010048  r11 = 0x00001c2e00002009  
r12 = 0x0000700002294fd0  r13 = 0x0000700002294ff0  r14 = 0x0000700002294fa0  r15 = 0x0000700002294fc0  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: BUS EventLoop.cpp in sys::thread::EventLoop_obj::loop()
Thread T1 created by T0 here:
    #0 0x10517978d in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5978d)
    #1 0x104da6db0 in HxCreateDetachedThread(void* (*)(void*), void*) Thread.h:229
    #2 0x104da6943 in HaxeLib_initializeHaxeThread __HaxeLib__.cpp:97
    #3 0x1048b3f69 in main app.c:61
    #4 0x7fff7985d3d4 in start (libdyld.dylib:x86_64+0x163d4)

==33120==ABORTING
make: *** [run] Abort trap: 6
The terminal process "/bin/bash '-c', 'make -f Makefile.mac run'" terminated with exit code: 2.
haxiomic commented 3 years ago 
app.c:57: Hello From C
app.c:62: Starting haxe thread
app.c:69: Testing calls to haxe code
Main.hx:26: main()
app.c:71: GC Memory: 0
app.c:113: sleeping 1s to let the haxe thread event loop run (each loop waits 1ms)
app.c:115: -> HaxeLib_Main_getLoopCount() => 192691
app.c:120: Trying 1000000 calls into the haxe main thread to measure synchronization and memory costs ...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==35651==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010f091f08 bp 0x70000788f6d0 sp 0x70000788ee60 T1)
==35651==The signal is caused by a READ memory access.
==35651==Hint: address points to the zero page.
    #0 0x10f091f07 in sys::thread::EventLoop_obj::loop() EventLoop.cpp:140
    #1 0x10f0821d4 in sys::thread::_Thread::Thread_Impl__obj::processEvents() Thread_Impl_.cpp:65
    #2 0x10f0ddc4a in __hxcpp_main __main__.cpp:31
    #3 0x10f07baee in HaxeEmbed::runUserMain(cpp::Function<void ()>, cpp::Function<void (char const*)>) HaxeEmbed.cpp:71
    #4 0x10f0cc1dd in haxeMainThreadFunc(void*) __HaxeLib__.cpp:70
    #5 0x7fff79a512ea in _pthread_body (libsystem_pthread.dylib:x86_64+0x32ea)
    #6 0x7fff79a54248 in _pthread_start (libsystem_pthread.dylib:x86_64+0x6248)
    #7 0x7fff79a5040c in thread_start (libsystem_pthread.dylib:x86_64+0x240c)

==35651==Register values:
rax = 0xe0bc200000000009  rbx = 0x000070000788f120  rcx = 0x1c17940000000001  rdx = 0x0000100000000000  
rdi = 0x000070000788ef20  rsi = 0x0000000000000000  rbp = 0x000070000788f6d0  rsp = 0x000070000788ee60  
 r8 = 0x000070000788ed00   r9 = 0x0000617000010000  r10 = 0x0000617000010048  r11 = 0x00001c2e00002009  
r12 = 0x000070000788efd0  r13 = 0x000070000788eff0  r14 = 0x000070000788efa0  r15 = 0x000070000788efc0  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV EventLoop.cpp:140 in sys::thread::EventLoop_obj::loop()
Thread T1 created by T0 here:
    #0 0x10f4a378d in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5978d)
    #1 0x10f0ccdb0 in HxCreateDetachedThread(void* (*)(void*), void*) Thread.h:229
    #2 0x10f0cc943 in HaxeLib_initializeHaxeThread __HaxeLib__.cpp:97
    #3 0x10f03de6c in main app.c:63
    #4 0x7fff7985d3d4 in start (libdyld.dylib:x86_64+0x163d4)

==35651==ABORTING
make: *** [run] Abort trap: 6
The terminal process "/bin/bash '-c', 'make -f Makefile.mac run'" terminated with exit code: 2.
haxiomic commented 3 years ago

Happens if loop() runs more frequently with calls into haxe main thread

while(::hx::IsNotNull( current )){
    if ((current->nextRunTime <= now)) { // <- BAD ACCESS

Maybe current becomes null in the time between these lines? Tested in haxe 4.2 development

haxiomic commented 3 years ago

https://github.com/HaxeFoundation/haxe/issues/10064

haxiomic commented 3 years ago

ooof, crashes with 4.1.4 too

app.c:57: Hello From C
app.c:62: Starting haxe thread
app.c:69: Testing calls to haxe code
Main.hx:26: main(): Hello from haxe 4.1.4 and hxcp 4.1.0
app.c:71: GC Memory: 0
app.c:113: sleeping 1s to let the haxe thread event loop run (each loop waits 1ms)
app.c:115: -> HaxeLib_Main_getLoopCount() => 308041
app.c:120: Trying 1000000000 calls into the haxe main thread to measure synchronization and memory costs ...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==37644==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010db90bb3 bp 0x7000085f5410 sp 0x7000085f53d0 T1)
==37644==The signal is caused by a READ memory access.
==37644==Hint: address points to the zero page.
    #0 0x10db90bb2 in Dynamic::operator()() Dynamic.h:304
    #1 0x10dbfa97d in haxe::EntryPoint_obj::processEvents() EntryPoint.cpp:80
    #2 0x10dbfb08e in haxe::EntryPoint_obj::run() EntryPoint.cpp:103
    #3 0x10dc12ba6 in __hxcpp_main __main__.cpp:26
    #4 0x10dbe46fe in HaxeEmbed::runUserMain(cpp::Function<void ()>, cpp::Function<void (char const*)>) HaxeEmbed.cpp:63
    #5 0x10dc0114d in haxeMainThreadFunc(void*) __HaxeLib__.cpp:70
    #6 0x7fff79a512ea in _pthread_body (libsystem_pthread.dylib:x86_64+0x32ea)
    #7 0x7fff79a54248 in _pthread_start (libsystem_pthread.dylib:x86_64+0x6248)
    #8 0x7fff79a5040c in thread_start (libsystem_pthread.dylib:x86_64+0x240c)

==37644==Register values:
rax = 0x0000000111c46dd8  rbx = 0x00007000085f54c0  rcx = 0x4053ef29ed0000c8  rdx = 0x080a7de53da00019  
rdi = 0x0000100000000000  rsi = 0x0000100000000000  rbp = 0x00007000085f5410  rsp = 0x00007000085f53d0  
 r8 = 0x00007000085f5300   r9 = 0x0000617000010000  r10 = 0x0000617000010048  r11 = 0x00001c2e00002009  
r12 = 0x00007000085f59d0  r13 = 0x00007000085f59f0  r14 = 0x00007000085f5990  r15 = 0x00007000085f59b0  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV Dynamic.h:304 in Dynamic::operator()()
Thread T1 created by T0 here:
    #0 0x10df9878d in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5978d)
    #1 0x10dc01d20 in HxCreateDetachedThread(void* (*)(void*), void*) Thread.h:229
    #2 0x10dc018b3 in HaxeLib_initializeHaxeThread __HaxeLib__.cpp:97
    #3 0x10db7fe6c in main app.c:63
    #4 0x7fff7985d3d4 in start (libdyld.dylib:x86_64+0x163d4)

==37644==ABORTING
make: *** [run] Abort trap: 6
The terminal process "/bin/bash '-c', 'make -f Makefile.mac run'" terminated with exit code: 2.
app.c:57: Hello From C
app.c:62: Starting haxe thread
app.c:69: Testing calls to haxe code
Main.hx:26: main(): Hello from haxe 4.1.4 and hxcp 4.1.0
app.c:71: GC Memory: 0
app.c:113: sleeping 1s to let the haxe thread event loop run (each loop waits 1ms)
app.c:115: -> HaxeLib_Main_getLoopCount() => 302511
app.c:120: Trying 1000000000 calls into the haxe main thread to measure synchronization and memory costs ...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==37901==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010c78844b bp 0x70000ae8c010 sp 0x70000ae8be60 T1)
==37901==The signal is caused by a READ memory access.
==37901==Hint: address points to the zero page.
    #0 0x10c78844a in haxe::Timer_obj::__construct(int)::_hx_Closure_0::_hx_run() Timer.cpp:27
    #1 0x10c787f6b in haxe::Timer_obj::__construct(int)::_hx_Closure_0::__run() Timer.cpp:30
    #2 0x10c727bd8 in Dynamic::operator()() Dynamic.h:304
    #3 0x10c765ea5 in haxe::MainLoop_obj::tick() MainLoop.cpp:206
    #4 0x10c791a6b in haxe::EntryPoint_obj::processEvents() EntryPoint.cpp:83
    #5 0x10c79208e in haxe::EntryPoint_obj::run() EntryPoint.cpp:103
    #6 0x10c7a9ba6 in __hxcpp_main __main__.cpp:26
    #7 0x10c77b6fe in HaxeEmbed::runUserMain(cpp::Function<void ()>, cpp::Function<void (char const*)>) HaxeEmbed.cpp:63
    #8 0x10c79814d in haxeMainThreadFunc(void*) __HaxeLib__.cpp:70
    #9 0x7fff79a512ea in _pthread_body (libsystem_pthread.dylib:x86_64+0x32ea)
    #10 0x7fff79a54248 in _pthread_start (libsystem_pthread.dylib:x86_64+0x6248)
    #11 0x7fff79a5040c in thread_start (libsystem_pthread.dylib:x86_64+0x240c)

==37901==Register values:
rax = 0xe34e810000000029  rbx = 0x000070000ae8bf00  rcx = 0x1c69d02000000005  rdx = 0x0000100000000000  
rdi = 0x000070000ae8bec0  rsi = 0x0000100000000000  rbp = 0x000070000ae8c010  rsp = 0x000070000ae8be60  
 r8 = 0x0000100000000000   r9 = 0x0000000110a26700  r10 = 0x000000010c8c0fe0  r11 = 0x00001c2e00002000  
r12 = 0x000070000ae8c9d0  r13 = 0x000070000ae8c9f0  r14 = 0x000070000ae8c990  r15 = 0x000070000ae8c9b0  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV Timer.cpp:27 in haxe::Timer_obj::__construct(int)::_hx_Closure_0::_hx_run()
Thread T1 created by T0 here:
    #0 0x10cf3278d in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5978d)
    #1 0x10c798d20 in HxCreateDetachedThread(void* (*)(void*), void*) Thread.h:229
    #2 0x10c7988b3 in HaxeLib_initializeHaxeThread __HaxeLib__.cpp:97
    #3 0x10c717e6c in main app.c:63
    #4 0x7fff7985d3d4 in start (libdyld.dylib:x86_64+0x163d4)

==37901==ABORTING
make: *** [run] Abort trap: 6
haxiomic commented 3 years ago 
app.c:57: Hello From C
app.c:62: Starting haxe thread
app.c:69: Testing calls to haxe code
Main.hx:26: main(): Hello from haxe 4.1.4 and hxcp 4.1.0
app.c:71: GC Memory: 0
app.c:113: sleeping 1s to let the haxe thread event loop run (each loop waits 1ms)
app.c:115: -> HaxeLib_Main_getLoopCount() => 307605
app.c:120: Trying 1000000000 calls into the haxe main thread to measure synchronization and memory costs ...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==37994==ERROR: AddressSanitizer: SEGV on unknown address 0x20a800000018 (pc 0x00010de04bec bp 0x700002ea59b0 sp 0x700002ea5980 T1)
==37994==The signal is caused by a READ memory access.
    #0 0x10de04beb in hx::ObjectPtr<haxe::MainEvent_obj>::operator=(hx::ObjectPtr<haxe::MainEvent_obj> const&) Object.h
    #1 0x10de066bb in haxe::MainLoop_obj::sortEvents() MainLoop.cpp:103
    #2 0x10de08863 in haxe::MainLoop_obj::tick() MainLoop.cpp:196
    #3 0x10de34a6b in haxe::EntryPoint_obj::processEvents() EntryPoint.cpp:83
    #4 0x10de3508e in haxe::EntryPoint_obj::run() EntryPoint.cpp:103
    #5 0x10de4cba6 in __hxcpp_main __main__.cpp:26
    #6 0x10de1e6fe in HaxeEmbed::runUserMain(cpp::Function<void ()>, cpp::Function<void (char const*)>) HaxeEmbed.cpp:63
    #7 0x10de3b14d in haxeMainThreadFunc(void*) (Main-debug.dylib:x86_64+0x7714d)
    #8 0x7fff79a512ea in _pthread_body (libsystem_pthread.dylib:x86_64+0x32ea)
    #9 0x7fff79a54248 in _pthread_start (libsystem_pthread.dylib:x86_64+0x6248)
    #10 0x7fff79a5040c in thread_start (libsystem_pthread.dylib:x86_64+0x240c)

==37994==Register values:
rax = 0x000020a800000018  rbx = 0x0000700002ea5b00  rcx = 0x0000100000000000  rdx = 0x0000700002ea59f0  
rdi = 0x000020a800000018  rsi = 0x0000700002ea5a60  rbp = 0x0000700002ea59b0  rsp = 0x0000700002ea5980  
 r8 = 0x0000100000000000   r9 = 0x0000700002ea5a00  r10 = 0x0000700002ea5ac0  r11 = 0x0000700002ea5ad0  
r12 = 0x00001e00005d4b38  r13 = 0x000000010df5d2e0  r14 = 0x0000700002ea5ae0  r15 = 0x0000700002ea5af0  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV Object.h in hx::ObjectPtr<haxe::MainEvent_obj>::operator=(hx::ObjectPtr<haxe::MainEvent_obj> const&)
Thread T1 created by T0 here:
    #0 0x10e1d278d in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5978d)
    #1 0x10de3bd20 in HxCreateDetachedThread(void* (*)(void*), void*) (Main-debug.dylib:x86_64+0x77d20)
    #2 0x10de3b8b3 in HaxeLib_initializeHaxeThread (Main-debug.dylib:x86_64+0x778b3)
Provided dSYM: [/Users/geo/Projects/haxe-embed/test/unit/./app.dSYM/Contents/Resources/DWARF/app] does not match symbol owner 0x7fc7c9b00860
    #3 0x10ddbce6c in main (app:x86_64+0x100000e6c)
    #4 0x7fff7985d3d4 in start (libdyld.dylib:x86_64+0x163d4)

==37994==ABORTING
Abort trap: 6
haxiomic commented 3 years ago

Theory: The event allocated on the external thread gets collected by that thread even though it will later be used by the main thread and autoAttach isn't enough to properly integrate with the hxcpp GC

haxiomic commented 3 years ago

adding __hxcpp_collect(true); before detaching seems to help, but memory still behaves differently to a haxe created thread (and slowly increases)

haxiomic commented 3 years ago

We need a way to queue calls and data for the main thread without allocating on the hxcpp GC -> Done