MacOS Unable to load content with beetle PSX HW (Sementation Fault)

[joaodriessen]

Loading content using the Beetle PSX HW core on MacOS High Sierra causes a crash. (beetle PSX cpu works fine).

System Specs: MacBook Pro 13-inch early 2011, intel HD Graphics 3000. MacOS High Sierra.

Crash Log: (edited for sanity)

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 mednafen_psx_hw_libretro.dylib 0x0000000113d34cc9 rsx_gl_prepare_frame() + 25 1 mednafen_psx_hw_libretro.dylib 0x0000000113f0e8be retro_run + 46 2 libretro.RetroArch 0x00000001000595b0 core_run + 131 3 libretro.RetroArch 0x000000010005c3f0 runloop_iterate + 4183 4 libretro.RetroArch 0x0000000100003e90 -[RetroArch_OSX rarch_main] + 61 5 com.apple.Foundation 0x00007fff56841985 NSThreadPerformPerform + 334 6 com.apple.CoreFoundation 0x00007fff54751941 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 17 7 com.apple.CoreFoundation 0x00007fff5480933c CFRunLoopDoSource0 + 108 8 com.apple.CoreFoundation 0x00007fff5473498c CFRunLoopDoSources0 + 300 9 com.apple.CoreFoundation 0x00007fff54733dad CFRunLoopRun + 1293 10 com.apple.CoreFoundation 0x00007fff54733607 CFRunLoopRunSpecific + 487 11 com.apple.HIToolbox 0x00007fff53a48866 RunCurrentEventLoopInMode + 286 12 com.apple.HIToolbox 0x00007fff53a484df ReceiveNextEventCommon + 366 13 com.apple.HIToolbox 0x00007fff53a48354 _BlockUntilNextEventMatchingListInModeWithFilter + 64 14 com.apple.AppKit 0x00007fff51d459f7 _DPSNextEvent + 2085 15 com.apple.AppKit 0x00007fff524dad98 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 16 com.apple.AppKit 0x00007fff51d3a805 -[NSApplication run] + 764 17 com.apple.AppKit 0x00007fff51d099a6 NSApplicationMain + 804 18 libretro.RetroArch 0x000000010000170c start + 52

Full log here: RetroArch_2017-10-15-161724_SilverSurfer.txt

[rz5]

I appreciate the massive amount of info but I'm mostly interested in the stack trace.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 mednafen_psx_hw_libretro.dylib    0x0000000113d34cc9 rsx_gl_prepare_frame() + 25
1 mednafen_psx_hw_libretro.dylib    0x0000000113f0e8be retro_run + 46
2 libretro.RetroArch 0x00000001000595b0 core_run + 131
3 libretro.RetroArch 0x000000010005c3f0 runloop_iterate + 4183
4 libretro.RetroArch 0x0000000100003e90 -[RetroArch_OSX rarch_main] + 61

This suggests the crash happens inside rsx_gl_prepare_frame() which which line exactly? If you're able to, compile a debug build (git clone https://github.com/libretro/beetle-psx-libretro && cd beetle-psx-libretro && make -j4 HAVE_HW=1 DEBUG=1) so I can have more info.

I'll push some changes so there's an extra null check in there.

[joaodriessen]

Thanks for the compilation instructions.

Here's the crash log of Retroarch using the compiled core (with DEBUG=1): (Ps. I apologise for the massive amount of info, I'm not able to discern what parts are useful or not)

Crashlog: (edited for sanity)

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libretro.RetroArch 0x0000000100034b48 input_poll + 46 1 libretro.RetroArch 0x000000010005909e core_input_state_poll + 45 2 mednafen_psx_hw_libretro.dylib 0x00000001125e1e48 update_input() + 152 (libretro.cpp:3600) 3 mednafen_psx_hw_libretro.dylib 0x00000001125e11ff retro_run + 687 (libretro.cpp:3809) 4 libretro.RetroArch 0x00000001000595b0 core_run + 131 5 libretro.RetroArch 0x000000010005c3f0 runloop_iterate + 4183 6 libretro.RetroArch 0x0000000100003e90 -[RetroArch_OSX rarch_main] + 61 7 com.apple.Foundation 0x00007fff56841985 NSThreadPerformPerform + 334 8 com.apple.CoreFoundation 0x00007fff54751941 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 17 9 com.apple.CoreFoundation 0x00007fff5480933c CFRunLoopDoSource0 + 108 10 com.apple.CoreFoundation 0x00007fff5473498c CFRunLoopDoSources0 + 300 11 com.apple.CoreFoundation 0x00007fff54733dad CFRunLoopRun + 1293 12 com.apple.CoreFoundation 0x00007fff54733607 CFRunLoopRunSpecific + 487 13 com.apple.HIToolbox 0x00007fff53a48866 RunCurrentEventLoopInMode + 286 14 com.apple.HIToolbox 0x00007fff53a484df ReceiveNextEventCommon + 366 15 com.apple.HIToolbox 0x00007fff53a48354 _BlockUntilNextEventMatchingListInModeWithFilter + 64 16 com.apple.AppKit 0x00007fff51d459f7 _DPSNextEvent + 2085 17 com.apple.AppKit 0x00007fff524dad98 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 18 com.apple.AppKit 0x00007fff51d3a805 -[NSApplication run] + 764 19 com.apple.AppKit 0x00007fff51d099a6 NSApplicationMain + 804 20 libretro.RetroArch 0x000000010000170c start + 52

Full log here: RetroArch_2017-10-15-222118_SilverSurfer.txt

[rz5]

Now it crashes elsewhere. For future reference, this is the section that I'm looking at

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libretro.RetroArch 0x0000000100034b48 input_poll + 46
1 libretro.RetroArch 0x000000010005909e core_input_state_poll + 45
2 mednafen_psx_hw_libretro.dylib    0x00000001125e1e48 update_input() + 152 (libretro.cpp:3600)
3 mednafen_psx_hw_libretro.dylib    0x00000001125e11ff retro_run + 687 (libretro.cpp:3809)
4 libretro.RetroArch 0x00000001000595b0 core_run + 131
5 libretro.RetroArch 0x000000010005c3f0 runloop_iterate + 4183
6 libretro.RetroArch 0x0000000100003e90 -[RetroArch_OSX rarch_main] + 61
7 com.apple.Foundation 0x00007fff56841985 __NSThreadPerformPerform + 334
8 com.apple.CoreFoundation 0x00007fff54751941 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 17
9 com.apple.CoreFoundation 0x00007fff5480933c __CFRunLoopDoSource0 + 108
10 com.apple.CoreFoundation 0x00007fff5473498c __CFRunLoopDoSources0 + 300
11 com.apple.CoreFoundation 0x00007fff54733dad __CFRunLoopRun + 1293
12 com.apple.CoreFoundation 0x00007fff54733607 CFRunLoopRunSpecific + 487
13 com.apple.HIToolbox 0x00007fff53a48866 RunCurrentEventLoopInMode + 286
14 com.apple.HIToolbox 0x00007fff53a484df ReceiveNextEventCommon + 366
15 com.apple.HIToolbox 0x00007fff53a48354 _BlockUntilNextEventMatchingListInModeWithFilter + 64
16 com.apple.AppKit 0x00007fff51d459f7 _DPSNextEvent + 2085
17 com.apple.AppKit 0x00007fff524dad98 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
18 com.apple.AppKit 0x00007fff51d3a805 -[NSApplication run] + 764
19 com.apple.AppKit 0x00007fff51d099a6 NSApplicationMain + 804
20 libretro.RetroArch 0x000000010000170c start + 52

@joaodriessen - is this the only core that crashes for you? All I can think if is to suggest that you change the input driver RetroArch is using...

[joaodriessen]

Unfortunately Beetle-PSX-HW is the only core that's crashing on my system.

On the MacOS build of Retroarch the only available input driver is Cocoa. However, switching Retroarch's driver to "null" causes Retroarch to crash when moving the mouse/trackpad on next launch. (I'll report this to the Retroarch guys later today)

FIY here's the contents of that crashlog:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libretro.RetroArch 0x000000010000366b -[RApplication sendEvent:] + 136 1 libretro.RetroArch 0x0000000100004914 ui_application_cocoa_process_events + 141 2 libretro.RetroArch 0x0000000100003e88 -[RetroArch_OSX rarch_main] + 53 3 com.apple.Foundation 0x00007fff56841985 NSThreadPerformPerform + 334 4 com.apple.CoreFoundation 0x00007fff54751941 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 17 5 com.apple.CoreFoundation 0x00007fff5480933c CFRunLoopDoSource0 + 108 6 com.apple.CoreFoundation 0x00007fff54734930 CFRunLoopDoSources0 + 208 7 com.apple.CoreFoundation 0x00007fff54733dad CFRunLoopRun + 1293 8 com.apple.CoreFoundation 0x00007fff54733607 CFRunLoopRunSpecific + 487 9 com.apple.HIToolbox 0x00007fff53a48866 RunCurrentEventLoopInMode + 286 10 com.apple.HIToolbox 0x00007fff53a484df ReceiveNextEventCommon + 366 11 com.apple.HIToolbox 0x00007fff53a48354 _BlockUntilNextEventMatchingListInModeWithFilter + 64 12 com.apple.AppKit 0x00007fff51d459f7 _DPSNextEvent + 2085 13 com.apple.AppKit 0x00007fff524dad98 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 14 com.apple.AppKit 0x00007fff51d3a805 -[NSApplication run] + 764 15 com.apple.AppKit 0x00007fff51d099a6 NSApplicationMain + 804 16 libretro.RetroArch 0x000000010000170c start + 52

Full log here: RetroArch_2017-10-16-083035_SilverSurfer.txt

[csnover]

I ran into this problem and did some debugging. I don’t enough about RetroArch to know what is the correct solution, but I know what is happening:

When starting the core, retroarch_main_init first calls driver_ctl, which calls to input_driver_find_driver, which sets current_input for the input system. Then it calls drivers_init, which through a series of other calls[1] ends up in cocoagl_gfx_ctx_input_driver. Pointer to current_input is passed as the input_data argument to this function, and this function unconditionally sets it to NULL, so later when this core polls for input, the RetroArch code dereferences a null pointer and crashes[2].

[1]: The call stack which clears current_input:

  * frame #0: 0x0000000100003dcf RetroArch`cocoagl_gfx_ctx_input_driver(data=0x0000000101262560, name="hid", input=0x0000000100423c60, input_data=0x0000000100423c58) at cocoa_gl_ctx.m:617
    frame #1: 0x0000000100048998 RetroArch`video_context_driver_input_driver(inp=0x00007fff5fbfd4f0) at video_driver.c:3116
    frame #2: 0x000000010002b9fd RetroArch`gl_init(video=0x00007fff5fbfd600, input=0x0000000100423c60, input_data=0x0000000100423c58) at gl.c:1950
    frame #3: 0x000000010004587e RetroArch`video_driver_init_internal(video_is_threaded=0x00007fff5fbfd67b) at video_driver.c:1061
    frame #4: 0x000000010004515f RetroArch`video_driver_init(video_is_threaded=0x00007fff5fbfd67b) at video_driver.c:1762
    frame #5: 0x0000000100059678 RetroArch`drivers_init(flags=511) at driver.c:354
    frame #6: 0x000000010008d168 RetroArch`retroarch_main_init(argc=10, argv=0x00007fff5fbfd8f0) at retroarch.c:1304

[2]: The call stack which crashes trying to dereference current_input:

  * frame #0: 0x0000000100049fd6 RetroArch`input_poll at input_driver.c:571
    frame #1: 0x000000010008c393 RetroArch`core_input_state_poll(port=0, device=1, idx=0, id=2) at core_impl.c:75
    frame #2: 0x00000001110adeca mednafen_psx_hw_libretro.dylib`input_update(input_state_cb=(RetroArch`core_input_state_poll at core_impl.c:71))(unsigned int, unsigned int, unsigned int, unsigned int)) at input.cpp:484
    frame #3: 0x000000011109eb12 mednafen_psx_hw_libretro.dylib`::retro_run() at libretro.cpp:3476
    frame #4: 0x000000010008caff RetroArch`core_run at core_impl.c:415

[csnover]

Note that there are other cores like Mupen64Plus which use OpenGL and do not crash like this. So looking at what this core is doing in terms of initialisation which is different from those other OpenGL-using cores would probably be instructive in tracking down what’s missing/wrong.

[rz5]

@csnover - Try to change RetroArch's gfx/drivers_context/cocoa_gl_ctx.m

Change the body of cocoagl_gfx_ctx_input_driver to something like:

static void cocoagl_gfx_ctx_input_driver(
      void *data,
      const char *name,
      const input_driver_t **input, void **input_data)
{
   (void)data;
   (void)input;
   (void)input_data;
}

This will stop the particular null dereferencing you ran into. If it doesn't further break beetle-psx or mupen64p, it may be a candidate for a fix.

@twinaphex - hi. Git blame says you were the last person to touch on the offending function above. Do you remember why the cocoa context driver is unconditionally setting those two pointers to NULL? Wouldn't it be wiser to init and use e.g. SDL?

[csnover]

Sorry, I should have mentioned that I did at least check to see what happens by making that function a no-op before sending this update, it just causes a different null dereference of apple at cocoa_input.c:302 at startup of RetroArch itself.