#1102 Crash on finishing wxWidgets project wizard

[Miguel Gimenez]

I was testing PB changes to the wxWidgets wizard (see the forum when I got a crash after pressing Finish. This crash happens also with the original wizard, and this is the stack trace:

#0 ??   ScriptBindings::CompileOptionsBase_StringParam<&CompileOptionsBase::AddIncludeDir> (v=0x8b70138) (C:\Codeblocks\src\sdk\scripting\bindings\scriptbindings.cpp:286)
#1 0x22ce09d    SQVM::CallNative(this=0x8b70138, nclosure=0x8b4d6a8, nargs=2, newbase=5, retval=..., suspend=@0x28db2f: false) (C:\Codeblocks\src\sdk\scripting\squirrel\sqvm.cpp:1224)
#2 0x22c9b2b    SQVM::Execute(this=0x8b70138, closure=..., nargs=2, stackbase=1, outres=..., raiseerror=1, et=SQVM::ET_CALL) (C:\Codeblocks\src\sdk\scripting\squirrel\sqvm.cpp:789)
#3 0x22cfcc8    SQVM::Call(this=0x8b70138, closure=..., nparams=2, stackbase=1, outres=..., raiseerror=1) (C:\Codeblocks\src\sdk\scripting\squirrel\sqvm.cpp:1593)
#4 0x22b30ff    sq_call(v=0x8b70138, params=2, retval=1, raiseerror=1) (C:\Codeblocks\src\sdk\scripting\squirrel\sqapi.cpp:1155)
#5 0x15dc81c4   ScriptBindings::Caller::CallRaw(this=0x28dff8, hasReturn=true) (C:\Codeblocks\src\include\scripting\bindings\sc_utils.h:1446)
#6 0x15dc7b13   ScriptBindings::Caller::CallAndReturn1<bool, cbProject*>(this=0x28dff8, returnValue=@0x28dff7: false, arg0=0xaeee4a8) (C:\Codeblocks\src\include\scripting\bindings\sc_utils.h:1490)
#7 0x15dc7ccd   ScriptBindings::Caller::CallByNameAndReturn1<bool, cbProject*>(this=0x28dff8, functionName=0x15dd9d0e <_ZN7BlkAllcL7verboseE+2971> "SetupProject", returnValue=@0x28dff7: false, arg0=0xaeee4a8) (C:\Codeblocks\src\include\scripting\bindings\sc_utils.h:1467)
#8 0x15da49b3   Wiz::RunProjectWizard(this=0xef2e9a8, pFilename=0x28f160) (C:\Codeblocks\src\plugins\scriptedwizard\wiz.cpp:547)
#9 0x15da2d4f   Wiz::Launch(this=0xef2e9a8, index=32, pFilename=0x28f160) (C:\Codeblocks\src\plugins\scriptedwizard\wiz.cpp:365)
#10 0x21505bf   TemplateManager::NewFromTemplate(this=0xaca7c38, dlg=..., pFilename=0x28f160) (C:\Codeblocks\src\sdk\templatemanager.cpp:108)
#11 0x21504f5   TemplateManager::New(this=0xaca7c38, initial=totProject, pFilename=0x28f160) (C:\Codeblocks\src\sdk\templatemanager.cpp:96)
#12 0x48e054    MainFrame::OnFileNewWhat(this=0x8caf908, event=...) (C:\Codeblocks\src\src\main.cpp:2657)
#13 0x62a43222  wxAppConsoleBase::HandleEvent(wxEvtHandler*, void (wxEvtHandler::*)(wxEvent&) (C:\Windows\system32\wxmsw315u_gcc_custom.dll:??)
#14 0x28f750    ?? () (??:??)

From the RPT:

codeblocks.exe caused an Access Violation at location 697DC3DB in module codeblocks.dll Reading from location 0034007C.

[Miguel Gimenez]

I can confirm the crash on 32 bits, 64 bits is OK.

Steps to reproduce with current wizard:
Select New -> Project -> wxWidgets
wxWidgets 3.1
wxSmith / Frame based
Location = $(#wx31) or absolute path, it does not matter
GNU GCC, check release only
Check "Use wxWidgets DLL", "Monolithic library", "Enable Unicode"
* Click Finish

Then C::B dissapears silently with the stack trace from the original post.

Using C::B r12450, wxWidgets 3.1.5, MinGW-w64 8.1.0, W10 and W7

[Teodor Petrov]

It happens on one of the 3 AddIncludeDir calls in the script. Can you tell me which one? I don't have 32bit version, so it will be hard for me to test this.

[Miguel Gimenez]

It happens on the very first call.

After the call to extractor.Process("CompileOptionsBase_AddOption") local variables have these values:

extractor.m_vm = 0x8a26710
extractor.p0 = 0xbaadfood <- obvious invalid value
extractor.p1 = 0x202be2f8

[Teodor Petrov]

Where in the script does this happen?
Does scripting tests pass for this build?
To test load the sdk_tests.script and run SdkTest().Run() or load the script_test_plugin.script and then use the Plugin menu to start the tests (click cancel on the printing dialog).

[Miguel Gimenez]

Where in the script does this happen?

How can I now, may I step through the script?. I think it is in line 643:

project.AddIncludeDir(WxPath + _T("/include"));

The wx test fails here:

======= Test wx String unicode BEGINN ======= 
test string: !5Aa ЉЩщӃ ウインカリ
[ERROR] Test: This implementation doesn't support UNICODE...MADE-FAILED
[ERROR]     not implemented, as you can see on the wrong test string (it has to show Cyrillic  and ?Japanese? symbols

Executed tests: 0
passed tests:   0
failed tests:   1
======= Test wx String unicode END ======= 

The SDK test closes C::B just like the wizard does. I have attached a capture of the console.

The call stack in this case is

#0 ??   ScriptBindings::EditorBase_Close (v=0x8a16710) (C:\Codeblocks\src\sdk\scripting\bindings\scriptbindings.cpp:1704)
#1 0x29ee09d    SQVM::CallNative(this=0x8a16710, nclosure=0x8f0cdb8, nargs=1, newbase=13, retval=..., suspend=@0x1ebee93: false) (C:\Codeblocks\src\sdk\scripting\squirrel\sqvm.cpp:1224)
#2 0x29e9b2b    SQVM::Execute(this=0x8a16710, closure=..., nargs=2, stackbase=1, outres=..., raiseerror=1, et=SQVM::ET_CALL) (C:\Codeblocks\src\sdk\scripting\squirrel\sqvm.cpp:789)
#3 0x29efcc8    SQVM::Call(this=0x8a16710, closure=..., nparams=2, stackbase=1, outres=..., raiseerror=1) (C:\Codeblocks\src\sdk\scripting\squirrel\sqvm.cpp:1593)
#4 0x29d30ff    sq_call(v=0x8a16710, params=2, retval=0, raiseerror=1) (C:\Codeblocks\src\sdk\scripting\squirrel\sqapi.cpp:1155)
#5 0x2a5e3d4    ScriptBindings::Caller::CallRaw(this=0x1ebf2a4, hasReturn=false) (C:\Codeblocks\src\include\scripting\bindings\sc_utils.h:1446)
#6 0x2a5ddf0    ScriptBindings::Caller::CallByName1<int>(this=0x1ebf2a4, functionName=0x2bdc92c <_ZN7BlkAllcL7verboseE+843> "OnMenuClicked", arg0=1) (C:\Codeblocks\src\include\scripting\bindings\sc_utils.h:1562)
#7 0x2851293    ScriptBindings::ScriptPluginWrapper::CallScriptMenu(callbackName=0x2bdc92c <_ZN7BlkAllcL7verboseE+843> "OnMenuClicked", id=2697, errorPrefix=...) (C:\Codeblocks\src\sdk\scripting\bindings\sc_plugin.cpp:186)
#8 0x285158b    ScriptBindings::ScriptPluginWrapper::OnScriptMenu(id=2697) (C:\Codeblocks\src\sdk\scripting\bindings\sc_plugin.cpp:197)
#9 0x286b77f    ScriptingManager::Data::OnScriptPluginMenu(this=0x8dd2260, event=...) (C:\Codeblocks\src\sdk\scriptingmanager.cpp:702)
#10 0x62a43222  wxAppConsoleBase::HandleEvent(wxEvtHandler*, void (wxEvtHandler::*)(wxEvent&) (C:\WINDOWS\SYSTEM32\wxmsw315u_gcc_custom.dll:??)
#11 0x1ebf6c4   ?? () (??:??)
#12 0x10    ?? () (??:??)
#13 0x8a106f0   ?? () (??:??)

and p0 is equal to 0xbaadfood again

[Teodor Petrov]

Annoying... now I'll have to build and try to debug 32bit builds on Windows :(
Can you tell me the exact compiler you're using? Posting a link for download would be best.

[Miguel Gimenez]

The compiler is

gcc version 8.1.0 (i686-posix-sjlj-rev0, Built by MinGW-W64 project)

Link

[Teodor Petrov]

I can reproduce this, but as always debugging is impossible... What debugger executable/release do you use?

[Miguel Gimenez]

I use GDB included in the compiler:

GNU gdb (GDB) 8.1
This GDB was configured as "i686-w64-mingw32"

[Miguel Gimenez]

Bluehazzard recommends this

[Teodor Petrov]

Something is corrupting memory.
I need a debugger which has working data breakpoints. Is there something like this on windows.
The 8.1.0 debugger doesn't have working data breakpoints or at least I cannot make them work.

I'll try the 10.1.90 release, but given I've never had any luck with pre-release versions of GDB I don't have high hopes. :(

@bluehazzard Any advice? 32bit debugger is required for the job.

[Teodor Petrov]

The gdb from the link fails the same way...

[Teodor Petrov]

I guess the failure should have been treated as a clue. I know what it is, now I have to find out why it happens and how to prevent it...

[Miguel Gimenez]

May be a long shot, but adding -fno-strict-aliasing to the Squirrel target (like their makefiles do) the SDK test does not explode but shows a Script error message:

OnScriptMenu: Extracting 'P10EditorBase' in 'EditorBase::Close' failed for index 1

and this call stack

error: CALLSTACK
error: *FUNCTION [test_replace_macros()] C:\Codeblocks\src\scripts\tests/sdk_test.script line [63]
error: *FUNCTION [Run()] C:\Codeblocks\src\scripts\tests/sdk_test.script line [11]
error: *FUNCTION [StartSDKTest()] C:\Codeblocks\src\scripts\tests\script_test_plugin.script line [90]
error: *FUNCTION [OnMenuClicked()] C:\Codeblocks\src\scripts\tests\script_test_plugin.script line [62]
error:
error: LOCALS
error: [testStr] " echo "I'd say: \"Go for it!\""""
error: [testEditor] INSTANCE
error: [this] INSTANCE
error: [this] INSTANCE
error: [sdk] INSTANCE
error: [this] INSTANCE
error: [index] 1
error: [this] INSTANCE

[Miguel Gimenez]

If strict-aliasing is allowed then

access by taking the address, casting the resulting pointer and dereferencing the result has undefined behavior, even if the cast uses a union type

Source

and precisely that is happening here and there in Squirrel API, for example in sc_utils.h:336

    UserDataForType<UserType> &data = *reinterpret_cast<UserDataForType<UserType>*>(ptr);

[Teodor Petrov]

Nope this has nothing to do with the problem. The actual problem happens because for some strange reason alignof(cbProject) returns 8 and alignof(cbProject base class) returns 4. This mismatch moves where userptr is stored when accessed as cbProject and when accessed as one of cbProject bases. This affects only two classes in the current bindings: cbEditor and cbProject. No idea why this is happening yet.

You can workaround the problem if you add another smax(x, 8) to the align clause of the userdata member.

I have no idea what in squirrel changes with the no-strict-aliasing flag to make it progress further and prevent the crash. I'll investigate.

[Teodor Petrov]

Partial fix available in this branch https://github.com/obfuscated/codeblocks_sf/tree/scripting/32bit_crash
Any testing would be welcome.
It seems the ModPuller plugin messes up the test suite a bit... :( But this is kind of unrelated.

[Miguel Gimenez]

All the test pass but two, and both look the same:

[ERROR] Test: cbProject::AddFile 2: weight..........FAILED
[ERROR]     got:    50
[ERROR]     needed: 17

The Security Warning dialog does not seem to work properly, if you select any of the "Mark this script as trusted..." options the current command is executed, but you are asked again in the next command.

The wxWidgets project wizard works again.

[Teodor Petrov]

Good, we're back to normal then :) (the failures are expected)

[Miguel Gimenez]

The problem with marking scripts as trusted is described in ticket 973. They are not trusted during execution, and later they do not appear in Scripting settings -> Trusts