#1152 C::B crashes in Linux in a minimal HelloWorld program

[Tiger Beard]

CodeBlocks ref12535 crashes in Linux on a regular basis. I checked a self compiled version and the pre-compiled versions provided in the nightly builds thread in the Xavier repository. The regular crashes are in a project too large to pinpoint the situations. The following is a reproducable way I can get the revision to crash on multiple Ubuntu 18.04 computers.

Use a Hello-World console project and enter this minimal code.

class CTest
{ 
    void foo();
    int nBar; 
};

void CTest::foo() {
 }

main()
{
return 0;
}

Follow this procedure to reproduce. Others could reproduce this only with one setting of Settings -> Editor -> Code Completion, " Update parser when typing (on save otherwise)". In my installations it will crash with both this option checked and unchecked.

1. Open the above mentioned project. Select the Symbol Browser Tab and open CTest. It should show the function and the member variable
2. change: void CTest::foo() -> int CTest::foo()
3. Ctrl-S to save.
4. Double click on the symbol browser tree on "foo()" or "nBar"
   I observed one of the following behaviours
   a) ASSERT Window. The Backtrace includes "OnTreeDoubleClick". After the Assert windows I always get a crash with a few more clicks to various symbol tree times
   b) crash
   c) C:B hangs, so I have to kill the process.

Here is the system Info.
Name : Code::Blocks
Version : svn-r12535
SDK Version : 2.16.0
Scintilla Version : 3.7.5
Author : The Code::Blocks Team
E-mail : info@codeblocks.org
Website : http://www.codeblocks.org
OS : Linux 4.15.0-159-generic x86_64
Scaling factor : 1,000000
Detected scaling factor: 0,989583
Display PPI : 96x95
Display count : 1
Display 0 : XY=[0,0]; Size=[1920,1080]; Primary

Reference: https://forums.codeblocks.org/index.php?topic=24699.new;topicseen#new

This is the call stack provided by another used running a CB debug version.

#0 0x7fffe1fc147e   BasicSearchTree::GetString(SearchTreePoint const&, unsigned long) const(this=0x7fffc0075590, nn=..., top=0) (/home/ubuntu/code/codeblocks/gtk3-unicode-3.0/build/AC-WindowsInstaller/src/plugins/codecompletion/parser/searchtree.cpp:567)
#1 0x7fffe1fc13fe   BasicSearchTree::GetString(unsigned long) const(this=0x7fffc0075590, n=1) (/home/ubuntu/code/codeblocks/gtk3-unicode-3.0/build/AC-WindowsInstaller/src/plugins/codecompletion/parser/searchtree.cpp:560)
#2 0x7fffe1fd8a27   TokenTree::GetFilename(unsigned long) const(this=0x7fffc0075450, fileIdx=1) (/home/ubuntu/code/codeblocks/gtk3-unicode-3.0/build/AC-WindowsInstaller/src/plugins/codecompletion/parser/tokentree.cpp:870)
#3 0x7fffe1fcc024   Token::GetFilename() const(this=0x7fffc0034390) (/home/ubuntu/code/codeblocks/gtk3-unicode-3.0/build/AC-WindowsInstaller/src/plugins/codecompletion/parser/token.cpp:189)
#4 0x7fffe1ef05d6   ClassBrowser::OnTreeItemDoubleClick(wxTreeEvent&) (this=0x555557625070, event=...) (/home/ubuntu/code/codeblocks/gtk3-unicode-3.0/build/AC-WindowsInstaller/src/plugins/codecompletion/classbrowser.cpp:598)
#5 0x7ffff7295641   wxEvtHandler::ProcessEventIfMatchesId(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#6 0x7ffff7295743   wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#7 0x7ffff7295aa0   wxEvtHandler::TryHereOnly(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#8 0x7ffff7295b2b   wxEvtHandler::ProcessEventLocally(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#9 0x7ffff7295bd1   wxEvtHandler::ProcessEvent(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#10 0x7ffff7812f2a   wxWindowBase::TryAfter(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0:??)
#11 0x7ffff7812f2a   wxWindowBase::TryAfter(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0:??)
#12 0x7ffff7812f2a   wxWindowBase::TryAfter(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0:??)
#13 0x7ffff787c002   wxScrollHelperEvtHandler::ProcessEvent(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0:??)
#14 0x7ffff78944a2   wxGenericTreeCtrl::OnMouse(wxMouseEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0:??)
#15 0x7ffff7295641   wxEvtHandler::ProcessEventIfMatchesId(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#16 0x7ffff7295743   wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#17 0x7ffff7295aa0   wxEvtHandler::TryHereOnly(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#18 0x7ffff7295b2b   wxEvtHandler::ProcessEventLocally(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#19 0x7ffff7295bd1   wxEvtHandler::ProcessEvent(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#20 0x7ffff787c002   wxScrollHelperEvtHandler::ProcessEvent(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0:??)
#21 0x7ffff729595b   wxEvtHandler::SafelyProcessEvent(wxEvent&) () (/usr/lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0:??)
#22 0x7ffff764f82e    () at /usr/lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0 (/usr/lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0:??)
#23 0x7ffff5bb34fb    () at /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0:??)
#24 0x7ffff567b802   g_closure_invoke() (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0:??)
#25 0x7ffff568f814    () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0:??)
#26 0x7ffff569a47d   g_signal_emit_valist() (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0:??)
#27 0x7ffff569b0f3   g_signal_emit() (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0:??)
#28 0x7ffff5b5dc23    () at /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0:??)
#29 0x7ffff5a19128    () at /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0:??)

[Tiger Beard]

This is the Crash XML that was produced. It is from a non debug version, the call stack is not as complete as the ne provided above.

[Miguel Gimenez]

The tree is generated in a thread, the crash is because the main thread is accessing the tree while it is being modified.

This code at src/plugins/codecompletion/parser/searchtree.cpp:567

    if (!nn.n || nn.n==top)
        return result;

(where nn is a reference to a SearchTreePoint) fails because nn is no longer valid.

[ollydbg]

The CodeCompletion plugin has a thread pool, and the parser is running in the thread pool. While we only keep a single symbol table(the token tree).

[Tiger Beard]

@ollidbg seems you are implying that the token tree access functions are not thread safe?

[Miguel Gimenez]

When you save the file code completion rescans it and then the tree is regenerated. During this regeneration the tree is frozen and not stable (some leafs may not exist). Probably it should be disabled during regeneration.

[Miguel Gimenez]

Should be fixed in [r12689].

[Tiger Beard]

I installed V12765 and tested it. In large projects crashes are a lot better. CB does not crash as regulary, but it still does.

I checked the procedure above (same environemt) and it still crashes quite consistently. The test had Setting CC/UpdateParseWhenTyping OFF and ON. Same result.

So I guess the fix was the right thing, but still there might be some situations

[Andi]

Hi, we use Codeblocks in our school on Debian Bookworm and have many crashes, CB is hardly usable. To make sure the issue is not already fixed in latest upstream, I prepared Debian packages with the latest code base [r13429] . However, this did not change anything, students and teachers did not find any significant improvements compared to the standard Debian package. I tried to crash CB myself with these up-to-date packages and debug symbols installed as well, following the recipe described above. And indeed I manage to provoke several crashes, one when running in gdb. Attached you'll find the coredump, debug XML file and the console log of the gdb run including the backtrace. Please let me know if I can help providing a fix and thanks for developing CB!

[Andi]

Another core dump, slightly different from before. Again at src/plugins/codecompletion/parser/searchtree.cpp:567 as discussed above by @wh11204

[ollydbg]

Hi, Andi, thanks for the report. Sorry about that crash issue. I think I will reopen this issue first.

[ollydbg]

when I looked at the file codeblocksCrash.txt, and see the crash comes from the file

Thread 1 "codeblocks" received signal SIGSEGV, Segmentation fault.
BasicSearchTree::GetString (this=0xb6c376b043abed5f, n=0) at parser/searchtree.cpp:558
558     parser/searchtree.cpp: No such file or directory.
(gdb) bt
#0  BasicSearchTree::GetString (this=0xb6c376b043abed5f, n=0) at parser/searchtree.cpp:558
#1  0x00007fffd8b53d64 in TokenTree::GetFilename (this=<optimized out>, fileIdx=<optimized out>)
    at parser/tokentree.cpp:869
#2  0x00007fffd8b48f81 in Token::GetFilename (this=<optimized out>) at parser/token.cpp:189
#3  0x00007fffd8ab6d27 in ClassBrowser::OnTreeItemDoubleClick (this=0x555557a57470, event=...)
    at ./src/plugins/codecompletion/classbrowser.cpp:602

[Christo]

I've seen similar crashes in clangd_plugin, it is because pointers to Token objects are stored in class browser. These objects are free'd by parser on updates, but pointer to these free'd objects are still stored by class browser. Accessing free'd memory on clicking a symbol is causing the crash. I've not checked the code of codecompletion plugin, but this might be the cause of this crash in codecompletion plugin as well.