Further scav transport death crash investigation #3684
Comments
|
NoQ uploaded file The crash dump, one of the most interesting ones, that leads straight to the function mentioned above. |
|
NoQ uploaded file Another crash with similar properties. |
|
NoQ uploaded file Another crash with similar properties. |
|
vexed commented While this is a bug, the real problem is, there are no checks being done script side, or source side, and the game assumes everything is OK. If you look at how a human would normally do this, they would issue a DORDER_EMBARK order, then it does the checks there. The old script code just checked for capacity, and if on mission or not, and also safety checks to make sure it is a transport, and a non null droid. The new script code... don't do squat, and just assumes everything is fine. I would say, for a quick fix, do some script side checking... |
|
NoQ changed _comment1 which not transferred by tractive |
|
NoQ changed _comment0 which not transferred by tractive |
|
NoQ commented It sounds as if using js newGroup() during the game (rather than during the early initialisation) may lead to group id collisions. Transporter group id to js tank group id, in particular. In fact i had quite a few problems with group id collisions while working on NullBot, that disappeared only when i made sure groups are only allocated on startup-time; otherwise it sometimes lead to "trying to add a tank to group belonging to the other player" js exception, and i never managed to find a bug on the script side that may lead to such a trouble. But this particular Scav AI still allocates groups on run-time, and using it together with NullBot sometimes leads to group collision exceptions on both sides (sometimes in NullBot and sometimes in Scav AI, even though NullBot is free from it on its own). So probably something similar leads to newGroup() returning an id already belonging to a chopper, or vice versa, an id already taken by a chopper is already in use by one of the js groups. Note: this paradigm also avoids using the Cyp's Orange Fruit argument. |
|
NoQ changed _comment0 which not transferred by tractive |
|
NoQ commented grpCreate() call without arguments (defaulting to -1) actually does lead to creating duplicate group ids. |
|
NoQ commented The crash does not happen until there actually exists a group that was not found from js at grpFind() at some point (and thus re-created), but the group not found isn't usually equal to the transporter's group. |
|
NoQ changed _comment0 which not transferred by tractive |
|
NoQ commented The faulty transporter is being assigned to one of the groups already created by JS at eventStartLevel(). JS doesn't ever free or release this group (in fact it has no function to do that). |
|
NoQ commented I think i found it. When a last droid is deleted for a certain group, this group is removed - see void DROID_GROUP::remove(DROID *psDroid), at the end. But JS still remembers its id in its variable, even if it's empty. But the rest of the game doesn't know about it. So probably some group gets empty, then when transporter is produced the game says hey let's assign this group id to it, then JS says hey i've had a group somewhere with this id and i want to add my tank to it again, then we get this tank deleted when the transporter dies, then we crash. |
|
NoQ commented Is it ok if we just never delete groups? Or maybe add a flag into the group saying "don't delete me". |
|
NoQ changed type from |
|
NoQ changed _comment0 which not transferred by tractive |
|
NoQ commented I propose the following fix. It will make sure JS groups are never deleted, any other groups are unaffected. |
|
vexed commented Technically, no, it isn't ok to never delete groups, on shutdown. As for the patch.. erm... reference counting is supposed to be used to help track down issues, so this is a kludge of sorts. I'll let per fix it :) |
|
NoQ commented
|
|
NoQ commented Here is how groups are created in wzscript (scriptvals.cpp): The "psGroup->add(NULL);" call is completely equivalent to incrementing refCount. I don't see a reason not to do the same in js. |
|
Per changed status from |
|
Per changed resolution from `` to |
resolution_fixedtype_patch (an actual patch, not a request for one)| by NoQI've made some more digging into the crashes i have with my scav AI mod (where i make scavengers produce transporter-type droids), and here's what is showing up; i'm asking for help in investigating that, cause it may be appearing in the base game as well in some rare cases / who knows.
The game sometimes crashes after some of the scavenger transporter dies (probably on the next game tick or something like that), and never crashes on any other unit's death.
When a transporter droid dies, a some pointer to a droid object becomes invalid and makes the game crash in some random place of the code inside gameLoop (either in rendering or in updating game state).
I believe the bad pointer appears in src/droid.cpp in removeBaseDroid(), the part where it kills all droids inside the transporter. The transporter's psGroup somehow contains some scavenger tanks, which is impossible (it's not a supertransport and these tanks are not cyborgs but actually tanks), and their deletion leads to the crash.
I believe in that because when i change the debug statement inside this for(;;) loop to
then i have actually managed to obtain the following stderr (with --debug=death):
Something like that shows up every time the crash happens (and there are no other known crash cases with this mod until now). The "Tank" name can only belong to a scavenger tank, and the droidType is 0 ("DROID_WEAPON"). So it couldn't have appeared in this loop at all, but still it is deleted in this loop.
One extra thing i found suspicious is that when i use the cheat mode to switch to the scavenger player and try to see what droids are inside the transporter, i'm unable to do that: the list UI just doesn't show up when i right-click the transporter. But this isn't true for the regular transporters i give to the scav player with Ctrl+O.
Scavenger transporters are produced by the following call in scavfact.js:
Issue migrated from trac:3684 at 2022-04-16 10:35:25 -0700
The text was updated successfully, but these errors were encountered: