<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi <br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Dec 29, 2019 at 10:03 AM Eliot Miranda <<a href="mailto:eliot.miranda@gmail.com">eliot.miranda@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Nicolas,<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Dec 28, 2019 at 2:24 PM Nicolas Cellier <<a href="mailto:nicolas.cellier.aka.nice@gmail.com" target="_blank">nicolas.cellier.aka.nice@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> <div dir="ltr"><div>I forgot to say that I had an assert failure report:</div><div><br></div><div>leftEdge && rightEdge 1398</div><div><br></div><div>Looking around line 1398: <br></div><div><br></div><div> /*-- search for the next top edge which will be the right edge --*/<br> assert(aetStart < aetSize);<br> if(!fillList->firstFace)<br> rightEdge = aetData[aetStart++]; /* If no current top fill just use the next edge */<br> else while(aetStart < aetSize) { /* Search for the next top edge in the AET */<br> rightEdge = aetData[aetStart];<br> /* If we have an intersection use the intersection edge */<br> if(nextIntersection->xValue <= rightEdge->xValue) {<br> rightEdge = nextIntersection;<br> break;<br> }<br> aetStart++;<br> /* Check if this edge is on top */<br> assert(fillList->firstFace);<br> {<br> double xValue = rightEdge->xValue * B3D_FixedToFloat;<br> B3DPrimitiveFace *topFace = fillList->firstFace;<br> if( rightEdge->leftFace == topFace ||<br> rightEdge->rightFace == topFace ||<br> rightEdge->zValue < zValueAt(topFace, xValue, yValue))<br> break; /* rightEdge is on top */<br> }<br> /* If the edge is not on top toggle its (back) fills */<br> b3dToggleBackFills(fillList, rightEdge, yValue, nextIntersection);<br> rightEdge = NULL;<br> }<br> /*-- end of search for next top edge --*/<br></div></div></blockquote><div><br></div><div>So these lines (1390 to 1392 immediately above)</div><div><br></div><div><div> /* If the edge is not on top toggle its (back) fills */</div><div> b3dToggleBackFills(fillList, rightEdge, yValue, nextIntersection);</div><div> rightEdge = NULL;</div></div><div><br></div><div>are the key lines. What is the meaning of "If the edge is not on top toggle its (back) fills", and what is the continuation? Clearly the continuation should not be to continue after the if because that continues into the code that indirects through the null pointer at line 1407:</div><div><br> if(fillList->firstFace) {<br></div><div><div> /* Note: We fill *including* leftX and rightX */</div><div> int leftX = (leftEdge->xValue >> B3D_FixedToIntShift) + 1;</div><div>>> int rightX = (rightEdge->xValue >> B3D_FixedToIntShift);</div><div> B3DPrimitiveFace *topFace = fillList->firstFace;</div></div><div><br></div><div>So, 3D graphics experts, what is going on here, and how should the algorithm continue when "the edge is not on top toggle its (back) fills"?</div><div><br></div></div></div></div></div></div></div></blockquote><div><br></div><div><br></div><div>Changing my hacked in assert sequence to the following fixes the crash but I think causes the system to lock up (Stéphane using your WondwerlandPark game. The old code crashes after 100 seconds of rotating the startup screen; this new code runs for about 5 minutes and then the VM appears to lock up)</div><div><br></div><div>#if 1</div><div> if (!rightEdge) {</div><div> b3dCleanupFill(fillList);</div><div> break;</div><div> }</div><div>#elif 1 /* This assert fails in rare cases; the fix is not understood. eem */</div><div> assert(leftEdge && rightEdge);</div><div>#else</div><div> if(!leftEdge || !rightEdge)</div><div> FAIL_UPDATING(B3D_NO_MORE_EDGES); // another segfault</div><div> //FAIL_PAINTING(B3D_NO_MORE_EDGES); // blow up in allocating edges</div><div>#endif</div><div><br></div><div><br></div><div>as it does if the continuation is simply</div><div> </div><div><div style="color:rgb(0,0,0)"> if (!rightEdge)</div><div style="color:rgb(0,0,0)"> break;</div></div><div style="color:rgb(0,0,0)"><br></div><div style="color:rgb(0,0,0)">So close, but no cigar...</div><div style="color:rgb(0,0,0)"><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_quote"><div></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div> /*-- Now do the drawing from leftEdge to rightEdge --*/<br>#if 1 /* This assert fails in rare cases; the fix is not understood. eem */<br> assert(leftEdge && rightEdge);<br>#else<br> if(!leftEdge || !rightEdge)<br> FAIL_UPDATING(B3D_NO_MORE_EDGES); // another segfault<br> //FAIL_PAINTING(B3D_NO_MORE_EDGES); // blow up in allocating edges<br>#endif<br> if(fillList->firstFace) {<br> /* Note: We fill *including* leftX and rightX */<br> int leftX = (leftEdge->xValue >> B3D_FixedToIntShift) + 1;<br> int rightX = (rightEdge->xValue >> B3D_FixedToIntShift);</div><div><br></div><div>So I'm pretty sure that we went thru:</div><div><br></div><div> /* If the edge is not on top toggle its (back) fills */<br> b3dToggleBackFills(fillList, rightEdge, yValue, nextIntersection);<br> rightEdge = NULL;</div><div><br></div><div>if intention of #if 1... assert(...) was probably to debug the case of failure...</div><div>But it was left in the release. Maybe it would be safer to replace with #ifdef DEBUG or something like that?</div><div>Eliot?<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le sam. 28 déc. 2019 à 23:04, Nicolas Cellier <<a href="mailto:nicolas.cellier.aka.nice@gmail.com" target="_blank">nicolas.cellier.aka.nice@gmail.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Running SqueakDebug.app in lldb, I get:</div><div><br></div><div>Process 61332 stopped<br>* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18)<br> frame #0: 0x09f17c07 Squeak3D`b3dMainLoop(state=0x09f1928c, stopReason=0) at b3dMain.c:1407:32<br> 1404 if(fillList->firstFace) {<br> 1405 /* Note: We fill *including* leftX and rightX */<br> 1406 int leftX = (leftEdge->xValue >> B3D_FixedToIntShift) + 1;<br>-> 1407 int rightX = (rightEdge->xValue >> B3D_FixedToIntShift);<br> 1408 B3DPrimitiveFace *topFace = fillList->firstFace;<br> 1409 <br> 1410 if(leftX < 0) leftX = 0;<br>Target 0: (Squeak) stopped.<br>(lldb) print rightEdge<br>(B3DPrimitiveEdge *) $0 = 0x00000000<br>(lldb) print leftEdge<br>(B3DPrimitiveEdge *) $1 = 0x0617a49c<br>(lldb) bt<br>* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18)<br> * frame #0: 0x09f17c07 Squeak3D`b3dMainLoop(state=0x09f1928c, stopReason=0) at b3dMain.c:1407:32<br> frame #1: 0x09f0cb23 Squeak3D`b3dStartRasterizer at Squeak3D.c:1704:12<br> frame #2: 0x05d01398<br> frame #3: 0x00002f52 Squeak`interpret at gcc3x-cointerp.c:2749:3</div><div><br></div><div>So why rightEdge is a null pointer?</div><div>If you already examined the code, you may have an idea...<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le sam. 28 déc. 2019 à 22:55, Nicolas Cellier <<a href="mailto:nicolas.cellier.aka.nice@gmail.com" target="_blank">nicolas.cellier.aka.nice@gmail.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi Stephane,</div><div>I confirm that I can reproduce the crash with an up-to-date VM (on OSX).<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le sam. 28 déc. 2019 à 19:20, Stéphane Rollandin <<a href="mailto:lecteur@zogotounga.net" target="_blank">lecteur@zogotounga.net</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> <br>
Hello all,<br>
<br>
For my first post on this list, I would like to submit the bug that <br>
prevents one of my game (this one: <br>
<a href="http://www.zogotounga.net/comp/guardians.htm" rel="noreferrer" target="_blank">http://www.zogotounga.net/comp/guardians.htm</a>) to work reliably.<br>
<br>
I spent quite some time on this, and I ended up with a nice and concise <br>
way to crash the Squeak3D plugin. The image is available at:<br>
<br>
<a href="http://www.zogotounga.net/swap/crashlab3.zip" rel="noreferrer" target="_blank">http://www.zogotounga.net/swap/crashlab3.zip</a><br>
<br>
Instructions to crash the VM are detailed therein.<br>
<br>
The 3D scene is very simple, there are only three objects. The crash<br>
seems related to a race condition, because inserting a simple delay in<br>
the code prevents it - this is detailed in the image itself.<br>
<br>
I have spent days studying the Smalltalk code, and could not see<br>
anything wrong with what is sent to the plugin. It looks to my<br>
uninformed eyes as a problem of shared memory, where one rasterizing<br>
operation messes up with another happening in parallel (although no<br>
processed is being forked on the Smalltalk side).<br>
<br>
<br>
Stef<br>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><span style="font-size:small;border-collapse:separate"><div>_,,,^..^,,,_<br></div><div>best, Eliot</div></span></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><span style="font-size:small;border-collapse:separate"><div>_,,,^..^,,,_<br></div><div>best, Eliot</div></span></div></div></div></div></div></div>