A new IOS hard crash

36 views
Skip to first unread message

Dave Dyer

unread,
Nov 11, 2016, 5:42:31 PM11/11/16
to CodenameOne Discussions

A new IOS hard crash has appeared.   I reproduced this by building from the sources on my mac.  It's going to be really
hard to extract a small test case without some clue what features of the java sources are triggering the problem.  Note
that this is not recently changed code, and previous builds worked fine.

Here's the .m code that is crashing.  The crash is at the "check_array_acccess" near the bottom, the error
in the IOS simulator is EXC_BAD_ACCESS code-1 address = 0x36.  

My working hypothesis would be that some recently tweaked optimization
has resulted in a mismanaged stack.

JAVA_VOID online_game_gBoard_SetBoardCell___char_int_online_game_cell(CODENAME_ONE_THREAD_STATE, JAVA_OBJECT  __cn1ThisObject, JAVA_CHAR __cn1Arg1, JAVA_INT __cn1Arg2, JAVA_OBJECT __cn1Arg3) {
    JAVA_INT ilocals_5_; /* v5 */
    JAVA_INT ilocals_4_; /* v4 */
    JAVA_INT ilocals_7_; /* v7 */
    JAVA_INT ilocals_6_; /* v6 */
    DEFINE_INSTANCE_METHOD_STACK(6, 8, 0, 11210, 11226);
    locals[0].data.o = __cn1ThisObject; locals[0].type = CN1_TYPE_OBJECT;     JAVA_INT ilocals_1_ = __cn1Arg1;
    JAVA_INT ilocals_2_ = __cn1Arg2;
    locals[3].data.o = __cn1Arg3;
    locals[3].type = CN1_TYPE_OBJECT;
    BC_ALOAD(0);
    /* CustomInvoke */{ JAVA_INT tmpResult = virtual_online_game_gBoard_BCtoYindex___char_int_R_int(threadStateData, SP[-1].data.o, ilocals_1_, ilocals_2_);
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    BC_ISTORE(4);
    BC_ALOAD(0);
    /* CustomInvoke */{ JAVA_INT tmpResult = virtual_online_game_gBoard_BCtoXindex___char_int_R_int(threadStateData, SP[-1].data.o, ilocals_1_, ilocals_2_);
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    BC_ISTORE(5);
    BC_ALOAD(0);
    /* CustomInvoke */{ JAVA_INT tmpResult = virtual_online_game_gBoard_XindexToBC___int_int_R_char(threadStateData, SP[-1].data.o, ilocals_5_, ilocals_4_);
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    BC_ISTORE(6);
    BC_ALOAD(0);
    /* CustomInvoke */{ JAVA_INT tmpResult = virtual_online_game_gBoard_YindexToBC___int_int_R_int(threadStateData, SP[-1].data.o, ilocals_5_, ilocals_4_);
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    BC_ISTORE(7);
    if (    ilocals_6_!=    ilocals_1_) /* IF_ICMPNE CustomJump */ goto label_L1749010499;
    if (    ilocals_7_!=    ilocals_2_) /* IF_ICMPNE CustomJump */ goto label_L1749010499;
    PUSH_INT(1); /* ICONST_1 */
    goto label_L863296557;

label_L1749010499:
    PUSH_INT(0); /* ICONST_0 */

label_L863296557:
    /* LDC: '%s,%s encodes correctly'*/
    PUSH_POINTER(STRING_FROM_CONSTANT_POOL_OFFSET(11227));
    PUSH_INT(2); /* ICONST_2 */
    SP--;
    PUSH_POINTER(__NEW_ARRAY_java_lang_Object(threadStateData, SP[0].data.i));
    BC_DUP(); /* DUP */
    PUSH_INT(0); /* ICONST_0 */
    /* CustomInvoke */PUSH_OBJ(java_lang_Character_valueOf___char_R_java_lang_Character(threadStateData, ilocals_1_));
    CHECK_ARRAY_ACCESS(3, SP[-2].data.i); { /* BC_AASTORE */
    JAVA_OBJECT aastoreTmp = SP[-3].data.o;
    ((JAVA_ARRAY_OBJECT*) (*(JAVA_ARRAY)aastoreTmp).data)[SP[-2].data.i] = SP[-1].data.o;
    SP -= 3; }
    BC_DUP(); /* DUP */
    PUSH_INT(1); /* ICONST_1 */
    /* CustomInvoke */PUSH_OBJ(java_lang_Integer_valueOf___int_R_java_lang_Integer(threadStateData, ilocals_2_));
    CHECK_ARRAY_ACCESS(3, SP[-2].data.i); { /* BC_AASTORE */
    JAVA_OBJECT aastoreTmp = SP[-3].data.o;
    ((JAVA_ARRAY_OBJECT*) (*(JAVA_ARRAY)aastoreTmp).data)[SP[-2].data.i] = SP[-1].data.o;
    SP -= 3; }
    { JAVA_INT tmpResult = lib_G_Assert___boolean_java_lang_String_java_lang_Object_1ARRAY_R_boolean(threadStateData, SP[-3].data.i, SP[-2].data.o, SP[-1].data.o);
    SP-=2;
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    SP--; /* POP */
    PUSH_POINTER(get_field_online_game_gBoard_board(__cn1ThisObject));
    (*SP).type = CN1_TYPE_INT; /* ILOAD */
    (*SP).data.i = ilocals_5_;
    SP++;
    CHECK_ARRAY_ACCESS(2, SP[-1].data.i); /* AALOAD */
    SP--; SP[-1].type = CN1_TYPE_INVALID;
    SP[-1].data.o = ((JAVA_ARRAY_OBJECT*) (*(JAVA_ARRAY)SP[-1].data.o).data)[(*SP).data.i];
    SP[-1].type = CN1_TYPE_OBJECT;
    (*SP).type = CN1_TYPE_INT; /* ILOAD */
    (*SP).data.i = ilocals_4_;
    SP++;
    BC_ALOAD(3);
    CHECK_ARRAY_ACCESS(3, SP[-2].data.i); { /* BC_AASTORE */
    JAVA_OBJECT aastoreTmp = SP[-3].data.o;
    ((JAVA_ARRAY_OBJECT*) (*(JAVA_ARRAY)aastoreTmp).data)[SP[-2].data.i] = SP[-1].data.o;
    SP -= 3; }
    releaseForReturn(threadStateData, cn1LocalsBeginInThread);
    return;
}


 

Dave Dyer

unread,
Nov 11, 2016, 5:44:47 PM11/11/16
to CodenameOne Discussions
Here is the actual java code corresponding to the culprit function.


    // this is used only during board construction, when we populate
    // the board array with cells, or subtypes of cells.
    void SetBoardCell(char col,int row,CELLTYPE con)
    {    int y = BCtoYindex(col,row);
        int x = BCtoXindex(col,row);
        char nc = XindexToBC(x,y);
        int nr = YindexToBC(x,y);
        // a little consistency check
        //System.out.println("C "+nc + col);
        G.Assert(((nc==col) && (nr==row)),"%s,%s encodes correctly",col,row);
        board[x][y]=con;
    }

The crash corresponds to the internal bounds check on the board[x][y] = con line. 

Message has been deleted

Dave Dyer

unread,
Nov 11, 2016, 6:08:24 PM11/11/16
to CodenameOne Discussions
For reference, here is the previously generated .m code, which worked.



JAVA_VOID online_game_gBoard_SetBoardCell___char_int_online_game_cell(CODENAME_ONE_THREAD_STATE, JAVA_OBJECT  __cn1ThisObject, JAVA_CHAR __cn1Arg1, JAVA_INT __cn1Arg2, JAVA_OBJECT __cn1Arg3) {
    JAVA_INT ilocals_5_; /* v5 */
    JAVA_INT ilocals_4_; /* v4 */
    JAVA_INT ilocals_7_; /* v7 */
    JAVA_INT ilocals_6_; /* v6 */
    DEFINE_INSTANCE_METHOD_STACK(6, 8, 0, 10363, 10379);

    locals[0].data.o = __cn1ThisObject; locals[0].type = CN1_TYPE_OBJECT;     JAVA_INT ilocals_1_ = __cn1Arg1;
    JAVA_INT ilocals_2_ = __cn1Arg2;
    locals[3].data.o = __cn1Arg3;
    locals[3].type = CN1_TYPE_OBJECT;
    BC_ALOAD(0);
    /* CustomInvoke */{ JAVA_INT tmpResult = virtual_online_game_gBoard_BCtoYindex___char_int_R_int(threadStateData, SP[-1].data.o, ilocals_1_, ilocals_2_);
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    BC_ISTORE(4);
    BC_ALOAD(0);
    /* CustomInvoke */{ JAVA_INT tmpResult = virtual_online_game_gBoard_BCtoXindex___char_int_R_int(threadStateData, SP[-1].data.o, ilocals_1_, ilocals_2_);
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    BC_ISTORE(5);
    BC_ALOAD(0);
    /* CustomInvoke */{ JAVA_INT tmpResult = virtual_online_game_gBoard_XindexToBC___int_int_R_char(threadStateData, SP[-1].data.o, ilocals_5_, ilocals_4_);
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    BC_ISTORE(6);
    BC_ALOAD(0);
    /* CustomInvoke */{ JAVA_INT tmpResult = virtual_online_game_gBoard_YindexToBC___int_int_R_int(threadStateData, SP[-1].data.o, ilocals_5_, ilocals_4_);
    SP[-1].data.i = tmpResult; SP[-1].type = CN1_TYPE_INT; }
    BC_ISTORE(7);
    if (    ilocals_6_!=    ilocals_1_) /* IF_ICMPNE CustomJump */ goto label_L666611395;
    if (    ilocals_7_!=    ilocals_2_) /* IF_ICMPNE CustomJump */ goto label_L666611395;
    PUSH_INT(1); /* ICONST_1 */
    goto label_L315529366;

label_L666611395:
    PUSH_INT(0); /* ICONST_0 */

label_L315529366:

    /* LDC: '%s,%s encodes correctly'*/
    PUSH_POINTER(STRING_FROM_CONSTANT_POOL_OFFSET(10380));

Dave Dyer

unread,
Nov 11, 2016, 7:45:46 PM11/11/16
to CodenameOne Discussions

To my inexpert eye, the new code is the same as the old code - and the problem is probably that the value
of "self" or of instance variable "board" is corrupt.   In any case, this kind of crash is definitely not in the manual;
the VM is demonstrably damaged.

Dave Dyer

unread,
Nov 11, 2016, 9:15:59 PM11/11/16
to CodenameOne Discussions

I got lucky, my first attempt to produce a small test case worked.
https://github.com/codenameone/CodenameOne/issues/1960


Shai Almog

unread,
Nov 12, 2016, 12:29:14 AM11/12/16
to CodenameOne Discussions

Dave Dyer

unread,
Nov 12, 2016, 3:14:44 AM11/12/16
to CodenameOne Discussions
Yup, that looks like the right place. Bummer that it was a fix to a purely theoretical problem that I reported.
Q/A is a bitch.

Dave Dyer

unread,
Nov 12, 2016, 3:16:45 AM11/12/16
to CodenameOne Discussions
Meantime, anyone who is using 2d arrays is shipping bombs.

Dave Dyer

unread,
Nov 12, 2016, 4:45:22 PM11/12/16
to CodenameOne Discussions

A policy question.  As of now, it's been 16 hours since you tacitly ackknowledged that IOS builds are seriously broken
by a recent update.  I know "stuff happens" but your build servers are still building, still producing the bad builds.

Shouldn't there be something in place to either turn off the build servers, or do an emergency rollback, or something?
It's just not appropriate to let your customers continue building timebombs and either wasting their own time or (worse)
distributing bad builds to their customers.

Shai Almog

unread,
Nov 12, 2016, 10:28:18 PM11/12/16
to CodenameOne Discussions
I didn't acknowledge anything, so far you are the only guy to report this.
Reply all
Reply to author
Forward
0 new messages