Context Navigation

← Previous Ticket
Next Ticket →

#5130 closed defect (fixed)

Segmentation fault when fmi2Terminate gets called twice

Reported by:	tknodt@…	Owned by:	Lennart Ochel
Priority:	high	Milestone:	Future
Component:	FMI	Version:	v1.13.0-dev-nightly
Keywords:		Cc:

Description

I just saw that with a bad timing in the host I am using, fmi2Terminate seems to get called twice.
This is surely not correct, but also shows something not nice in the runtime.
I get a segmentation fault in listClear when trying the same with PyFMI:

Dump of assembler code for function listClear:
   0x6aef1df0 <+0>:     push   %edi
   0x6aef1df1 <+1>:     push   %esi
   0x6aef1df2 <+2>:     push   %ebx
   0x6aef1df3 <+3>:     sub    $0x10,%esp
   0x6aef1df6 <+6>:     mov    0x20(%esp),%edi
   0x6aef1dfa <+10>:    test   %edi,%edi
   0x6aef1dfc <+12>:    je     0x6aef1e33 <listClear+67>
   0x6aef1dfe <+14>:    mov    (%edi),%ebx
   0x6aef1e00 <+16>:    test   %ebx,%ebx
   0x6aef1e02 <+18>:    je     0x6aef1e1f <listClear+47>
=> 0x6aef1e04 <+20>:    mov    (%ebx),%eax
   0x6aef1e06 <+22>:    mov    0x4(%ebx),%esi
   0x6aef1e09 <+25>:    mov    %eax,(%esp)
   0x6aef1e0c <+28>:    call   0x6af086b0 <free>
   0x6aef1e11 <+33>:    mov    %ebx,(%esp)
   0x6aef1e14 <+36>:    mov    %esi,%ebx
   0x6aef1e16 <+38>:    call   0x6af086b0 <free>
   0x6aef1e1b <+43>:    test   %esi,%esi
   0x6aef1e1d <+45>:    jne    0x6aef1e04 <listClear+20>
   0x6aef1e1f <+47>:    movl   $0x0,0xc(%edi)
   0x6aef1e26 <+54>:    movl   $0x0,(%edi)
   0x6aef1e2c <+60>:    movl   $0x0,0x4(%edi)
   0x6aef1e33 <+67>:    add    $0x10,%esp
   0x6aef1e36 <+70>:    pop    %ebx
   0x6aef1e37 <+71>:    pop    %esi
   0x6aef1e38 <+72>:    pop    %edi
   0x6aef1e39 <+73>:    ret

Stacktrace:

#0  0x6aef1e04 in listClear () from c:\users\tknodt\appdata\local\temp\JModelica.org\jm_tmp0cvfav\binaries\win32\CANoe.dll
#1  0x6aef1e54 in freeList () from c:\users\tknodt\appdata\local\temp\JModelica.org\jm_tmp0cvfav\binaries\win32\CANoe.dll
#2  0x6aede4b0 in freeValueList () from c:\users\tknodt\appdata\local\temp\JModelica.org\jm_tmp0cvfav\binaries\win32\CANoe.dll
#3  0x6aedd285 in freeNonlinearSystems ()
   from c:\users\tknodt\appdata\local\temp\JModelica.org\jm_tmp0cvfav\binaries\win32\CANoe.dll
#4  0x6abc3512 in fmi2Terminate (c=0x33d1658) at include/fmi2/fmu2_model_interface.c:639
#5  0x70444d7b in __pyx_pw_5pyfmi_3fmi_13FMUModelBase2_29terminate () from C:\JModelica.org-2.2\install\Python\pyfmi\fmi.pyd
#6  0x501c124f in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#7  0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#8  0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#9  0x501c2687 in python27!_PyEval_SliceIndex () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#10 0x501be223 in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#11 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#12 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#13 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#14 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#15 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#16 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#17 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#18 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#19 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#20 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#21 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#22 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#23 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#24 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#25 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#26 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#27 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#28 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#29 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#30 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#31 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#32 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#33 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#34 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#35 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#36 0x50165021 in python27!PyFunction_SetClosure () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#37 0x5013e16c in python27!PyObject_Call () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#38 0x501c1bc6 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#39 0x501bf26b in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#40 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#41 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#42 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#43 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#44 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
---Type <return> to continue, or q <return> to quit---
#45 0x501c2687 in python27!_PyEval_SliceIndex () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#46 0x501be223 in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#47 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#48 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#49 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#50 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#51 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#52 0x50165021 in python27!PyFunction_SetClosure () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#53 0x5013e16c in python27!PyObject_Call () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#54 0x500f1a3e in python27!PyObject_GC_Del () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#55 0x500f2464 in python27!Py_Main () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#56 0x1cdd1180 in ?? ()
#57 0x7662343d in KERNEL32!BaseThreadInitThunk () from C:\Windows\syswow64\kernel32.dll
#58 0x77339832 in ntdll!RtlInitializeExceptionChain () from C:\Windows\SysWOW64\ntdll.dll
#59 0x77339805 in ntdll!RtlInitializeExceptionChain () from C:\Windows\SysWOW64\ntdll.dll
#60 0x00000000 in ?? ()

Change History (5)

comment:1 by Adrian Pop, 6 years ago

I guess we would need to set a flag on fmi2Terminate and check that if is called again.

comment:2 by Adrian Pop, 6 years ago

Component:	Run-time → FMI

comment:3 by Adrian Pop, 6 years ago

As far as I can tell from the code I think we should not free any memory on fmi2Terminate, just set the state to modelTerminated. We should only do memory freeing in fmi2FreeInstance.
I guess this will also fix bug: #5131. I'll try to fix this tomorrow.

comment:4 by Adrian Pop, 6 years ago

We should move lines 635 to 650 to 511.
https://github.com/OpenModelica/OMCompiler/blob/master/SimulationRuntime/fmi/export/fmi2/fmu2_model_interface.c#L635

You can try to do this for your OM installation and see how is going.
You can find the file here:
%OPENMODELICAHOME%\include\omc\c\fmi2\fmu2_model_interface.c

comment:5 by Adrian Pop, 6 years ago

Resolution:	→ fixed
Status:	new → closed

Fixed with PR: https://github.com/OpenModelica/OMCompiler/pull/2670

Note: See TracTickets for help on using tickets.

Download in other formats: