Segmentation fault when fmi2GetReal gets called after fmi2Terminate

[tknodt@…]

This happened on a host which soemtimes calls e.g. fmi2GetReal after fmi2Terminate.

Stacktrace:

#0  0x6abcfaa8 in getReal (comp=0x3571658, vr=0) at CANoe_FMU.c:1138
#1  0x6abc3859 in fmi2GetReal (c=0x3571658, vr=0x1061fe68, nvr=1, value=0x1061feb8) at include/fmi2/fmu2_model_interface.c:715
#2  0x704f4807 in __pyx_f_5pyfmi_3fmi_13FMUModelBase2_get_real () from C:\JModelica.org-2.2\install\Python\pyfmi\fmi.pyd
#3  0x704f5d94 in __pyx_pw_5pyfmi_3fmi_13FMUModelBase2_3get_real () from C:\JModelica.org-2.2\install\Python\pyfmi\fmi.pyd
#4  0x501c1310 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#5  0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#6  0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#7  0x501c2687 in python27!_PyEval_SliceIndex () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#8  0x501be223 in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#9  0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#10 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#11 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#12 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#13 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#14 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#15 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#16 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#17 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#18 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#19 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#20 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#21 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#22 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#23 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#24 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#25 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#26 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#27 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#28 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#29 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#30 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#31 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#32 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#33 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#34 0x50165021 in python27!PyFunction_SetClosure () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#35 0x5013e16c in python27!PyObject_Call () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#36 0x501c1bc6 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#37 0x501bf26b in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#38 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#39 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#40 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#41 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#42 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#43 0x501c2687 in python27!_PyEval_SliceIndex () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#44 0x501be223 in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#45 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#46 0x501c15a3 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#47 0x501c1452 in python27!PyEval_GetFuncDesc () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#48 0x501bf1bf in python27!PyEval_EvalFrameEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#49 0x501c02bc in python27!PyEval_EvalCodeEx () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#50 0x50165021 in python27!PyFunction_SetClosure () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#51 0x5013e16c in python27!PyObject_Call () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#52 0x500f1a3e in python27!PyObject_GC_Del () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#53 0x500f2464 in python27!Py_Main () from C:\JModelica.org-2.2\Python27\Python_32\python27.dll
#54 0x1cc01180 in ?? ()
#55 0x7662343d in KERNEL32!BaseThreadInitThunk () from C:\Windows\syswow64\kernel32.dll
#56 0x77339832 in ntdll!RtlInitializeExceptionChain () from C:\Windows\SysWOW64\ntdll.dll
#57 0x77339805 in ntdll!RtlInitializeExceptionChain () from C:\Windows\SysWOW64\ntdll.dll

Disassemble:

Dump of assembler code for function getReal:
   0x6abcfa80 <+0>:     push   %ebp
   0x6abcfa81 <+1>:     mov    %esp,%ebp
   0x6abcfa83 <+3>:     and    $0xfffffff0,%esp
   0x6abcfa86 <+6>:     sub    $0x30,%esp
   0x6abcfa89 <+9>:     cmpl   $0xc0,0xc(%ebp)
   0x6abcfa90 <+16>:    ja     0x6abcfab1 <getReal+49>
   0x6abcfa92 <+18>:    mov    0x8(%ebp),%eax
   0x6abcfa95 <+21>:    mov    0x68(%eax),%eax
   0x6abcfa98 <+24>:    mov    0x4(%eax),%eax
   0x6abcfa9b <+27>:    mov    (%eax),%eax
   0x6abcfa9d <+29>:    mov    0x8(%eax),%eax
   0x6abcfaa0 <+32>:    mov    0xc(%ebp),%edx
   0x6abcfaa3 <+35>:    shl    $0x3,%edx
   0x6abcfaa6 <+38>:    add    %edx,%eax
=> 0x6abcfaa8 <+40>:    movsd  (%eax),%xmm0
   0x6abcfaac <+44>:    jmp    0x6abcfb54 <getReal+212>
   0x6abcfab1 <+49>:    cmpl   $0x1d3,0xc(%ebp)
   0x6abcfab8 <+56>:    ja     0x6abcfadd <getReal+93>
   0x6abcfaba <+58>:    mov    0x8(%ebp),%eax
   0x6abcfabd <+61>:    mov    0x68(%eax),%eax
   0x6abcfac0 <+64>:    mov    0xc(%eax),%eax
   0x6abcfac3 <+67>:    mov    0xe8(%eax),%eax
   0x6abcfac9 <+73>:    mov    0xc(%ebp),%edx
   0x6abcfacc <+76>:    add    $0x1fffff3f,%edx
   0x6abcfad2 <+82>:    shl    $0x3,%edx
   0x6abcfad5 <+85>:    add    %edx,%eax
   0x6abcfad7 <+87>:    movsd  (%eax),%xmm0
   0x6abcfadb <+91>:    jmp    0x6abcfb54 <getReal+212>
   0x6abcfadd <+93>:    cmpl   $0x270,0xc(%ebp)
   0x6abcfae4 <+100>:   ja     0x6abcfb4c <getReal+204>
   0x6abcfae6 <+102>:   mov    0xc(%ebp),%eax
   0x6abcfae9 <+105>:   sub    $0x1d4,%eax
   0x6abcfaee <+110>:   mov    0x6af0fe40(,%eax,4),%eax
   0x6abcfaf5 <+117>:   mov    %eax,0x2c(%esp)
   0x6abcfaf9 <+121>:   cmpl   $0x0,0x2c(%esp)
   0x6abcfafe <+126>:   js     0x6abcfb1f <getReal+159>
   0x6abcfb00 <+128>:   mov    0x2c(%esp),%eax
   0x6abcfb04 <+132>:   mov    %eax,0x4(%esp)
   0x6abcfb08 <+136>:   mov    0x8(%ebp),%eax
   0x6abcfb0b <+139>:   mov    %eax,(%esp)
   0x6abcfb0e <+142>:   call   0x6abcfa80 <getReal>
   0x6abcfb13 <+147>:   fstpl  0x18(%esp)
   0x6abcfb17 <+151>:   movsd  0x18(%esp),%xmm0
   0x6abcfb1d <+157>:   jmp    0x6abcfb54 <getReal+212>
   0x6abcfb1f <+159>:   mov    0x2c(%esp),%eax
   0x6abcfb23 <+163>:   not    %eax
   0x6abcfb25 <+165>:   mov    %eax,0x4(%esp)
   0x6abcfb29 <+169>:   mov    0x8(%ebp),%eax
   0x6abcfb2c <+172>:   mov    %eax,(%esp)
   0x6abcfb2f <+175>:   call   0x6abcfa80 <getReal>
   0x6abcfb34 <+180>:   fstpl  0x18(%esp)
   0x6abcfb38 <+184>:   movsd  0x18(%esp),%xmm1
   0x6abcfb3e <+190>:   movsd  0x6af10750,%xmm0
   0x6abcfb46 <+198>:   xorpd  %xmm1,%xmm0
   0x6abcfb4a <+202>:   jmp    0x6abcfb54 <getReal+212>
   0x6abcfb4c <+204>:   movsd  0x6af10760,%xmm0
   0x6abcfb54 <+212>:   movsd  %xmm0,0x18(%esp)
   0x6abcfb5a <+218>:   fldl   0x18(%esp)
   0x6abcfb5e <+222>:   leave
   0x6abcfb5f <+223>:   ret

[Adrian Pop]

The spec says that you should be able to do that, so it seems like a bug:

fmi2Status fmi2Terminate(fmi2Component c);
Informs the FMU that the simulation run is terminated. After calling this function, the final
values of all variables can be inquired with the fmi2GetXXX(..) functions. It is not allowed
to call this function after one of the functions returned with a status flag of fmi2Error or
fmi2Fatal.

[tknodt@…]

Just saw that in ticket #5130 the same is already proposed by you. I will try.

[tknodt@…]

Replying to adrpo:

The spec says that you should be able to do that, so it seems like a bug:

fmi2Status fmi2Terminate(fmi2Component c);
Informs the FMU that the simulation run is terminated. After calling this function, the final
values of all variables can be inquired with the fmi2GetXXX(..) functions. It is not allowed
to call this function after one of the functions returned with a status flag of fmi2Error or
fmi2Fatal.

Moving the code solves the problem, thanks.

[Adrian Pop]

Nice, I will do the modification myself as well and commit it.

[Adrian Pop]

Fixed with PR: ​https://github.com/OpenModelica/OMCompiler/pull/2670