Opened 7 years ago

Last modified 7 years ago

#4523 closed defect

Alpha 21 Segfault replay — at Version 2

Reported by: elexis Owned by:
Priority: Must Have Milestone: Alpha 22
Component: UI & Simulation Keywords:
Cc: Patch:

Description (last modified by causative)

In this game hosted by pesem, many if not all clients have experienced a SEGFAULT. It was reported yesterday by causative, Boudica had it too and the replay was uploaded by Grugnas. Replaying the thing in non-visual replaymode reproduces the segfault!

Change History (4)

by elexis, 7 years ago

Attachment: 2017-04-09_0002.zip added

Thanks Grugnas for sharing the replay!

comment:1 by elexis, 7 years ago

Looks like an error that seems unlikely to be fixed soon: 

Thread 1 "pyrogenesis" received signal SIGSEGV, Segmentation fault.
0x00007ffff719f926 in js::jit::GetOptimizationLevel (pc=<optimized out>, script=...) at /.../a21/trunk/libraries/source/spidermonkey/mozjs-38.0.0/js/src/jit/Ion.cpp:2049
2049	    return js_IonOptimizations.levelForScript(script, pc);
(gdb) info stack
#0  0x00007ffff719f926 in js::jit::GetOptimizationLevel (pc=<optimized out>, script=...) at /media/.../trunk/libraries/source/spidermonkey/mozjs-38.0.0/js/src/jit/Ion.cpp:2049
#1  js::jit::Compile (cx=cx@entry=0xd04fc0, script=..., script@entry=..., osrFrame=osrFrame@entry=0x0, osrPc=osrPc@entry=0x0, constructing=false, forceRecompile=forceRecompile@entry=false)
    at /.../a21/trunk/libraries/source/spidermonkey/mozjs-38.0.0/js/src/jit/Ion.cpp:2080
#2  0x00007ffff71a0a11 in js::jit::CanEnter (cx=cx@entry=0xd04fc0, state=...) at /.../a21/trunk/libraries/source/spidermonkey/mozjs-38.0.0/js/src/jit/Ion.cpp:2244
#3  0x00007ffff6f92039 in js::RunScript (cx=cx@entry=0xd04fc0, state=...) at /.../a21/trunk/libraries/source/spidermonkey/mozjs-38.0.0/js/src/vm/Interpreter.cpp:424
#4  0x00007ffff6f9227c in js::Invoke (cx=cx@entry=0xd04fc0, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /.../a21/trunk/libraries/source/spidermonkey/mozjs-38.0.0/js/src/vm/Interpreter.cpp:517
#5  0x00007ffff72dd147 in js_fun_apply (cx=0xd04fc0, argc=<optimized out>, vp=0x7fffff7ffb78) at /.../a21/trunk/libraries/source/spidermonkey/mozjs-38.0.0/js/src/jsfun.cpp:1323

by causative, 7 years ago

Attachment: 2017-04-09_0002.tar.gz added

concise replay causing the segfault

comment:2 by causative, 7 years ago

Description: modified (diff)

I was able to reproduce this error in SVN. You can reliably cause the segfault by:

  • Select a citizen cavalry unit
  • Click to hunt an animal (camel, in this case), but don't actually kill it.
  • Garrison the cavalry
  • Use the script console to post a network message telling the garrisoned cavalry to resume work: Engine.PostNetworkCommand({"type":"back-to-work","entities":[21062]}).
  • It segfaults

The error can also be triggered without using the script console.

  • Select a citizen cavalry unit
  • Click to hunt an animal (camel, in this case), but don't actually kill it.
  • Click to stand right next to the building you will garrison into
  • Set the game speed to Turtle (0.1x) to make the next step easier
  • Ctrl-click to garrison into the building, and very quickly afterwards press y to resume work, so that both commands post to the same turn.
  • the game segfaults. It may take a few tries before this happens.

I have provided a replay of this in SVN.

However, note that this method is not quite the same thing nigel87 did. He garrisoned his cavalry (entity 21062) many turns before he ordered it to resume work. How did he issue the command for it to resume work, without the script console and without issuing very fast consecutive commands?

Note: See TracTickets for help on using tickets.