[osg-users] OpenSceneGraph-3.6.5 release candidate 2 tagged, please test

Tue Jan 28 15:13:47 PST 2020

On Tuesday, January 28, 2020 at 10:11:49 AM UTC+1, OpenSceneGraph Users 
> Hi Fabian,
>> My build is using static osg, static osg-plugins and link time 
>> optimization.
>> I created an address sanitizer enabled build.
>> It exhibits a heap-use-after-free.
>> I will try to further investigate this week.
>> =================================================================
>> ==11872==ERROR: AddressSanitizer: heap-use-after-free on address 
>> 0x6030000082c0 at pc 0x55b4b9659551 bp 0x7ffdf8a9c190 sp 0x7ffdf8a9c180
>> READ of size 8 at 0x6030000082c0 thread T0
>>     #0 0x55b4b9659550 in 
>> OpenThreads::ScopedPointerLock<OpenThreads::Mutex>::ScopedPointerLock(OpenThreads::Mutex*) 
>> ./openmw/extern-git/OpenSceneGraph/include/OpenThreads/ScopedLock:54
>>     #1 0x55b4b9659550 in 
>> osg::StateAttribute::removeParent(osg::StateSet*) 
>> ./openmw/extern-git/OpenSceneGraph/src/osg/StateAttribute.cpp:38
>>     #2 0x55b4b965a033 in osg::StateSet::clear() 
>> ./openmw/extern-git/OpenSceneGraph/src/osg/StateSet.cpp:734
> Given the stack trace it kinda looks like the getRefMutex() call in 
> StateAttribute.cpp is the where things might be going astray (note the 
> comment I've added below):
> void StateAttribute::removeParent(osg::StateSet* object)
> {
>     OpenThreads::ScopedPointerLock<OpenThreads::Mutex> 
> lock(getRefMutex()); // calls the base classes Referenced::getRefMutex() 
> method that will map to Referenced::getGlobalReferencedMutex
>     ParentList::iterator pitr = 
> std::find(_parents.begin(),_parents.end(),object);
>     if (pitr!=_parents.end()) _parents.erase(pitr);
> }
> The Referenced::getGlobalReferencedMutex() implementation in 
> Referenced.cpp is:
> OpenThreads::Mutex* Referenced::getGlobalReferencedMutex()
> {
>     static GlobalMutexPointer s_ReferencedGlobalMutext = new 
> OpenThreads::Mutex;
>     return s_ReferencedGlobalMutext.get();
> }
> // helper class for forcing the global mutex to be constructed when the 
> library is loaded.
> struct InitGlobalMutexes
> {
>     InitGlobalMutexes()
>     {
>         Referenced::getGlobalReferencedMutex();
>     }
> };
> static InitGlobalMutexes s_initGlobalMutexes;
> Which is all a bit hacky way of trying to get a singleton's 
> _ReferencedGlobalMutext to construct before any other code calling 
> getGlobalReferencedMutex() gets called.
> I don't really know why a pointer is even being used here, it's not how 
> I'd write the code these days, but off the top of my head don't recall the 
> derivation and motivations between all this code as it dates back to the 
> earliest days of the OSG project, so almost two decades :-)
> What I'd write today would simply be:
> static OpenThreads::Mutex s_ReferencedGlobalMutex;
> OpenThreads::Mutex* Referenced::getGlobalReferencedMutex()
> {
>     return &s_ReferencedGlobalMutex;
> }
> You could try substituting this in.  I will try a build here just to make 
> sure the above works fine for standard OSG work.  I don't expect this 
> change to have any affect on your own code, if it does it suggest there is 
> some issue with order of clean up of statics.
> Robert.

Hi Robert,
Using your suggested changes i get a crash on start.
I forgot to mention i also link OpenThreads statically.
I am starting to suspect the static linking and optimization surfaces 
undefined behavior.


==19668==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 
(pc 0x5597ebadb5ac bp 0x60c000000b80 sp 0x7ffce8efbba0 T0)
==19668==The signal is caused by a READ memory access.
==19668==Hint: address points to the zero page.
    #0 0x5597ebadb5ab in 
    #1 0x5597ebadb5ab in addParent 
    #2 0x5597ebadbc84 in setAttribute 
    #3 0x5597ebadc737 in 
osg::StateSet::setAttributeAndModes(osg::StateAttribute*, unsigned int) 
[clone .part.309] 
    #4 0x5597ebcb7241 in __base_ctor  
    #5 0x5597ebcb7a37 in __base_ctor  
    #6 0x5597ebcb7a37 in renderBinPrototypeList 
    #7 0x5597eab5bacb in RenderBinSingletonProxy::RenderBinSingletonProxy() 
    #8 0x5597eab5bacb in __static_initialization_and_destruction_0 
    #9 0x5597eab5bacb in 
    #10 0x5597eabb1163 in global constructors keyed to 
65535_0_objects.cpp.o.6481610 (./openmw-build/openmw+0x3b5163)
    #11 0x5597ec775bcc in __libc_csu_init (./openmw-build/openmw+0x1f79bcc)
    #12 0x7f213df67b27 in __libc_start_main 
    #13 0x5597eabe6039 in _start (./openmw-build/openmw+0x3ea039)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV 
./openmw/extern-git/OpenSceneGraph/include/OpenThreads/ScopedLock:54 in 

