c++assemblycrashmemory-corruption

Strange crash on ARM and Intel

Haters gonna hate, but I can not provide source code for this problem, since I can not separate the issue, but I will try to provide as much information as I can.

So my problem is, that a my application crashes in well defined circumstances, at a well defined point in a C++ library that I use (OpenCASCADE).

  1. The crash only occurs, when I run the code from a new thread
  2. There is no shared data between the threads

  3. The crash occurs in a method call, before the first instruction in the method runs. Here is a dissassambly:

    Shapr3D`GeomInt_ParFunctionOfMyGradientOfTheComputeLineBezierOfWLApprox::Perform(math_Vector const&) at AppParCurves_Function.gxx:262: 0x10b5701b0: pushq %rbp 0x10b5701b1: movq %rsp, %rbp 0x10b5701b4: subq $0x663e0, %rsp 0x10b5701bb: movq %rdi, -0x8(%rbp) 0x10b5701bf: movq %rsi, -0x10(%rbp) 0x10b5701c3: movq -0x8(%rbp), %rsi 0x10b5701c7: movq %rsi, %rdi 0x10b5701ca: addq $0xc0, %rdi 0x10b5701d1: movq -0x10(%rbp), %rax 0x10b5701d5: movq %rsi, -0x65ba0(%rbp) //Crashes here 0x10b5701dc: movq %rax, %rsi 0x10b5701df: callq 0x10c050d76 ; symbol stub for: math_Vector::operator=(math_Vector const&) 0x10b5701e4: movq -0x65ba0(%rbp), %rsi 0x10b5701eb: addq $0x8828, %rsi 0x10b5701f2: movq -0x65ba0(%rbp), %rdi 0x10b5701f9: addq $0xc0, %rdi 0x10b570200: movq %rdi, -0x65ba8(%rbp) 0x10b570207: movq %rsi, %rdi 0x10b57020a: movq -0x65ba8(%rbp), %rsi 0x10b570211: movq %rax, -0x65bb0(%rbp)

  4. It crashes with bad access: EXC_BAD_ACCESS (code=1, address=0x9f1606100)

  5. It does not matter whether the object that the method called on is dynamically or statically allocated
  6. I provided Intel disassempbly, but the crash occurs both on Mac OS and iOS, 32 and 64 bit
  7. Valgrind did not reveal any issues
  8. Also, here is a callstack (this is probably not very useful, unless you are familiar with OpenCASCADE)

0 0x000000010b5701d5 in GeomInt_ParFunctionOfMyGradientOfTheComputeLineBezierOfWLApprox::Perform(math_Vector const&) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/AppParCurves_Function.gxx:265 1 0x000000010b574dac in GeomInt_ParFunctionOfMyGradientOfTheComputeLineBezierOfWLApprox::Values(math_Vector const&, double&, math_Vector&) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/AppParCurves_Function.gxx:589 2 0x000000010b790286 in math_BFGS::Perform(math_MultipleVarFunctionWithGradient&, math_Vector const&) at /Users/icsanady/occt_git/occt/src/math/math_BFGS.cxx:187 3 0x000000010b56934c in GeomInt_Gradient_BFGSOfMyGradientOfTheComputeLineBezierOfWLApprox::GeomInt_Gradient_BFGSOfMyGradientOfTheComputeLineBezierOfWLApprox(math_MultipleVarFunctionWithGradient&, math_Vector const&, double, double, double, int) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/AppParCurves_Gradient_BFGS.gxx:31 4 0x000000010b5693c9 in GeomInt_Gradient_BFGSOfMyGradientOfTheComputeLineBezierOfWLApprox::GeomInt_Gradient_BFGSOfMyGradientOfTheComputeLineBezierOfWLApprox(math_MultipleVarFunctionWithGradient&, math_Vector const&, double, double, double, int) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/AppParCurves_Gradient_BFGS.gxx:32 5 0x000000010b56c80d in GeomInt_MyGradientOfTheComputeLineBezierOfWLApprox::GeomInt_MyGradientOfTheComputeLineBezierOfWLApprox(GeomInt_TheMultiLineOfWLApprox const&, int, int, Handle_AppParCurves_HArray1OfConstraintCouple const&, math_Vector&, int, double, double, int) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/AppParCurves_Gradient.gxx:186 6 0x000000010b56cd4a in GeomInt_MyGradientOfTheComputeLineBezierOfWLApprox::GeomInt_MyGradientOfTheComputeLineBezierOfWLApprox(GeomInt_TheMultiLineOfWLApprox const&, int, int, Handle_AppParCurves_HArray1OfConstraintCouple const&, math_Vector&, int, double, double, int) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/AppParCurves_Gradient.gxx:209 7 0x000000010b5a67c9 in GeomInt_TheComputeLineBezierOfWLApprox::Compute(GeomInt_TheMultiLineOfWLApprox const&, int, int, math_Vector&, double&, double&) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/Approx_ComputeLine.gxx:920 8 0x000000010b5a5704 in GeomInt_TheComputeLineBezierOfWLApprox::Perform(GeomInt_TheMultiLineOfWLApprox const&) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/Approx_ComputeLine.gxx:779 9 0x000000010b5c4f79 in GeomInt_WLApprox::Perform(IntSurf_Quadric const&, Handle_Adaptor3d_HSurface const&, Handle_IntPatch_WLine const&, unsigned int, unsigned int, unsigned int, int, int) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/ApproxInt_Approx.gxx:1058 10 0x000000010b5c359f in GeomInt_WLApprox::Perform(Handle_Adaptor3d_HSurface const&, Handle_Adaptor3d_HSurface const&, Handle_IntPatch_WLine const&, unsigned int, unsigned int, unsigned int, int, int) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/ApproxInt_Approx.gxx:637 11 0x000000010bd61455 in IntTools_FaceFace::MakeCurve(int, Handle_Adaptor3d_TopolTool const&, Handle_Adaptor3d_TopolTool const&) at /Users/icsanady/occt_git/occt/src/IntTools/IntTools_FaceFace.cxx:1839 12 0x000000010bd58cae in IntTools_FaceFace::Perform(TopoDS_Face const&, TopoDS_Face const&) at /Users/icsanady/occt_git/occt/src/IntTools/IntTools_FaceFace.cxx:749 13 0x000000010bccb172 in BOPAlgo_FaceFace::Perform() at /Users/icsanady/occt_git/occt/src/BOPAlgo/BOPAlgo_PaveFiller_6.cxx:156 14 0x000000010bccab56 in BOPCol_Functor >::operator()(int) const at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/BOPCol_Parallel.hxx:45 15 0x000000010bcca8f2 in void OSD_Parallel::For > >(int, int, BOPCol_Functor > const&, unsigned int) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/OSD_Parallel.hxx:262 16 0x000000010bcc4d2b in BOPCol_Cnt >, BOPCol_NCVector >::Perform(unsigned int, BOPCol_NCVector&) at /Users/icsanady/occt_git/occt/adm/mac/xcd/../../../inc/BOPCol_Parallel.hxx:68 17 0x000000010bcb9cef in BOPAlgo_PaveFiller::PerformFF() at /Users/icsanady/occt_git/occt/src/BOPAlgo/BOPAlgo_PaveFiller_6.cxx:270 18 0x000000010bca41c3 in BOPAlgo_PaveFiller::PerformInternal() at /Users/icsanady/occt_git/occt/src/BOPAlgo/BOPAlgo_PaveFiller.cxx:303 19 0x000000010bca3d6d in BOPAlgo_PaveFiller::Perform() at /Users/icsanady/occt_git/occt/src/BOPAlgo/BOPAlgo_PaveFiller.cxx:203

I know it is really hard to help without having the source, but currently this is the best I can provide, and I am really stuck. I hope someone at least can give me some hints. I will try to provide any information that is necessary.

Solution

  • The method makes a large allocation on the stack with:

    0x10b5701b4:  subq   $0x663e0, %rsp

    and your app crashed while storing to the stack with:

    0x10b5701d5:  movq   %rsi, -0x65ba0(%rbp)   //Crashes here

    (It's using RBP as the frame pointer)

    Thus I suspect a stack overflow. Try increasing the stack size for this thread. Note that 0x663e0 is 418784 bytes and that really is an unusually large amount of stack to be using.