UBSan: several runtime errors at launch. #81340

New Issue

Ankit Meel · 2020-09-30T23:38:17+02:00

Ankit Meel commented

2020-09-30 23:38:17 +02:00

System Information
Operating system: Darwin-18.7.0-x86_64-i386-64bit 64 Bits
Graphics card: Intel(R) HD Graphics 6000 Intel Inc. 4.1 INTEL-12.10.12

Blender Version
Broken: version: 2.91.0 Alpha, branch: ubsan (modified), commit date: 2020-09-29 19:46, hash: c1cdde04e2
Worked: None. At least one file dates back to 0de103c1cd

Short description of error
A lot of warnings show up at launch with ASan (/UBSan) enabled. Sometimes, that even stops Blender from launching, even 6-7 times in a row if I have a bad day.
There are several more to come in tests, but these (and #81100) affect startup.

Warning	Context	Diff
intern/guardedalloc/intern/mallocn_guarded_impl.c:1001:7: runtime error: member access within null pointer of type 'MemHead' (aka 'struct MemHead')	`#define MEMNEXT(x) ((MemHead )(((char )x) - ((char )&(((MemHead )0)->next))))`	D9068
intern/guardedalloc/intern/mallocn_guarded_impl.c:998:39: runtime error: member access within null pointer of type 'MemHead' (aka 'struct MemHead')	ditto
intern/guardedalloc/intern/mallocn_guarded_impl.c:998:7: runtime error: member access within null pointer of type 'MemHead' (aka 'struct MemHead')	ditto
source/blender/makesdna/intern/dna_genfile.c:990:13: runtime error: applying non-zero offset 8 to null pointer	`olddata += len;`.	D9065
source/blender/blenloader/intern/readfile.c:983:17: runtime error: addition of unsigned offset to 0x61a0000b22d8 overflowed to 0x61a0000b22b8	`#define BHEADN_FROM_BHEAD(bh) ((BHeadN *)POINTER_OFFSET(bh, -offsetof(BHeadN, bhead)))`	D9063
source/blender/blenloader/intern/readfile.c:2191:13: runtime error: addition of unsigned offset to 0x61a0000b22d8 overflowed to 0x61a0000b22b8	ditto
source/blender/blenloader/intern/readfile.c:2177:13: runtime error: addition of unsigned offset to 0x62700005e958 overflowed to 0x62700005e938	ditto
source/blender/blenloader/intern/readfile.c:1025:23: runtime error: addition of unsigned offset to 0x60c0000aeed8 overflowed to 0x60c0000aeeb8	ditto
source/blender/blenloader/intern/readfile.c:1005:23: runtime error: addition of unsigned offset to 0x60c0000aeed8 overflowed to 0x60c0000aeeb8	ditto
source/blender/blenloader/intern/readfile.c:2211:17: runtime error: addition of unsigned offset to 0x629000064258 overflowed to 0x629000064238	ditto
source/blender/gpu/GPU_vertex_buffer.h:43:1: runtime error: load of value 4294967291, which is not a valid value for type 'GPUVertBufStatus'	`static_cast<_enum_type>(~static_cast<int>(a));` `~` operator creates values outside the enum's underlying type.	D9067
source/blender/gpu/GPU_batch.h:69:1: runtime error: load of value 4294967038, which is not a valid value for type 'eGPUBatchFlag'	ditto
source/blender/gpu/intern/gpu_texture_private.hh:60:1: runtime error: load of value 4294967279, which is not a valid value for type 'blender::gpu::eGPUTextureType'	ditto
source/blender/gpu/GPU_texture.h:65:1: runtime error: load of value 4294967293, which is not a valid value for type 'eGPUSamplerState'	ditto
source/blender/gpu/GPU_batch.h:69:1: runtime error: load of value 4294836223, which is not a valid value for type 'eGPUBatchFlag'	ditto
source/blender/depsgraph/intern/depsgraph_tag.cc:665:64: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'	`(IDRecalcFlag)(1 << bitscan_forward_clear_i(&current_flag));` with `current_flag` negative	D9064
source/blender/depsgraph/intern/depsgraph_tag.cc:367:7: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'	ditto
source/blender/depsgraph/intern/depsgraph_tag.cc:376:41: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'	ditto
source/blender/depsgraph/intern/depsgraph_tag.cc:161:7: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'	ditto
source/blender/depsgraph/intern/depsgraph_tag.cc:166:11: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'	ditto
source/blender/gpu/opengl/gl_vertex_array.cc:65:57: runtime error: applying non-zero offset 32 to null pointer	`const GLvoid pointer = (const GLubyte )0 + offset + v_first * stride;`	D9069

**System Information** Operating system: Darwin-18.7.0-x86_64-i386-64bit 64 Bits Graphics card: Intel(R) HD Graphics 6000 Intel Inc. 4.1 INTEL-12.10.12 **Blender Version** Broken: version: 2.91.0 Alpha, branch: ubsan (modified), commit date: 2020-09-29 19:46, hash: `c1cdde04e2` Worked: None. At least one file dates back to 0de103c1cd **Short description of error** A lot of warnings show up at launch with ASan (/UBSan) enabled. Sometimes, that even stops Blender from launching, even 6-7 times in a row if I have a bad day. There are several more to come in tests, but these (and #81100) affect startup. | |Warning |Context|Diff | |----|----------|-------|--------| ||intern/guardedalloc/intern/mallocn_guarded_impl.c:1001:7: runtime error: member access within null pointer of type 'MemHead' (aka 'struct MemHead')|`#define MEMNEXT(x) ((MemHead *)(((char *)x) - ((char *)&(((MemHead *)0)->next))))` | [D9068](https://archive.blender.org/developer/D9068) ||intern/guardedalloc/intern/mallocn_guarded_impl.c:998:39: runtime error: member access within null pointer of type 'MemHead' (aka 'struct MemHead')| ditto| ||intern/guardedalloc/intern/mallocn_guarded_impl.c:998:7: runtime error: member access within null pointer of type 'MemHead' (aka 'struct MemHead')| ditto| ||source/blender/makesdna/intern/dna_genfile.c:990:13: runtime error: applying non-zero offset 8 to null pointer|`olddata += len;`.| [D9065](https://archive.blender.org/developer/D9065) ||source/blender/blenloader/intern/readfile.c:983:17: runtime error: addition of unsigned offset to 0x61a0000b22d8 overflowed to 0x61a0000b22b8| `#define BHEADN_FROM_BHEAD(bh) ((BHeadN *)POINTER_OFFSET(bh, -offsetof(BHeadN, bhead)))`| [D9063](https://archive.blender.org/developer/D9063) ||source/blender/blenloader/intern/readfile.c:2191:13: runtime error: addition of unsigned offset to 0x61a0000b22d8 overflowed to 0x61a0000b22b8|ditto | ||source/blender/blenloader/intern/readfile.c:2177:13: runtime error: addition of unsigned offset to 0x62700005e958 overflowed to 0x62700005e938| ditto| ||source/blender/blenloader/intern/readfile.c:1025:23: runtime error: addition of unsigned offset to 0x60c0000aeed8 overflowed to 0x60c0000aeeb8|ditto | ||source/blender/blenloader/intern/readfile.c:1005:23: runtime error: addition of unsigned offset to 0x60c0000aeed8 overflowed to 0x60c0000aeeb8|ditto | ||source/blender/blenloader/intern/readfile.c:2211:17: runtime error: addition of unsigned offset to 0x629000064258 overflowed to 0x629000064238|ditto | ||source/blender/gpu/GPU_vertex_buffer.h:43:1: runtime error: load of value 4294967291, which is not a valid value for type 'GPUVertBufStatus'| `static_cast<_enum_type>(~static_cast<int>(a));` `~` operator creates values outside the enum's underlying type.| [D9067](https://archive.blender.org/developer/D9067) ||source/blender/gpu/GPU_batch.h:69:1: runtime error: load of value 4294967038, which is not a valid value for type 'eGPUBatchFlag'| ditto| ||source/blender/gpu/intern/gpu_texture_private.hh:60:1: runtime error: load of value 4294967279, which is not a valid value for type 'blender::gpu::eGPUTextureType'| ditto| ||source/blender/gpu/GPU_texture.h:65:1: runtime error: load of value 4294967293, which is not a valid value for type 'eGPUSamplerState'| ditto| ||source/blender/gpu/GPU_batch.h:69:1: runtime error: load of value 4294836223, which is not a valid value for type 'eGPUBatchFlag'|ditto | ||source/blender/depsgraph/intern/depsgraph_tag.cc:665:64: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'|`(IDRecalcFlag)(1 << bitscan_forward_clear_i(&current_flag));` with `current_flag` negative | [D9064](https://archive.blender.org/developer/D9064) ||source/blender/depsgraph/intern/depsgraph_tag.cc:367:7: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'|ditto | ||source/blender/depsgraph/intern/depsgraph_tag.cc:376:41: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'| ditto| ||source/blender/depsgraph/intern/depsgraph_tag.cc:161:7: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'| ditto| ||source/blender/depsgraph/intern/depsgraph_tag.cc:166:11: runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'| ditto| ||source/blender/gpu/opengl/gl_vertex_array.cc:65:57: runtime error: applying non-zero offset 32 to null pointer|`const GLvoid *pointer = (const GLubyte *)0 + offset + v_first * stride;` | [D9069](https://archive.blender.org/developer/D9069)

Ankit Meel self-assigned this 2020-09-30 23:38:17 +02:00

Ankit Meel commented

2020-09-30 23:38:17 +02:00

Changed status from 'Needs Triage' to: 'Confirmed'

Ankit Meel commented

2020-09-30 23:38:17 +02:00

Added subscriber: @ankitm

Campbell Barton commented

2020-10-01 07:32:20 +02:00

Added subscriber: @ideasman42

Campbell Barton commented

2020-10-01 07:32:20 +02:00

Note that I don't think we want to consider all of these bugs to fix, at least not at the moment as making changes needs to be done carefully. If this is only to quiet UBSan and doesn't lead to solving any underlying errors in the code it isn't so valuable to focus on.

D9063 for example is harmless, D9064 on the other hand looks like it's causing unintended run-time behavior.

It's possible that in the future we manage to suppress all UBSan warnings (as we do with compiler warnings - Linux/GCC at least).
But for now I don't consider many of these issues worth worrying about.

Suggest to first focus on issues of this report that lead to incorrect behavior, and are likely to lead to bugs in the future.

Note that I don't think we want to consider all of these bugs to fix, at least not at the moment as making changes needs to be done carefully. If this is only to quiet UBSan and doesn't lead to solving any underlying errors in the code it isn't so valuable to focus on. [D9063](https://archive.blender.org/developer/D9063) for example is harmless, [D9064](https://archive.blender.org/developer/D9064) on the other hand looks like it's causing unintended run-time behavior. It's possible that in the future we manage to suppress all UBSan warnings (as we do with compiler warnings - Linux/GCC at least). But for now I don't consider many of these issues worth worrying about. Suggest to first focus on issues of this report that lead to incorrect behavior, and are likely to lead to bugs in the future.

blender-admin commented

2020-10-01 08:25:14 +02:00

This issue was referenced by 63c906e0a7

This issue was referenced by 63c906e0a7e59152601435bac2d06fb1b6df6592

Ankit Meel commented

2020-10-01 10:57:03 +02:00

Changed status from 'Confirmed' to: 'Resolved'

Ankit Meel closed this issue

2020-10-01 10:57:03 +02:00

blender-admin commented

2020-10-01 20:21:01 +02:00

This issue was referenced by a31a87f894

This issue was referenced by a31a87f8943aa4029ff0f23a6dc46f5d0c895e8b

Ankit Meel commented

2020-10-05 08:53:12 +02:00

Changed status from 'Resolved' to: 'Confirmed'

Ankit Meel reopened this issue

2020-10-05 08:53:12 +02:00

Ankit Meel removed their assignment 2020-10-05 08:53:12 +02:00

Ankit Meel commented

2020-10-14 11:52:38 +02:00

Added subscriber: @Sergey

Ankit Meel commented

2020-10-14 11:52:38 +02:00

@Sergey This report is now reduced to IDRecalcFlag related warnings. If it's not a bug, we can close it.

@Sergey This report is now reduced to `IDRecalcFlag` related warnings. If it's not a bug, we can close it.

Sergey Sharybin commented

2020-10-14 12:06:45 +02:00

Is it signess issue? Will 1u << bitscan_forward_clear_i(...) + making current_flag unsigned resolve the error?

Is it signess issue? Will `1u << bitscan_forward_clear_i(...)` + making `current_flag` unsigned resolve the error?

Ankit Meel commented

2020-10-14 12:36:02 +02:00

output of std::bitset<32>(tag) is the same in master, and with the changes you mentioned.

diff --git a/source/blender/depsgraph/intern/depsgraph_tag.cc b/source/blender/depsgraph/intern/depsgraph_tag.cc
index 868f88d8fcd..b21cdce9f9a 100644
--- a/source/blender/depsgraph/intern/depsgraph_tag.cc
+++ b/source/blender/depsgraph/intern/depsgraph_tag.cc
@@ -25,6 +25,7 @@
 
 #include "intern/depsgraph_tag.h"
 
+#include <bitset>
 - include <cstring> /* required for memset */
 - include <queue>
 #include <stdio.h>
@@ -659,9 +660,11 @@ void graph_id_tag_update(
   if (update_source == DEG_UPDATE_SOURCE_USER_EDIT) {
     id->recalc |= deg_recalc_flags_effective(graph, flag);
   }
-  int current_flag = flag;
+  uint current_flag = flag;
+  std::cout << "new function call" << std::endl;
   while (current_flag != 0) {
-    IDRecalcFlag tag = (IDRecalcFlag)(1 << bitscan_forward_clear_i(&current_flag));
+    IDRecalcFlag tag = (IDRecalcFlag)(1u << bitscan_forward_clear_uint(&current_flag));
+    std::cout << std::bitset<32>(tag) << std::endl;
     graph_id_tag_update_single_flag(bmain, graph, id, id_node, tag, update_source);
   }
   /* Special case for nested node tree datablocks. */

new function call
00000000000000000000000000000001
00000000000000000000000000000010
00000000000000000000000010000000
00000000000000000000000100000000
00000000000000000000001000000000
00000000000000000000010000000000
00000000000000000000100000000000
00000000000000000010000000000000
00000000000000000100000000000000
00000000000000001000000000000000
00000000000000010000000000000000
00000000000000100000000000000000
00000000000001000000000000000000
00000000000010000000000000000000
00000000000100000000000000000000
00000000001000000000000000000000
00000000010000000000000000000000
00000001000000000000000000000000
libclang_rt.asan_osx_dynamic.dylib was compiled with optimization - stepping may behave oddly; variables may not be available.
[1m/Users/ankitkumar/blender-build/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:667:34:[1m[31m runtime error: [1m[0m[1mload of value 33554432, which is not a valid value for type 'IDRecalcFlag'[1m[0m
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/ankitkumar/blender-build/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:667:34 in 
00000010000000000000000000000000
... <same warning from different places>
00000100000000000000000000000000
00001000000000000000000000000000
00010000000000000000000000000000
00100000000000000000000000000000
01000000000000000000000000000000
10000000000000000000000000000000
new function call

output of `std::bitset<32>(tag)` is the same in master, and with the changes you mentioned. ``` diff --git a/source/blender/depsgraph/intern/depsgraph_tag.cc b/source/blender/depsgraph/intern/depsgraph_tag.cc index 868f88d8fcd..b21cdce9f9a 100644 --- a/source/blender/depsgraph/intern/depsgraph_tag.cc +++ b/source/blender/depsgraph/intern/depsgraph_tag.cc @@ -25,6 +25,7 @@ #include "intern/depsgraph_tag.h" +#include <bitset> - include <cstring> /* required for memset */ - include <queue> #include <stdio.h> @@ -659,9 +660,11 @@ void graph_id_tag_update( if (update_source == DEG_UPDATE_SOURCE_USER_EDIT) { id->recalc |= deg_recalc_flags_effective(graph, flag); } - int current_flag = flag; + uint current_flag = flag; + std::cout << "new function call" << std::endl; while (current_flag != 0) { - IDRecalcFlag tag = (IDRecalcFlag)(1 << bitscan_forward_clear_i(&current_flag)); + IDRecalcFlag tag = (IDRecalcFlag)(1u << bitscan_forward_clear_uint(&current_flag)); + std::cout << std::bitset<32>(tag) << std::endl; graph_id_tag_update_single_flag(bmain, graph, id, id_node, tag, update_source); } /* Special case for nested node tree datablocks. */ ``` ``` new function call 00000000000000000000000000000001 00000000000000000000000000000010 00000000000000000000000010000000 00000000000000000000000100000000 00000000000000000000001000000000 00000000000000000000010000000000 00000000000000000000100000000000 00000000000000000010000000000000 00000000000000000100000000000000 00000000000000001000000000000000 00000000000000010000000000000000 00000000000000100000000000000000 00000000000001000000000000000000 00000000000010000000000000000000 00000000000100000000000000000000 00000000001000000000000000000000 00000000010000000000000000000000 00000001000000000000000000000000 libclang_rt.asan_osx_dynamic.dylib was compiled with optimization - stepping may behave oddly; variables may not be available. [1m/Users/ankitkumar/blender-build/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:667:34:[1m[31m runtime error: [1m[0m[1mload of value 33554432, which is not a valid value for type 'IDRecalcFlag'[1m[0m SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/ankitkumar/blender-build/blender/source/blender/depsgraph/intern/depsgraph_tag.cc:667:34 in 00000010000000000000000000000000 ... <same warning from different places> 00000100000000000000000000000000 00001000000000000000000000000000 00010000000000000000000000000000 00100000000000000000000000000000 01000000000000000000000000000000 10000000000000000000000000000000 new function call ```

Sergey Sharybin commented

2020-10-14 14:50:59 +02:00

Is my understanding correct, that the error happens because cast attempts to convert int-value to IDRecalcFlag and the value does not exist in any of the enumerator items?

What is the value passed to the "bogous" call of graph_id_tag_update() ? Do you have stack-trace? Preferably with exact argument and values used in the code (to be able to see if some "bogous" value is hardcoded or is a result of some calculation).

Hope you're fine with such remote debugging thing. I just don't currently have a way to repro the sanitization myself, so need so extra pointers to do deduction based on reading the code :)

Is my understanding correct, that the error happens because cast attempts to convert int-value to `IDRecalcFlag` and the value does not exist in any of the enumerator items? What is the value passed to the "bogous" call of `graph_id_tag_update()` ? Do you have stack-trace? Preferably with exact argument and values used in the code (to be able to see if some "bogous" value is hardcoded or is a result of some calculation). Hope you're fine with such remote debugging thing. I just don't currently have a way to repro the sanitization myself, so need so extra pointers to do deduction based on reading the code :)

Ankit Meel commented

2020-10-14 14:56:01 +02:00

Is my understanding correct, ..

yes

What is the value passed to the "bogous" call of graph_id_tag_update() ?

Oh I forgot to print that in the output in my last comment.
I had added some info in D9064 . I'll get the stack-trace and values while you give that a read.

Hope you're fine with such remote debugging thing.

yeah totally!

> Is my understanding correct, .. yes > What is the value passed to the "bogous" call of graph_id_tag_update() ? Oh I forgot to print that in the output in my last comment. I had added some info in [D9064](https://archive.blender.org/developer/D9064) . I'll get the stack-trace and values while you give that a read. > Hope you're fine with such remote debugging thing. yeah totally!

Ankit Meel commented

2020-10-14 18:09:44 +02:00

- 0  blender::deg::deg_graph_build_finalize(Main*, blender::deg::Depsgraph*) at source/blender/depsgraph/intern/builder/deg_builder.cc:240
- 1  0x1ffff0008 ()
- 2  blender::deg::AbstractBuilderPipeline::build_step_finalize() at source/blender/depsgraph/intern/builder/pipeline.cc:106
- 3  blender::deg::AbstractBuilderPipeline::build() at source/blender/depsgraph/intern/builder/pipeline.cc:59
- 4  ::DEG_graph_build_from_view_layer(Depsgraph *) at source/blender/depsgraph/intern/depsgraph_build.cc:216
- 5  ::DEG_graph_relations_update(Depsgraph *) at source/blender/depsgraph/intern/depsgraph_build.cc:269
- 6  wm_event_do_depsgraph at source/blender/windowmanager/intern/wm_event_system.c:356
- 7  wm_file_read_post at source/blender/windowmanager/intern/wm_files.c:642
- 8  wm_homefile_read at source/blender/windowmanager/intern/wm_files.c:1154
- 9  WM_init at source/blender/windowmanager/intern/wm_init_exit.c:290
- 10 main at source/creator/creator.c:460
- 11 start ()

To get more insight, set a conditional breakpoint here that fires if flag < 0.
id_orig->name is "SCScene" (never touched this code, so don't know what else to mention)
id_orig->recalc and thus flag is -8392829

In the next step, we go to

- 0  in blender::deg::graph_id_tag_update(Main*, blender::deg::Depsgraph*, ID*, int, blender::deg::eUpdateSource) at source/blender/depsgraph/intern/depsgraph_tag.cc:662
- 1  in blender::deg::deg_graph_build_finalize(Main*, blender::deg::Depsgraph*) at source/blender/depsgraph/intern/builder/deg_builder.cc:241
- 2  in blender::deg::AbstractBuilderPipeline::build_step_finalize() at source/blender/depsgraph/intern/builder/pipeline.cc:106
- 3  in blender::deg::AbstractBuilderPipeline::build() at source/blender/depsgraph/intern/builder/pipeline.cc:59
- 4  in ::DEG_graph_build_from_view_layer(Depsgraph *) at source/blender/depsgraph/intern/depsgraph_build.cc:216
- 5  in ::DEG_graph_relations_update(Depsgraph *) at source/blender/depsgraph/intern/depsgraph_build.cc:269
- 6  in wm_event_do_depsgraph at source/blender/windowmanager/intern/wm_event_system.c:356
- 7  in wm_file_read_post at source/blender/windowmanager/intern/wm_files.c:642
- 8  in wm_homefile_read at source/blender/windowmanager/intern/wm_files.c:1154
- 9  in WM_init at source/blender/windowmanager/intern/wm_init_exit.c:290
- 10 in main at source/creator/creator.c:460
- 11 in start ()

Soon, int current_flag = flag; is reached, and flag is (-8392829)10, 0b11111111011111111110111110000011

The output of print statements in the while loop [1]:

flag: 11111111011111111110111110000011 - -8392829
tag : 00000000000000000000000000000001
flag: 11111111011111111110111110000010 - -8392830
tag : 00000000000000000000000000000010
flag: 11111111011111111110111110000000 - -8392832
tag : 00000000000000000000000010000000
flag: 11111111011111111110111100000000 - -8392960
tag : 00000000000000000000000100000000
flag: 11111111011111111110111000000000 - -8393216
tag : 00000000000000000000001000000000
flag: 11111111011111111110110000000000 - -8393728
tag : 00000000000000000000010000000000
flag: 11111111011111111110100000000000 - -8394752
tag : 00000000000000000000100000000000
flag: 11111111011111111110000000000000 - -8396800
tag : 00000000000000000010000000000000
flag: 11111111011111111100000000000000 - -8404992
tag : 00000000000000000100000000000000
flag: 11111111011111111000000000000000 - -8421376
tag : 00000000000000001000000000000000
flag: 11111111011111110000000000000000 - -8454144
tag : 00000000000000010000000000000000
flag: 11111111011111100000000000000000 - -8519680
tag : 00000000000000100000000000000000
flag: 11111111011111000000000000000000 - -8650752
tag : 00000000000001000000000000000000
flag: 11111111011110000000000000000000 - -8912896
tag : 00000000000010000000000000000000
flag: 11111111011100000000000000000000 - -9437184
tag : 00000000000100000000000000000000
flag: 11111111011000000000000000000000 - -10485760
tag : 00000000001000000000000000000000
flag: 11111111010000000000000000000000 - -12582912
tag : 00000000010000000000000000000000
flag: 11111111000000000000000000000000 - -16777216
tag : 00000001000000000000000000000000
flag: 11111110000000000000000000000000 - -33554432
libclang_rt.asan_osx_dynamic.dylib was compiled with optimization - stepping may behave oddly; variables may not be available.
source/blender/depsgraph/intern/depsgraph_tag.cc:666:34:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:666:34 in 
tag : 00000010000000000000000000000000
source/blender/depsgraph/intern/depsgraph_tag.cc:667:64:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:667:64 in 
source/blender/depsgraph/intern/depsgraph_tag.cc:367:7:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:367:7 in 
source/blender/depsgraph/intern/depsgraph_tag.cc:376:41:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:376:41 in 
source/blender/depsgraph/intern/depsgraph_tag.cc:161:7:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:161:7 in 
source/blender/depsgraph/intern/depsgraph_tag.cc:166:11:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:166:11 in 
flag: 11111100000000000000000000000000 - -67108864
tag : 00000100000000000000000000000000
flag: 11111000000000000000000000000000 - -134217728
tag : 00001000000000000000000000000000
flag: 11110000000000000000000000000000 - -268435456
tag : 00010000000000000000000000000000
flag: 11100000000000000000000000000000 - -536870912
tag : 00100000000000000000000000000000
flag: 11000000000000000000000000000000 - -1073741824
tag : 01000000000000000000000000000000
flag: 10000000000000000000000000000000 - -2147483648
tag : 10000000000000000000000000000000

Next time onwards, flag is 8195, 8194, or 8192

[1]

int current_flag = flag;
   while (current_flag != 0) {
+    std::cout << "flag:" << std::bitset<32>(current_flag) << " - " << current_flag << std::endl;
     IDRecalcFlag tag = (IDRecalcFlag)(1 << bitscan_forward_clear_i(&current_flag));
+    std::cout << "tag :" << std::bitset<32>(tag) << std::endl;
     graph_id_tag_update_single_flag(bmain, graph, id, id_node, tag, update_source);
   }

``` - 0 blender::deg::deg_graph_build_finalize(Main*, blender::deg::Depsgraph*) at source/blender/depsgraph/intern/builder/deg_builder.cc:240 - 1 0x1ffff0008 () - 2 blender::deg::AbstractBuilderPipeline::build_step_finalize() at source/blender/depsgraph/intern/builder/pipeline.cc:106 - 3 blender::deg::AbstractBuilderPipeline::build() at source/blender/depsgraph/intern/builder/pipeline.cc:59 - 4 ::DEG_graph_build_from_view_layer(Depsgraph *) at source/blender/depsgraph/intern/depsgraph_build.cc:216 - 5 ::DEG_graph_relations_update(Depsgraph *) at source/blender/depsgraph/intern/depsgraph_build.cc:269 - 6 wm_event_do_depsgraph at source/blender/windowmanager/intern/wm_event_system.c:356 - 7 wm_file_read_post at source/blender/windowmanager/intern/wm_files.c:642 - 8 wm_homefile_read at source/blender/windowmanager/intern/wm_files.c:1154 - 9 WM_init at source/blender/windowmanager/intern/wm_init_exit.c:290 - 10 main at source/creator/creator.c:460 - 11 start () ``` To get more insight, set a conditional breakpoint here that fires if flag < 0. `id_orig->name` is "SCScene" (never touched this code, so don't know what else to mention) `id_orig->recalc` and thus flag is -8392829 ------------------------------------------------------- In the next step, we go to ``` - 0 in blender::deg::graph_id_tag_update(Main*, blender::deg::Depsgraph*, ID*, int, blender::deg::eUpdateSource) at source/blender/depsgraph/intern/depsgraph_tag.cc:662 - 1 in blender::deg::deg_graph_build_finalize(Main*, blender::deg::Depsgraph*) at source/blender/depsgraph/intern/builder/deg_builder.cc:241 - 2 in blender::deg::AbstractBuilderPipeline::build_step_finalize() at source/blender/depsgraph/intern/builder/pipeline.cc:106 - 3 in blender::deg::AbstractBuilderPipeline::build() at source/blender/depsgraph/intern/builder/pipeline.cc:59 - 4 in ::DEG_graph_build_from_view_layer(Depsgraph *) at source/blender/depsgraph/intern/depsgraph_build.cc:216 - 5 in ::DEG_graph_relations_update(Depsgraph *) at source/blender/depsgraph/intern/depsgraph_build.cc:269 - 6 in wm_event_do_depsgraph at source/blender/windowmanager/intern/wm_event_system.c:356 - 7 in wm_file_read_post at source/blender/windowmanager/intern/wm_files.c:642 - 8 in wm_homefile_read at source/blender/windowmanager/intern/wm_files.c:1154 - 9 in WM_init at source/blender/windowmanager/intern/wm_init_exit.c:290 - 10 in main at source/creator/creator.c:460 - 11 in start () ``` Soon, `int current_flag = flag;` is reached, and flag is (-8392829)10, 0b11111111011111111110111110000011 The output of print statements in the while loop [1]: ```lines=8 flag: 11111111011111111110111110000011 - -8392829 tag : 00000000000000000000000000000001 flag: 11111111011111111110111110000010 - -8392830 tag : 00000000000000000000000000000010 flag: 11111111011111111110111110000000 - -8392832 tag : 00000000000000000000000010000000 flag: 11111111011111111110111100000000 - -8392960 tag : 00000000000000000000000100000000 flag: 11111111011111111110111000000000 - -8393216 tag : 00000000000000000000001000000000 flag: 11111111011111111110110000000000 - -8393728 tag : 00000000000000000000010000000000 flag: 11111111011111111110100000000000 - -8394752 tag : 00000000000000000000100000000000 flag: 11111111011111111110000000000000 - -8396800 tag : 00000000000000000010000000000000 flag: 11111111011111111100000000000000 - -8404992 tag : 00000000000000000100000000000000 flag: 11111111011111111000000000000000 - -8421376 tag : 00000000000000001000000000000000 flag: 11111111011111110000000000000000 - -8454144 tag : 00000000000000010000000000000000 flag: 11111111011111100000000000000000 - -8519680 tag : 00000000000000100000000000000000 flag: 11111111011111000000000000000000 - -8650752 tag : 00000000000001000000000000000000 flag: 11111111011110000000000000000000 - -8912896 tag : 00000000000010000000000000000000 flag: 11111111011100000000000000000000 - -9437184 tag : 00000000000100000000000000000000 flag: 11111111011000000000000000000000 - -10485760 tag : 00000000001000000000000000000000 flag: 11111111010000000000000000000000 - -12582912 tag : 00000000010000000000000000000000 flag: 11111111000000000000000000000000 - -16777216 tag : 00000001000000000000000000000000 flag: 11111110000000000000000000000000 - -33554432 libclang_rt.asan_osx_dynamic.dylib was compiled with optimization - stepping may behave oddly; variables may not be available. source/blender/depsgraph/intern/depsgraph_tag.cc:666:34:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag' SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:666:34 in tag : 00000010000000000000000000000000 source/blender/depsgraph/intern/depsgraph_tag.cc:667:64:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag' SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:667:64 in source/blender/depsgraph/intern/depsgraph_tag.cc:367:7:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag' SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:367:7 in source/blender/depsgraph/intern/depsgraph_tag.cc:376:41:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag' SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:376:41 in source/blender/depsgraph/intern/depsgraph_tag.cc:161:7:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag' SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:161:7 in source/blender/depsgraph/intern/depsgraph_tag.cc:166:11:m runtime error: load of value 33554432, which is not a valid value for type 'IDRecalcFlag' SUMMARY: UndefinedBehaviorSanitizer: undefined-behaviorsource/blender/depsgraph/intern/depsgraph_tag.cc:166:11 in flag: 11111100000000000000000000000000 - -67108864 tag : 00000100000000000000000000000000 flag: 11111000000000000000000000000000 - -134217728 tag : 00001000000000000000000000000000 flag: 11110000000000000000000000000000 - -268435456 tag : 00010000000000000000000000000000 flag: 11100000000000000000000000000000 - -536870912 tag : 00100000000000000000000000000000 flag: 11000000000000000000000000000000 - -1073741824 tag : 01000000000000000000000000000000 flag: 10000000000000000000000000000000 - -2147483648 tag : 10000000000000000000000000000000 ``` ------------------------------------------------------- Next time onwards, flag is 8195, 8194, or 8192 ----------------------------------------------------- [1] ``` int current_flag = flag; while (current_flag != 0) { + std::cout << "flag:" << std::bitset<32>(current_flag) << " - " << current_flag << std::endl; IDRecalcFlag tag = (IDRecalcFlag)(1 << bitscan_forward_clear_i(&current_flag)); + std::cout << "tag :" << std::bitset<32>(tag) << std::endl; graph_id_tag_update_single_flag(bmain, graph, id, id_node, tag, update_source); } ```

Sergey Sharybin commented

2020-10-14 18:36:25 +02:00

8392829 is an weird value. It might be coming from ID_RECALC_ALL and some bits cleared explicitly.
Can you try to replace ID_RECALC_ALL = ~(0) with ID_RECALC_ALL = ((1 << 25) - 1) ?

- 8392829 is an weird value. It might be coming from `ID_RECALC_ALL` and some bits cleared explicitly. Can you try to replace `ID_RECALC_ALL = ~(0)` with `ID_RECALC_ALL = ((1 << 25) - 1)` ?

Ankit Meel commented

2020-10-14 19:53:07 +02:00

That fixes it.

deg_graph_build_finalize -- 25161603
flag:00000001011111111110111110000011 - 25161603
tag :00000000000000000000000000000001
flag:00000001011111111110111110000010 - 25161602
tag :00000000000000000000000000000010
flag:00000001011111111110111110000000 - 25161600
tag :00000000000000000000000010000000
flag:00000001011111111110111100000000 - 25161472
tag :00000000000000000000000100000000
flag:00000001011111111110111000000000 - 25161216
tag :00000000000000000000001000000000
flag:00000001011111111110110000000000 - 25160704
tag :00000000000000000000010000000000
flag:00000001011111111110100000000000 - 25159680
tag :00000000000000000000100000000000
flag:00000001011111111110000000000000 - 25157632
tag :00000000000000000010000000000000
flag:00000001011111111100000000000000 - 25149440
tag :00000000000000000100000000000000
flag:00000001011111111000000000000000 - 25133056
tag :00000000000000001000000000000000
flag:00000001011111110000000000000000 - 25100288
tag :00000000000000010000000000000000
flag:00000001011111100000000000000000 - 25034752
tag :00000000000000100000000000000000
flag:00000001011111000000000000000000 - 24903680
tag :00000000000001000000000000000000
flag:00000001011110000000000000000000 - 24641536
tag :00000000000010000000000000000000
flag:00000001011100000000000000000000 - 24117248
tag :00000000000100000000000000000000
flag:00000001011000000000000000000000 - 23068672
tag :00000000001000000000000000000000
flag:00000001010000000000000000000000 - 20971520
tag :00000000010000000000000000000000
flag:00000001000000000000000000000000 - 16777216
tag :00000001000000000000000000000000

That fixes it. ``` deg_graph_build_finalize -- 25161603 flag:00000001011111111110111110000011 - 25161603 tag :00000000000000000000000000000001 flag:00000001011111111110111110000010 - 25161602 tag :00000000000000000000000000000010 flag:00000001011111111110111110000000 - 25161600 tag :00000000000000000000000010000000 flag:00000001011111111110111100000000 - 25161472 tag :00000000000000000000000100000000 flag:00000001011111111110111000000000 - 25161216 tag :00000000000000000000001000000000 flag:00000001011111111110110000000000 - 25160704 tag :00000000000000000000010000000000 flag:00000001011111111110100000000000 - 25159680 tag :00000000000000000000100000000000 flag:00000001011111111110000000000000 - 25157632 tag :00000000000000000010000000000000 flag:00000001011111111100000000000000 - 25149440 tag :00000000000000000100000000000000 flag:00000001011111111000000000000000 - 25133056 tag :00000000000000001000000000000000 flag:00000001011111110000000000000000 - 25100288 tag :00000000000000010000000000000000 flag:00000001011111100000000000000000 - 25034752 tag :00000000000000100000000000000000 flag:00000001011111000000000000000000 - 24903680 tag :00000000000001000000000000000000 flag:00000001011110000000000000000000 - 24641536 tag :00000000000010000000000000000000 flag:00000001011100000000000000000000 - 24117248 tag :00000000000100000000000000000000 flag:00000001011000000000000000000000 - 23068672 tag :00000000001000000000000000000000 flag:00000001010000000000000000000000 - 20971520 tag :00000000010000000000000000000000 flag:00000001000000000000000000000000 - 16777216 tag :00000001000000000000000000000000 ```

Sergey Sharybin commented

2020-10-15 12:26:59 +02:00

Ok, good!
After spending some time trying to make it less fragile solution, it seems to be most reliable to remove ID_RECALC_ALL. It is only couple of places where it requiers some brain cells, the rest seems to be straightforward. I'll start moving towards that direction.

Ok, good! After spending some time trying to make it less fragile solution, it seems to be most reliable to remove `ID_RECALC_ALL`. It is only couple of places where it requiers some brain cells, the rest seems to be straightforward. I'll start moving towards that direction.

Oliver Weissbarth commented

2021-01-06 16:47:47 +01:00

Added subscriber: @oweissbarth

Brecht Van Lommel commented

2022-08-19 14:33:21 +02:00

Added subscriber: @brecht

Brecht Van Lommel commented

2022-08-19 14:33:21 +02:00

Changed status from 'Confirmed' to: 'Resolved'

Brecht Van Lommel closed this issue

2022-08-19 14:33:21 +02:00

Brecht Van Lommel self-assigned this 2022-08-19 14:33:21 +02:00

Brecht Van Lommel commented

2022-08-19 14:33:21 +02:00

With D15602: Fix undefined behavior in dependency graph tagging I believe everything mentioned in this task was solved.

With [D15602: Fix undefined behavior in dependency graph tagging](https://archive.blender.org/developer/D15602) I believe everything mentioned in this task was solved.

Sign in to join this conversation.

No Label

Download

What's New

Blender Studio

Manual

Developers Blog

Documentation

Benchmark

Blender Conference

Development Fund

One-time Donations

UBSan: several runtime errors at launch. #81340