Re: More on the crash on exit.

msevior@physics.unimelb.edu.au wrote:
>> Martin Sevior wrote:
>>> On Thu, 2007-01-11 at 15:45 +1100, Martin Sevior wrote:
>>>> The crash on exit occurs with current AbiWord-2.5 on linux.
>>>>
>>>> It occurs because UT_ScriptLibrary::~UT_ScriptLibrary is called twice.
>>>>
>>>> This happens because if the are any plugins AT ALL UT_ScriptLibrary is
>>>> loaded as a plugin as well as being constructed via it's static
>>>> instance
>>>> pointer.
>>>>
>>>> Upon closing AbiWord, all the plugins are unloaded, which deletes the
>>>> script library once. Then the application shuts downs and hence
>>>> destroys
>>>> the UT_ScriptLibrary again through the static instance pointer and
>>>> hence
>>>> the crash.
>>>>
>>>> I'm now trying to understand why the library gets loaded as a plugin,
>>>> which is the origin of the bug. However I've been chasing this bug for
>>>> several days so I my not be successful.
>>>>
>>>> If I hope this info will be valuable to someone else if I can;t find
>>>> the
>>>> cause.
>>>>
>>> OK I fixed this by changing the access via reference to access via
>>> pointer.
>>>
>>> UT_ScriptLibrary is constructed in the XAP_App::initialize() method and
>>> UT_ScriptLibrary::instance() returns a pointer to the class.
>>>
>> Martin,
>>
>> I fear that this merely covers up the real problem and introduces a new
>> one; the problem is not the reference, but that something is trying to
>> destroy an object that it does not own -- whatever has previously been
>> calling the destructor on the reference will now call it on the pointer.
>> If there is any code that has stored pointer to the singleton, that
>> pointer will be invalid. I think either the class should not be a
>> singleton if it makes sense to have more than one instance of it, or the
>> destructor should be private and invoked at most once when the whole
>> application is being destroyed.
>>
>
> Hi Tomas,
> Actually it is the whole application that is destroying the class
> twice.
>
> For some reason I can't fathom, loading ANY plugin used to create another
> instance of UT_ScriptLibrary. The crash happens before the the plugin
> unloaded destructs the UT_ScriptLibrary, then when abi shuts down it
> destructs the UT_ScriptLibrary again, causing the crash.
>
> Doing things this prevents the plugin loader calling another instance of
> the ScriptLibrary.
>
> I don't know why this happenned other than UT_ScriptSniffer being a
> derived class UT_AbiModule. This bug has been with us for a week and I
> have devoted many hours to solving it.
>
> I agree that the solution is not satifactory because I don;t understand
> why the crash happenned in the first place (see above). I do know it's
> fixed and valgrind is happy with this work around.
>

This is hard to reproduce on Ubuntu; I crashes when run under valgrind,
but not under gdb, and the valgrind trace is not much use (other than it
looks like double free).

One problem I noticed was how we were disposing of the application
object in AP_UnixApp::main () where the local variables were outliving
the application object, while XAP_App::getApp() continued to return an
invalid pointer after the object was destroyed; I am not convinced that
was causing this crash, but changed the scope in that function anyhow,
and also fixed XAP_App::~XAP_App() to ensure that after the application
is destroyed, the stale pointer is reset.

Tomas
Received on Thu Jan 11 19:56:45 2007