using the attached modlist, when one clicks on the uniforms tab for ACE arsenal, it freezes for about 30 minutes to an hour and then CTD without anything other than a debug crash{F4337088}
Description
Details
- Severity
- Crash
- Resolution
- Open
- Reproducibility
- Always
- Operating System
- Windows 10 x64
- Operating System Version
- Pro version 22H2
- Category
- Game Crash
use attached modlist
open editor
place any unit
right click and ACE arsenal
click uniforms tab
CTD
already contacted ACE dev team with ticket:
https://github.com/acemod/ACE3/issues/10043
Event Timeline
The freeze dump, is currently inside "modParams" script command. It is looking if a mod's picture exists, and trying to find what PBO it is in.
A freeze dump is only a snapshot of a instant in time. That's why we always write two freeze dumps, so we can see atleast two points and judge where the freeze might be at.
I can't see how it could be freezing inside of modParams, so it must be a infinite/near-infinite loop in the script that called it.
The script was called from a UI button "OnClick" eventhandler.
I cannot see which script file it was, but the "modParams" command was at line number 374.
Also note that modParams command is quite slow. Caching it with a hashmap would be good.
I cannot see which script file it was, but the "modParams" command was at line number 374.
That would be ace_arsenal_fnc_addListBoxItem (https://github.com/acemod/ACE3/blob/master/addons/arsenal/functions/fnc_addListBoxItem.sqf).
Interestingly, it's one of the places where we do cache the result of modParams.
so it must be a infinite/near-infinite loop in the script that called it
ace_arsenal_fnc_addListBoxItem is used to add items in the left panel (i.e. where e.g. weapons and uniforms are shown), so no loops involved, although that function will be called for every item displayed (so I assume several thousand times in this case).
this time with the actual crash dump upon CTD and tested with dev version of arma and -debug option
i was able to crash the game with the modparams command by inserting a really log string as the modclass parameter...i wonder if the modlist i was using had an obfuscated modclass that could have caused a buffer overflow or something in an unusual way?
i tried recreating the problem by just fuzzing the modparams using a snippet of the code from the ace_common_fnc_getAddon function to fire off all the cfgweapons, cfgvehicles, cfgmagazines, and such and could not cause the same to crash with those modparams but i did notice that the uinamespace getvariable "ace_arsenal_addlistboxitemcache" is a hashmap that is using the getordefaultcall command to add items and i was wondering if there is a memory limit?
Oh my good friend the stack overflow. That's not nice.
There is infinite (or just wayyyy too deep) recursion causing a stack overflow, while its trying to sort the listbox items.
It also found sort is incredibly badly implemented, sorting the items in a listbox, causes every item to be copied when its position is changed, that's rather stupid.
instead of swapping rows during sort. We copy one row into a temporary, then we delete one row, copy one row into the other, delete the other row, copy the temporary into the other row, delete the temporary.
Wow.
The stack overflow is not infinite recursion, but you have so many items in the list that it is too much.
If a sort section is larger than 32 elements, we split it in half, and then call sort for both halves.
In this splitting in half, it went so deep that the memory limit of 8Megabytes got hit.
Something must be very wrong with that list, how many items are in there???
At the time it crashed, it was swapping item index 52195 and 52338
There are over 52 THOUSAND items in one listbox? Are you sure about that?
And due to how the splitting in half works, this 52 thousand will be somewhere in the middle of the listbox. So atleast 100k entries in there.
I can fix that copying stuff, and give you multithreaded sorting.
But clearly ACE Arsenal has some bug there.
is there anything you would like me to pass on to the ACE team to fix? i can see this took a long time to get to so i am extremely appreciative of your support! i am not surprised that there were 52k items because i am probably breaking a record for the number of mods that arma has ever had active in one session but besides that point, i just want to use ace arsenal with my mods because the vanilla arsenal is just too slow because of the caching isn't saving time or the lists are all populated at once instead of for each list upon selecting the category but i digress. i've been using a downgraded version of ace because even that version is faster and it is limited cuz acex mods do not work with it due to the use of hashmaps in the latest version and the saved loadouts are stored in hashmaps in my profile so i cannot see those loadouts either. i can imagine that if ace does not fix their bug, even with multithreaded sorting, you will still have this issue because of the threads overflowing from recursion (even the most secure linux distros are always vuln to a DOS from a fork bomb), therefore if i can assist in passing on the result of this to them, i would appreciate it. Thank you again!
ACE team is aware.
Turns out, our sorting code is even worse than I thought.
It's supposed to split the sorting into halves.
To do that, it's supposed to pick an element in the middle, and then move everything smaller to left and everything larger to right. Then it goes into the halves and sorts each.
In 2015, a programmer decided that instead of using a standard algorithm that was already available, he would be better off re-implementing that algorithm manually by himself.
He re-implemented the standard algorithm almost exactly. With one small difference. He took the first element, instead of the middle, and used it as the middle.
Well duh.
This causes incredibly bad recursion if the elements are already mostly sorted. Basically, instead of halving at each step, we would move _one_ element at each step.
This lead to the recursion that caused your stack overflow crash.
The standard algorithm also has a limit of how deep recursion can go, that programmer also left that part out...
crazy idea but, could you send me the compiled binary that you would like tested and i can give you a go/no-go whether it worked? this way you can focus on other things and not have to do the hours long wait for it to crash.