OpenModelica
Buildings.Templates.Plants.Controls.StagingRotation.Validation.EquipmentEnable causes the runtime to crash due to buffer overflow
Please check Buildings.Templates.Plants.Controls.StagingRotation.Validation.EquipmentEnable
When running on the CI, the runtime just crashes after a few milliseconds without any error message reported on the simulation log. The compilation log contains these last lines:
Buildings_latest_Buildings.Templates.Plants.Controls.StagingRotation.Validation.EquipmentEnable -abortSlowSimulation -alarm=800 -emit_protected -lv LOG_STATS > Buildings_latest_Buildings.Templates.Plants.Controls.StagingRotation.Validation.EquipmentEnable.pipe 2>&1) [Timeout 800]
[Calling os._exit(0), Time elapsed: 8.794603981077671]
Failed to read output from testmodel.py, exit status != 0:
0.48221098398789763 0.49633956599999995 0.16952508000000002
Calling exit ...
<OMPython.OMCSessionZMQ object at 0x7f7a70c557b0>
which apparently mean the compiler is not returning with a zero error code for some reason.
I tried running the model with v1.25.0-dev-406-gf9e29c1120 on Windows 11. There were no errors reported during compilation, but the runtime crashed with these error messages:
Process crashed Simulation process failed. Exited with code 0xffffffffc0000005.
Process crashed
HashMap contained: 0->*map* HashMap contained: 1->*map* HashMap contained: 2->*map* HashMap contained: 3->*map* HashMap contained: 4->*map* HashMap contained: 5->*map* HashMap contained: 6->*map* HashMap contained: 7->*map* HashMap contained: 8->*map* HashMap contained: 9->*map* HashMap contained: 10->*map* HashMap contained: 11->*map* HashMap contained: 12->*map* HashMap contained: 13->*map* HashMap contained: 14->*map* HashMap contained: 15->*map* HashMap contained: 16->*map* HashMap contained: 17->*map* HashMap contained: 18->*map* HashMap contained: 19->*map* HashMap contained: 20->*map* HashMap contained: 21->*map* HashMap contained: 22->*map* HashMap contained: 23->*map* HashMap contained: 24->*map* HashMap contained: 25->*map* HashMap contained: 26->*map* HashMap contained: 27->*map* HashMap contained: 28->*map* HashMap contained: 29->*map* HashMap contained: 30->*map* HashMap contained: 31->*map* HashMap contained: 32->*map* HashMap contained: 33->*map* HashMap contained: 34->*map* HashMap contained: 35->*map* HashMap contained: 36->*map* HashMap contained: 37->*map* HashMap contained: 38->*map* HashMap contained: 39->*map* HashMap contained: 40->*map* HashMap contained: 41->*map* HashMap contained: 42->*map* HashMap contained: 43->*map* HashMap contained: 44->*map* HashMap contained: 45->*map* HashMap contained: 46->*map* HashMap contained: 47->*map* HashMap contained: 48->*map* HashMap contained: 49->*map* HashMap contained: 50->*map* HashMap contained: 51->*map* HashMap contained: 52->*map* HashMap contained: 53->*map* HashMap contained: 54->*map* HashMap contained: 55->*map* HashMap contained: 56->*map* HashMap contained: 57->*map* HashMap contained: 58->*map* HashMap contained: 59->*map* HashMap contained: 60->*map* HashMap contained: 61->*map* HashMap contained: 62->*map* HashMap contained: 63->*map* HashMap contained: 64->*map* HashMap contained: 65->*map* HashMap contained: 66->*map* HashMap contained: 67->*map* HashMap contained: 68->*map* HashMap contained: 69->*map* HashMap contained: 70->*map* HashMap contained: 71->*map* HashMap contained: 72->*map* HashMap contained: 73->*map* HashMap contained: 74->*map* HashMap contained: 75->*map* HashMap contained: 76->*map* HashMap contained: 77->*map* HashMap contained: 78->*map* HashMap contained: 79->*map* HashMap contained: 80->*map* HashMap contained: 81->*map* HashMap contained: 82->*map* HashMap contained: 83->*map* HashMap contained: 84->*map* HashMap contained: 85->*map* HashMap contained: 86->*map* HashMap contained: 87->*map* HashMap contained: 88->*map* HashMap contained: 89->*map* HashMap contained: 90->*map* HashMap contained: 91->*map* HashMap contained: 92->*map* HashMap contained: 93->*map* HashMap contained: 94->*map* HashMap contained: 95->*map* HashMap contained: 96->*map* HashMap contained: 97->*map* HashMap contained: 98->*map* HashMap contained: 99->*map* HashMap contained: 100->*map* HashMap contained: 101->*map*
I'm not exactly sure where this HashMap is.
In fact, the first time I ran the model with OMEdit, I got a different runtime error with exit code 374, apparently meaning "heap corruption". I was not able to reproduce that behaviour, though.
@perost, @adrpo, any clue?
I did some debugging and the hashmap error seems to be a red herring. The actual issue seems to be a buffer overflow caused by #12969, which is the reason why we get such different behaviours.
The issue seems to be that in the computeVarIndices function in the generated code we initialize some arrays with indices. This is called from here:
https://github.com/OpenModelica/OpenModelica/blob/f9e29c11205bf2396408aae21c734f5886a3344a/OMCompiler/SimulationRuntime/c/simulation/solver/model_help.c#L1018
The simulation runtime allocated an array for integers with 45 elements, which corresponds to the intAlgVars in the generated code. However, in computeVarIndices there are also a couple of $OMC$CF$init and $OMC$CF$sim variables under the algVars heading that also uses this array, which throws the indexing off and causes it to write outside the array.
C/C++ is really a dangerous programming language 😅
I suppose this would not have happened with Rust. 🤔
Anyway it should be okay if we fill the var lists correctly and count correctly...
The OB made some variables with default type real instead of what it should actually be. I fixed that with #13678.
The OB didn't really give much care for correct types so I had to fix the fix further. Hope it's fixed now.
Buildings.Templates.Plants.Controls.StagingRotation.Validation.EquipmentEnable now runs fine 🥳
@Pavanrajhr, please update the Building issues spreadsheet.