sysmalloc assertion

[fractile]

I am just starting to use bullet in my project, but I'm stuck at initialization phase. I added following code (based on HelloWorld demo):

Code: Select all

    m_Configuration = new btDefaultCollisionConfiguration();
    m_Dispatcher = new btCollisionDispatcher(m_Configuration);
    m_Broadphase = new btDbvtBroadphase();
    m_Solver = new btSequentialImpulseConstraintSolver();
    m_World = new btDiscreteDynamicsWorld(m_Dispatcher, m_Broadphase, m_Solver, m_Configuration);

After that the application (which worked fine before) started to crash at start-up:

Code: Select all

test: malloc.c:2369: sysmalloc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)

Backtrace from dumped core looks like this:

Code: Select all

#0  0x00007f719e5c8037 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f719e5cb698 in __GI_abort () at abort.c:90
#2  0x00007f719e60fb7a in __malloc_assert (
    assertion=assertion@entry=0x7f719e718d90 "(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offs"..., 
    file=file@entry=0x7f719e7147ad "malloc.c", line=line@entry=2369, function=function@entry=0x7f719e714ac4 <__func__.11197> "sysmalloc")
    at malloc.c:288
#3  0x00007f719e61306c in sysmalloc (av=0x7f719e952740 <main_arena>, nb=432) at malloc.c:2366
#4  _int_malloc (av=0x7f719e952740 <main_arena>, bytes=<optimized out>) at malloc.c:3718
#5  0x00007f719e614580 in __GI___libc_malloc (bytes=416) at malloc.c:2859
#6  0x00007f719ebce66d in operator new(unsigned long) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#7  0x00007f719f9b7c24 in fg::Simulator::Simulator (this=0x1ca81a0, exact=false, timestep=0.0160000008) at build/simulator.cpp:78
#8  0x00000000004077fa in TestApplication::begin (this=0x7ffff3419b40, argc=1, argv=0x7ffff3419d68) at test.cpp:69
#9  0x00007f719f98d8e3 in fg::OgreApplication::run (this=0x7ffff3419b40, argc=1, argv=0x7ffff3419d68, loader=true)
    at build/ogreapplication.cpp:132
#10 0x00000000004065b2 in main (argc=1, argv=0x7ffff3419d68) at test.cpp:243

Which means it crashes on allocation of btDiscreteDynamicsWorld.

Running Valgrind on the application shows a lot of bullet originating errors like these:

Code: Select all

==27802== Invalid read of size 8
==27802==    at 0x4F79E60: btDefaultCollisionConfiguration::getCollisionAlgorithmCreateFunc(int, int) (btDefaultCollisionConfiguration.cpp:258)
==27802==    by 0x4F6D859: btCollisionDispatcher::btCollisionDispatcher(btCollisionConfiguration*) (btCollisionDispatcher.cpp:53)
==27802==    by 0x4F1DBC0: fg::Simulator::Simulator(bool, float) (simulator.cpp:75)
==27802==    by 0x4077F9: TestApplication::begin(int, char const**) (test.cpp:69)
==27802==    by 0x4EF38E2: fg::OgreApplication::run(int, char const**, bool) (ogreapplication.cpp:132)
==27802==    by 0x4065B1: main (test.cpp:243)
==27802==  Address 0x116acda0 is 0 bytes after a block of size 176 alloc'd
==27802==    at 0x4C2C7A7: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27802==    by 0x4F1DB84: fg::Simulator::Simulator(bool, float) (simulator.cpp:72)
==27802==    by 0x4077F9: TestApplication::begin(int, char const**) (test.cpp:69)
==27802==    by 0x4EF38E2: fg::OgreApplication::run(int, char const**, bool) (ogreapplication.cpp:132)
==27802==    by 0x4065B1: main (test.cpp:243)
==27802== 
==27802== Invalid write of size 1
==27802==    at 0x4097B0: btAlignedObjectArray<int>::init() (btAlignedObjectArray.h:88)
==27802==    by 0x4F4919D: btAlignedObjectArray<int>::btAlignedObjectArray() (btAlignedObjectArray.h:128)
==27802==    by 0x4F3C2CA: btSequentialImpulseConstraintSolver::btSequentialImpulseConstraintSolver() (btSequentialImpulseConstraintSolver.cpp:39)
==27802==    by 0x4F1DC0B: fg::Simulator::Simulator(bool, float) (simulator.cpp:77)
==27802==    by 0x4077F9: TestApplication::begin(int, char const**) (test.cpp:69)
==27802==    by 0x4EF38E2: fg::OgreApplication::run(int, char const**, bool) (ogreapplication.cpp:132)
==27802==    by 0x4065B1: main (test.cpp:243)
==27802==  Address 0x116b0590 is 8 bytes after a block of size 248 alloc'd
==27802==    at 0x4C2C7A7: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27802==    by 0x4F1DC00: fg::Simulator::Simulator(bool, float) (simulator.cpp:77)
==27802==    by 0x4077F9: TestApplication::begin(int, char const**) (test.cpp:69)
==27802==    by 0x4EF38E2: fg::OgreApplication::run(int, char const**, bool) (ogreapplication.cpp:132)
==27802==    by 0x4065B1: main (test.cpp:243)

I'm on 64-bit Xubuntu (13.04) and I compiled the bullet physics with default options, only adding -fPIC compiler options to be able to use it in a shared object.

HelloWorld demo run without problems, so I must be doing something wrong in my project, but what could that be?

[fractile]

I tried using the library version provided by Ubuntu package libbullet.2.80 and it worked fine (didn't crash at start up), so the problem must be in the way I build the bullet library. Libraries from the package are shared objects while the libraries I built myself are static libraries.

[fractile]

Yet another reply to myself

I downloaded version 2.80-rev2531 and compiled it as shared library using CMake parameter "-DBUILD_SHARED_LIBS=ON". Now it is not crashing anymore!

I can probably go with this version for now, but I need to be able to upgrade at some point..

[fractile]

Bullet version 2.81 seems to work too as long as I build it as a shared library. Still don't know why the static library doesn't work, but that is no longer a problem for me.