View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0026308 | Community | OCCT:Modeling Algorithms | public | 2015-06-03 14:32 | 2019-08-24 09:51 |
| Reporter | BenjaminBihler | Assigned To | bugmaster | ||
| Priority | normal | Severity | crash | ||
| Status | closed | Resolution | fixed | ||
| Platform | Linux | OS | Debian 6.0 | ||
| Product Version | 6.7.1 | ||||
| Target Version | 6.9.1 | Fixed in Version | 6.9.1 | ||
| Summary | 0026308: Segmentation fault in BSplCLib::LocateParameter | ||||
| Description | I am solving differential equations on Geom_Surfaces made out of TopoDS_Faces. The solver may perform computations on the surface at coordinates that are far outside the surface boundary. As the solution converges, the evaluations happen closer to the actual surface and finally they are withing the surface boundary. It is therefore great for me, that the methods D0, D1 and D2 of Geom_Surface may be used with arbitrary parameters, not only with parameters within certain bounds. But when using extreme u and v parameters passed to D0 or D2, severe errors may happen. In the method BSplCLib::LocateParameter (from line 220 to 283 in the file BSplCLib.cxx of my community edition version) the boundaries of the array "knots" are exceeded in the line 278: K2 = knots[KnotIndex + 1]; On Windows I have sporadic crashes. On Linux when using Valgrind, it displays an invalid read of size 8 in this line. When I debug this line, I find situations where KnotIndex + 1 is 13, but Last is 12 and Last1 is 11. Therefore I have concluded that the array boundaries are exceeded. If my presumption was right, an easy solution could be to throw a Standard_OutOfRange failure in such a case. Then the caller could react. This happens to me only when the u and v parameters have extremely large absolute values. Therefore throwing a failure would already help to recognize such cases. Only crashes are extremely bad for me! | ||||
| Steps To Reproduce | ReadStep D_First Face.stp XGetOneShape rr D_First explode rr f mksurface ss rr_1 svalue ss -1.427997381773311e+018 4.512451574816904e+016 xx yy zz dump xx yy zz *********** Dump of xx ************* -5.42659125962715e+207 *********** Dump of yy ************* 2.90803974424011e+209 *********** Dump of zz ************* -3.1731154470359e+207 | ||||
| Additional information and documentation updates | lead to the described Valgrind error and debugging situation as described above on my Linux 32 machine. The crashes on Windows 64 are sporadic, therefore I cannot give definite information about that, but when a crash appeared it was close to such a call to D0 with extreme u and v values. | ||||
| Tags | No tags attached. | ||||
| Test case number | bugs modalg_6 bug26308 | ||||
| related to | 0030875 | closed | Community | Foundation Classes - BSplCLib crashes in case of infinite upper knot |
|
|
Face.stp (21,314 bytes) |
|
|
Branch CR26308 has been created by nbv. SHA-1: 867cdc7799a385bc7f1f887db1961501db581f4a Detailed log of new commits: Author: nbv Date: Fri Jul 3 15:31:53 2015 +0300 0026308: Segmentation fault in BSplCLib::LocateParameter Detection of "jumping" knot value has been improved. |
|
|
Dear BenjaminBihler, First of all, I would like to draw your attention to the fact that according to the spline theory, every B-spline curve/surface is defined ONLY in the range set by its knot sequence t. It associated with the formula for computing B-spline basis (https://en.wikipedia.org/wiki/B-spline): B[i,1] (x) = (t[i] <= x) && (x < t[i+1]) ? 1 : 0 Consequently, if the parameter is outside the curve/surface boundaries then all bases are equal to zero. Therefore, curve/surface value IS EQUAL TO ZERO, too. Nevertheless, there is a possibility to expand B-spline curve/surface. If you are interested in this question, you will be able to read http://www.amazon.com/Practical-Splines-Applied-Mathematical-Sciences/dp/0387953663, page 114. Prepared code (for FORTRAN compiler) you can find here: http://pages.cs.wisc.edu/~deboor/pgs/. However, it is a bad idea to compute value for outside parameter, especially if its value is too far from domain boundary. E.g. value of attached by you surface has coordinates ~ 1.0e+207. This is a bad number because you will not been able to compute even its square (e.g. in order to find the distance from this point to origin). This fact you must check in your code. |
|
|
Dear Mikhail, Please review CR26308 branch. |
|
|
Dear nbv, thank you very much for your answer. You are totally right that very large doubles cannot lead to reasonable results. I have implemented a pre-check that will prevent evaluation, if any of the coordinates is larger than 1.0e10. But it might still be desireable to do computations with quite large numbers (as explained in the bug report). Therefore I am happy that you have cared for the crash. Thank you, Benjamin |
|
|
Reviewed. |
|
|
Branch CR26308 has been updated forcibly by apv. SHA-1: c723e65e0446af1cc85b318fa10000d10759669d |
|
|
Branch CR26308 has been rebased on the IR-2015-07-09 |
|
|
Dear BugMaster, Branch CR26308 from occt git-repository (and master from products git-repository) was compiled on Linux and Windows platforms and tested. SHA-1: c723e65e0446af1cc85b318fa10000d10759669d Number of compiler warnings: occt component: Linux: 24 (24 on master) Windows: 0 (0 on master) products component: Linux: 37 (37 on master) Windows: 0 (0 on master) Regressions/Differences: http://occt-tests/CR26308-IR-2015-07-09-products-64/Debian70-64/summary.html http://occt-tests/CR26308-IR-2015-07-09-products-64/Windows-64-VC10/summary.html emesh bugs bug26326_2 sat doc_1 Y4 sat doc_6 A5 |
|
|
sat doc_1 Y4 This is an IMPROVEMENT because on MASTER we have two differences with reference data. On CR26308, one difference has been vanished. sat doc_6 A5 Current state (on CR26308) is as same as before fixing bug 0024682. I think, it is valid result. emesh bugs bug26326_2 The shape is a priory BAD because it contains an edge with following 2D-curve (bent is evidend): ------- Dump of 2 Curve2ds ------- 1 : BSplineCurve Degree 11, 403 Poles, 41 KnotsPoles : ... (Poles) 370 : 2.99310967351215e+022, 5.95716002980578e+022 371 : -2.244175163394e+022, -4.46656221840557e+022 372 : 1.38391514324393e+022, 2.75439421713599e+022 373 : -2.75483061094339e+022, -5.48291529362524e+022 374 : 1.61472928236001e+023, 3.21378158139615e+023 375 : -4.67523800309315e+023, -9.30508534596214e+023 ... There is no point in expecting some good result on this shape. CONCLUSION! Regression tests should be changed in accordance with their new behavior. |
|
|
Dear Mikhail, Please confirm above said. |
|
|
OK |
|
|
Dear testers. Please increase relative error for area computing to 10% in emesh bugs bug26326_2 test case. After that the test will be OK. |
|
|
Branch CR26308 has been created in products git-repository |
|
|
Branch CR26308 has been updated by apv. SHA-1: a3e49a054cd40d9c7b1b4dbfacd0003cb841661b Detailed log of new commits: Author: apv Date: Mon Jul 13 18:45:08 2015 +0300 Test-case for issue 0026308 |
|
|
Dear BugMaster, Branch CR26308 from occt git-repository (and master from products git-repository) was compiled on Linux and Windows platforms and tested. SHA-1: c723e65e0446af1cc85b318fa10000d10759669d Number of compiler warnings: occt component: Linux: 24 (24 on master) Windows: 0 (0 on master) products component: Linux: 37 (37 on master) Windows: 0 (0 on master) Regressions/Differences: Not detected Testing cases: bugs modalg_6 bug26308 - OK http://occt-tests/CR26308-IR-2015-07-09-occt-64/Debian70-64/bugs/modalg_6/bug26308.html http://occt-tests/CR26308-IR-2015-07-09-occt-64/Windows-64-VC10/bugs/modalg_6/bug26308.html Testing on Linux: Total MEMORY difference: 97211350 / 96675793 [+0.55%] Total CPU difference: 17650.55999999994 / 17382.779999999697 [+1.54%] Testing on Windows: Total MEMORY difference: 56564237 / 56518528 [+0.08%] Total CPU difference: 16080.645480398991 / 15985.266468998929 [+0.60%] There is difference in images found by testdiff: http://occt-tests/CR26308-IR-2015-07-09-products-64/Debian70-64/diff-Debian70-64.html http://occt-tests/CR26308-IR-2015-07-09-products-64/Windows-64-VC10/diff-Windows-64-VC10.html emesh bugs bug26326_1 |
|
|
Branch CR26308 has been updated by nbv. SHA-1: 671c6bb2221f465b91d205fd4ea8092e803eb969 Detailed log of new commits: Author: nbv Date: Wed Jul 15 11:14:15 2015 +0300 Comment has been added in test case bugs/modalg_6/bug26308. |
|
|
Test case bugs modalg_6 bug26308 has been reviewed with insignificant correction. |
|
|
Branch CR26308 has been deleted by inv. SHA-1: 671c6bb2221f465b91d205fd4ea8092e803eb969 |
|
occt: master fd03c080 2015-07-20 12:23:00
Committer: bugmaster Details Diff |
0026308: Segmentation fault in BSplCLib::LocateParameter Detection of "jumping" knot value has been improved. Test-case for issue 0026308 Comment has been added in test case bugs/modalg_6/bug26308. |
Affected Issues 0026308 |
|
| mod - src/BSplCLib/BSplCLib.cxx | Diff File | ||
| add - tests/bugs/modalg_6/bug26308 | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-06-03 14:32 | BenjaminBihler | New Issue | |
| 2015-06-03 14:32 | BenjaminBihler | Assigned To | => msv |
| 2015-06-03 14:32 | BenjaminBihler | File Added: Face.stp | |
| 2015-06-03 16:53 |
|
Assigned To | msv => ifv |
| 2015-06-23 10:55 |
|
Assigned To | ifv => nbv |
| 2015-06-23 10:55 |
|
Status | new => assigned |
| 2015-07-09 14:40 | git | Note Added: 0042861 | |
| 2015-07-09 14:41 |
|
Note Added: 0042862 | |
| 2015-07-09 14:46 |
|
Note Added: 0042864 | |
| 2015-07-09 14:46 |
|
Assigned To | nbv => msv |
| 2015-07-09 14:46 |
|
Status | assigned => resolved |
| 2015-07-09 14:46 |
|
Steps to Reproduce Updated | |
| 2015-07-09 14:46 |
|
Additional Information Updated | |
| 2015-07-09 14:48 |
|
Steps to Reproduce Updated | |
| 2015-07-09 14:53 | BenjaminBihler | Note Added: 0042866 | |
| 2015-07-09 15:15 |
|
Note Added: 0042868 | |
| 2015-07-09 15:15 |
|
Assigned To | msv => bugmaster |
| 2015-07-09 15:15 |
|
Status | resolved => reviewed |
| 2015-07-09 17:59 |
|
Assigned To | bugmaster => apv |
| 2015-07-09 18:09 | git | Note Added: 0042887 | |
| 2015-07-09 18:09 |
|
Note Added: 0042888 | |
| 2015-07-10 15:33 |
|
Note Added: 0042919 | |
| 2015-07-10 15:33 |
|
Assigned To | apv => nbv |
| 2015-07-10 15:33 |
|
Status | reviewed => assigned |
| 2015-07-10 15:33 |
|
Note Edited: 0042919 | |
| 2015-07-13 14:09 |
|
Note Added: 0042958 | |
| 2015-07-13 14:10 |
|
Note Added: 0042959 | |
| 2015-07-13 14:10 |
|
Assigned To | nbv => msv |
| 2015-07-13 14:10 |
|
Status | assigned => resolved |
| 2015-07-13 15:03 |
|
Note Added: 0042964 | |
| 2015-07-13 15:03 |
|
Assigned To | msv => bugmaster |
| 2015-07-13 15:03 |
|
Status | resolved => reviewed |
| 2015-07-13 15:28 |
|
Note Added: 0042968 | |
| 2015-07-13 17:04 |
|
Assigned To | bugmaster => apv |
| 2015-07-13 17:04 |
|
Status | reviewed => feedback |
| 2015-07-13 18:19 |
|
Note Added: 0042980 | |
| 2015-07-13 18:45 | git | Note Added: 0042981 | |
| 2015-07-15 09:40 |
|
Note Added: 0043031 | |
| 2015-07-15 09:40 |
|
Assigned To | apv => bugmaster |
| 2015-07-15 09:40 |
|
Status | feedback => tested |
| 2015-07-15 09:47 |
|
Test case number | => bugs modalg_6 bug26308 |
| 2015-07-15 11:10 |
|
Assigned To | bugmaster => nbv |
| 2015-07-15 11:10 |
|
Status | tested => feedback |
| 2015-07-15 11:15 | git | Note Added: 0043042 | |
| 2015-07-15 11:17 |
|
Note Added: 0043043 | |
| 2015-07-15 11:17 |
|
Assigned To | nbv => apv |
| 2015-07-15 11:52 |
|
Assigned To | apv => bugmaster |
| 2015-07-15 11:52 |
|
Status | feedback => tested |
| 2015-07-23 11:55 | bugmaster | Changeset attached | => occt master fd03c080 |
| 2015-07-23 11:55 | bugmaster | Status | tested => verified |
| 2015-07-23 11:55 | bugmaster | Resolution | open => fixed |
| 2015-07-23 13:25 | bugmaster | Target Version | => 7.0.0 |
| 2015-08-14 10:56 | git | Note Added: 0044190 | |
| 2015-08-26 11:08 |
|
Target Version | 7.0.0 => 6.9.1 |
| 2015-10-16 14:56 |
|
Status | verified => closed |
| 2015-10-23 20:50 |
|
Fixed in Version | => 6.9.1 |
| 2019-08-24 09:51 |
|
Relationship added | related to 0030875 |
