Iterating through a map randomly causes segfault

Question

I've been struggling with a rather baffling problem: I occasionally get segmentation faults when my entity manager iterates through the map of entities in the update loop. The strange thing is that this doesn't happen all the time; sometimes it will crash on loading and sometimes I can switch between app states (and load and unload entities many times) a few times before I get the segfault. I also seem to get more segfaults in debug mode. My entities consist of pointers to a Behavior and Drawable class.

My call stack after the segfault:

#0 6FCB4986 libstdc++-6!_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base() (C:\MinGW\bin\libstdc++-6.dll:??)
#1 0040A1D7 std::_Rb_tree_iterator<std::pair<unsigned int const, Entity*> >::operator++(this=0x28fe94) (c:/mingw/bin/../lib/gcc/mingw32/4.6.2/include/c++/bits/stl_tree.h:196)
#2 00401F55 EntityManager::onLoop(this=0x417238) (C:\Users\Nelarius\Documents\Kurssit\Miinaharava\src\engine\EntityManager.cpp:75)
#3 00401640 App::onLoop(this=0x417040) (C:\Users\Nelarius\Documents\Kurssit\Miinaharava\src\engine\App.cpp:38)
#4 0040160C App::execute(this=0x417040) (C:\Users\Nelarius\Documents\Kurssit\Miinaharava\src\engine\App.cpp:30)
#5 00403BD7 main(argc=1, argv=0x642908) (C:\Users\Nelarius\Documents\Kurssit\Miinaharava\src\main.cpp:15)

Here's my update loop:

void EntityManager::onLoop()
{
    std::map<const unsigned int, Entity*>::iterator it;

    for (it = _gameObjects.begin(); it != _gameObjects.end(); it++)
    {
        Behavior* behavior = it->second->getBehavior();
        if (behavior)
        {
            behavior->update();
        }
    }
}

I get the segfault at

for (it = _gameObjects.begin(); it != _gameObjects.end(); it++)

By the way, is it normal for there to be two threads when I'm not using any multithreading? I was looking at the Code::Blocks debug windows, and happened to see that there were two threads in the thread watch window (only one of which was active though).

Answer 1

Often this sort of thing comes down to behavior->update() being able to result, through a sequence of nested function calls, in the _gameObjects container being modified (for example if some condition that is detected within the game object results in the creation or removal of game objects for whatever reason).

That can invalidate your iterator and break your loop if you removed an element from the map, and can be hard to spot in "kernel" code like this.

A common solution is to copy the list of game objects for the loop. You wouldn't copy the objects themselves, of course, but you are protecting the list of them from being mutated in the middle of an update run.

It's also "fairer" in terms of scheduling — you essentially avoid the possibility of an DDoS attack launched by disgruntled self-replicating game objects. :)

Answer 2

You are iterating over non local data and then call a non local function.

Create a local map. swap the class map into it. Iterate over that local map. Assert the class map is umchanged after iteration is done (you also need to assert that all attempts to remove stuff from the class map succeed).

Then swap the local map back to the class's map.

This will tell you if your crashes where caused by your bad design. The design remains problematic even if this doesn't generate any asserts, because innocuous code changes far away from the above code could cause problems like the above to occur: non-locality of code correctness causes problems. Non-locality of code correctness with asserts can be tolerable with sufficient testing.

The general callback problem requires you to make compromises about what it means to be a registered callback, and involves thinking about the problem in a way analogous to multi-threaded code. Code complexity can get really high if you aren't willing to compromise. Use of smart pointers to simplify things is advised.