Because supply_commod() updates supply sources it used, the caller
must not cache objects that could be supply sources across a supply
call. This is very easy to get wrong.
ac_doflak() supplies flak shells if the sector hasn't enough for its
guns. It caches the sector that receives them. If the sector has
some shells, but not enough, it supplies them to itself, causing it to
be updated from within supply_commod(). ac_doflak() then adds the
supplied shells to its cached sector, then writes that back. This
doubles shells already there, and triggers a a seqno mismatch oops.
shp_missile_defense() has similar problems, only for ships.
Disable ac_doflak() and shp_missile_defense() for now, to at least
reduce the oopsing to manageable levels.
Most likely other calls of supply_commod() are also wrong. Many of
them can't be just disabled, because supply is too relevant to
gameplay there.
Storing track in sectors is problematic, because we need to update
adjacent sectors when updating a sector in a way that changes its
capability to extend railway into its neighbors. This invalidates
cached adjacent sectors, and calling code may not be prepared for
that. Specifically, bridge building caches the bridge head, and
writes it back later, wiping out the track update.
Replace struct sctstr member sct_track by new sct_rail_track(). Make
selector track virtual. Remove the code to keep sct_track up-to-date:
set_railway(), update_railway().
Unfortunately, this causes cyclic dependencies between link libraries:
the virtual selector needs to be referenced from src/lib/global/nsc.c,
and it needs to reference stuff from src/lib/common/file.c. Hack
around it in Make.mk for now.
We don't want to starve tiny populations, because that would require
players to move trivial amounts of food after explore and such.
growfood() used to simply grow at least 1f when a sector was about to
starve. That food is almost never eaten by a tiny population, so we
effectively got some production without work. Fix by taking away that
free food after people ate, in do_feed().
This catches output dependency violations, e.g. two threads doing a
read-modify-write without synchronization.
New struct emptypedstr member seqno. Make sure all members of unit
empobj_storage share it. Set it in ef_blank() and ef_set_uid(), step
it in ef_write(). fairland and files don't use ef_set_uid(); need to
set it manually in files.c's main() and file_sct_init().
Factor do_read() out of fillcache() to make it available for
new get_seqno().
A sector type's terrain (struct dchrstr member d_terrain) is the
sector type of its underlying terrain. Sector types occuring in
d_terrain are terrain types, and must have their own type in
d_terrain. Players can change sector types only to those with the
same terrain.
The builtin configuration defines terrain types sea, mountain,
wasteland, wilderness and plains. It gives bridge span and tower
terrain sea, and everything else terrain wilderness. Hence, the stock
game remains unchanged.
Deities can use terrain to create sector types that can be developed
only in limited ways.
multifire() clobbered any changes to the target ship or sector made by
defend(). This let the target fire back for free.
multifire() retreated the target ship before reporting its location to
the player. This disclosed its new location.
Fix by damaging and retreating the target after calling defend().
multifire() drops depth charges if the target is a submarine, else it
fires guns. It fails if the target is out of range. But players
could still find out whether the target is a sub then, because depth
charge shell use differs from gun fire shell use. This loophole
existed before 4.0.6, and was reopened by commit a3ad623b (v4.3.12).
Change multifire() to always use guns if the target is out of range.
While there, treat failure from shp_dchrg() and shp_fire() the same,
so that the player can't distinguish the two cases. Failure there
should not happen.
Commit a3ad623b (v4.3.12) made depth charging fail when there's just
one shell. This let players find all submarine uids. It basically
reopened the loophole closed in commit aa26c53e (v4.2.20).
Fix by making shp_dchrg() with just one shell succeed and return
damage like fire from one gun.
multifire() failed to take into account that the firing firing sector,
ship or land unit can change while it is getting the target argument.
It thus clobbered any updates made to the firing object while it was
sleeping for the target argument. Abusable. Broken when Chainsaw
introduced MULTIFIRE.
The latter is necessary to interpret the journal correctly. The
former isn't, as it should always lead to a logout straight away, but
treating it just the same is simple and doesn't hurt.
Behavior differs for the following scenario: if, while the thread
sleeps in io_input() called from recvclient(), at least one line of
input arrives and the thread gets awakened by the update aborting
commands, then the old code throws away the first line of input, but
the new code doesn't.
Commit 7ca4f412 fixed tracking of planes flying a sortie by marking
them with flag PLN_LAUNCHED. It failed to write SAMs and planes
flying missions back to the plane file, in sam_intercept() and
mission_pln_arm(). The only known problem with that is fairly
harmless: when the mission damages planes on the ground, the planes
flying it get damaged as if they were still sitting in their bases,
but the damage gets wiped out when they land.
The same issue applies to missiles. So they need to be tracked as
well. Do that in msl_hit().
While there, remove a few redundant PLN_LAUNCHED sanity checks.
When fixing planes stuck in the air, we fixed them only in memory, so
when a fixed plane wasn't written to disk for other reasons before the
next game start, it had to be fixed again.
Change pln_zap_transient_flags() to write them out.
This reverts commit fee8ac9d8f.
These *are* called while player->aborted. Could be avoided, but: the
reason for not wanting to prompt then is to have each prompt consume a
line of input. That's actually not feasible, because when we wait for
an argument (after prompting for it) when the update aborts commands,
we can't consume the argument we prompted for.
Checking l_ammo before lnd_dam() oopses when something attempts to
fire from a land unit type that can't fire (l_dam == 0) and uses no
ammo. Such usage is perfectly fine. Move the check to the correct
place.
Change oops() to call the new oops_handler function pointer instead of
offering a fixed set of actions. Change server's main() to install a
handler for the action requested by -E.
Three options: abort, crash-dump, nothing. crash-dump works by
aborting a fork. It isn't implemented for Windows.
The oops action is no longer tied to daemon mode, but -d still implies
-E abort for convenience.
