Hi All,<div><br></div><div> could you check my reasoning here. I think I've found a serious bug in the VM with doesNotUnderstand: processing for zero-argument sends and the calculation of the necessary stack size in MethodNode>>generate:* (senders of CompiledMethod>>needsFrameSize:). The bug causes a push beyond the end of a context, overwriting the header of the following object, when an MNU occurs for a zero-argument send when the stack is full. If you look at Interpreter>>createActualMessageTo: it does the following to push the message created as the argument of the doesNotUnderstand:</div>
<div><br></div><div> self pop: argumentCount thenPush: message</div><div><br></div><div>If argumentCount is zero this pushes an item on the stack. If the stack is full at this point (the receiver of the not-understood message is the last item in the context) then the push will be out of bound of the activeContext's stack and overwrite the first word of the following object's header.</div>
<div><br></div><div>We observe this with a Newspeak application at Cadence and see a subsequent VM crash.</div><div><br></div><div>1. am I right?</div><div><br></div><div>2. is this an old bug?</div><div><br></div><div>3. did this, or did this not, affect Smalltalk-80 v2 and e.g. the Dorado implementation, and if so why (e.g. was the message of an MNU not pushed onto the stack, and instead MNUs activated by special code?, or was the activeContext not on the heap? or...)</div>
<div><br></div><div>4. what's the right fix? It seems to me that the right fix is simply to add one to the needed stack depth, with an explanatory comment, but in senders of CompiledMethod>>needsFrameSize: or in CompiledMethod>>needsFrameSize:? Trying to avoid pushing the argument of an MNU is going to involve lots of changes to the VM and will be tricky and likely have a bug tail.</div>
<div><br></div><div><br></div><div>best,</div><div>Eliot</div>