[Vm-dev] CogVM/StackVM fail to read in image, fine on Squeak 4.2.1 MacVM

Stefan Marr squeak at stefan-marr.de
Tue Jul 19 09:38:54 UTC 2011


Hi:

Just for completeness:

/tmp/Cog$ svn info
Path: .
URL: http://squeakvm.org/svn/squeak/branches/Cog
Repository Root: http://squeakvm.org/svn/squeak
Repository UUID: fa1542d4-bde8-0310-ad64-8ed1123d492a
Revision: 2462
Node Kind: directory
Schedule: normal
Last Changed Author: eliot
Last Changed Rev: 2462
Last Changed Date: 2011-07-16 00:35:48 +0200 (Sat, 16 Jul 2011)



On 19/07/11 04:07, David T. Lewis wrote:
>
> On Tue, Jul 19, 2011 at 01:43:33AM +0200, Stefan Marr wrote:
>
> So, I took the Cog branch and the CoreVM.xcodeproj and got a VM compiled:
>
> #0  0x00104f80 in initializeInterpreter (bytesToShift=339693560) at
> /tmp/Cog/macbuild/../src/vm/gcc3x-cointerp.c:17479
>      ccIndex = 0
>      cct = 394155372
>      classArrayClass = 401932980
>      classArrayObj = 400674088
>      header = 317718813
>      i = 17402624
>      i1 = 1
>      i11 = 411556616
>      i2 = 317431
>      i3 = -1073746952
>      i4 = 11
>      index = -2
>      oop = 10
>
> #1  0x00123fc0 in readImageFromFileHeapSizeStartingAt (f=0xa064d8e0,
> desiredHeapSize=536870912, imageOffset=0) at
> /tmp/Cog/macbuild/../src/vm/gcc3x-cointerp.c:39218
> #2  0x000652dc in main (argc=1, argv=0xbffff278, envp=0xbffff280) at
> /tmp/Cog/macbuild/../platforms/Mac OS/vm/sqMacMain.c:445
>
>
> Where the code is:
>
> 17474                GIV(thisClassIndex) = i4;
> 17475            }
> 17476        }
> 17477        for (i4 = (InstanceSpecificationIndex + 1); i4<=
> (lengthOf(classArrayObj)); i4 += 1) {
> 17478            oop = longAt((classArrayObj + BaseHeaderSize) + (i4<<
> ShiftForWord));
> ->  17479            if ((((oop&  1) == 0)
> 17480&&  (((((usqInt) (longAt(oop)))>>  8)&  15)>= 8))
> 17481&&  (((lengthOf(oop)) == 5)
> 17482&&  ((strncmp("Array", firstFixedField(oop), 5)) == 0))) {
> 17483                GIV(classNameIndex) = i4;
> 17484            }
> 17485        }
>
>
> Any guesses what is going on here?
> The following looks suspiciously like an arithmetic overflow on
> a variable declared as sqInt:
>
>      i3 = -1073746952
Well, that is just thanks to the generated code which does the 
initializations on the spot.
And, we just did not yet get to the code actually using i3.

Interestingly, those initialization loops do more work then strictly 
necessary, which triggers the 'bug' here.
Well, even if there is some problem in the image we generate, Cog just 
should not crash at that point.

So, to avoid the additional work, i.e., unnecessary iterations over the 
rest of the object/array, I added the following breaks:

@@ -17472,6 +17472,7 @@
      for (i4 = (InstanceSpecificationIndex + 1); i4 <= 
(lengthOf(classArrayClass)); i4 += 1) {
          if ((longAt((classArrayClass + BaseHeaderSize) + (i4 << 
ShiftForWord))) == classArrayObj) {
              GIV(thisClassIndex) = i4;
+      break;
          }
      }
      for (i4 = (InstanceSpecificationIndex + 1); i4 <= 
(lengthOf(classArrayObj)); i4 += 1) {
@@ -17481,6 +17482,7 @@
&& (((lengthOf(oop)) == 5)
&& ((strncmp("Array", firstFixedField(oop), 5)) == 0))) {
              GIV(classNameIndex) = i4;
+      break;
          }
      }

This results then in a VM which actually comes up and is functioning as 
far as I can tell.
However, I get the following output, which might be an indication what 
is wrong with my image:

mprotect(x,y,PROT_READ | PROT_WRITE): Cannot allocate memory
squeak: could not load plugin `MiscPrimitivePlugin'

(objectAfter(falseObject())) == (trueObject()) 9202

(objectAfter(falseObject())) == (trueObject()) 9202

...

--> "(objectAfter(falseObject())) == (trueObject()) 9202" got repeated 
1985 times in total.


After all that, and after rewriting the generated code of the relevant 
loop into something readable, I think I understand what is going on:

Looks like I have the object representing the Array class at hand, and 
the initialization tries to identify which index into a class object 
gives you the actual class name: it sets GIV(classNameIndex) (GIV = 
global interpreter variable, I suppose).
And well, after finding this, as I said it actually is continuing to 
loop over the object slots instead of stopping which results in hitting 
index 11 into that particular object.

I am not sure whether I understand it correctly, but from my 
understanding it is accessing the following instance variables by index:

1: methodDict:
2: format:     6402
3: instanceVariables:     nil
4: organization:
5: subclasses:     {WeakArray . ActionSequence . WeakActionSequence . Cubic}
6: name:     #Array
7: classPool:     a Dictionary()
8: sharedPools:     nil
9: environment:     nil
10: category:     #''Collections-Arrayed''


And the accessing 11 fails because it is not actually an instance variable.

Is my understanding correct so far?

If so, I guess the lengthOf(classArrayObj) goes wrong with my image, 
which seems to be strange somehow, because I would guess such a bug 
would trigger elsewhere, too.

Best regards
Stefan



>
>
> Dave
>



More information about the Vm-dev mailing list