Hi Stefan,<br><br><div class="gmail_quote">On Tue, Jul 19, 2011 at 2:38 AM, Stefan Marr <span dir="ltr"><<a href="mailto:squeak@stefan-marr.de">squeak@stefan-marr.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
Hi:<br>
<br>
Just for completeness:<br>
<br>
/tmp/Cog$ svn info<br>
Path: .<br>
URL: <a href="http://squeakvm.org/svn/squeak/branches/Cog" target="_blank">http://squeakvm.org/svn/<u></u>squeak/branches/Cog</a><br>
Repository Root: <a href="http://squeakvm.org/svn/squeak" target="_blank">http://squeakvm.org/svn/squeak</a><br>
Repository UUID: fa1542d4-bde8-0310-ad64-<u></u>8ed1123d492a<br>
Revision: 2462<br>
Node Kind: directory<br>
Schedule: normal<br>
Last Changed Author: eliot<br>
Last Changed Rev: 2462<br>
Last Changed Date: 2011-07-16 00:35:48 +0200 (Sat, 16 Jul 2011)<div class="im"><br>
<br>
<br>
<br>
On 19/07/11 04:07, David T. Lewis wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
<br>
On Tue, Jul 19, 2011 at 01:43:33AM +0200, Stefan Marr wrote:<br>
<br></div><div><div></div><div class="h5">
So, I took the Cog branch and the CoreVM.xcodeproj and got a VM compiled:<br>
<br>
#0 0x00104f80 in initializeInterpreter (bytesToShift=339693560) at<br>
/tmp/Cog/macbuild/../src/vm/<u></u>gcc3x-cointerp.c:17479<br>
ccIndex = 0<br>
cct = 394155372<br>
classArrayClass = 401932980<br>
classArrayObj = 400674088<br>
header = 317718813<br>
i = 17402624<br>
i1 = 1<br>
i11 = 411556616<br>
i2 = 317431<br>
i3 = -1073746952<br>
i4 = 11<br>
index = -2<br>
oop = 10<br>
<br>
#1 0x00123fc0 in readImageFromFileHeapSizeStart<u></u>ingAt (f=0xa064d8e0,<br>
desiredHeapSize=536870912, imageOffset=0) at<br>
/tmp/Cog/macbuild/../src/vm/<u></u>gcc3x-cointerp.c:39218<br>
#2 0x000652dc in main (argc=1, argv=0xbffff278, envp=0xbffff280) at<br>
/tmp/Cog/macbuild/../<u></u>platforms/Mac OS/vm/sqMacMain.c:445<br>
<br>
<br>
Where the code is:<br>
<br>
17474 GIV(thisClassIndex) = i4;<br>
17475 }<br>
17476 }<br>
17477 for (i4 = (InstanceSpecificationIndex + 1); i4<=<br>
(lengthOf(classArrayObj)); i4 += 1) {<br>
17478 oop = longAt((classArrayObj + BaseHeaderSize) + (i4<<<br>
ShiftForWord));<br>
-> 17479 if ((((oop& 1) == 0)<br>
17480&& (((((usqInt) (longAt(oop)))>> 8)& 15)>= 8))<br>
17481&& (((lengthOf(oop)) == 5)<br>
17482&& ((strncmp("Array", firstFixedField(oop), 5)) == 0))) {<br>
17483 GIV(classNameIndex) = i4;<br>
17484 }<br>
17485 }<br>
<br>
<br>
Any guesses what is going on here?<br>
The following looks suspiciously like an arithmetic overflow on<br>
a variable declared as sqInt:<br>
<br>
i3 = -1073746952<br>
</div></div></blockquote>
Well, that is just thanks to the generated code which does the initializations on the spot.<br>
And, we just did not yet get to the code actually using i3.<br>
<br>
Interestingly, those initialization loops do more work then strictly necessary, which triggers the 'bug' here.<br>
Well, even if there is some problem in the image we generate, Cog just should not crash at that point.<br>
<br>
So, to avoid the additional work, i.e., unnecessary iterations over the rest of the object/array, I added the following breaks:<br>
<br>
@@ -17472,6 +17472,7 @@<br>
for (i4 = (InstanceSpecificationIndex + 1); i4 <= (lengthOf(classArrayClass)); i4 += 1) {<br>
if ((longAt((classArrayClass + BaseHeaderSize) + (i4 << ShiftForWord))) == classArrayObj) {<br>
GIV(thisClassIndex) = i4;<br>
+ break;<div class="im"><br>
}<br>
}<br>
for (i4 = (InstanceSpecificationIndex + 1); i4 <= (lengthOf(classArrayObj)); i4 += 1) {<br></div>
@@ -17481,6 +17482,7 @@<br>
&& (((lengthOf(oop)) == 5)<div class="im"><br>
&& ((strncmp("Array", firstFixedField(oop), 5)) == 0))) {<br></div>
GIV(classNameIndex) = i4;<br>
+ break;<br>
}<br>
}<br>
<br>
This results then in a VM which actually comes up and is functioning as far as I can tell.<br>
However, I get the following output, which might be an indication what is wrong with my image:<br>
<br>
mprotect(x,y,PROT_READ | PROT_WRITE): Cannot allocate memory<br>
squeak: could not load plugin `MiscPrimitivePlugin'<br>
<br>
(objectAfter(falseObject())) == (trueObject()) 9202<br>
<br>
(objectAfter(falseObject())) == (trueObject()) 9202<br>
<br>
...<br>
<br>
--> "(objectAfter(falseObject())) == (trueObject()) 9202" got repeated 1985 times in total.<br>
<br>
<br>
After all that, and after rewriting the generated code of the relevant loop into something readable, I think I understand what is going on:<br>
<br>
Looks like I have the object representing the Array class at hand, and the initialization tries to identify which index into a class object gives you the actual class name: it sets GIV(classNameIndex) (GIV = global interpreter variable, I suppose).<br>
And well, after finding this, as I said it actually is continuing to loop over the object slots instead of stopping which results in hitting index 11 into that particular object.<br>
<br>
I am not sure whether I understand it correctly, but from my understanding it is accessing the following instance variables by index:<br>
<br>
1: methodDict:<br>
2: format: 6402<br>
3: instanceVariables: nil<br>
4: organization:<br>
5: subclasses: {WeakArray . ActionSequence . WeakActionSequence . Cubic}<br>
6: name: #Array<br>
7: classPool: a Dictionary()<br>
8: sharedPools: nil<br>
9: environment: nil<br>
10: category: #''Collections-Arrayed''<br>
<br>
<br>
And the accessing 11 fails because it is not actually an instance variable.<br></blockquote><div><br></div><div>Doh! It's a one-relative/zero-relative thing. lengthOf: returns the number of fields in a pointer object, but i is a zero-relative variable, so the loops need to read </div>
<div><br></div><div><div><span class="Apple-tab-span" style="white-space:pre"> </span>InstanceSpecificationIndex + 1 to: (objectMemory lengthOf: classArrayClass) - 1 do:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>[:i|</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>(objectMemory fetchPointer: i ofObject: classArrayClass) = classArrayObj ifTrue:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>[thisClassIndex := i]].</div>
</div><div><br></div><div>Thanks for finding this!</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
Is my understanding correct so far?<br>
<br>
If so, I guess the lengthOf(classArrayObj) goes wrong with my image, which seems to be strange somehow, because I would guess such a bug would trigger elsewhere, too.<br>
<br>
Best regards<br>
Stefan<br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
Dave<br>
<br>
</blockquote>
<br>
</blockquote></div><br><br clear="all"><br>-- <br>best,<div>Eliot</div><br>