[Vm-dev] [BUG] CogVM crash on Windows
Eliot Miranda
eliot.miranda at gmail.com
Wed Aug 25 03:54:17 UTC 2010
On Tue, Aug 24, 2010 at 8:11 PM, Igor Stasenko <siguctua at gmail.com> wrote:
>
> On 25 August 2010 04:39, Eliot Miranda <eliot.miranda at gmail.com> wrote:
> >
> > Hi Levente,
> > essentially correct. The bug was caused by an incorrect asm.
> Changing
> > # define BYTE_SWAP(w) __asm__("bswap %%eax" : "=r" (w) : "r" (w))
> > # define WORD_SWAP(w) __asm__("roll $16, %%eax" : "=r" (w) : "r" (w))
> > to
> > # define BYTE_SWAP(w) __asm__("bswap %0" : "=r" (w) : "r" (w))
> > # define WORD_SWAP(w) __asm__("roll $16, %0" : "=r" (w) : "r" (w))
> > in platforms/win32/vm/sqWin32Window.c's byte & word image reversal code
> fixes it. This worked back on 2.95.x because it always chose $eax as the
> register for the value variable in
> > unsigned int value = *srcPixPtr++;
> > but gcc 3.x is more devious.
> > I've updated svn and will upload a new engine soon.
> > thanks,
> > Eliot
> >
> Hmm.. interesting, how changing a byte order could cause a crash?
> A windows blitter using byte reversal logic when blitting a big-endian
> forms on windows GDI (since on windows its little-endian,
> it swaps form's bits, then copying bits, and then swaps back again)..
> but still i don't understand how this may cause a crash.. it may cause
> problems with seeing anything correct on a screen.
>
# define BYTE_SWAP(w) __asm__("bswap %%eax" : "=r" (w) : "r" (w))
causes $eax to be byte-swapped irrespective of its use. In gcc 3.4.4 and
the code in question $eax contained a loop limit which caused an
out-of-range memory read.
> > On Sun, Aug 22, 2010 at 1:56 PM, Levente Uzonyi <leves at elte.hu> wrote:
> >>
> >> Hi,
> >>
> >>
> >> evaluating [Display newDepth: x] where the value of x is 1, 4, 8 or 16
> crashes the VM. No crash dump is written. If x is 2, -1, -2 or -4, then the
> image informs me that the depth is not available on the system. If x is -8
> or -16 then the code works. For the x=16 case gdb shows the following:
> >>
> >> Program received signal SIGSEGV, Segmentation fault.
> >> reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0,
> width=1272,
> >> rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875
> >> 1875 unsigned int value = *srcPixPtr++;
> >> (gdb) where
> >> #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0,
> width=1272,
> >> rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875
> >> #1 0x0043f61a in ioShowDisplay (dispBits=340847780, width=1272,
> height=745,
> >> depth=16, affectedL=0, affectedR=1000, affectedT=0, affectedB=0)
> >> at ../platforms/win32/vm/sqWin32Window.c:2324
> >> #2 0x00403270 in displayBitsOfLeftTopRightBottom (aForm=-719257650,
> l=0,
> >> t=0, r=1272, b=745) at ../src/vm/gcc3x-cointerp.c:13701
> >> #3 0x00405ff9 in fullDisplayUpdate () at
> ../src/vm/gcc3x-cointerp.c:16777
> >> #4 0x0044093a in MainWndProcW (hwnd=0xf05f6, message=15, wParam=0,
> lParam=0)
> >> at ../platforms/win32/vm/sqWin32Window.c:447
> >> #5 0x75fef8d2 in USER32!GetMessageW ()
> >> from /cygdrive/c/Windows/system32/user32.dll
> >> #6 0x75fef794 in USER32!GetWindowLongW ()
> >> from /cygdrive/c/Windows/system32/user32.dll
> >> #7 0x004403dc in sqLaunchDrop ()
> >> at ../platforms/win32/vm/sqWin32Window.c:2773
> >> #8 0x75ff0817 in USER32!ReleaseDC ()
> >> from /cygdrive/c/Windows/system32/user32.dll
> >> #9 0x75ff0a65 in USER32!GetWindowThreadProcessId ()
> >> from /cygdrive/c/Windows/system32/user32.dll
> >> #10 0x776a99ce in ntdll!LdrEnumResources ()
> >> from /cygdrive/c/Windows/system32/ntdll.dll
> >> #11 0x00ace008 in ?? ()
> >> #12 0x00000018 in ?? ()
> >> ---Type <return> to continue, or q <return> to quit---
> >> #13 0x00ace058 in ?? ()
> >> #14 0x776a9980 in ntdll!LdrDisableThreadCalloutsForDll ()
> >> from /cygdrive/c/Windows/system32/ntdll.dll
> >> #15 0x0204c1d8 in ?? ()
> >> #16 0x0000000f in ?? ()
> >> #17 0x00000000 in ?? ()
> >> (gdb) info registers
> >> eax 0xd520ffce -719257650
> >> ecx 0x3 3
> >> edx 0x0 0
> >> ebx 0x1f4 500
> >> esp 0xacd5b4 0xacd5b4
> >> ebp 0x0 0x0
> >> esi 0x1511a000 353476608
> >> edi 0x1511a000 353476608
> >> eip 0x43ed0c 0x43ed0c <reverse_image_words+353>
> >> eflags 0x10216 [ PF AF IF RF ]
> >> cs 0x1b 27
> >> ss 0x23 35
> >> ds 0x23 35
> >> es 0x23 35
> >> fs 0x3b 59
> >> gs 0x0 0
> >>
> >> It may be a compiler bug, because the 4.0.2 SqueakVM doesn't have this
> issue. It's a bit suspicious that depth is 0 here:
> >> #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0,
> width=1272,
> >> rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875
> >> but the value of depth is known at compilation time (16), so it may be
> some compiler "magic".
> >> Here are the values of the variables in the method:
> >> (gdb) p dst
> >> $2 = (unsigned int *) 0x1450eca4
> >> (gdb) p src
> >> $3 = (unsigned int *) 0x1450eca4
> >> (gdb) p depth
> >> $4 = 0
> >> (gdb) p width
> >> $5 = 1272
> >> (gdb) p rect
> >> $6 = (RECT *) 0x561e60
> >> (gdb) p rect->left
> >> $7 = 0
> >> (gdb) p rect->right
> >> $8 = 1000
> >> (gdb) p rect->top
> >> $9 = 0
> >> (gdb) p rect->bottom
> >> $10 = 745
> >> (gdb) p pitch
> >> $11 = 353476608
> >> (gdb) p first
> >> $12 = 3
> >> (gdb) p last
> >> No symbol "last" in current context.
> >> (gdb) p nWords
> >> $13 = 500
> >> (gdb) p delta
> >> $14 = 0
> >> (gdb) p yy
> >> $15 = 0
> >> (gdb) p srcPixPtr
> >> $16 = (DWORD *) 0x1511a000
> >> (gdb) p dstPixPtr
> >> $17 = (DWORD *) 0x1511a000
> >> (gdb) p i
> >> $18 = -719257650
> >> (gdb) p value
> >> $19 = 0
> >>
> >>
> >> Cheers,
> >> Levente
> >
> >
> >
>
>
>
> --
> Best regards,
> Igor Stasenko AKA sig.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20100824/7d213b3e/attachment.htm
More information about the Vm-dev
mailing list