Hi,
evaluating [Display newDepth: x] where the value of x is 1, 4, 8 or 16 crashes the VM. No crash dump is written. If x is 2, -1, -2 or -4, then the image informs me that the depth is not available on the system. If x is -8 or -16 then the code works. For the x=16 case gdb shows the following:
Program received signal SIGSEGV, Segmentation fault. reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 1875 unsigned int value = *srcPixPtr++; (gdb) where #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 #1 0x0043f61a in ioShowDisplay (dispBits=340847780, width=1272, height=745, depth=16, affectedL=0, affectedR=1000, affectedT=0, affectedB=0) at ../platforms/win32/vm/sqWin32Window.c:2324 #2 0x00403270 in displayBitsOfLeftTopRightBottom (aForm=-719257650, l=0, t=0, r=1272, b=745) at ../src/vm/gcc3x-cointerp.c:13701 #3 0x00405ff9 in fullDisplayUpdate () at ../src/vm/gcc3x-cointerp.c:16777 #4 0x0044093a in MainWndProcW (hwnd=0xf05f6, message=15, wParam=0, lParam=0) at ../platforms/win32/vm/sqWin32Window.c:447 #5 0x75fef8d2 in USER32!GetMessageW () from /cygdrive/c/Windows/system32/user32.dll #6 0x75fef794 in USER32!GetWindowLongW () from /cygdrive/c/Windows/system32/user32.dll #7 0x004403dc in sqLaunchDrop () at ../platforms/win32/vm/sqWin32Window.c:2773 #8 0x75ff0817 in USER32!ReleaseDC () from /cygdrive/c/Windows/system32/user32.dll #9 0x75ff0a65 in USER32!GetWindowThreadProcessId () from /cygdrive/c/Windows/system32/user32.dll #10 0x776a99ce in ntdll!LdrEnumResources () from /cygdrive/c/Windows/system32/ntdll.dll #11 0x00ace008 in ?? () #12 0x00000018 in ?? () ---Type <return> to continue, or q <return> to quit--- #13 0x00ace058 in ?? () #14 0x776a9980 in ntdll!LdrDisableThreadCalloutsForDll () from /cygdrive/c/Windows/system32/ntdll.dll #15 0x0204c1d8 in ?? () #16 0x0000000f in ?? () #17 0x00000000 in ?? () (gdb) info registers eax 0xd520ffce -719257650 ecx 0x3 3 edx 0x0 0 ebx 0x1f4 500 esp 0xacd5b4 0xacd5b4 ebp 0x0 0x0 esi 0x1511a000 353476608 edi 0x1511a000 353476608 eip 0x43ed0c 0x43ed0c <reverse_image_words+353> eflags 0x10216 [ PF AF IF RF ] cs 0x1b 27 ss 0x23 35 ds 0x23 35 es 0x23 35 fs 0x3b 59 gs 0x0 0
It may be a compiler bug, because the 4.0.2 SqueakVM doesn't have this issue. It's a bit suspicious that depth is 0 here: #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 but the value of depth is known at compilation time (16), so it may be some compiler "magic". Here are the values of the variables in the method: (gdb) p dst $2 = (unsigned int *) 0x1450eca4 (gdb) p src $3 = (unsigned int *) 0x1450eca4 (gdb) p depth $4 = 0 (gdb) p width $5 = 1272 (gdb) p rect $6 = (RECT *) 0x561e60 (gdb) p rect->left $7 = 0 (gdb) p rect->right $8 = 1000 (gdb) p rect->top $9 = 0 (gdb) p rect->bottom $10 = 745 (gdb) p pitch $11 = 353476608 (gdb) p first $12 = 3 (gdb) p last No symbol "last" in current context. (gdb) p nWords $13 = 500 (gdb) p delta $14 = 0 (gdb) p yy $15 = 0 (gdb) p srcPixPtr $16 = (DWORD *) 0x1511a000 (gdb) p dstPixPtr $17 = (DWORD *) 0x1511a000 (gdb) p i $18 = -719257650 (gdb) p value $19 = 0
Cheers, Levente
Hi Levente,
essentially correct. The bug was caused by an incorrect asm. Changing
# define BYTE_SWAP(w) __asm__("bswap %%eax" : "=r" (w) : "r" (w)) # define WORD_SWAP(w) __asm__("roll $16, %%eax" : "=r" (w) : "r" (w))
to
# define BYTE_SWAP(w) __asm__("bswap %0" : "=r" (w) : "r" (w)) # define WORD_SWAP(w) __asm__("roll $16, %0" : "=r" (w) : "r" (w))
in platforms/win32/vm/sqWin32Window.c's byte & word image reversal code fixes it. This worked back on 2.95.x because it always chose $eax as the register for the value variable in
unsigned int value = *srcPixPtr++;
but gcc 3.x is more devious.
I've updated svn and will upload a new engine soon.
thanks, Eliot
On Sun, Aug 22, 2010 at 1:56 PM, Levente Uzonyi leves@elte.hu wrote:
Hi,
evaluating [Display newDepth: x] where the value of x is 1, 4, 8 or 16 crashes the VM. No crash dump is written. If x is 2, -1, -2 or -4, then the image informs me that the depth is not available on the system. If x is -8 or -16 then the code works. For the x=16 case gdb shows the following:
Program received signal SIGSEGV, Segmentation fault. reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 1875 unsigned int value = *srcPixPtr++; (gdb) where #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 #1 0x0043f61a in ioShowDisplay (dispBits=340847780, width=1272, height=745, depth=16, affectedL=0, affectedR=1000, affectedT=0, affectedB=0) at ../platforms/win32/vm/sqWin32Window.c:2324 #2 0x00403270 in displayBitsOfLeftTopRightBottom (aForm=-719257650, l=0, t=0, r=1272, b=745) at ../src/vm/gcc3x-cointerp.c:13701 #3 0x00405ff9 in fullDisplayUpdate () at ../src/vm/gcc3x-cointerp.c:16777 #4 0x0044093a in MainWndProcW (hwnd=0xf05f6, message=15, wParam=0, lParam=0) at ../platforms/win32/vm/sqWin32Window.c:447 #5 0x75fef8d2 in USER32!GetMessageW () from /cygdrive/c/Windows/system32/user32.dll #6 0x75fef794 in USER32!GetWindowLongW () from /cygdrive/c/Windows/system32/user32.dll #7 0x004403dc in sqLaunchDrop () at ../platforms/win32/vm/sqWin32Window.c:2773 #8 0x75ff0817 in USER32!ReleaseDC () from /cygdrive/c/Windows/system32/user32.dll #9 0x75ff0a65 in USER32!GetWindowThreadProcessId () from /cygdrive/c/Windows/system32/user32.dll #10 0x776a99ce in ntdll!LdrEnumResources () from /cygdrive/c/Windows/system32/ntdll.dll #11 0x00ace008 in ?? () #12 0x00000018 in ?? () ---Type <return> to continue, or q <return> to quit--- #13 0x00ace058 in ?? () #14 0x776a9980 in ntdll!LdrDisableThreadCalloutsForDll () from /cygdrive/c/Windows/system32/ntdll.dll #15 0x0204c1d8 in ?? () #16 0x0000000f in ?? () #17 0x00000000 in ?? () (gdb) info registers eax 0xd520ffce -719257650 ecx 0x3 3 edx 0x0 0 ebx 0x1f4 500 esp 0xacd5b4 0xacd5b4 ebp 0x0 0x0 esi 0x1511a000 353476608 edi 0x1511a000 353476608 eip 0x43ed0c 0x43ed0c <reverse_image_words+353> eflags 0x10216 [ PF AF IF RF ] cs 0x1b 27 ss 0x23 35 ds 0x23 35 es 0x23 35 fs 0x3b 59 gs 0x0 0
It may be a compiler bug, because the 4.0.2 SqueakVM doesn't have this issue. It's a bit suspicious that depth is 0 here: #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 but the value of depth is known at compilation time (16), so it may be some compiler "magic". Here are the values of the variables in the method: (gdb) p dst $2 = (unsigned int *) 0x1450eca4 (gdb) p src $3 = (unsigned int *) 0x1450eca4 (gdb) p depth $4 = 0 (gdb) p width $5 = 1272 (gdb) p rect $6 = (RECT *) 0x561e60 (gdb) p rect->left $7 = 0 (gdb) p rect->right $8 = 1000 (gdb) p rect->top $9 = 0 (gdb) p rect->bottom $10 = 745 (gdb) p pitch $11 = 353476608 (gdb) p first $12 = 3 (gdb) p last No symbol "last" in current context. (gdb) p nWords $13 = 500 (gdb) p delta $14 = 0 (gdb) p yy $15 = 0 (gdb) p srcPixPtr $16 = (DWORD *) 0x1511a000 (gdb) p dstPixPtr $17 = (DWORD *) 0x1511a000 (gdb) p i $18 = -719257650 (gdb) p value $19 = 0
Cheers, Levente
On 25 August 2010 04:39, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi Levente, essentially correct. The bug was caused by an incorrect asm. Changing # define BYTE_SWAP(w) __asm__("bswap %%eax" : "=r" (w) : "r" (w)) # define WORD_SWAP(w) __asm__("roll $16, %%eax" : "=r" (w) : "r" (w)) to # define BYTE_SWAP(w) __asm__("bswap %0" : "=r" (w) : "r" (w)) # define WORD_SWAP(w) __asm__("roll $16, %0" : "=r" (w) : "r" (w)) in platforms/win32/vm/sqWin32Window.c's byte & word image reversal code fixes it. This worked back on 2.95.x because it always chose $eax as the register for the value variable in unsigned int value = *srcPixPtr++; but gcc 3.x is more devious. I've updated svn and will upload a new engine soon. thanks, Eliot
Hmm.. interesting, how changing a byte order could cause a crash? A windows blitter using byte reversal logic when blitting a big-endian forms on windows GDI (since on windows its little-endian, it swaps form's bits, then copying bits, and then swaps back again).. but still i don't understand how this may cause a crash.. it may cause problems with seeing anything correct on a screen.
On Sun, Aug 22, 2010 at 1:56 PM, Levente Uzonyi leves@elte.hu wrote:
Hi,
evaluating [Display newDepth: x] where the value of x is 1, 4, 8 or 16 crashes the VM. No crash dump is written. If x is 2, -1, -2 or -4, then the image informs me that the depth is not available on the system. If x is -8 or -16 then the code works. For the x=16 case gdb shows the following:
Program received signal SIGSEGV, Segmentation fault. reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 1875 unsigned int value = *srcPixPtr++; (gdb) where #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 #1 0x0043f61a in ioShowDisplay (dispBits=340847780, width=1272, height=745, depth=16, affectedL=0, affectedR=1000, affectedT=0, affectedB=0) at ../platforms/win32/vm/sqWin32Window.c:2324 #2 0x00403270 in displayBitsOfLeftTopRightBottom (aForm=-719257650, l=0, t=0, r=1272, b=745) at ../src/vm/gcc3x-cointerp.c:13701 #3 0x00405ff9 in fullDisplayUpdate () at ../src/vm/gcc3x-cointerp.c:16777 #4 0x0044093a in MainWndProcW (hwnd=0xf05f6, message=15, wParam=0, lParam=0) at ../platforms/win32/vm/sqWin32Window.c:447 #5 0x75fef8d2 in USER32!GetMessageW () from /cygdrive/c/Windows/system32/user32.dll #6 0x75fef794 in USER32!GetWindowLongW () from /cygdrive/c/Windows/system32/user32.dll #7 0x004403dc in sqLaunchDrop () at ../platforms/win32/vm/sqWin32Window.c:2773 #8 0x75ff0817 in USER32!ReleaseDC () from /cygdrive/c/Windows/system32/user32.dll #9 0x75ff0a65 in USER32!GetWindowThreadProcessId () from /cygdrive/c/Windows/system32/user32.dll #10 0x776a99ce in ntdll!LdrEnumResources () from /cygdrive/c/Windows/system32/ntdll.dll #11 0x00ace008 in ?? () #12 0x00000018 in ?? () ---Type <return> to continue, or q <return> to quit--- #13 0x00ace058 in ?? () #14 0x776a9980 in ntdll!LdrDisableThreadCalloutsForDll () from /cygdrive/c/Windows/system32/ntdll.dll #15 0x0204c1d8 in ?? () #16 0x0000000f in ?? () #17 0x00000000 in ?? () (gdb) info registers eax 0xd520ffce -719257650 ecx 0x3 3 edx 0x0 0 ebx 0x1f4 500 esp 0xacd5b4 0xacd5b4 ebp 0x0 0x0 esi 0x1511a000 353476608 edi 0x1511a000 353476608 eip 0x43ed0c 0x43ed0c <reverse_image_words+353> eflags 0x10216 [ PF AF IF RF ] cs 0x1b 27 ss 0x23 35 ds 0x23 35 es 0x23 35 fs 0x3b 59 gs 0x0 0
It may be a compiler bug, because the 4.0.2 SqueakVM doesn't have this issue. It's a bit suspicious that depth is 0 here: #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272, rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 but the value of depth is known at compilation time (16), so it may be some compiler "magic". Here are the values of the variables in the method: (gdb) p dst $2 = (unsigned int *) 0x1450eca4 (gdb) p src $3 = (unsigned int *) 0x1450eca4 (gdb) p depth $4 = 0 (gdb) p width $5 = 1272 (gdb) p rect $6 = (RECT *) 0x561e60 (gdb) p rect->left $7 = 0 (gdb) p rect->right $8 = 1000 (gdb) p rect->top $9 = 0 (gdb) p rect->bottom $10 = 745 (gdb) p pitch $11 = 353476608 (gdb) p first $12 = 3 (gdb) p last No symbol "last" in current context. (gdb) p nWords $13 = 500 (gdb) p delta $14 = 0 (gdb) p yy $15 = 0 (gdb) p srcPixPtr $16 = (DWORD *) 0x1511a000 (gdb) p dstPixPtr $17 = (DWORD *) 0x1511a000 (gdb) p i $18 = -719257650 (gdb) p value $19 = 0
Cheers, Levente
On Tue, Aug 24, 2010 at 8:11 PM, Igor Stasenko siguctua@gmail.com wrote:
On 25 August 2010 04:39, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi Levente, essentially correct. The bug was caused by an incorrect asm.
Changing
# define BYTE_SWAP(w) __asm__("bswap %%eax" : "=r" (w) : "r" (w)) # define WORD_SWAP(w) __asm__("roll $16, %%eax" : "=r" (w) : "r" (w)) to # define BYTE_SWAP(w) __asm__("bswap %0" : "=r" (w) : "r" (w)) # define WORD_SWAP(w) __asm__("roll $16, %0" : "=r" (w) : "r" (w)) in platforms/win32/vm/sqWin32Window.c's byte & word image reversal code
fixes it. This worked back on 2.95.x because it always chose $eax as the register for the value variable in
unsigned int value = *srcPixPtr++; but gcc 3.x is more devious. I've updated svn and will upload a new engine soon. thanks, Eliot
Hmm.. interesting, how changing a byte order could cause a crash? A windows blitter using byte reversal logic when blitting a big-endian forms on windows GDI (since on windows its little-endian, it swaps form's bits, then copying bits, and then swaps back again).. but still i don't understand how this may cause a crash.. it may cause problems with seeing anything correct on a screen.
# define BYTE_SWAP(w) __asm__("bswap %%eax" : "=r" (w) : "r" (w))
causes $eax to be byte-swapped irrespective of its use. In gcc 3.4.4 and the code in question $eax contained a loop limit which caused an out-of-range memory read.
On Sun, Aug 22, 2010 at 1:56 PM, Levente Uzonyi leves@elte.hu wrote:
Hi,
evaluating [Display newDepth: x] where the value of x is 1, 4, 8 or 16
crashes the VM. No crash dump is written. If x is 2, -1, -2 or -4, then the image informs me that the depth is not available on the system. If x is -8 or -16 then the code works. For the x=16 case gdb shows the following:
Program received signal SIGSEGV, Segmentation fault. reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0,
width=1272,
rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 1875 unsigned int value = *srcPixPtr++; (gdb) where #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0,
width=1272,
rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 #1 0x0043f61a in ioShowDisplay (dispBits=340847780, width=1272,
height=745,
depth=16, affectedL=0, affectedR=1000, affectedT=0, affectedB=0) at ../platforms/win32/vm/sqWin32Window.c:2324 #2 0x00403270 in displayBitsOfLeftTopRightBottom (aForm=-719257650,
l=0,
t=0, r=1272, b=745) at ../src/vm/gcc3x-cointerp.c:13701 #3 0x00405ff9 in fullDisplayUpdate () at
../src/vm/gcc3x-cointerp.c:16777
#4 0x0044093a in MainWndProcW (hwnd=0xf05f6, message=15, wParam=0,
lParam=0)
at ../platforms/win32/vm/sqWin32Window.c:447 #5 0x75fef8d2 in USER32!GetMessageW () from /cygdrive/c/Windows/system32/user32.dll #6 0x75fef794 in USER32!GetWindowLongW () from /cygdrive/c/Windows/system32/user32.dll #7 0x004403dc in sqLaunchDrop () at ../platforms/win32/vm/sqWin32Window.c:2773 #8 0x75ff0817 in USER32!ReleaseDC () from /cygdrive/c/Windows/system32/user32.dll #9 0x75ff0a65 in USER32!GetWindowThreadProcessId () from /cygdrive/c/Windows/system32/user32.dll #10 0x776a99ce in ntdll!LdrEnumResources () from /cygdrive/c/Windows/system32/ntdll.dll #11 0x00ace008 in ?? () #12 0x00000018 in ?? () ---Type <return> to continue, or q <return> to quit--- #13 0x00ace058 in ?? () #14 0x776a9980 in ntdll!LdrDisableThreadCalloutsForDll () from /cygdrive/c/Windows/system32/ntdll.dll #15 0x0204c1d8 in ?? () #16 0x0000000f in ?? () #17 0x00000000 in ?? () (gdb) info registers eax 0xd520ffce -719257650 ecx 0x3 3 edx 0x0 0 ebx 0x1f4 500 esp 0xacd5b4 0xacd5b4 ebp 0x0 0x0 esi 0x1511a000 353476608 edi 0x1511a000 353476608 eip 0x43ed0c 0x43ed0c <reverse_image_words+353> eflags 0x10216 [ PF AF IF RF ] cs 0x1b 27 ss 0x23 35 ds 0x23 35 es 0x23 35 fs 0x3b 59 gs 0x0 0
It may be a compiler bug, because the 4.0.2 SqueakVM doesn't have this
issue. It's a bit suspicious that depth is 0 here:
#0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0,
width=1272,
rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875 but the value of depth is known at compilation time (16), so it may be
some compiler "magic".
Here are the values of the variables in the method: (gdb) p dst $2 = (unsigned int *) 0x1450eca4 (gdb) p src $3 = (unsigned int *) 0x1450eca4 (gdb) p depth $4 = 0 (gdb) p width $5 = 1272 (gdb) p rect $6 = (RECT *) 0x561e60 (gdb) p rect->left $7 = 0 (gdb) p rect->right $8 = 1000 (gdb) p rect->top $9 = 0 (gdb) p rect->bottom $10 = 745 (gdb) p pitch $11 = 353476608 (gdb) p first $12 = 3 (gdb) p last No symbol "last" in current context. (gdb) p nWords $13 = 500 (gdb) p delta $14 = 0 (gdb) p yy $15 = 0 (gdb) p srcPixPtr $16 = (DWORD *) 0x1511a000 (gdb) p dstPixPtr $17 = (DWORD *) 0x1511a000 (gdb) p i $18 = -719257650 (gdb) p value $19 = 0
Cheers, Levente
-- Best regards, Igor Stasenko AKA sig.
vm-dev@lists.squeakfoundation.org