gcl-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Gcl-devel] HEAD Maxima and HEAD trad GCL


From: Mike Thomas
Subject: RE: [Gcl-devel] HEAD Maxima and HEAD trad GCL
Date: Thu, 15 Jan 2004 10:51:34 +1000

Hi Camm.

| Hi Mike!  OK, I think we have something.

You are right - your skill with a semi-skilled monkey controlled remote
debugger on a system you have never personally used is remarkable!!!

As seen below, the place where the write goes wrong is line 100 of funlink.c
where the value of fun->cc.cc_turbo is written to the location pointed to by
ptr.   Ptr is an argument to call_or_link_closure() which is being called
while pcl_dfun.o is being loaded.  The link passed to call_or_link_closure()
is to CLASS-WRAPPER as detailed below, so I suppose either something has
overwritten the link information or it was wrong to start with?

Or possibly the code is following the wrong branch in
call_or_link_closure()?





|
| You write in
|
| http://mail.gnu.org/archive/html/gcl-devel/2004-01/msg00052.html
|
| that at
|
| cmpaux.c:315
|
| the value of
|
| p/x *(char *)0x1030c130
|
| is
|
| (gdb) p/x *(char *)address@hidden
| $26 = {0x55, 0x57, 0x56, 0x53, 0x83, 0xec, 0x1c, 0x8b, 0x35, 0xa0, 0xb,
| 0x5b,
|   0x0, 0x8b, 0xd, 0x10, 0x78, 0x5a, 0x0, 0x8d, 0x46, 0x18, 0x3b,
| 0xd, 0xd0,
|   0x7d, 0x5a, 0x0, ...}
|
|
| Which lines up nicely with your dump from pcl_dfun.o.dump:
|
| 00000130 <_L2>:
|      130:     55                      push   %ebp
|      131:     57                      push   %edi
|      132:     56                      push   %esi
|      133:     53                      push   %ebx
|      134:     83 ec 1c                sub    $0x1c,%esp
|      137:     8b 35 00 00 00 00       mov    0x0,%esi
|      13d:     8b 0d 00 00 00 00       mov    0x0,%ecx
|      143:     8d 46 18                lea    0x18(%esi),%eax
|      146:     3b 0d 00 00 00 00       cmp    0x0,%ecx
|
| modulo relocations, which has updated the 3 sequences of 4 null bytes
| each.
|
| However, at
|
| funlink.c:71
|
| you report
|
| p/x *(char *)fun->cf.cf_self
|
| as
|
| (gdb) p/x *(char *)fun->address@hidden
| $20 = {0x55, 0x57, 0x56, 0x53, 0x83, 0xec, 0x1c, 0x8b, 0x35, 0xa0, 0xb,
| 0x5b,
|   0x0, 0x8b, 0xd, 0x10, 0xf4, 0x8b, 0x29, 0x10, 0x46, 0x18, 0x3b,
| 0xd, 0xd0,
|   0x7d, 0x5a, 0x0, ...}
| (gdb)
|
| Something has trampled on the code starting at 0x1030c140 for 4 bytes,
| probably an integer assignment.
|
| If you could (after reaching the call_init breakpoint) do
|
| watch *0x1030c140
|
| I think we'll nab the culprit.





Loading binary of PCL_DFUN...

Breakpoint 1, fasload (faslfile=0x101c69a8) at sfasl.c:178
178         int init_address=0;
(gdb) b call_or_link
Breakpoint 2 at 0x4313e6: file funlink.c, line 32.
(gdb) b call_init
Breakpoint 3 at 0x418fe3: file cmpaux.c, line 315.
(gdb) c
Continuing.

Breakpoint 3, call_init (init_address=0, memory=0x102e0294,
    fasl_vec=0x10287f50, fptr=0) at cmpaux.c:315
315       check_type(fasl_vec,t_vector);
(gdb) c
Continuing.

Breakpoint 2, call_or_link (sym=0x1014121c, link=0x53ceac) at funlink.c:32
32          fun = sym->s.s_gfdef;
(gdb) p/x (char*) address@hidden
Only values in memory can be extended with '@'.
(gdb) p/x *(char*)address@hidden
$1 = {0x55, 0x57, 0x56, 0x53, 0x83, 0xec, 0x1c, 0x8b, 0x35, 0x20, 0xc, 0x5b,
  0x0, 0x8b, 0xd, 0x90, 0x78, 0x5a, 0x0, 0x8d, 0x46, 0x18, 0x3b, 0xd, 0x50,
  0x7e, 0x5a, 0x0, 0x89, 0x74, 0x24, 0x18, 0x89, 0x44, 0x24, 0x14, 0xf,
0x83,
  0x6b, 0x4, 0x0, 0x0, 0x89, 0xc8, 0x29, 0xf0, 0xc1, 0xf8, 0x2, 0x85, 0xc0,
  0xf, 0x8e, 0x46, 0x4, 0x0, 0x0, 0x83, 0xc6, 0x4, 0x8b, 0x54, 0x24, 0x18}
(gdb) p/x *(char*)address@hidden
$2 = {0x78, 0x5a, 0x0, 0x8d}
(gdb) watch *0x10317140
Hardware watchpoint 4: *271675712
(gdb) p/x *(char*)address@hidden
$3 = {0x8b, 0x35, 0x20, 0xc, 0x5b, 0x0}
(gdb) p/x *(char*)address@hidden
$4 = {0x8b, 0xd, 0x90, 0x78, 0x5a, 0x0}
(gdb) watch *0x1031713f
Hardware watchpoint 5: *271675711
(gdb) p/x *(char*)address@hidden
$5 = {0x90, 0x78, 0x5a, 0x0}
(gdb)
(gdb) c
Continuing.

Breakpoint 2, call_or_link (sym=0x101412f4, link=0x53ceec) at funlink.c:32
32          fun = sym->s.s_gfdef;
(gdb) c
Continuing.

(gdb) delete 2
(gdb) c
Continuing.
Loading binary of PCL_FAST_INIT...

Breakpoint 1, fasload (faslfile=0x101be5e8) at sfasl.c:178
178         int init_address=0;
(gdb) c
Continuing.

Breakpoint 3, call_init (init_address=0, memory=0x1032ad20,
    fasl_vec=0x102879bc, fptr=0) at cmpaux.c:315
315       check_type(fasl_vec,t_vector);
(gdb) c
Continuing.
Loading binary of PCL_BRAID...

Breakpoint 1, fasload (faslfile=0x101b88b8) at sfasl.c:178
178         int init_address=0;
(gdb) c
Continuing.

Breakpoint 3, call_init (init_address=0, memory=0x1032ab2c,
    fasl_vec=0x1028732c, fptr=0) at cmpaux.c:315
315       check_type(fasl_vec,t_vector);
(gdb) c
Continuing.
Hardware watchpoint 4: *271675712

Old value = -1929356680
New value = 271324756
Hardware watchpoint 5: *271675711

Old value = 5929104
New value = 739660944
call_or_link_closure (sym=0x101842ac, link=0x10328494, ptr=0x10317140)
    at funlink.c:101
101                 *link = (void *) ( fun->cf.cf_self );
(gdb)

(gdb) p link
$6 = (void **) 0x10328494
(gdb) p *link
$7 = (void *) 0x1032743c
(gdb) p/x *(char*)address@hidden
$8 = {0x90, 0x54, 0x16, 0x2c}
(gdb) p/x *(char*)address@hidden
$9 = {0x54, 0x16, 0x2c, 0x10}
(gdb)  p/x *(char*)address@hidden
$10 = {0x8b, 0x35, 0x20, 0xc, 0x5b, 0x0}
(gdb)  p/x *(char*)address@hidden
$11 = {0x8b, 0xd, 0x90, 0x54, 0x16, 0x2c}
(gdb)  p/x *(char*)address@hidden
$12 = {0x8b, 0xd, 0x90, 0x54, 0x16, 0x2c, 0x10, 0x46}
(gdb) p fun->cf.cf_self
$13 = (void (*)()) 0x10325b34
(gdb) p *fun->cf.cf_self
$14 = {void ()} 0x10325b34
(gdb) l
96          if ( type_of ( fun ) == t_cclosure && ( fun->cc.cc_turbo ) ) {
97              if ( Rset ) {
98                  (void) vpush_extend ( link, sLAlink_arrayA->s.s_dbind );
99                  (void) vpush_extend ( *link,
sLAlink_arrayA->s.s_dbind );
100                 *ptr = (void *) ( fun->cc.cc_turbo );
101                 *link = (void *) ( fun->cf.cf_self );
102                 MMccall (fun, fun->cc.cc_turbo);
103             } else {
104                 MMccall ( fun, fun->cc.cc_turbo );
105             }
(gdb) p ptr
$15 = (void **) 0x10317140
(gdb) p *ptr
$16 = (void *) 0x102c1654
(gdb) bt
#0  call_or_link_closure (sym=0x101842ac, link=0x10328494, ptr=0x10317140)
    at funlink.c:101
#1  0x10327454 in ?? ()
#2  0x101842ac in ?? ()
#3  0x10328494 in ?? ()
#4  0x10317140 in ?? ()
#5  0x1032746b in ?? ()
#6  0x101bb4c8 in ?? ()
#7  0x10328498 in ?? ()
#8  0x005b0ee0 in value_stack ()
#9  0x1031d93d in ?? ()
#10 0x8d005a78 in ?? ()
#11 0x005a5848 in small_fixnum_table ()
#12 0x005b0ee0 in value_stack ()
#13 0x1031d85c in ?? ()
#14 0x005b0ef4 in value_stack ()
#15 0x005b0efc in value_stack ()
#16 0x0022bf48 in ?? ()
#17 0x005b0f04 in value_stack ()
#18 0x00541330 in sKoverwrite ()
#19 0x102222d0 in ?? ()
#20 0x005a5860 in small_fixnum_table ()
#21 0x103958f8 in ?? ()
#22 0x103958f8 in ?? ()
#23 0x1023e1d4 in ?? ()
#24 0x00541330 in sKoverwrite ()
#25 0x00541330 in sKoverwrite ()
#26 0x10301f78 in ?? ()
#27 0x10287fa4 in ?? ()
#28 0x005b0f0c in value_stack ()
#29 0x10241324 in ?? ()
#30 0x005b0edc in value_stack ()
#31 0x005b0ee0 in value_stack ()
#32 0x0022bf78 in ?? ()
---Type <return> to continue, or q <return> to quit---q
Quit (expect signal SIGINT when the program is resumed)
(gdb) info register
eax            0x102c1654       271324756
ecx            0x624    1572
edx            0x10317140       271675712
ebx            0x5b0efc 5967612
esp            0x22bee0 0x22bee0
ebp            0x22bee8 0x22bee8
esi            0x5b0ef8 5967608
edi            0x5a7ca0 5930144
eip            0x431585 0x431585
eflags         0x202    514
cs             0x1b     27
ss             0x23     35
ds             0x23     35
es             0x23     35
fs             0x38     56
gs             0x0      0
(gdb) p sym->s
$17 = {t = 8 '\b', flag = 0 '\0', s = 0 '\0', m = 0 '\0', s_dbind = 0x0,
  s_sfdef = 0x541330 <Cnil_body>, st_self = 0x104260b8 "CLASS-WRAPPER",
  st_fillp = 13, s_gfdef = 0x10372188, s_plist = 0x10379e40,
  s_hpack = 0x10103d00, s_stype = 0, s_mflag = 0}
(gdb) whatis *link
type = void *
(gdb) whatis **link
type = void


=============================================================
If CLASS-WRAPPER is the next link to be followed up then the relevant "stub"
in pcl_dfun.c is:

static void LnkT253(ptr) object *ptr;{ call_or_link_closure(VV[253],(void
**)(void *)&Lnk253,(void **)(void *)&Lclptr253);} /* CLASS-WRAPPER */

and in pcl_dfun.h:

static object *Lclptr253;
static void LnkT253();
static void (*Lnk253)() = LnkT253;

=============================================================

Cheers

MIke Thomas







reply via email to

[Prev in Thread] Current Thread [Next in Thread]