[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Tinycc-devel] Is it a bug or something else?
|
From: |
YX Hao |
|
Subject: |
[Tinycc-devel] Is it a bug or something else? |
|
Date: |
Sun, 29 Jun 2014 20:31:15 +0800 |
Hi there,
It is a crash of the complied program, when I played TCC with a small library
"http parser" (https://github.com/joyent/http-parser). And GCC works correctly.
This is out of my knowledge, and I will describe it as clear as possible.
It is about the "test.c".
After some debugging, I find the crash line is calling "test_multiple3()" (L:
3366, L: 3558).
---------------------------------------
int i, j, k;
......
for (i = 0; i < request_count; i++) {
if (!requests[i].should_keep_alive) continue;
for (j = 0; j < request_count; j++) {
if (!requests[j].should_keep_alive) continue;
for (k = 0; k < request_count; k++) {
test_multiple3(&requests[i], &requests[j], &requests[k]);
}
}
}
---------------------------------------
According to a debugger, the program uses a " DWORD PTR SS:[EBP-4]" to store
the counters. For example "(i = 0; i < request_count; i++)":
---------------------------------------
CPU Disasm
Address Hex dump Command Comments
004055C9 |. B8 00000000 MOV EAX,0
004055CE |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX ; i = 0;
004055D1 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004055D4 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
004055D7 |. 39C8 CMP EAX,ECX
004055D9 |. 0F8D CD000000 JGE 004056AC ; if (i >
request_count) true;
004055DF |. E9 0B000000 JMP 004055EF
004055E4 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004055E7 |. 89C1 MOV ECX,EAX
004055E9 |. 40 INC EAX ; i++;
004055EA |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004055ED |.^ EB E2 JMP SHORT 004055D1
---------------------------------------
Entering "test_multiple3()", it stores "EBP" by pushing to stack, and then some
operations flush the stored data, as the routine falls to a label "test".
Stange!
---------------------------------------
if (read != 0) {
print_error(total, read);
abort();
}
test:
if (message_count != num_messages) {
fprintf(stderr, "\n\n*** Parser didn't see 3 messages only %d *** \n",
num_messages);
abort();
}
---------------------------------------
CPU Disasm
Address Hex dump Command Comments
0040483A |> \B8 00000000 MOV EAX,0
0040483F |. 50 PUSH EAX ; /Arg2 => 0
00404840 |. B8 00000000 MOV EAX,0 ; |
00404845 |. 50 PUSH EAX ; |Arg1 => 0
00404846 |. E8 BED6FFFF CALL 00401F09 ;
\t.00401F09
0040484B |. 83C4 08 ADD ESP,8
0040484E |. 8945 E4 MOV DWORD PTR SS:[LOCAL.7],EAX
00404851 |. 8B45 E4 MOV EAX,DWORD PTR SS:[LOCAL.7]
00404854 |. 83F8 00 CMP EAX,0
00404857 |. 0F84 15000000 JE 00404872
0040485D |. 8B45 E4 MOV EAX,DWORD PTR SS:[LOCAL.7]
00404860 |. 50 PUSH EAX
00404861 |. 8B45 EC MOV EAX,DWORD PTR SS:[LOCAL.5]
00404864 |. 50 PUSH EAX
00404865 |. E8 CAE1FFFF CALL 00402A34
0040486A |. 83C4 08 ADD ESP,8
0040486D |. E8 96950000 CALL <JMP.&msvcrt.abort> ;
[MSVCRT.abort
00404872 |> 8965 00 MOV DWORD PTR SS:[LOCAL.0],ESP ;???
00404875 |> 8B65 00 MOV ESP,DWORD PTR SS:[LOCAL.0] ;???
00404878 |. 8B45 FC MOV EAX,DWORD PTR SS:[LOCAL.1]
0040487B |. 8B0D 44607E00 MOV ECX,DWORD PTR DS:[7E6044]
00404881 |. 39C8 CMP EAX,ECX
00404883 |. 0F84 24000000 JE 004048AD
---------------------------------------
Why are the "???" marked commands there? They flushed the "EBP".
---------------
TCC: latest mob
OS: windows
Attachment is my modified "wassert()" in case of you need it.
Regards,
YX
wassert.c
Description: Binary data
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Tinycc-devel] Is it a bug or something else?,
YX Hao <=