[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: applications segfaulting in gnustep-back on OpenBSD sparc64
From: |
Sebastian Reitenbach |
Subject: |
Re: applications segfaulting in gnustep-back on OpenBSD sparc64 |
Date: |
Sat, 05 Nov 2011 16:17:48 +0100 |
User-agent: |
SOGoMail 1.3.9 |
On Friday, November 4, 2011 20:08 CET, "Sebastian Reitenbach"
<sebastia@l00-bugdead-prods.de> wrote:
> Hi Eric,
>
> On Friday, November 4, 2011 19:07 CET, Eric Wasylishen
> <ewasylishen@gmail.com> wrote:
>
> > That code forgets to check that XRenderFindVisualFormat returns non-NULL. I
> > committed a fix.
>
> I was also just sitting with gdb, and trying to figure out what the real
> problem is. I thought that even XRenderFindVisualFormat may have a problem,
> since it returned NULL.
> I wasn't aware that it is safe for it to return NULL.
>
> So, your fix fixed this problem, but now the next one:
>
> I tried starting Affiche, LapisPuzzle, or AddressManager, all show this
> exception either on the console, or in a popup window:
>
> NSInternalInconsistencyException REASON:expected array count 32 and got 0
> INFO:(null)
>
> running LapisPuzze in gdb, I see this:
>
> (gdb) break -[NSException raise]
> Breakpoint 1 at 0x20406e404: file NSException.m, line 956.
> (gdb) bt
> #0 -[NSException raise] (self=0x2024e9b48, _cmd=0x2018087b8) at
> NSException.m:956
> #1 0x00000002012495f4 in +[NSException raise:format:arguments:]
> (self=0x201808470, _cmd=0x201808788, name=0x201807f68, format=0x201837118,
> argList=0xfffffffffffc4590) at NSException.m:849
> #2 0x00000002012494ac in +[NSException raise:format:] (self=0x201808470,
> _cmd=0x201837d58, name=0x201807f68, format=0x201837118) at NSException.m:835
> #3 0x000000020130dd40 in -[NSPortCoder decodeArrayOfObjCType:count:at:]
> (self=0x20a914208, _cmd=0x201854480, type=0x2016aaa48 "S", expected=32,
> buf=0x2024e9b00) at NSPortCoder.m:451
> #4 0x000000020139d624 in -[NSString initWithCoder:] (self=0x20240b7a8,
> _cmd=0x201837ed8, aCoder=0x20a914208) at NSString.m:5091
> #5 0x000000020130e914 in -[NSPortCoder decodeValueOfObjCType:at:]
> (self=0x20a914208, _cmd=0x201808848, type=0x20169d8c0 "@",
> address=0x2024e9050)
> at NSPortCoder.m:611
> #6 0x000000020124a894 in -[NSException initWithCoder:] (self=0x2024e9048,
> _cmd=0x201837ed8, aDecoder=0x20a914208) at NSException.m:1060
> #7 0x000000020130e914 in -[NSPortCoder decodeValueOfObjCType:at:]
> (self=0x20a914208, _cmd=0x2017f05a8, type=0x201698410 "@",
> address=0xfffffffffffc4b58)
> at NSPortCoder.m:611
> #8 0x00000002011b5234 in -[NSCoder decodeObject] (self=0x20a914208,
> _cmd=0x2017f71f0) at NSCoder.m:221
> #9 0x00000002011d3e84 in -[NSConnection(GNUstepExtensions)
> forwardInvocation:forProxy:] (self=0x20c755648, _cmd=0x2018045d0,
> inv=0x20a914308,
> object=0x204164a08) at NSConnection.m:2096
> #10 0x000000020123f628 in -[NSDistantObject forwardInvocation:]
> (self=0x204164a08, _cmd=0x2018857a8, anInvocation=0x20a914308) at
> NSDistantObject.m:606
> #11 0x00000002014591d4 in GSFFIInvocationCallback (cif=0x2024a9200,
> retp=0xfffffffffffc5170, args=0xfffffffffffc5010, user=0x2024e8308)
> at GSFFIInvocation.m:637
> #12 0x0000000205b7d508 in ffi_closure_sparc_inner_v9 (closure=0x20413e000,
> rvalue=0xfffffffffffc5170, gpr=0xfffffffffffc5290, fpr=0xfffffffffffc5190)
> at ../src/sparc/ffi.c:665
> #13 0x0000000205b7d880 in ffi_closure_v9 () from /usr/local/lib/libffi.so.0.0
> #14 0x000000020124444c in -[NSDistributedNotificationCenter
> addObserver:selector:name:object:suspensionBehavior:] (self=0x2024e8988,
> _cmd=0x2018065b8,
> anObserver=0x20c76ede8, aSelector=0x206ebecb0, notificationName=0x0,
> anObject=0x206ebd4d8, suspensionBehavior=2) at
> NSDistributedNotificationCenter.m:343
> #15 0x0000000201243e78 in -[NSDistributedNotificationCenter
> addObserver:selector:name:object:] (self=0x2024e8988, _cmd=0x206ebecc0,
> anObserver=0x20c76ede8,
> aSelector=0x206ebecb0, notificationName=0x0, anObject=0x206ebd4d8) at
> NSDistributedNotificationCenter.m:267
> #16 0x0000000206a85ac8 in -[_GSWorkspaceCenter init] (self=0x20c76ede8,
> _cmd=0x20182e9b8) at NSWorkspace.m:292
> #17 0x00000002012df170 in +[NSObject new] (self=0x206ebe9c8,
> _cmd=0x206ebebc0) at NSObject.m:1300
> #18 0x0000000206a8790c in -[NSWorkspace init] (self=0x20f36e388,
> _cmd=0x206ebec90) at NSWorkspace.m:692
> #19 0x0000000206a874c4 in +[NSWorkspace sharedWorkspace] (self=0x206ebe820,
> _cmd=0x206dc23c8) at NSWorkspace.m:644
> #20 0x000000020671d940 in -[NSApplication finishLaunching] (self=0x20a8a3808,
> _cmd=0x206dc2608) at NSApplication.m:1093
> #21 0x0000000206721048 in -[NSApplication run] (self=0x20a8a3808,
> _cmd=0x206db34b0) at NSApplication.m:1540
> #22 0x00000002066e35d0 in NSApplicationMain (argc=1, argv=0xfffffffffffc5d88)
> at Functions.m:91
> #23 0x00000000001016d4 in gnustep_base_user_main (argc=1,
> argv=0xfffffffffffc5d88) at main.m:28
> #24 0x000000020132b328 in main (argc=1, argv=0xfffffffffffc5d88,
> env=0xfffffffffffc5d98) at NSProcessInfo.m:978
> #25 0x00000000001013cc in _start ()
> #26 0x00000000001013cc in _start ()
> Previous frame identical to this frame (corrupt stack?)
> (gdb) frame 4
> #4 0x000000020139d624 in -[NSString initWithCoder:] (self=0x20240b7a8,
> _cmd=0x201837ed8, aCoder=0x20a914208) at NSString.m:5091
> 5091 [aCoder decodeArrayOfObjCType: @encode(unichar)
> (gdb) list
> 5086 if (enc == NSUnicodeStringEncoding)
> 5087 {
> 5088 unichar *chars;
> 5089
> 5090 chars = NSZoneMalloc(zone, count*sizeof(unichar));
> 5091 [aCoder decodeArrayOfObjCType: @encode(unichar)
> 5092 count: count
> 5093 at: chars];
> 5094 self = [self initWithCharactersNoCopy: chars
> 5095 length: count
> (gdb) print count*sizeof(unichar)
> $1 = 64
> (gdb) print chars
> $2 = (unichar *) 0x2024e9b00
> (gdb) print *chars
> $3 = 0
> (gdb) print count
> $4 = 32
> (gdb) frame 3
> #3 0x000000020130dd40 in -[NSPortCoder decodeArrayOfObjCType:count:at:]
> (self=0x20a914208, _cmd=0x201854480, type=0x2016aaa48 "S", expected=32,
> buf=0x2024e9b00) at NSPortCoder.m:451
> 451 [NSException raise: NSInternalInconsistencyException
> (gdb) list
> 446 [NSException raise: NSInternalInconsistencyException
> 447 format: @"expected array and got %s",
> typeToName2(info)];
> 448 }
> 449 if (count != expected)
> 450 {
> 451 [NSException raise: NSInternalInconsistencyException
> 452 format: @"expected array count %u and got %u",
> 453 expected, count];
> 454 }
> 455
> (gdb) print i
> $5 = 2
> (gdb) print offset
> $6 = 0
> (gdb) print size
> $7 = 2
> (gdb) print count
> $8 = 0
> (gdb) print expected
> $9 = 32
> (gdb)
>
> Since there is sth. with unichar, I tried with the default C locale, and also
> with export LC_CTYPE='en_US.UTF-8'.
> With both, its the same where it now aborts.
>
>
> Sebastian
I tried to look a bit closer at the exception, and tried to compare with i386.
It seems to take a different code path on i386 and sparc64 in
-[NSConnection(GNUstepExtensions) forwardInvocation:forProxy:]
on i386, in line 2093 is_exception = 0, on sparc64 it is 1, and then if
(is_exception == YES) it diverts.
I don't know whether this is actually my problem, but I'd expected both to be
the same, see the gdb log below.
breakpoint at: -[NSConnection(GNUstepExtensions) forwardInvocation:forProxy:]
when the breakpoint is hit the first time its OK,
on the second time, it then breaks later, so here diving into it:
going on with n sparc 64:
...
1996 type = [[inv methodSignature] methodType];
(gdb)
1997 if (type == 0 || *type == '\0')
(gdb) print type
$2 = 0x209d65fc0 "v64@0:8Q16@24@32@40Q48@56"
going on with n 386:
...
1996 type = [[inv methodSignature] methodType];
(gdb)
1997 if (type == 0 || *type == '\0')
(gdb) print type
$2 = 0x8915b300 "v36@0:4Q8@16@20@24I28@32"
then later it diverts here, see the is_exception difference:
here on sparc64 is_exception=1:
(gdb) list
2087
2088 /*
2089 * Find out if the server is returning an exception instead
2090 * of the return values.
2091 */
2092 [aRmc decodeValueOfObjCType: @encode(BOOL) at: &is_exception];
2093 if (is_exception == YES)
2094 {
2095 /* Decode the exception object, and raise it. */
2096 id exc = [aRmc decodeObject];
(gdb) n
2093 if (is_exception == YES)
(gdb) n
2096 id exc = [aRmc decodeObject];
(gdb) print is_exception
$15 = 1 '\001'
(gdb) print &is_exception
$16 = (BOOL *) 0xfffffffffffc6905 "\001\001"
and on i386 is_exception=0:
2092 [aRmc decodeValueOfObjCType: @encode(BOOL) at: &is_exception];
(gdb) print is_exception
$12 = 180 '´'
(gdb) print &is_exception
$13 = (BOOL *) 0xcfbf00b5 "´\001"
(gdb) n
2093 if (is_exception == YES)
(gdb) n
2103 flags = objc_get_type_qualifiers(type);
(gdb) print is_exception
$14 = 0 '\0'
(gdb) print &is_exception
$15 = (BOOL *) 0xcfbf00b5 ""
now stepping into [aRmc decodeValueOfObjCType: @encode(BOOL) at:
&is_exception]; on sparc64:
(gdb) s
objc_msg_lookup (receiver=0x209309c08, selector=0x203c9f0c0) at sendmsg2.c:372
372 if (nil == receiver) { return (IMP)nil_method; }
Current language: auto; currently c
(gdb) print receiver
$1 = 0x209309c08
(gdb) list
367 * Legacy message lookup function. Does not support fast proxies or
safe IMP
368 * caching.
369 */
370 IMP objc_msg_lookup(id receiver, SEL selector)
371 {
372 if (nil == receiver) { return (IMP)nil_method; }
373
374 id self = receiver;
375 Slot_t slot = objc_msg_lookup_internal(&self, selector, nil);
376 if (self != receiver)
(gdb) n
374 id self = receiver;
(gdb) n
375 Slot_t slot = objc_msg_lookup_internal(&self, selector, nil);
(gdb) n
376 if (self != receiver)
(gdb) print self
$2 = 0x209309c08
(gdb) print slot
$3 = 0x2011b6960
(gdb) print receiver
$4 = 0x209309c08
(gdb) n
380 return slot->method;
(gdb) s
381 }
(gdb) print
$5 = 0x209309c08
(gdb) list
376 if (self != receiver)
377 {
378 slot = __objc_msg_forward3(receiver, selector);
379 }
380 return slot->method;
381 }
382
383 IMP objc_msg_lookup_super(struct objc_super *super, SEL selector)
384 {
385 return objc_slot_lookup_super(super, selector)->method;
(gdb)
Then I've seen, in NSPortCoder.m:
- (void) decodeValueOfObjCType: (const char*)type
at: (void*)address
case _GSC_CHR:
case _GSC_UCHR:
/* Encoding of chars is not consistant across platforms, so we
loosen the type checking a little */
if (*type != type_map[_GSC_CHR] && *type != type_map[_GSC_UCHR])
{
[NSException raise: NSInternalInconsistencyException
format: @"expected %s and got %s",
typeToName1(*type), typeToName2(info)];
}
(*_dDesImp)(_src, dDesSel, address, type, &_cursor, nil);
return;
on the sparc64, address is 1, on the i386, address is 0.
Then again, stepping into (*_dDesImp)(_src, dDesSel, address, type, &_cursor,
nil);
(gdb)
907 (*_dDesImp)(_src, dDesSel, address, type, &_cursor, nil);
(gdb) s
-[NSDataStatic deserializeDataAt:ofObjCType:atCursor:context:]
(self=0x20190a388, _cmd=0x202e2fe28, data=0xffffffffffff17f5, type=0x202c91730
"C", cursor=0x20b12d0b0,
callback=0x0) at NSData.m:2579
2579 {
(gdb)
...
(gdb) n
2699 getBytes(data, bytes, sizeof(unsigned char), length, cursor);
(gdb) list
2694 return;
2695 }
2696 case _C_CHR:
2697 case _C_UCHR:
2698 {
2699 getBytes(data, bytes, sizeof(unsigned char), length, cursor);
2700 return;
2701 }
2702 case _C_SHT:
2703 case _C_USHT:
there stepping into: getBytes(data, bytes, sizeof(unsigned char), length,
cursor);
also on the sparc64:
(gdb) s
getBytes (dst=0xffffffffffff17f5, src=0x20b12d500, len=1, limit=252,
pos=0x20b12d0b0) at NSData.m:2565
2565 if (*pos > limit || len > limit || len+*pos > limit)
(gdb) list
2560 }
2561
2562 static inline void
2563 getBytes(void* dst, void* src, unsigned len, unsigned limit, unsigned
*pos)
2564 {
2565 if (*pos > limit || len > limit || len+*pos > limit)
2566 {
2567 [NSException raise: NSRangeException
2568 format: @"Range: (%u, %u) Size: %d",
2569 *pos, len, limit];
(gdb) print *pos
$8 = 60
(gdb) print limit
$9 = 252
(gdb) print len
$10 = 1
(gdb) print len+*pos
$11 = 61
(gdb) n
2571 memcpy(dst, src + *pos, len);
(gdb) print dst
$12 = (void *) 0xffffffffffff17f5
(gdb) print src
$13 = (void *) 0x20b12d500
(gdb) print (char *)src
$14 = 0x20b12d500 "GNUstep DO archive00000000:00000000:00000000:00000000:%"
(gdb) print (char *)src+*pos
$15 = 0x20b12d53c "\0010\0011\001" <------ on i386, this is
an empty string ""
(gdb) n
2572 *pos += len;
(gdb) print dst
$19 = (void *) 0xffffffffffff17f5
(gdb) print (char *)dst
$20 = 0xffffffffffff17f5 "\001\001" <------ on i386, this is
just ""
I hope someone knows what's going on here, and why its different on i386, and
on sparc64.
Sebastian