[Mono-bugs] [Bug 41525][Nor] Changed - Mini crashes using ASP.NET
bugzilla-daemon@rocky.ximian.com
bugzilla-daemon@rocky.ximian.com
Fri, 18 Apr 2003 12:59:27 -0400 (EDT)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by ramon_garcia_f@terra.es.
http://bugzilla.ximian.com/show_bug.cgi?id=41525
--- shadow/41525 Fri Apr 18 09:28:57 2003
+++ shadow/41525.tmp.14740 Fri Apr 18 12:59:27 2003
@@ -214,6 +214,232 @@
------- Additional Comments From ramon_garcia_f@terra.es 2003-04-18 09:28 -------
The function that is miscompilled is
System.Web.Caching.ExpiresBucket::FlushExpiredItems
+
+------- Additional Comments From ramon_garcia_f@terra.es 2003-04-18 12:59 -------
+Sorry, a part of my diagnostic was wrong.
+
+Looking at the disassembly listing shows that the code correctly
+pushes three arguments in the stack (before 0x84fc26e). However, there
+is a branch not shown (probably related to exception handling) that
+jumps to a place of the code after the instruction that pushes the
+first argument. Thus this instruction is not executed, and this
+argument is not correct. I am placing the full disassembly again,
+because every execution of mini generates different addresses.
+
+0x8472544: push %ebp
+0x8472545: mov %esp,%ebp
+0x8472547: push %edi
+0x8472548: sub $0xbc,%esp
+0x847254e: push %ebp
+0x847254f: push $0x842c750
+0x8472554: call 0x4006ce1a <enter_method>
+0x8472559: add $0x8,%esp
+0x847255c: movl $0x0,0xffffffd8(%ebp)
+0x8472563: movl $0x0,0xffffffd4(%ebp)
+0x847256a: movl $0x0,0xffffffd0(%ebp)
+0x8472571: push $0x18
+0x8472576: mov %ebp,%eax
+0x8472578: add $0xffffffb8,%eax
+0x847257d: push %eax
+0x847257e: call 0x400302a0 <helper_initobj>
+0x8472583: add $0x8,%esp
+(ignore the int3, it is a breakpoint placed mini --break)
+0x8472586: int3
+0x8472587: mov %ebp,%eax
+0x8472589: add $0xffffff90,%eax
+0x847258e: push %eax
+0x847258f: call 0x82529f4
+0x8472594: add $0x4,%esp
+0x8472597: push $0x8
+0x847259c: mov %ebp,%eax
+0x847259e: add $0xffffff90,%eax
+0x84725a3: push %eax
+0x84725a4: mov %ebp,%eax
+0x84725a6: add $0xffffffa0,%eax
+0x84725ab: push %eax
+0x84725ac: call 0x400302d0 <helper_memcpy>
+0x84725b1: add $0xc,%esp
+0x84725b4: mov %ebp,%eax
+0x84725b6: add $0xffffffa0,%eax
+0x84725bb: push %eax
+0x84725bc: call 0x8253014
+0x84725c1: add $0x4,%esp
+0x84725c4: mov %edx,%ecx
+0x84725c6: mov %eax,0xffffff40(%ebp)
+0x84725cc: mov %ecx,0xffffff8c(%ebp)
+0x84725cf: mov %eax,0xffffff88(%ebp)
+0x84725d2: mov 0xffffff8c(%ebp),%ecx
+0x84725d5: mov %ecx,0xffffffb4(%ebp)
+0x84725d8: mov %eax,0xffffffb0(%ebp)
+0x84725db: movl $0x0,0xffffffd0(%ebp)
+0x84725e2: push $0x0
+0x84725e7: mov 0x8(%ebp),%eax
+0x84725ea: mov 0x20(%eax),%eax
+0x84725ed: push %eax
+0x84725ee: cmpl $0x0,(%eax)
+0x84725f1: call 0x8472b04
+0x84725f6: add $0x8,%esp
+0x84725f9: mov 0x8(%ebp),%eax
+0x84725fc: pushl 0xc(%eax)
+0x84725ff: push $0x8426570
+0x8472604: push $0x824a680
+0x8472609: call 0x400913a6 <mono_array_new>
+0x847260e: add $0xc,%esp
+0x8472611: mov %eax,0xffffff48(%ebp)
+0x8472617: mov %eax,0xffffffd8(%ebp)
+0x847261a: movl $0x0,0xffffffd4(%ebp)
+0x8472621: push $0x18
+0x8472626: mov 0x8(%ebp),%eax
+0x8472629: mov 0x1c(%eax),%ecx
+0x847262c: mov 0xffffffd4(%ebp),%eax
+0x847262f: mov 0xc(%ecx),%edx
+0x8472632: cmp %eax,%edx
+0x8472634: jbe 0x84728b3
+0x847263a: imul $0x18,%eax,%eax
+0x847263d: add %ecx,%eax
+0x847263f: add $0x10,%eax
+0x8472644: push %eax
+0x8472645: mov %ebp,%eax
+0x8472647: add $0xffffff70,%eax
+0x847264c: push %eax
+0x847264d: call 0x400302d0 <helper_memcpy>
+0x8472652: add $0xc,%esp
+0x8472655: push $0x18
+0x847265a: mov %ebp,%eax
+0x847265c: add $0xffffff70,%eax
+0x8472661: push %eax
+0x8472662: mov %ebp,%eax
+0x8472664: add $0xffffffb8,%eax
+0x8472669: push %eax
+0x847266a: call 0x400302d0 <helper_memcpy>
+0x847266f: add $0xc,%esp
+0x8472672: mov 0xffffffb8(%ebp),%eax
+0x8472675: test %eax,%eax
+0x8472677: je 0x84727c5
+0x847267d: mov 0xffffffc0(%ebp),%eax
+0x8472680: mov %eax,0xffffff40(%ebp)
+0x8472686: mov 0xffffffc4(%ebp),%edx
+0x8472689: mov 0xffffffb0(%ebp),%ecx
+0x847268c: mov 0xffffffb4(%ebp),%eax
+0x847268f: cmp %eax,%edx
+0x8472691: mov 0xffffff40(%ebp),%eax
+0x8472697: jg 0x84727c5
+0x847269d: jne 0x84726ab
+0x84726a3: cmp %ecx,%eax
+0x84726a5: jae 0x84727c5
+0x84726ab: push $0x0
+0x84726b0: mov 0x8(%ebp),%eax
+0x84726b3: mov 0x20(%eax),%eax
+0x84726b6: mov %ebp,%ecx
+0x84726b8: add $0xffffff6f,%ecx
+0x84726be: push %eax
+0x84726bf: push %ecx
+0x84726c0: cmpl $0x0,(%eax)
+0x84726c3: call 0x84280b8
+0x84726c8: add $0xc,%esp
+0x84726cb: push $0x1
+0x84726d0: mov %ebp,%eax
+0x84726d2: add $0xffffff6f,%eax
+0x84726d7: push %eax
+0x84726d8: mov %ebp,%eax
+0x84726da: add $0xffffffaf,%eax
+0x84726df: push %eax
+0x84726e0: call 0x400302d0 <helper_memcpy>
+0x84726e5: add $0xc,%esp
+0x84726e8: pushl 0xffffffd4(%ebp)
+0x84726eb: mov 0x8(%ebp),%eax
+0x84726ee: mov 0x24(%eax),%eax
+0x84726f1: push %eax
+0x84726f2: cmpl $0x0,(%eax)
+0x84726f5: call 0x842c260
+0x84726fa: add $0x8,%esp
+0x84726fd: mov %eax,%edi
+0x84726ff: mov 0xffffffd8(%ebp),%eax
+0x8472702: mov %eax,0xffffff68(%ebp)
+0x8472708: mov 0xffffffd0(%ebp),%edi
+0x847270b: mov %edi,%eax
+0x847270d: add $0x1,%eax
+0x8472712: mov %eax,0xffffff9c(%ebp)
+0x8472715: mov 0xffffff68(%ebp),%eax
+0x847271b: mov %eax,0xffffff64(%ebp)
+0x8472721: mov %edi,0xffffff60(%ebp)
+0x8472727: mov 0xffffff9c(%ebp),%eax
+0x847272a: mov %eax,0xffffffd0(%ebp)
+0x847272d: mov 0xffffff64(%ebp),%eax
+0x8472733: mov 0xffffff60(%ebp),%ecx
+0x8472739: mov 0xc(%eax),%edx
+0x847273c: cmp %ecx,%edx
+0x847273e: jbe 0x84728a4
+0x8472744: lea 0x10(%eax,%ecx,4),%eax
+0x8472748: mov 0xffffffb8(%ebp),%ecx
+0x847274b: mov %ecx,(%eax)
+0x847274d: mov 0xffffffb8(%ebp),%eax
+0x8472750: mov %eax,0xffffff5c(%ebp)
+0x8472756: mov $0x846a3cc,%eax
+0x847275b: movzbl (%eax),%eax
+0x847275e: push %eax
+0x847275f: mov 0xffffff5c(%ebp),%eax
+0x8472765: push %eax
+0x8472766: cmpl $0x0,(%eax)
+0x8472769: call 0x84736e0
+0x847276e: add $0x8,%esp
+0x8472771: mov 0xffffffb8(%ebp),%eax
+0x8472774: mov %eax,0xffffff58(%ebp)
+0x847277a: mov $0x846a3d0,%eax
+0x847277f: pushl (%eax)
+0x8472781: mov 0xffffff58(%ebp),%eax
+0x8472787: push %eax
+0x8472788: cmpl $0x0,(%eax)
+0x847278b: call 0x8473710
+0x8472790: add $0x8,%esp
+0x8472793: movl $0x0,0xffffffb8(%ebp)
+0x847279a: mov %esp,0xffffffdc(%ebp)
+0x847279d: call 0x84727a4
+0x84727a2: jmp 0x84727c5
+0x84727a4: mov %ebp,%eax
+0x84727a6: add $0xffffffaf,%eax
+0x84727ab: push %eax
+0x84727ac: mov 0x8(%ebp),%eax
+0x84727af: mov 0x20(%eax),%eax
+0x84727b2: push %eax
+0x84727b3: cmpl $0x0,(%eax)
+0x84727b6: call 0x8429430
+0x84727bb: add $0x8,%esp
+0x84727be: mov 0xffffffdc(%ebp),%esp
+0x84727c1: sub $0x4,%esp
+0x84727c4: ret
+0x84727c5: mov 0xffffffd4(%ebp),%eax
+0x84727c8: add $0x1,%eax
+0x84727cd: mov %eax,%edi
+0x84727cf: mov %edi,0xffffffd4(%ebp)
+0x84727d2: mov 0x8(%ebp),%eax
+0x84727d5: mov 0xc(%eax),%eax
+0x84727d8: cmp %eax,0xffffffd4(%ebp)
+0x84727db: jl 0x8472626
+0x84727e1: mov %esp,0xffffffdc(%ebp)
+0x84727e4: call 0x84727eb
+0x84727e9: jmp 0x8472804
+0x84727eb: mov 0x8(%ebp),%eax
+0x84727ee: mov 0x20(%eax),%eax
+0x84727f1: push %eax
+0x84727f2: cmpl $0x0,(%eax)
+0x84727f5: call 0x8428070
+0x84727fa: add $0x4,%esp
+0x84727fd: mov 0xffffffdc(%ebp),%esp
+0x8472800: sub $0x4,%esp
+
+The wrong instruction is at 0x84727db:
+
+jl 0x8472626
+
+It should be
+
+jl 0x8472621
+
+The wrong jump skips the instruction "push $0x18" and thus
+one element of the stack is missing.
+
+I hope the diagnostic is more complete now.