[Mono-bugs] [Bug 78969][Nor] Changed - Windows, unconfirmed: Accessing an at least 3 dimensional array about 130000 times causes a StackOverflowException
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Wed Aug 2 09:18:45 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by moritz.kroll at gmx.de.
http://bugzilla.ximian.com/show_bug.cgi?id=78969
--- shadow/78969 2006-08-01 12:05:39.000000000 -0400
+++ shadow/78969.tmp.27380 2006-08-02 09:18:45.000000000 -0400
@@ -68,6 +68,93 @@
------- Additional Comments From alan.mcgovern at gmail.com 2006-08-01 12:05 -------
Just tested it on my machine, same problem. The more dimensions, the
faster it dies. 8 dimensions dies after 56000 accesses.
Tested on windows 2000 SP4.
+
+------- Additional Comments From Moritz.Kroll at gmx.de 2006-08-02 09:18 -------
+Here's the disassembled x86 code of the related functions Main and
+the function called by Main to calculate the array offset:
+
+Main():
+
+0x013c1b18: push %ebp
+0x013c1b19: mov %esp,%ebp
+0x013c1b1b: push %ebx
+0x013c1b1c: push %edi
+0x013c1b1d: push %esi
+0x013c1b1e: xor %edi,%edi
+0x013c1b20: xor %esi,%esi
+0x013c1b22: push $0x1
+0x013c1b24: push $0x1
+0x013c1b26: push $0x1
+0x013c1b28: push $0x130af08
+0x013c1b2d: call 0x13c1b78
+0x013c1b32: mov %eax,%ebx
+0x013c1b34: mov %ebx,%edi
+0x013c1b36: xor %esi,%esi
+0x013c1b38: jmp 0x13c1b55
+0x013c1b3a: lea 0x0(%ebp),%ebp
+0x013c1b40: push $0x0
+0x013c1b42: push $0x0
+0x013c1b44: push $0x0
+0x013c1b46: push %edi
+0x013c1b47: call 0x13c1ca8
+0x013c1b4c: mov %eax,%ebx
+0x013c1b4e: movl $0x0,(%ebx)
+0x013c1b54: inc %esi
+0x013c1b55: cmp $0x30d40,%esi
+0x013c1b5b: jl 0x13c1b40
+0x013c1b5d: lea 0xfffffff4(%ebp),%esp
+0x013c1b60: pop %esi
+0x013c1b61: pop %edi
+0x013c1b62: pop %ebx
+0x013c1b63: leave
+0x013c1b64: ret
+
+Dump of assembler code from 0x13c1ca8 to 0x13c1d07:
+0x013c1ca8: push %ebp
+0x013c1ca9: mov %esp,%ebp
+0x013c1cab: push $0x13c1cac
+0x013c1cb0: push %ebp
+0x013c1cb1: push %esi
+0x013c1cb2: push %edi
+0x013c1cb3: push %ebx
+0x013c1cb4: push $0x1303008
+0x013c1cb9: mov %fs:0x18,%eax
+0x013c1cc0: andl $0x0,0x34(%eax)
+0x013c1cc4: mov 0xe38(%eax),%eax
+0x013c1cca: add $0x8,%eax
+0x013c1ccf: push %eax
+0x013c1cd0: pushl (%eax)
+0x013c1cd2: mov %esp,(%eax)
+0x013c1cd4: mov 0xc(%ebp),%ebx
+0x013c1cd7: pushl 0x14(%ebp)
+0x013c1cda: pushl 0x10(%ebp)
+0x013c1cdd: push %ebx
+0x013c1cde: pushl 0x8(%ebp)
+0x013c1ce1: call 0x100283d0 <ves_array_element_address>
+0x013c1ce6: mov %eax,%ebx
+0x013c1ce8: cmpl $0x0,0x1015fb60
+0x013c1cef: jne 0x13c1d00
+0x013c1cf1: mov %ebx,%eax
+0x013c1cf3: mov 0xffffffe0(%ebp),%edx
+0x013c1cf6: mov 0xffffffe4(%ebp),%ecx
+0x013c1cf9: mov %edx,(%ecx)
+0x013c1cfb: mov 0xffffffec(%ebp),%ebx
+0x013c1cfe: leave
+0x013c1cff: ret
+0x013c1d00: call 0x13c1b68
+0x013c1d05: jmp 0x13c1cf1
+
+
+As you can see, the function at 0x013c1ca8 called by Main in
+0x013c1b47 takes four parameters on stack which are neither freed by
+the function at 0x013c1ca8 nor by Main. That's where the 16 bytes
+stack loss per iteration comes from. There is no stack problem inside
+the function at 0x013c1ca8 (say esp at 0x013c1ca8 is equal to esp at
+0x013c1cff).
+
+This was created using a self-compiled version of Mono-1.1.16.1
+(using Cygwin... was quite a pain.... damn WinRar...) on Windows 2000
+SP4 and an AMD Sempron 2200+.
More information about the mono-bugs
mailing list