[Mono-bugs] [Bug 78969][Nor] Changed - Windows, unconfirmed: Accessing an at least 3 dimensional array about 130000 times causes a StackOverflowException

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Aug 2 09:18:45 EDT 2006 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by moritz.kroll at gmx.de.

http://bugzilla.ximian.com/show_bug.cgi?id=78969

--- shadow/78969	2006-08-01 12:05:39.000000000 -0400
+++ shadow/78969.tmp.27380	2006-08-02 09:18:45.000000000 -0400
@@ -68,6 +68,93 @@
 
 ------- Additional Comments From alan.mcgovern at gmail.com  2006-08-01 12:05 -------
 Just tested it on my machine, same problem. The more dimensions, the
 faster it dies. 8 dimensions dies after 56000 accesses.
 
 Tested on windows 2000 SP4.
+
+------- Additional Comments From Moritz.Kroll at gmx.de  2006-08-02 09:18 -------
+Here's the disassembled x86 code of the related functions Main and 
+the function called by Main to calculate the array offset:
+
+Main():
+
+0x013c1b18:     push   %ebp
+0x013c1b19:     mov    %esp,%ebp
+0x013c1b1b:     push   %ebx
+0x013c1b1c:     push   %edi
+0x013c1b1d:     push   %esi
+0x013c1b1e:     xor    %edi,%edi
+0x013c1b20:     xor    %esi,%esi
+0x013c1b22:     push   $0x1
+0x013c1b24:     push   $0x1
+0x013c1b26:     push   $0x1
+0x013c1b28:     push   $0x130af08
+0x013c1b2d:     call   0x13c1b78
+0x013c1b32:     mov    %eax,%ebx
+0x013c1b34:     mov    %ebx,%edi
+0x013c1b36:     xor    %esi,%esi
+0x013c1b38:     jmp    0x13c1b55
+0x013c1b3a:     lea    0x0(%ebp),%ebp
+0x013c1b40:     push   $0x0
+0x013c1b42:     push   $0x0
+0x013c1b44:     push   $0x0
+0x013c1b46:     push   %edi
+0x013c1b47:     call   0x13c1ca8
+0x013c1b4c:     mov    %eax,%ebx
+0x013c1b4e:     movl   $0x0,(%ebx)
+0x013c1b54:     inc    %esi
+0x013c1b55:     cmp    $0x30d40,%esi
+0x013c1b5b:     jl     0x13c1b40
+0x013c1b5d:     lea    0xfffffff4(%ebp),%esp
+0x013c1b60:     pop    %esi
+0x013c1b61:     pop    %edi
+0x013c1b62:     pop    %ebx
+0x013c1b63:     leave
+0x013c1b64:     ret
+
+Dump of assembler code from 0x13c1ca8 to 0x13c1d07:
+0x013c1ca8:     push   %ebp
+0x013c1ca9:     mov    %esp,%ebp
+0x013c1cab:     push   $0x13c1cac
+0x013c1cb0:     push   %ebp
+0x013c1cb1:     push   %esi
+0x013c1cb2:     push   %edi
+0x013c1cb3:     push   %ebx
+0x013c1cb4:     push   $0x1303008
+0x013c1cb9:     mov    %fs:0x18,%eax
+0x013c1cc0:     andl   $0x0,0x34(%eax)
+0x013c1cc4:     mov    0xe38(%eax),%eax
+0x013c1cca:     add    $0x8,%eax
+0x013c1ccf:     push   %eax
+0x013c1cd0:     pushl  (%eax)
+0x013c1cd2:     mov    %esp,(%eax)
+0x013c1cd4:     mov    0xc(%ebp),%ebx
+0x013c1cd7:     pushl  0x14(%ebp)
+0x013c1cda:     pushl  0x10(%ebp)
+0x013c1cdd:     push   %ebx
+0x013c1cde:     pushl  0x8(%ebp)
+0x013c1ce1:     call   0x100283d0 <ves_array_element_address>
+0x013c1ce6:     mov    %eax,%ebx
+0x013c1ce8:     cmpl   $0x0,0x1015fb60
+0x013c1cef:     jne    0x13c1d00
+0x013c1cf1:     mov    %ebx,%eax
+0x013c1cf3:     mov    0xffffffe0(%ebp),%edx
+0x013c1cf6:     mov    0xffffffe4(%ebp),%ecx
+0x013c1cf9:     mov    %edx,(%ecx)
+0x013c1cfb:     mov    0xffffffec(%ebp),%ebx
+0x013c1cfe:     leave
+0x013c1cff:     ret
+0x013c1d00:     call   0x13c1b68
+0x013c1d05:     jmp    0x13c1cf1
+
+
+As you can see, the function at 0x013c1ca8 called by Main in 
+0x013c1b47 takes four parameters on stack which are neither freed by 
+the function at 0x013c1ca8 nor by Main. That's where the 16 bytes 
+stack loss per iteration comes from. There is no stack problem inside 
+the function at 0x013c1ca8 (say esp at 0x013c1ca8 is equal to esp at 
+0x013c1cff).
+
+This was created using a self-compiled version of Mono-1.1.16.1 
+(using Cygwin... was quite a pain.... damn WinRar...) on Windows 2000 
+SP4 and an AMD Sempron 2200+.

More information about the mono-bugs mailing list