Stack corruption(?) related to introspection on 32-bit.

[brendandowling]

I discovered this as I was examining the environment to see if v7 would be usable for a project I am working on.

The example program here is to iterate over objects recursively and print out information on them. It behaves differently on 32-bit and 64-bit.

FYI, initially I discovered this on 32-bit ARM, but it also appears on i386.

function printobj(objname, object, indent) 
{
    var __ind = "";
    for (var __i=0; __i < indent; ++__i) {
        __ind = __ind + "  ";
    }

    for (name in object) {
                var val = object[name];
                var oname = name;

            if (name != undefined && val != undefined && typeof val === "object" &&  name != "global") {
                    print(__ind + name + " = {" );
                printobj(name, val, indent+1);
                    print(__ind + "}  // " + oname);
            } else if (name != "global")  {
                    print(__ind + name + " : " + val + " : " + typeof val );
                }
    }
}

printobj("this", this, 0);

I apologize for my crappy Javascript code and ignorance of how to test if something is undefined or not.

On a 32-bit machine, the output is as follows:

"printobj : [function printobj(objname,object,indent){var __ind,__i,val,oname}] : function"
"Function : cfunc_0x80683cb : function"
"JSO = {"
"}  // JSON"
"Number = {"
"}  // Number"
"String : cfunc_0x804de65 : function"
"Mat = {"
"  SQRT2 : 1.41421 : number"
"  SQRT1_2 : 0.707107 : number"
"  LOG10E : 0.434294 : number"
"  LOG2E : 1.4427 : number"
"  LN10 : 2.30259 : number"
"  L : 0.693147 : number"
"  P : 3.14159 : number"
"  E : 2.71828 : number"
"  t : cfunc_0x804d6c5 : function"
"  sqrt : cfunc_0x804d684 : function"
"  s : cfunc_0x804d643 : function"
"  round : cfunc_0x804d602 : function"
"  random : cfunc_0x804d706 : function"
"  p : cfunc_0x804d5c1 : function"
"  m : cfunc_0x804d827 : function"
"  m : cfunc_0x804d868 : function"
"  l : cfunc_0x804d580 : function"
"  floor : cfunc_0x804d53f : function"
"  e : cfunc_0x804d4fe : function"
"  c : cfunc_0x804d4bd : function"
"  ceil : cfunc_0x804d47c : function"
"  atan2 : cfunc_0x804d43b : function"
"  atan : cfunc_0x804d3fa : function"
"  asin : cfunc_0x804d3b9 : function"
"  acos : cfunc_0x804d378 : function"
"  a : cfunc_0x804d337 : function"
"}  // Math"
"Boolean : cfunc_0x804cdaa : function"
"RangeError : [function RangeError(m)] : function"
"InternalError : [function InternalError(m)] : function"
"ReferenceError : [function ReferenceError(m)] : function"
"SyntaxError : [function SyntaxError(m)] : function"
"TypeError : [function TypeError(m)] : function"
"Err : [function Error(m)] : function"
"Arr : cfunc_0x804aff3 : function"
"Object : [function Object(v)] : function"
"Infinity : Infinity : number"
"Fil = {"
"  write : cfunc_0x806926d : function"
"  read : cfunc_0x8069102 : function"
"  close : cfunc_0x8069387 : function"
"  open : cfunc_0x806941c : function"
"}  // File"
"loa : cfunc_0x806905f : function"
"base64_decode : cfunc_0x8068fad : function"
"base64_encode : cfunc_0x8069006 : function"
"exi : cfunc_0x8068b2e : function"
"eva : cfunc_0x80689c9 : function"
"pri : cfunc_0x8068880 : function"
undefined

Notice how the names start to lose the last letters of their names. e.g., "JSO" instead of "JSON". I would think it was just the last letter, but the last one, "print", has become just "pri".

On a 64-bit machine, however, the output is correct.

"printobj : [function printobj(objname,object,indent){var __ind,__i,val,oname}] : function"
"Function : cfunc_0x41f34e : function"
"JSON = {"
"}  // JSON"
"Number = {"
"}  // Number"
"String : cfunc_0x406007 : function"
"Math = {"
"  SQRT2 : 1.41421 : number"
"  SQRT1_2 : 0.707107 : number"
"  LOG10E : 0.434294 : number"
"  LOG2E : 1.4427 : number"
"  LN10 : 2.30259 : number"
"  LN2 : 0.693147 : number"
"  PI : 3.14159 : number"
"  E : 2.71828 : number"
"  tan : cfunc_0x405a20 : function"
"  sqrt : cfunc_0x4059f2 : function"
"  sin : cfunc_0x4059c4 : function"
"  round : cfunc_0x405996 : function"
"  random : cfunc_0x405a4e : function"
"  pow : cfunc_0x405968 : function"
"  min : cfunc_0x405b72 : function"
"  max : cfunc_0x405ba0 : function"
"  log : cfunc_0x40593a : function"
"  floor : cfunc_0x40590c : function"
"  exp : cfunc_0x4058de : function"
"  cos : cfunc_0x4058b0 : function"
"  ceil : cfunc_0x405882 : function"
"  atan2 : cfunc_0x405854 : function"
"  atan : cfunc_0x405826 : function"
"  asin : cfunc_0x4057f8 : function"
"  acos : cfunc_0x4057ca : function"
"  abs : cfunc_0x40579c : function"
"}  // Math"
"Boolean : cfunc_0x405327 : function"
"RangeError : [function RangeError(m)] : function"
"InternalError : [function InternalError(m)] : function"
"ReferenceError : [function ReferenceError(m)] : function"
"SyntaxError : [function SyntaxError(m)] : function"
"TypeError : [function TypeError(m)] : function"
"Error : [function Error(m)] : function"
"Array : cfunc_0x403ab1 : function"
"Object : [function Object(v)] : function"
"Infinity : Infinity : number"
"File = {"
"  write : cfunc_0x4202e7 : function"
"  read : cfunc_0x4201d9 : function"
"  close : cfunc_0x4203ce : function"
"  open : cfunc_0x42042c : function"
"}  // File"
"load : cfunc_0x420158 : function"
"base64_decode : cfunc_0x4200da : function"
"base64_encode : cfunc_0x420119 : function"
"exit : cfunc_0x41fa07 : function"
"eval : cfunc_0x41f8b1 : function"
"print : cfunc_0x41f78e : function"
undefined

Here it seems more like what you would expect. Names are not corrupted.

[cpq]

Thanks Brendan.
I thought that problem was fixed by ad5c993
Name truncation was due to pointer conversion in return v7_pointer_to_value((void *) offset) | tag; call in vm.c - but apparently it still happens.

I've just tried MSVC6 build and definitely see the same output.
Looking.

[brendandowling]

Hi Sergey,

Thanks for the quick reply. Yes, I did a git pull from github about 10
minutes or so before I submitted the report, so it was up to date at that
time. .

Thanks,

Brendan Dowling

On Sat, Feb 28, 2015 at 11:37 PM, Sergey Lyubka notifications@github.com
wrote:

Thanks Brendan.
I thought that problem was fixed by ad5c993
ad5c993
Name truncation was due to pointer conversion in return
v7_pointer_to_value((void *) offset) | tag; call in vm.c - but apparently
it still happens. Note that 32-bit MSVC6 build did manifest the problem
you're talking about, but not anymore.
To clarify, are you using the latest code?

—
Reply to this email directly or view it on GitHub
#311 (comment).

[cpq]

PR #312 fixes the issue.

[cpq]

Out of curiosity, what project you'd like to use V7 in ?

[brendandowling]

Hi, Sergey. Thanks, that worked. Am I correct that this string corruption
was related to strings of length <= 5 that were packed into val_t's?

My project is an embedded arm-linux system that needs some automation
language for configuration and operational scripts. My go-to languages for
that have been Lua and Tcl, but I came across your library and wanted to
try it out. It looks promising.

Thanks,

Brendan

[cpq]

Correct about strings of length <= 5.
Thanks for the info on your project.
We target V7 for exactly those needs you've described. Also we plan to export certain API into JavaScript (like File API, device API, network API, etc) and make nodejs-like environment for embedded systems.