Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access null pointer and core dumped when call proc object #55

Closed
kirikak2 opened this Issue Jul 22, 2018 · 7 comments

Comments

Projects
None yet
2 participants
@kirikak2
Copy link

kirikak2 commented Jul 22, 2018

Environment

  • mruby/c (from lastest master branch)

Detail

I met core dumped when execute these mruby code.

100.times{|i| Arduino.analog_write(4, i * 100) }

Output

Exception (28):
epc1=0x402071c7 epc2=0x00000000 epc3=0x00000000 excvaddr=0x0000000c depc=0x00000000

ctx: cont
sp: 3fff97e0 end: 3fff9e00 offset: 01a0

>>>stack>>>
3fff9980:  3fff45d4 00000000 3fff463c 402071c2
3fff9990:  feefeffe feefeffe feefeffe feefeffe
3fff99a0:  72293328 20736765 7830203d 66666633
3fff99b0:  63303634 6d76202c 63703e2d 6572695f
3fff99c0:  203d2070 66000a30 38356666 000a3831
...
...

I set to output debug info, and watch serial console, and got these info.
I tracked RiteVM code, and I found a point which proc->irep is NULL when op_stop called.

I doubt these points.

  • Is it correct that vm->current_regs no changed at op_abort called?
  • It seems to not propery to restore regs from callstack in op_return.
pc_irep= 0x3fff57d8 pc_irep->code = 0x3fff0b90 pc= 0 current_regs= 0x3fff45ec code = 12595587 reg->proc->irep = 0 opcode = 0x3, A = 0, sBx = 64, Bx = 8063
pc_irep= 0x3fff57d8 pc_irep->code = 0x3fff0b90 pc= 1 current_regs= 0x3fff45ec code = 16777536 reg->proc->irep = 0 opcode = 0x40, A = 0, sBx = ffff8003, Bx = 2
proc->irep = 0x3fff5818 vm->pc_irep->reps[rb] = 0x3fff5818 ra = 2, rb = 0
pc_irep= 0x3fff57d8 pc_irep->code = 0x3fff0b90 pc= 2 current_regs= 0x3fff45ec code = 8388641 reg->proc->irep = 0 opcode = 0x21, A = 4, sBx = ffff8001, Bx = 0

pc_irep= 0x3fff9af0 pc_irep->code = 0x3fff9b0c pc= 0 current_regs= 0x3fff460c code = 35 reg->proc->irep = 0x3fff5818 opcode = 0x23, A = 21, sBx = ffff8001, Bx = 0
(3)regs = 0x3fff460c, vm->pc_irep = 0x3fff5818
pc_irep= 0x3fff5818 pc_irep->code = 0x3fff0bc0 pc= 0 current_regs= 0x3fff460c code = 33554470 reg->proc->irep = 0x3fff5818 opcode = 0x26, A = 0, sBx = ffff8001, Bx = 0
pc_irep= 0x3fff5818 pc_irep->code = 0x3fff0bc0 pc= 1 current_regs= 0x3fff460c code = 25165841 reg->proc->irep = 0x3fff5818 opcode = 0x11, A = 0, sBx = ffff8001, Bx = 0
pc_irep= 0x3fff5818 pc_irep->code = 0x3fff0bc0 pc= 2 current_regs= 0x3fff460c code = 37749123 reg->proc->irep = 0x3fff5818 opcode = 0x3, A = 0, sBx = 4, Bx =
8003
pc_irep= 0x3fff5818 pc_irep->code = 0x3fff0bc0 pc= 3 current_regs= 0x3fff460c code = 41959425 reg->proc->irep = 0x3fff5818 opcode = 0x1, A = 0, sBx = ffff8081, Bx = 80
pc_irep= 0x3fff5818 pc_irep->code = 0x3fff0bc0 pc= 4 current_regs= 0x3fff460c code = 54527107 reg->proc->irep = 0x3fff5818 opcode = 0x3, A = 0, sBx = a, Bx =
8009
pc_irep= 0x3fff5818 pc_irep->code = 0x3fff0bc0 pc= 5 current_regs= 0x3fff460c code = 41975984 reg->proc->irep = 0x3fff5818 opcode = 0x30, A = 4, sBx = ffff8102, Bx = 101
pc_irep= 0x3fff5818 pc_irep->code = 0x3fff0bc0 pc= 6 current_regs= 0x3fff460c code = 25182496 reg->proc->irep = 0x3fff5818 opcode = 0x20, A = 7, sBx = ffff8083, Bx = 82
pc_irep= 0x3fff5818 pc_irep->code = 0x3fff0bc0 pc= 7 current_regs= 0x3fff460c code = 25165865 reg->proc->irep = 0x3fff5818 opcode = 0x29, A = 3, sBx = ffff8001, Bx = 0
(4)vm->pc_irep = 0x3fff9af0
pc_irep= 0x3fff9af0 pc_irep->code = 0x3fff9b0c pc= 1 current_regs= 0x3fff460c code = 80 reg->proc->irep = 0 opcode = 0x50, A = 3, sBx = ffff8001, Bx = 0
pc_irep= 0x3fff9af0 pc_irep->code = 0x3fff9b0c pc= 0 current_regs= 0x3fff460c code = 35 reg->proc->irep = 0 opcode = 0x23, A = 3, sBx = ffff8001, Bx = 0
(3)regs = 0x3fff460c, vm->pc_irep = 0 # <---------access NULL pointer
pc_irep= 0
Exception (28):
epc1=0x402071c7 epc2=0x00000000 epc3=0x00000000 excvaddr=0x0000000c depc=0x00000000

ctx: cont
sp: 3fff97e0 end: 3fff9e00 offset: 01a0

>>>stack>>>
3fff9980:  3fff45d4 00000000 3fff463c 402071c2
3fff9990:  feefeffe feefeffe feefeffe feefeffe
3fff99a0:  72293328 20736765 7830203d 66666633
3fff99b0:  63303634 6d76202c 63703e2d 6572695f
3fff99c0:  203d2070 66000a30 38356666 000a3831
3fff99d0:  feefeffe feefeffe feefeffe feefeffe
3fff99e0:  feefeffe feefeffe feefeffe feefeffe
3fff99f0:  feefeffe feefeffe feefeffe feefeffe
3fff9a00:  00000005 00000000 00000020 40100eb6
3fff9a10:  3ffeaec5 401042bb 3ffee888 feefeffe
3fff9a20:  695f6370 3d706572 00203020 41202c33
3fff9a30:  33203d20 4273202c 203d2078 66666666
3fff9a40:  31303038 7842202c 30203d20 00000a20
3fff9a50:  ffffff00 3fff9b12 3fff9a80 00000100
3fff9a60:  7fffffff 3ffeb764 3ffeb764 3fff9ad0
3fff9a70:  40213538 3fff9b70 3fff9b12 4020f948
3fff9a80:  00000001 00886bcd 00002200 4000050c
3fff9a90:  3ffe8308 00000000 00000010 3ffeaaf7
3fff9aa0:  00000003 00000000 3fff5424 00000000
3fff9ab0:  3fff4bd4 00000023 00000000 ffff8001
3fff9ac0:  00000000 00000000 00000023 3fff460c
3fff9ad0:  00000000 ffffffff ffffffff 00000064
3fff9ae0:  00000001 3fff45fc 3fff45d4 402037cc
3fff9af0:  00000000 00020000 3fff0000 3fff9b0c
3fff9b00:  00000000 00000000 00000000 23000000
3fff9b10:  50000000 feef7878 feefeffe feefeffe
3fff9b20:  3fff461c feefeffe 00000000 00000004
3fff9b30:  00000004 00000000 00000064 01000000
3fff9b40:  00000000 3fff45fc 3fff45d4 40206f55
3fff9b50:  0000001c 3ffe8308 3fff9be0 00010000
3fff9b60:  3fff45d4 00000000 3fff45fc 40210194
3fff9b70:  3fff9cde 00000000 7fffffd1 ffff0208
3fff9b80:  3fff9cb0 7fffffff 3fff9c1f 4020f948
3fff9b90:  00000004 402213db 3ffef29c feefeffe
3fff9ba0:  3ffe8308 00000003 0000000a 3ffeaae6
3fff9bb0:  3fff9c23 0000002d 3fff9cdd 4020e480
3fff9bc0:  3ffeac3a 3ffeac3a 3fff585c 00010000
3fff9bd0:  3fff45d4 00000000 3fff8d08 4020d285
3fff9be0:  00000004 00000000 00000064 00000000
3fff9bf0:  00000010 3fff0baa 3fff45fc 4020d35c
3fff9c00:  ffff8001 00000000 3fff5844 00010000
3fff9c10:  3fff45d4 00000000 3fff45fc 4020752c
3fff9c20:  40103922 40224d3c 3ffef29c 00000012
3fff9c30:  636f7270 72693e2d 3d207065 33783020
3fff9c40:  35666666 20383138 3e2d6d76 695f6370
3fff9c50:  2d706572 7065723e 62725b73 203d205d
3fff9c60:  66337830 38356666 72203831 203d2061
3fff9c70:  72202c32 203d2062 3f000a30 402010b6
3fff9c80:  3fffc278 40101f80 3fff5810 40201416
3fff9c90:  3fff9ca0 0000003f 3ffe97b8 3fff9cd0
3fff9ca0:  3fff57d8 3fff45d4 00000000 40201559
3fff9cb0:  6f63706f 3d206564 32783020 41202c31
3fff9cc0:  34203d20 4273202c 203d2078 66666666
3fff9cd0:  31303038 7842202c 30203d20 40000a20
3fff9ce0:  00000000 3fff45d4 00000000 3fff9d10
3fff9cf0:  3fff57d8 3fff45d4 00000000 3fff9d10
3fff9d00:  3fff57d8 3fff45d4 00000000 40206521
3fff9d10:  4023c69a 3fff9d50 3fff5804 4023c6b1
3fff9d20:  3fffb09c 0028bf8d 3ffea881 4020e480
3fff9d30:  40104b0a 3fff0158 0028bf8d 0000008f
3fff9d40:  3fff4bd4 00000021 00000001 ffff8001
3fff9d50:  00000000 00000010 00800021 3fff45ec
3fff9d60:  3fff0c24 000000c4 4020d9d4 000000c4
3fff9d70:  3fff0b58 3fff8d08 3fff0b54 4020a3a7
3fff9d80:  3fff0b5c 000000c4 00000000 4020a4a9
3fff9d90:  3fffa91c 0000000f 00000000 c40001ff
3fff9da0:  00000000 3fffb0cc 0000000a 3fff8dcc
3fff9db0:  3fffdad0 00000000 3fff8dc5 4020a53e
3fff9dc0:  40106d68 00000000 000003e8 4020a32c
3fff9dd0:  00000000 3fffb0cc 00000001 4020d9f5
3fff9de0:  3fffdad0 00000000 3fff8dc5 4020da20
3fff9df0:  feefeffe feefeffe 3fff8de0 40100700
<<<stack<<<

Please tell me if there is someone good idea.
Thanks.

@kishima

This comment has been minimized.

Copy link
Contributor

kishima commented Jul 24, 2018

In my investigation, the reason of this behavior is that the result of a block passed from times method overwrites register[0] during the loop procedure.
I could confirm this on PC condition as well. Fixnum "0" overwrites register[0] which holds an irep in following example. In next loop, VM is trying to do like 0.call, and then gets an exception.

10.times{|x|
        puts x
        0
}

I'm preparing a proposal of fix of this issue.

@kishima

This comment has been minimized.

Copy link
Contributor

kishima commented Jul 24, 2018

Maybe new mrblib implementation solve this issue??

@kishima

This comment has been minimized.

Copy link
Contributor

kishima commented Jul 24, 2018

Following commit is my temporary workaround.
kishima/mrubyc_for_ESP32_Arduino@23d318e

@kishima

This comment has been minimized.

Copy link
Contributor

kishima commented Jul 25, 2018

Latest version replaces "times" method with mrblib. I have confirmed that this could solve this issue on my PC environment.
I will also check it on ESP32 later.

@kirikak2

This comment has been minimized.

Copy link
Author

kirikak2 commented Jul 25, 2018

Thanks for your response.
I tried apply your patch. It seem to work fine.

@kishima

This comment has been minimized.

Copy link
Contributor

kishima commented Aug 9, 2018

I have confirmed this issue is solved in latest version with ESP32 environment as well. I guess this issue can be closed.

@kirikak2

This comment has been minimized.

Copy link
Author

kirikak2 commented Oct 8, 2018

Thanks @kishima

@kirikak2 kirikak2 closed this Oct 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.