Discussion:
Strange crash
(too old to reply)
Alan Adams
2019-06-11 14:08:53 UTC
Permalink
Hi

I have as set of BASIC programs which communicate using TCP/IP. I am
unable to work out why it crashes here. It has already called the function
many times, and if I enable a logging function, which is not called during
this sequence, the problem goes away. The logging function writes to a
file in the RAM disc.

The function concerned has been called many times before the crash, and it
crashes while calling an SWI, Socket_Select.

The calling line is the FNselect below:

IF DEBUG%AND2048 THEN *report SCL: caller$: before FD_SETSIZE% ~readmask%
~writemask% ~!readmask% ~!writemask% ~!(readmask%+4) ~!(writemask%+4)
broadcast_s% server_s% poll_delay%
events%=FNselect(FD_SETSIZE%, readmask%, writemask%, NULL%, poll_delay%)
IF DEBUG%AND16384 THEN
*report SCL: caller$: after events% ~!readmask% ~!writemask%
~!(readmask%+4) ~!(writemask%+4)
A$= FNSL_serror
IF DEBUG%AND2048 THEN *report SCL: caller$: events% A$ ~!readmask%
~!writemask%
ENDIF

The called function is:

DEF FNselect(ndfs%, readfds%, writefds%, exceptfds%, timeval%)
LOCAL R%,V%
errno%=0
SYS "XSocket_Select",ndfs%,readfds%,writefds%,exceptfds%,timeval% TO
R%;V%
IF(V%ANDVflag%)=Vflag% THEN errno%=!R%:R%=SOCKET_ERROR%
IF errno%>error_base% THEN errno%-=error_base%
=R%

The crash occurs while executing the SYS call above:

The debug output is:

Trace @ 594
SCL: caller$="ServerLog": before FD_SETSIZE%=128 ~readmask%=&859E0
~writemask%=&85A08 ~!readmask%=&8000 ~!writemask%=&8000 ~!(readmask%+4)=&0
~!(writemask%+4)=&0 broadcast_s%=12 server_s%=15 poll_delay%=547264
Trace @ 595
Trace @ 416
Trace @ 417
14:42:05.53 ** Error **
Error : &80000002
Message: Internal error: abort on data transfer at &FC19D288
Trace @ 12

Reporter shows the following at a WHERE command:

Memory: Prog=14,113 Vars=328,360 Free=124,208 Stack=516 Undefined=0
Slot=460K
Address &FC19D288 in Module BASIC @ &FC199F4C + &333C
Register dump (at &20011C30) is:
pc = &FC19D288 Flags=&00000110=nzcv if Mode=User 32 bit
r0 = &3A494D25 : %MI: : 977882405
r1 = &3A494D25 : %MI: : 977882405
r2 = &00000067 : g... : 103
r3 = &00000075 : u... : 117
r4 = &0005A166 : f¡.. : 368998
r5 = &25004553 : SE.% : 620774739
r6 = &0005A16B : k¡.. : 369003
r7 = &FC1A3240 : @2.ü : 4229575232
r8 = &00008700 : ... : 34560
r9 = &00000005 : .... : 5
r10 = &00000072 : r... : 114
r11 = &0005A16B : k¡.. : 369003
r12 = &0005A14F : O¡.. : 368975
r13 = &0013CF68 : hÏ.. : 1298280
r14 = &FC1A32DC : Ü2.ü : 4229575388
Code around address is:
FC19D250 : Invalid address

Reporter 2.71s (21 Nov 2018) Listed 17180 lines

disassembly of the area shows:

*memoryi fc19d260 fc19d300
FC19D260 : .04à : E034300B : EORS R3,R4,R11
FC19D264 : 0... : 0A000030 : BEQ &FC19D32C
FC19D268 : .0Ôä : E4D43001 : LDRB R3,[R4],#1
FC19D26C : [.Zã : E35A005B : CMP R10,#&5B ; ="["
FC19D270 : %.S3 : 33530025 : CMPCC R3,#&25 ; ="%"
FC19D274 : <... : 0A00003C : BEQ &FC19D36C
FC19D278 : ..°á : E1B00001 : MOVS R0,R1
FC19D27C : C... : 0A000043 : BEQ &FC19D390
FC19D280 : ".°è : E8B00022 : LDMIA R0!,{R1,R5}
FC19D284 : eT á : E1A05465 : MOV R5,R5,ROR #8
FC19D288 : %.3á : E1330C25 : TEQ R3,R5,LSR #24
FC19D28C : ùÿÿ. : 1AFFFFF9 : BNE &FC19D278
FC19D290 : ..4á : E134000B : TEQ R4,R11
FC19D294 : .... : 0A00001C : BEQ &FC19D30C
FC19D298 : .` á : E1A06004 : MOV R6,R4
FC19D29C : eT á : E1A05465 : MOV R5,R5,ROR #8
FC19D2A0 : . Öä : E4D62001 : LDRB R2,[R6],#1
FC19D2A4 : %.2á : E1320C25 : TEQ R2,R5,LSR #24
FC19D2A8 : òÿÿ. : 1AFFFFF2 : BNE &FC19D278
FC19D2AC : ..6á : E136000B : TEQ R6,R11
FC19D2B0 : .... : 0A000014 : BEQ &FC19D308
FC19D2B4 : eT á : E1A05465 : MOV R5,R5,ROR #8
FC19D2B8 : . Öä : E4D62001 : LDRB R2,[R6],#1
FC19D2BC : %.2á : E1320C25 : TEQ R2,R5,LSR #24
FC19D2C0 : ìÿÿ. : 1AFFFFEC : BNE &FC19D278
FC19D2C4 : ..6á : E136000B : TEQ R6,R11
FC19D2C8 : .... : 0A00000D : BEQ &FC19D304
FC19D2CC : eT á : E1A05465 : MOV R5,R5,ROR #8
FC19D2D0 : . Öä : E4D62001 : LDRB R2,[R6],#1
FC19D2D4 : %.2á : E1320C25 : TEQ R2,R5,LSR #24
FC19D2D8 : æÿÿ. : 1AFFFFE6 : BNE &FC19D278
FC19D2DC : .Pä : E4905004 : LDR R5,[R0],#4
FC19D2E0 : ..6á : E136000B : TEQ R6,R11
FC19D2E4 : .... : 0A000009 : BEQ &FC19D310
FC19D2E8 : eT á : E1A05465 : MOV R5,R5,ROR #8
FC19D2EC : . Öä : E4D62001 : LDRB R2,[R6],#1
FC19D2F0 : %.2á : E1320C25 : TEQ R2,R5,LSR #24
FC19D2F4 : ßÿÿ. : 1AFFFFDF : BNE &FC19D278
FC19D2F8 : ..6á : E136000B : TEQ R6,R11
FC19D2FC : æÿÿ. : 1AFFFFE6 : BNE &FC19D29C
*
--
Alan Adams, from Northamptonshire
***@adamshome.org.uk
http://www.nckc.org.uk/
Coleman
2019-06-12 10:41:52 UTC
Permalink
Hi Alan, the reason why it crashes is because when it tries to execute the LDMIA R0!,{R1,R5} at FC19D280, the address in R0 is not word aligned.
But what R0 points to by that point I've no idea - the source code for that SWI is written in C.
Might be worth posting on the ROOL forums.
Martin
2019-06-12 11:39:12 UTC
Permalink
On 12 Jun in article
Post by Coleman
Hi Alan, the reason why it crashes is because when it tries to
execute the LDMIA R0!,{R1,R5} at FC19D280, the address in R0 is not
word aligned.
But what R0 points to by that point I've no idea - the source code
for that SWI is written in C.
Might be worth posting on the ROOL forums.
Alan gives no clues as to what version of RISC OS, BASIC or Internet
modules are being used, which might help.

Reporter should have shown the BASIC line number of the abort ...
although no line numbers are given for the code.

I am not sure if the Socket C code is relevant, as the abort seems to
be in the BASIC module, just after LOOKU1 label. This is involved in
looping round the BASIC variable chains.

r0 & r1 seem to contain "%MI:" which looks wrong, as it is being used
as an address that should be the next variable in the chain. It may
be followed in storage by r5, which is "SE[00]%" and should be
characters 2-5 of the variable name (I think).

My suspicion is that something in Alan's program has overwritten
storage, which has corrupted one of the variable chains
Or I may be barking up the wrong tree totally.

Martin
--
Martin Avison
Note that unfortunately this email address will become invalid
without notice if (when) any spam is received.
Loading...