<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
oops, thanks, I forgot gc is compacting.<BR><BR>
I don't see how to use a hardware breakpoint,<BR>the corruption seems to always move around.<BR>
<BR>
This is an attempt to set a hardware breakpoint programmatically based<BR>
on what the runtime addresses happen to be.<BR>
<BR>
I do know these bytes are getting overwritten.<BR>
If I assert they are zero in Join, inevitably the assert fails.<BR>
<BR>
I think I might try to vary the Juno pixmaps, see if the altered<BR>data appears in the corruption, try to prove, as it appears,<BR>that the corruption is pixmap data.<BR>
<BR>Thanks,<BR> - Jay<BR><BR><BR> <BR>
<HR id=stopSpelling>
From: hosking@cs.purdue.edu<BR>To: jay.krell@cornell.edu<BR>Date: Mon, 28 Sep 2009 10:04:55 -0400<BR>CC: m3devel@elegosoft.com<BR>Subject: Re: [M3devel] help debugging Juno..sanity check?<BR><BR>Huh? I don't understand the point of all of this. Threads can be moved by the GC, even if referenced from globals. The only way to prevent a thread moving is to keep a reference to it on some thread stack. (I still don't know what you are trying to achieve -- why not use a hardware breakpoint in the debugger?). That's how I found the race in ScrollerVBTClass.m3.
<DIV>
<DIV>
<DIV><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span>
<DIV style="WORD-WRAP: break-word"><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span>
<DIV style="WORD-WRAP: break-word"><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: 12px Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span>
<DIV><SPAN style="FONT-SIZE: medium" class=ecxApple-style-span><FONT class=ecxApple-style-span color=#0000ff face="'Gill Sans'"><BR></FONT></SPAN></DIV></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></DIV></SPAN></DIV></SPAN></DIV>
<DIV>
<DIV>On 28 Sep 2009, at 09:11, Jay K wrote:</DIV><BR class=ecxApple-interchange-newline>
<BLOCKQUOTE><SPAN style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px" class=ecxApple-style-span>
<DIV style="FONT-FAMILY: Verdana; FONT-SIZE: 10pt" class=ecxhmmessage>So, I know that ThreadWin32.T instances are prone to being overwritten.<BR> <BR>So I did this:<BR> <BR> <BR> T = BRANDED "Thread.T Win32-1.0" OBJECT<BR>> pad1: ARRAY [0..16_1000] OF CHAR;<BR>> protect: ARRAY [0..16_1] OF CHAR;<BR>> pad2: ARRAY [0..16_1000] OF CHAR;<BR> <BR>And then there are two occurences of NEW(T):<BR> <BR><BR> next_self := NEW(T);<BR>> Protect(next_self);<BR><BR> <BR>PROCEDURE CreateT (act: Activation): T =<BR> (* LL = 0, because allocating a traced reference may cause<BR> the allocator to start a collection which will call "SuspendOthers"<BR> which will try to acquire "activeMu". *)<BR> VAR t := NEW(T, act := act);<BR> BEGIN<BR>> Protect(t);<BR><BR> <BR>PROCEDURE Protect(t: T)=<BR>VAR old: WinDef.DWORD;<BR>BEGIN<BR> EVAL WinBase.VirtualProtect(LOOPHOLE(ADR(t.protect), SIZE_T), 1, PAGE_READONLY, ADR(old));<BR>END Protect;<BR><BR> <BR>This should catch any writes to these fields.<BR> <BR> <BR>Now, a thread can be garbage collected and reused.<BR>And I'd want to unprotect this memory.<BR>Or prevent the garbage collector from deciding any thread is garbage.<BR> Second option seems easier and suffices.<BR> <BR> <BR>So:<BR> <BR> <BR>VAR<BR>threads: ARRAY[0..2000] OF T; (* big enough for our purposes *)<BR>threadCount: INTEGER;<BR><BR> <BR>and more completely:<BR> <BR>PROCEDURE Protect(t: T)=<BR>VAR old: WinDef.DWORD;<BR>BEGIN<BR> EVAL WinBase.VirtualProtect(LOOPHOLE(ADR(t.protect), SIZE_T), 1, PAGE_READONLY, ADR(old));<BR> RTIO.PutInt(threadCount);<BR> RTIO.PutText(" ");<BR> RTIO.PutAddr(ADR(threads));<BR> RTIO.PutText(" ");<BR> RTIO.PutAddr(ADR(t.protect));<BR> RTIO.PutText("\n");<BR> threads[threadCount] := t;<BR> INC(threadCount);<BR>END Protect;<BR><BR> <BR>And just in case, I emptied out the FreeSlot function.<BR> <BR> <BR>But yet I get:<BR> <BR>0 0xe2abe0 0x1141021<BR>1 0xe2abe0 0x114b429<BR>2 0xe2abe0 0x11a2311<BR>3 0xe2abe0 0x11a48b1<BR>4 0xe2abe0 0x11ab499<BR>5 0xe2abe0 0x12e9f11<BR>6 0xe2abe0 0x12d211d<BR><STRONG>7 0xe2abe0 0x11bd691<BR></STRONG>8 0xe2abe0 0x11d1011<BR>9 0xe2abe0 0x11d3e2d<BR>10 0xe2abe0 0x11d6759<BR>11 0xe2abe0 0x11d8bd1<BR>12 0xe2abe0 0x12089f1<BR>13 0xe2abe0 0x1211455<BR>14 0xe2abe0 0x12138cd<BR>15 0xe2abe0 0x1215ecd<BR>16 0xe2abe0 0x12184cd<BR>17 0xe2abe0 0x121bcd5<BR>18 0xe2abe0 0x121e35d<BR>Grow (0x210000) => 0x2120000 total: 4.1M span: 17.9M density: 23%<BR>(b60.9d4): Access violation - code c0000005 (first chance)<BR>First chance exceptions are reported before any exception handling.<BR>This exception may be expected and handled.<BR>eax=011b0000 ebx=00010000 ecx=00000060 edx=00000000 esi=011b0000 edi=011bd000<BR>eip=78545e37 esp=01cae5ec ebp=01cae5f0 iopl=0 nv up ei pl nz na pe nc<BR>cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206<BR>MSVCR90!fastzero_I+0x20:<BR>78545e37 660f7f07 movdqa xmmword ptr [edi],xmm0 ds:0023:011bd000=0000000<BR>0000000000000000000000000<BR>0:003> k<BR>ChildEBP RetAddr<BR>01cae5f0 78545ea9 MSVCR90!fastzero_I+0x20<BR>01cae610 005dad48 MSVCR90!_VEC_memzero+0x36<BR>01cae634 005d1f34 m3core!RTMisc__Zero+0x1f<BR>01cae68c 005c8191 m3core!RTHeapRep__LongAlloc+0xf3<BR>01cae6d8 005c7793 m3core!RTAllocator__AllocTraced+0xec<BR>01cae70c 005c728d m3core!RTAllocator__GetTracedObj+0x8c<BR>01cae730 005d07d9 m3core!RTHooks__AllocateTracedObj+0x15<BR>01cae784 005d033f m3core!RTCollector__CollectSomeInStateZero+0x45e<BR>01cae798 005cffd6 m3core!RTCollector__CollectSome+0x6e<BR>01cae7dc 005c817c m3core!RTHeapRep__CollectEnough+0x9b<BR>01cae81c 005c7d06 m3core!RTAllocator__AllocTraced+0xd7<BR>01cae858 005c7348 m3core!RTAllocator__GetOpenArray+0x97<BR>01cae880 00f9f50d m3core!RTHooks__AllocateOpenArray+0x19<BR>01cae930 00f9f201 m3ui!WinScrnPixmap__PixmapFromRaw__ConvertColor+0x8f<BR>01cae958 00f9e22f m3ui!WinScrnPixmap__PixmapFromRaw+0x71<BR>01cae9ac 00eb4121 m3ui!WinScrnPixmap__Load+0x320<BR>01caeee4 00eb298d m3vbtkit!Image__ScaleRaw+0xb30<BR>01caef44 00fb2b72 m3vbtkit!Image__ApplyScaled1+0x166<BR>01caef70 00fc0af8 m3ui!VBTRep__PixmapApply+0xbf<BR>01caefcc 00fa6766 m3ui!Palette__ResolvePixmap+0x7db<BR>0:003> r edi<BR><STRONG>edi=011bd000<BR></STRONG>0:003><BR> <BR> <BR>What am I confused about?<BR> <BR>Why does it seem that even if I store some pointers in globals, they are getting garbage collected and reused?<BR> <BR>I should debug BuildGlobalMap??<BR> <BR> - Jay<BR></DIV></SPAN></BLOCKQUOTE></DIV><BR></DIV></DIV> </body>
</html>