[Openmcl-devel] Stack/Frame corruption?

Gary Byers gb at clozure.com
Sun Aug 29 12:37:18 PDT 2010


I was just looking at it; the bug seems to be in the implemetation of ATAN
(in some cases when both args are provided and float zeroes.)

? (atan 0.0d0 0.0d0)
0.0D0                   ; looks right, but:
? *
#<BOGUS object @ #xB029BE6D>
?

The returned value is stack-allocated.  It's of course wrong to return 
stack-allocated things past the limit of their extent, but that's only
easily detectable if the stack-allocated thing hasn't been overwritten.
(In the case above, something - perhaps READ, reading the * - has overwritten
the stack-allocated DOUBLE-FLOAT so that it doesn't look like a valid
object at all; until that happens, it looks like a perfectly valid 0.0d0.)

(ATAN 0.0s0 0.0s0) has the same bug (as well as this one) on 32-bit
platforms.  I'm not sure what else does, and could easily believe that
the test suite that we use tests these cases and just sees what looks
like a valid result.

I'm not sure what else may share this bug.

On Sun, 29 Aug 2010, Neil Baylis wrote:

> In the following function, I think I'm seeing some kind of stack/frame corruption.
> This happens with dx86cl64 when running my ca-multilayer demo (posted earlier today).
> 
> (defun place-layer (layer center theta radius)
>   (format t "~A~%" (* radius (cos theta)))
>   (#/removeAllAnimations layer)     ;Causes corruption here
>   (let* ((cx (+ (ns:ns-point-x center) (* radius (cos theta))))
>          (cy (+ (ns:ns-point-y center) (* radius (sin theta))))
>          (gp (make-record :<CGP>oint x (cgfl cx) y (cgfl cy))))   
> ;    (#/removeAllAnimations layer)    ;Does not cause corruption here
>     (#/setPosition: layer gp)
>     (set-layer-angle layer (cgfl (+ theta (radians 45) (radians (/ radius 1.25)))))
>     (free gp)))
> 
> The failure scenario is when both theta and radius take the values 0.0D0. I get the following:
> 
> CL-USER> 0.0D0
> > Error: value #<BOGUS object @ #x7FFF5FBFEA1D> is not of the expected type REAL.
> > While executing: (:INTERNAL |-[CADemoView mouseDown:]|), in process Initial(0).
> 
> 
> ;;;
> ;;; #<APPKIT-PROCESS Initial(0) [Active] #x3020000B528D> requires access to Shared Terminal Input
> ;;; Type (:y 0) to yield control to this thread.
> ;;;
> (:y 0)
> 
> 
> ;;;
> ;;; Shared Terminal Input is now owned by #<APPKIT-PROCESS Initial(0) [Active] #x3020000B528D>
> ;;;
> 
> > Type :POP to abort, :R for a list of available restarts.
> > Type :? for other options.
> CL-USER> (b)
>  (44B9F8) : 0 (FUNCALL #'#<(:INTERNAL |-[CADemoView mouseDown:]|)> #<TYPE-ERROR #x30200213F99D>) 141
>  (44BA20) : 1 (SIGNAL #<TYPE-ERROR #x30200213F99D>) 973
>  (44BA78) : 2 (%ERROR #<TYPE-ERROR #x30200213F99D> NIL 563047) 117
>  (44BAA0) : 3 (FUNCALL #'#<CCL::DEFAULT-REQUIRE-TYPE-RESTARTS> 563047 #<BOGUS object @ #x7FFF5FBFEA1D> REAL) 1069
>  (44BB38) : 4 (%SHORT-FLOAT #<BOGUS object @ #x7FFF5FBFEA1D>) 237
>  (44BB60) : 5 (COS #<BOGUS object @ #x7FFF5FBFEA1D>) 413
>  (44BB78) : 6 (PLACE-LAYER #<CA-LAYER <CALayer: 0x1e1b80> (#x1E1B80)> #<NS-POINT 400,400 [gcable] (#x5A3C10) #x30200213FD0D>
> #<BOGUS object @ #x7FFF5FBFEA1D> 0.0D0) 549
>  (44BBC0) : 7 (LAYOUT-RADIAL (#<CA-LAYER <CALayer: 0x1e1b80> (#x1E1B80)>) #<NS-POINT 400,400 [gcable] (#x5A3C10)
> #x30200213FD0D> #<NS-POINT 400,400 [gcable] (#x5A3C10) #x30200213FD0D>) 565
>  (44BC30) : 8 (FUNCALL #'#<|-[CADemoView mouseDown:]|> 17591849975144) 1461
>  (44BCC0) : 9 (%PASCAL-FUNCTIONS% 307 17591849975144) 365
>  (44BD78) : 10 (FUNCALL #'#<Anonymous Function #x302000C82F9F> #<A Foreign Pointer [stack-allocated] (:* #) #x7FFF5FBFF0F0>
> #<A Foreign Pointer #x7FFF81A78B60> #<NS-EVENT NSEvent: type=LMouseDown loc=(497,195) time=176165.2 flags=0x100 win=0x0
> winNum=1633 ctxt=0x0 evNum=5627 click=1 buttonNumber=0 pressure=1 (#x5A3920)>) 373
>  (44BDA8) : 11 (%CALL-NEXT-OBJC-METHOD #<LISP-APPLICATION <LispApplication: 0x567ae0> (#x567AE0)> #<OBJC:OBJC-CLASS
> GUI::LISP-APPLICATION (#x55C2D0)> #<A Foreign Pointer #x7FFF81A78B60> (:VOID :ID) #<NS-EVENT NSEvent: type=LMouseDown
> loc=(497,195) time=176165.2 flags=0x100 win=0x0 winNum=1633 ctxt=0x0 evNum=5627 click=1 buttonNumber=0 pressure=1 (#x5A3920)>)
> 773
>  (44BE08) : 12 (FUNCALL #'#<GUI::|-[LispApplication sendEvent:]|> 17591849975368) 965
>  (44BE78) : 13 (%PASCAL-FUNCTIONS% 15 17591849975368) 365
>  (44BF30) : 14 (FUNCALL #'#<Anonymous Function #x302000B9EAFF> #<LISP-APPLICATION <LispApplication: 0x567ae0> (#x567AE0)>
> #S(CCL::OBJC-SELECTOR :NAME "run" :%SEL #<A Foreign Pointer #x7FFF81A78B3C>)) 173
>  (44BF50) : 15 (FUNCALL #'#<(:OBJC-DISPATCH NEXTSTEP-FUNCTIONS:|run|)> ???) 565
>  (44BF88) : 16 (EVENT-LOOP NIL) 421
> CL-USER> (:f 6)
>  (44BB78) : 6 (PLACE-LAYER #<CA-LAYER <CALayer: 0x1e1b80> (#x1E1B80)> #<NS-POINT 400,400 [gcable] (#x5A3C10) #x30200213FD0D>
> #<BOGUS object @ #x7FFF5FBFEA1D> 0.0D0) 549
>   (LAYER CENTER THETA RADIUS)
>    LAYER: #<CA-LAYER <CALayer: 0x1e1b80> (#x1E1B80)>
>    CENTER: #<NS-POINT 400,400 [gcable] (#x5A3C10) #x30200213FD0D>
>    THETA: #<BOGUS object @ #x7FFF5FBFEA1D>
>    RADIUS: 0.0D0
> 
> Note that it successfully prints the value of (* radius (cos theta)) before it errors out while computing cx in the let* form.
> 
> If I move the call to #/removeAllAnimations to inside the let* form, I do not see the error. (See commented out statement).
> 
> When it hits this error, it also corrupts some local variables in the frame of the calling function.
> 
> Neil
> 
>


More information about the Openmcl-devel mailing list