Advertisement

AngelScript wiith JIT: calling function of the POD type corrputs stack

Started by June 26, 2016 11:25 AM
3 comments, last by WitchLord 8 years, 4 months ago

Hello!

All of below I tested on AngelScript 2.31.0 and 2.31.1 WIP.

In both cases this JIT compiler was used: https://github.com/BlindMindStudios/AngelScript-JIT-Compiler

It seems there's a problem in AngleScipt+JIT.

I registered in AS the POD type. The problem is in its member function taking 4 int32 args (not including the POD itself).

After this function call it seems the stack became corrupted (maybe not stack but some memory).

I think so because after this call the AS engine throws an exception in absolutely different part of code

(in "dictionary" addon: function CScriptDictValue_opCast).

The POD type:

struct Vector4Stub {
Vector4 v;
};

Its registration:

res = engine->RegisterObjectType("Vector4", sizeof(Vector4),
asOBJ_VALUE | asOBJ_POD);
assert(res >= 0);

Function registration:

res = engine->RegisterObjectMethod("Vector4", "void reload(int32 nX, int32 nY, int32 nZ, int32 nW)",
asFUNCTION(Vector4Reload), asCALL_CDECL_OBJLAST);
assert(res >= 0);

The C++ function as very simple:

void Vector4Reload(int nX, int nY, int nZ, int nW, Vector4Stub& self) {
self.v[0] = nX;
self.v[1] = nY;
self.v[2] = nZ;
self.v[3] = nW;
}

And then in AS after the call like

v.reload(0, 100, 80, 30);

an exception appears in 100% of cases (several lines later and in the code not connected to the Vector4).

I also found that if I register function with just 3 arguments, all seems to be working properly:

void Vector4Reload(int nX, int nY, int nZ, Vector4Stub& self);

I tried to analyze an assembly code around the call of Vector4Reload and found strange difference between 4-args and 3-args versions:

4-args version (suspicious line is in red):

0000000140A0BB1C and r10,r10
0000000140A0BB1F jne 0000000140A0BB30
0000000140A0BB21 mov r10,5A3CBFCh
0000000140A0BB2B jmp 0000000140A09D36
0000000140A0BB30 push r10
0000000140A0BB32 mov r9d,dword ptr [r13+14h]
0000000140A0BB36 mov r8d,dword ptr [r13+10h]
0000000140A0BB3A mov edx,dword ptr [r13+0Ch]
0000000140A0BB3E mov ecx,dword ptr [r13+8]
0000000140A0BB42 sub rsp,20h
0000000140A0BB46 call Vector4Reload (01401F1C6Ah)
0000000140A0BB4B add rsp,20h
0000000140A0BB4F add r13,18h
0000000140A0BB53 mov rax,qword ptr [rsp+18h]
0000000140A0BB58 mov qword ptr [rax],0
0000000140A0BB5F mov cl,byte ptr [rbp+30h]
0000000140A0BB62 and cl,cl
0000000140A0BB64 je 0000000140A0BBA1
0000000140A0BB66 mov rax,qword ptr [rbp+38h]
0000000140A0BB6A mov edx,dword ptr [rax+18h]
0000000140A0BB6D cmp edx,6
0000000140A0BB73 je 0000000140A0BB84

3-args version (no push like above at all):

000000013FBBBB56 mov qword ptr [rsp+18h],rax
000000013FBBBB5B mov r9,qword ptr [r13]
000000013FBBBB5F and r9,r9
000000013FBBBB62 jne 000000013FBBBB73
000000013FBBBB64 mov r10,52A48BCh
000000013FBBBB6E jmp 000000013FBB9D36
000000013FBBBB73 mov r8d,dword ptr [r13+10h]
000000013FBBBB77 mov edx,dword ptr [r13+0Ch]
000000013FBBBB7B mov ecx,dword ptr [r13+8]
000000013FBBBB7F sub rsp,20h
000000013FBBBB83 call Vector4Reload (013F3A1C6Fh)
000000013FBBBB88 add rsp,20h
000000013FBBBB8C add r13,14h
000000013FBBBB90 mov rax,qword ptr [rsp+18h]
000000013FBBBB95 mov qword ptr [rax],0
000000013FBBBB9C mov cl,byte ptr [rbp+30h]
000000013FBBBB9F and cl,cl
000000013FBBBBA1 je 000000013FBBBBDE
000000013FBBBBA3 mov rax,qword ptr [rbp+38h]
000000013FBBBBA7 mov edx,dword ptr [rax+18h]
000000013FBBBBAA cmp edx,6
000000013FBBBBB0 je 000000013FBBBBC1

Maybe I'm wrong but after the call of "push r10" nobody pops the value back from the stack.

An even If this problem's reason is in different place it's definitely exist.

Many thanks for any help.

This looks to be a problem in the JIT compiler. Sometimes the BlindMind developers (ThyReaper & gglucas) shows up here, but you may want to bring this to their attention directly by posting on the github for the JIT compiler too.

AngelCode.com - game development and more - Reference DB - game developer references
AngelScript - free scripting library - BMFont - free bitmap font generator - Tower - free puzzle game

Advertisement

This looks to be a problem in the JIT compiler. Sometimes the BlindMind developers (ThyReaper & gglucas) shows up here, but you may want to bring this to their attention directly by posting on the github for the JIT compiler too.

OK, did it.

Thank you.

This bug is now fixed.

Updated code is already on GitHub.

Thanks to GGLucas!

Great. Thanks for letting us know :)

AngelCode.com - game development and more - Reference DB - game developer references
AngelScript - free scripting library - BMFont - free bitmap font generator - Tower - free puzzle game

This topic is closed to new replies.

Advertisement