Date: Thu, 2 Dec 1999 17:28:40 +0200 (IST)
From: Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>
X-Sender: eliz AT is
To: Fritsch Alexander <Alexander DOT Fritsch AT icn DOT siemens DOT de>
cc: "'djgpp AT delorie DOT com'" <djgpp AT delorie DOT com>
Subject: Re: djgpp and profiling under NT
In-Reply-To: <DDBF8286B2E2D211811400902737A77754EA17@GRF202E>
Message-ID: <Pine.SUN.3.91.991202171201.16882C-100000@is>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Reply-To: djgpp AT delorie DOT com
X-Mailing-List: djgpp AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk


On Thu, 2 Dec 1999, Fritsch Alexander wrote:

> But the program compiled with -pg always crashes the Virtual DOS Machine.
> It crashes if I run the program from the dos box or from rhide. In rhide I
> can do some steps with F8 but then it crashes too. It crashes every time on
> another line so I doubt it is a big error in my program.

I think this is a limitation/bug of NT: programs that catch signals such 
as SIGALRM and SIGFPE crash.  And profiling triggers SIGALRM 
periodically, to sample the program counter.

The few times where I saw similar problems, the report created by Dr 
Watson clearly shows that NT tries to use the application's 
stack for something, which is a no-no when the application generates an 
exception.  So it seems like a bug in NT.  Sorry.

>         0f00344a 8b83900b0000     mov     eax,[ebx+0xb90]
> ds:0f091250=00000202
>         0f003450 83ef04           sub     edi,0x4
> FEHLER ->0f003453 268907           mov     es:[edi],eax
> es:000b3324=00000000
>         0f003456 8b838c0b0000     mov     eax,[ebx+0xb8c]
> ds:0f09124c=000001cf
>         0f00345c 83ef04           sub     edi,0x4
>         0f00345f 268907           mov     es:[edi],eax
> es:000b3324=00000000
>         0f003462 8b83880b0000     mov     eax,[ebx+0xb88]
> ds:0f091248=0000da8b
>         0f003468 83ef04           sub     edi,0x4
>         0f00346b 268907           mov     es:[edi],eax
> es:000b3324=00000000
>         0f00346e 83ef04           sub     edi,0x4
>         0f003471 8b83840b0000     mov     eax,[ebx+0xb84]
> ds:0f091244=000b33d0
>         0f003477 268907           mov     es:[edi],eax
> es:000b3324=00000000
>         0f00347a 06               push    es
>         0f00347b 57               push    edi

Note all the "sub edi,4" that is going on: this probably means that 
es:edi points to the stack.  

The register dump shows this:

eax=00000202 ebx=0f0906c0 ecx=000001d7 edx=000b3328 esi=fffdffff edi=000b3324
eip=0f003453 esp=0111fe3c ebp=0111fe40 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=01d7  fs=003b  gs=0000 efl=00000206

Note that es is 01d7, which most likely belongs to the DJGPP program 
(it's a ring-3 selector).  

But now look at the crashed instruction:

> FEHLER ->0f003453 268907           mov     es:[edi],eax

This dereferences es:edi.  If es:edi is the application stack, it is 
*bound* to crash, because the DJGPP's program stack is invalid during the 
exception generated by the DJGPP signal-handling machinery.  NT should 
*never* use application's stack inside exception handler!

And, since the crashed program, is NTVDM, this isn't DJGPP's fault.

To be sure that es is from the DJGPP program, you could try to put the 
following line into your program:

	abort();

This will abort the program and cause it to print its segment registers; 
look at the values loaded into DS, ES, and SS: they should all hold the 
same value 1d7.