My experience of a work with FreeBASIC is not very long, and now
i first encountered a general protection fault. The program can be
downloaded by this link: http://zalil.ru/34382296.
The program is rather big (272k of source code), but only with this program
the error steadily is reproduced.
If I try to simplify the program, the error may not manifest itself clearly,
although there is still in the code.
For compilation was used official version of the FreeBASIC 0.24.0 for DOS.
In order to compile the program, place all files in one directory and
execute the elfildcp.bat.
It is assumed that the path to the compiler is registered in the PATH.
Then run the resulting executable file - elfields.exe.
Font file elfields.bmp and resource file elfields.res must be in the same directory.
As a result, you will get the described segmentation fault.
The error occurs in the subroutine HandleMainFormEvent, in the beginning
of which deliberately inserted an extra statement EXIT SUB.
The cause of this error is incorrect work FreeBASIC compiler code generator.
It generates the code, that tries to release a string descriptor,
that has not been previously created or initialized by zero.
There are some disassembled lines from the beginning of HandleMainFormEvent
subroutine.
-----------------
Dump of assembler code for function HANDLEMAINFORMEVENT:
642 SUB HandleMainFormEvent (UIM AS UIMessageType)
0x00004900 <+0>: push ebp
0x00004901 <+1>: mov ebp,esp
0x00004903 <+3>: sub esp,0x28c
0x00004909 <+9>: push ebx
0x0000490a <+10>: push esi
0x0000490b <+11>: mov DWORD PTR [ebp-0x10],0x0
0x00004912 <+18>: mov DWORD PTR [ebp-0xc],0x0
0x00004919 <+25>: mov DWORD PTR [ebp-0x8],0x0
0x00004920 <+32>: mov DWORD PTR [ebp-0x1c],0x0
0x00004927 <+39>: mov DWORD PTR [ebp-0x18],0x0
0x0000492e <+46>: mov DWORD PTR [ebp-0x14],0x0
0x00004935 <+53>: mov DWORD PTR [ebp-0x28],0x0
0x0000493c <+60>: mov DWORD PTR [ebp-0x24],0x0
0x00004943 <+67>: mov DWORD PTR [ebp-0x20],0x0
0x0000494a <+74>: mov DWORD PTR [ebp-0x34],0x0
0x00004951 <+81>: mov DWORD PTR [ebp-0x30],0x0
0x00004958 <+88>: mov DWORD PTR [ebp-0x2c],0x0
0x0000495f <+95>: mov DWORD PTR [ebp-0x78],0x0
0x00004966 <+102>: mov DWORD PTR [ebp-0xa0],0x0
0x00004970 <+112>: mov DWORD PTR [ebp-0x9c],0x0
0x0000497a <+122>: mov DWORD PTR [ebp-0x98],0x0
0x00004984 <+132>: mov DWORD PTR [ebp-0x104],0x0
0x0000498e <+142>: mov DWORD PTR [ebp-0x100],0x0
0x00004998 <+152>: mov DWORD PTR [ebp-0xfc],0x0
0x000049a2 <+162>: mov DWORD PTR [ebp-0x198],0x0
0x000049ac <+172>: mov DWORD PTR [ebp-0x1a4],0x0
0x000049b6 <+182>: mov DWORD PTR [ebp-0x1ac],0x0
0x000049c0 <+192>: mov DWORD PTR [ebp-0x1b0],0x0
0x000049ca <+202>: mov DWORD PTR [ebp-0x1fc],0x0
0x000049d4 <+212>: mov DWORD PTR [ebp-0x220],0x0
0x000049de <+222>: mov DWORD PTR [ebp-0x224],0x0
0x000049e8 <+232>: mov DWORD PTR [ebp-0x234],0x0
0x000049f2 <+242>: mov DWORD PTR [ebp-0x238],0x0
0x000049fc <+252>: mov DWORD PTR [ebp-0x23c],0x0
643 EXIT SUB
0x00004a06 <+262>: lea eax,[ebp-0x230]
0x00004a0c <+268>: push eax
0x00004a0d <+269>: call 0x39320 <fb_StrDelete> ;Segmentation fault occurs here
0x00004a12 <+274>: add esp,0x4
0x00004a15 <+277>: lea eax,[ebp-0x104]
0x00004a1b <+283>: push eax
0x00004a1c <+284>: call 0x39320 <fb_StrDelete>
0x00004a21 <+289>: add esp,0x4
0x00004a24 <+292>: lea eax,[ebp-0xa0]
0x00004a2a <+298>: push eax
0x00004a2b <+299>: call 0x39320 <fb_StrDelete>
0x00004a30 <+304>: add esp,0x4
0x00004a33 <+307>: lea eax,[ebp-0x34]
0x00004a36 <+310>: push eax
0x00004a37 <+311>: call 0x39320 <fb_StrDelete>
0x00004a3c <+316>: add esp,0x4
0x00004a3f <+319>: lea eax,[ebp-0x28]
0x00004a42 <+322>: push eax
0x00004a43 <+323>: call 0x39320 <fb_StrDelete>
0x00004a48 <+328>: add esp,0x4
0x00004a4b <+331>: lea eax,[ebp-0x1c]
0x00004a4e <+334>: push eax
0x00004a4f <+335>: call 0x39320 <fb_StrDelete>
0x00004a54 <+340>: add esp,0x4
0x00004a57 <+343>: lea eax,[ebp-0x10]
0x00004a5a <+346>: push eax
0x00004a5b <+347>: call 0x39320 <fb_StrDelete>
0x00004a60 <+352>: add esp,0x4
0x00004a63 <+355>: jmp 0x7207 <HANDLEMAINFORMEVENT+10503>
644 AnalizeFromBegin:
-----------------------
First disassembled line 642 is the preliminary code of the procedure,
which creates a stack frame and initializes the local variables.
Second disassembled line 643 is the actual code of EXIT SUB statement.
General protection fault occurs at 0x00004a0d somewhere within procedure fb_StrDelete.
Please note, that the procedure fb_StrDelete tries to release the string descriptor
at [ebp-0x230], which has not previously been created or initialized.
The initialization of this descriptor in the preliminary code is omitted.
(There is not "mov DWORD PTR [ebp-0x230],0x0" or something like this).
Note that a string variable with the address of the descriptor [ebp-0x230]
is not explicitly defined or used in the program.
Apparently, this is a temporary variable used to calculate string expressions.
Maybe that's why it is not initialized.
I ask any of developers of the compiler to pay attention to this message
and to correct a described error.
GPF and Segmentation Fault problem
-
monochromator
- Posts: 42
- Joined: Mar 05, 2013 5:37
Re: GPF and Segmentation Fault problem
I can confirm this bug, it seems to be tied to the different scoping behaviour under -lang qb/fblite, but works fine in -lang fb. Simplified test case:
For the Exit Sub we can see an fb_StrDelete() on an uninitialized string descriptor. The problematic temporary string is the temporary variable used by the Select Case. With -gen gcc, the generated code even causes a gcc error.
Code: Select all
#lang "fblite"
type UDT
s as string * 5
end type
sub f( byref x as UDT )
exit sub
select case x.s
case "a"
end select
end subRe: GPF and Segmentation Fault problem
This should be fixed in fbc's Git now (and thus also in the next FB release): bf5363bc