Jump to content

  • Log In with Google      Sign In   
  • Create Account

- - - - -

Crash in div/mod implementations


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
2 replies to this topic

#1 TyRoXx   Members   -  Reputation: 106

Like
0Likes
Like

Posted 03 March 2013 - 04:33 PM

The interpreter does not detect this operand pair as problematic before executing a division or modulo:
int int_min = -2147483648;
int neg_one = -1;
int never_computed = (int_min / neg_one);
int the_same_error = (int_min % neg_one);
The above AS code crashes with a system error like "floating point exception" on GNU/Linux x86.
The C++ signed division is usually compiled to an idiv instruction on x86.
The idiv instruction raises an error when trying to divide -2147483648 by -1 resulting in a crash of the AngelScript host application.
This is a common error in C and C++ code. People check for division by zero but are not aware of the described problem.
The same is true for modulo % (asBC_MODi) which also uses idiv.

The implementation of asBC_DIVi is lacking a check for -2147483648 / -1:
(Revision 1583, sdk/angelscript/source/as_context.cpp:2924)
case asBC_DIVi:
		{
			int divider = *(int*)(l_fp - asBC_SWORDARG2(l_bc));
			if( divider == 0 )
			{
				// Need to move the values back to the context
				m_regs.programPointer    = l_bc;
				m_regs.stackPointer      = l_sp;
				m_regs.stackFramePointer = l_fp;

				// Raise exception
				SetInternalException(TXT_DIVIDE_BY_ZERO);
				return;
			}
			*(int*)(l_fp - asBC_SWORDARG0(l_bc)) = *(int*)(l_fp - asBC_SWORDARG1(l_bc)) / divider;
		}
		l_bc += 2;
		break;

AngelScript should raise an exception before trying to divide -2147483648 by -1 like it does on division by zero. The implementations of asBC_DIVi and asBC_MODi have to be extended to cover this case.
If AngelScript does constant folding, the problem may be present in there, too.

Sponsor:

#2 Andreas Jonsson   Moderators   -  Reputation: 3442

Like
0Likes
Like

Posted 04 March 2013 - 07:03 AM

Hi TyRoXx,

 

I wasn't aware of this situation. I'll have it corrected asap. 

 

And, yes, AngelScript does constant folding so I'll need to check the code there too. I suppose the 64bit division instruction works in a similar manner too. 

 

Thanks for the report and very detailed explanation.

 

Regards,

Andreas


AngelCode.com - game development and more - Reference DB - game developer references
AngelScript - free scripting library - BMFont - free bitmap font generator - Tower - free puzzle game

#3 Andreas Jonsson   Moderators   -  Reputation: 3442

Like
0Likes
Like

Posted 09 March 2013 - 07:00 PM

I've added the checks for this situation in revision 1590.

 

Thanks,

Andreas


AngelCode.com - game development and more - Reference DB - game developer references
AngelScript - free scripting library - BMFont - free bitmap font generator - Tower - free puzzle game




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS