Jump to content
  • Advertisement
Sign in to follow this  
IronHawk

AngelScript wiith JIT: calling function of the POD type corrputs stack

This topic is 816 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello!

 

All of below I tested on AngelScript 2.31.0 and 2.31.1 WIP.

In both cases this JIT compiler was used: https://github.com/BlindMindStudios/AngelScript-JIT-Compiler

 

It seems there's a problem in AngleScipt+JIT.

 

I registered in AS the POD type. The problem is in its member function taking 4 int32 args (not including the POD itself).

After this function call it seems the stack became corrupted (maybe not stack but some memory).

I think so because after this call the AS engine throws an exception in absolutely different part of code

(in "dictionary" addon: function CScriptDictValue_opCast).

 

The POD type:

 

struct Vector4Stub {
    Vector4 v;
};

 

Its registration:

 

res = engine->RegisterObjectType("Vector4", sizeof(Vector4),
    asOBJ_VALUE | asOBJ_POD);
assert(res >= 0);

 

Function registration:

res = engine->RegisterObjectMethod("Vector4", "void reload(int32 nX, int32 nY, int32 nZ, int32 nW)",
    asFUNCTION(Vector4Reload), asCALL_CDECL_OBJLAST);
assert(res >= 0);

 

The C++ function as very simple:

void Vector4Reload(int nX, int nY, int nZ, int nW, Vector4Stub& self) {
    self.v[0] = nX;
    self.v[1] = nY;
    self.v[2] = nZ;
    self.v[3] = nW;
}

 

And then in AS after the call like

 

v.reload(0, 100, 80, 30);

an exception appears in 100% of cases (several lines later and in the code not connected to the Vector4).

 

I also found that if I register function with just 3 arguments, all seems to be working properly:

 

void Vector4Reload(int nX, int nY, int nZ, Vector4Stub& self);

 

I tried to analyze an assembly code around the call of Vector4Reload and found strange difference between 4-args and 3-args versions:

 

4-args version (suspicious line is in red):

0000000140A0BB1C  and         r10,r10  
0000000140A0BB1F  jne         0000000140A0BB30  
0000000140A0BB21  mov         r10,5A3CBFCh  
0000000140A0BB2B  jmp         0000000140A09D36  
0000000140A0BB30  push        r10  
0000000140A0BB32  mov         r9d,dword ptr [r13+14h]  
0000000140A0BB36  mov         r8d,dword ptr [r13+10h]  
0000000140A0BB3A  mov         edx,dword ptr [r13+0Ch]  
0000000140A0BB3E  mov         ecx,dword ptr [r13+8]  
0000000140A0BB42  sub         rsp,20h  
0000000140A0BB46  call        Vector4Reload (01401F1C6Ah)  
0000000140A0BB4B  add         rsp,20h  
0000000140A0BB4F  add         r13,18h  
0000000140A0BB53  mov         rax,qword ptr [rsp+18h]  
0000000140A0BB58  mov         qword ptr [rax],0  
0000000140A0BB5F  mov         cl,byte ptr [rbp+30h]  
0000000140A0BB62  and         cl,cl  
0000000140A0BB64  je          0000000140A0BBA1  
0000000140A0BB66  mov         rax,qword ptr [rbp+38h]  
0000000140A0BB6A  mov         edx,dword ptr [rax+18h]  
0000000140A0BB6D  cmp         edx,6  
0000000140A0BB73  je          0000000140A0BB84  

 

3-args version (no push like above at all):

000000013FBBBB56  mov         qword ptr [rsp+18h],rax  
000000013FBBBB5B  mov         r9,qword ptr [r13]  
000000013FBBBB5F  and         r9,r9  
000000013FBBBB62  jne         000000013FBBBB73  
000000013FBBBB64  mov         r10,52A48BCh  
000000013FBBBB6E  jmp         000000013FBB9D36  
000000013FBBBB73  mov         r8d,dword ptr [r13+10h]  
000000013FBBBB77  mov         edx,dword ptr [r13+0Ch]  
000000013FBBBB7B  mov         ecx,dword ptr [r13+8]  
000000013FBBBB7F  sub         rsp,20h  
000000013FBBBB83  call        Vector4Reload (013F3A1C6Fh)  
000000013FBBBB88  add         rsp,20h  
000000013FBBBB8C  add         r13,14h  
000000013FBBBB90  mov         rax,qword ptr [rsp+18h]  
000000013FBBBB95  mov         qword ptr [rax],0  
000000013FBBBB9C  mov         cl,byte ptr [rbp+30h]  
000000013FBBBB9F  and         cl,cl  
000000013FBBBBA1  je          000000013FBBBBDE  
000000013FBBBBA3  mov         rax,qword ptr [rbp+38h]  
000000013FBBBBA7  mov         edx,dword ptr [rax+18h]  
000000013FBBBBAA  cmp         edx,6  
000000013FBBBBB0  je          000000013FBBBBC1  

 

Maybe I'm wrong but after the call of "push r10" nobody pops the value back from the stack.

An even If this problem's reason is in different place it's definitely exist.

 

Many thanks for any help.

 

 

 

 

Share this post


Link to post
Share on other sites
Advertisement

This looks to be a problem in the JIT compiler. Sometimes the BlindMind developers (ThyReaper & gglucas) shows up here, but you may want to bring this to their attention directly by posting on the github for the JIT compiler too.

Share this post


Link to post
Share on other sites

This looks to be a problem in the JIT compiler. Sometimes the BlindMind developers (ThyReaper & gglucas) shows up here, but you may want to bring this to their attention directly by posting on the github for the JIT compiler too.

 

OK, did it.

Thank you.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!