* [9fans] validateaddress
@ 2009-08-10 6:11 Kenji Arisawa
2009-08-10 17:13 ` erik quanstrom
0 siblings, 1 reply; 10+ messages in thread
From: Kenji Arisawa @ 2009-08-10 6:11 UTC (permalink / raw)
To: Fans Bell Labs of the OS Plan 9 from
something wrong
web 836568 0:01 1:55 1536K Open httpd
web 836570 0:56 0:00 272K Pread factotum
none 1236297 47181:19 0:00 172K Running validateaddress
web 1353560 0:00 0:00 40K Pread read
ar% ACID 1236297
/proc/1236297/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: lstk()
klook(name=0x16548)+0x55 /sys/src/cmd/rc/var.c:52
t=0x1bed0
p=0x196b0
yylex()+0x1a0 /sys/src/cmd/rc/lex.c:372
w=0x1654e
d=0x1eb1
c=0x29
t=0x1c190
yylex1()+0x8 /sys/src/cmd/rc/syn.y:224
yyparse()+0xa7e /sys/src/cmd/rc/syn.y:316
save1=0x0
save2=0x1b910
save3=0x0
save4=0x0
yystate=0x18
yychar=0xffffffff
yys=0x0
yyp=0xdfffdf0c
yyn=0x11e
yypt=0x0
Xrdcmds()+0x75 /sys/src/cmd/rc/exec.c:899
p=0x1b9b0
main(argc=0x3,argv=0xdfffef74)+0x327 /sys/src/cmd/rc/exec.c:184
rcmain=0x144c4
num=0x36333231
bootstrap=0x2
i=0x1
_main+0x31 /sys/src/libc/386/main9.s:16
acid: lstk()
strcmp(s1=0x15274,s2=0x16548)+0x11 /sys/src/libc/port/strcmp.c:11
klook(name=0x16548)+0x55 /sys/src/cmd/rc/var.c:52
t=0x1bed0
p=0x196b0
yylex()+0x1a0 /sys/src/cmd/rc/lex.c:372
w=0x1654e
d=0x1eb1
c=0x29
t=0x1c190
yylex1()+0x8 /sys/src/cmd/rc/syn.y:224
yyparse()+0xa7e /sys/src/cmd/rc/syn.y:316
save1=0x0
save2=0x1b910
save3=0x0
save4=0x0
yystate=0x18
yychar=0xffffffff
yys=0x0
yyp=0xdfffdf0c
yyn=0x11e
yypt=0x0
Xrdcmds()+0x75 /sys/src/cmd/rc/exec.c:899
p=0x1b9b0
main(argc=0x3,argv=0xdfffef74)+0x327 /sys/src/cmd/rc/exec.c:184
rcmain=0x144c4
num=0x36333231
bootstrap=0x2
i=0x1
_main+0x31 /sys/src/libc/386/main9.s:16
acid:
Kenji Arisawa
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-10 6:11 [9fans] validateaddress Kenji Arisawa
@ 2009-08-10 17:13 ` erik quanstrom
2009-08-11 3:57 ` Kenji Arisawa
0 siblings, 1 reply; 10+ messages in thread
From: erik quanstrom @ 2009-08-10 17:13 UTC (permalink / raw)
To: 9fans
would be interesting to see *(0x16548\s). have you tried truss(1)ing
that process?
- erik
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-10 17:13 ` erik quanstrom
@ 2009-08-11 3:57 ` Kenji Arisawa
2009-08-11 4:07 ` erik quanstrom
0 siblings, 1 reply; 10+ messages in thread
From: Kenji Arisawa @ 2009-08-11 3:57 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Thanks Erik.
However I don't know how to truss running process.
Kenji Arisawa
On 2009/08/11, at 2:13, erik quanstrom wrote:
> would be interesting to see *(0x16548\s). have you tried truss(1)ing
> that process?
>
> - erik
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-11 3:57 ` Kenji Arisawa
@ 2009-08-11 4:07 ` erik quanstrom
2009-08-11 5:26 ` Kenji Arisawa
0 siblings, 1 reply; 10+ messages in thread
From: erik quanstrom @ 2009-08-11 4:07 UTC (permalink / raw)
To: 9fans
On Mon Aug 10 23:59:56 EDT 2009, arisawa@ar.aichi-u.ac.jp wrote:
> Thanks Erik.
>
> However I don't know how to truss running process.
>
> Kenji Arisawa
>
for example:
; cat > truss.c
#include <u.h>
#include <libc.h>
void
main(void)
{
for(;;)
sleep(10*1000);
}
; 8c -FVTw truss.c && 8l -o truss truss.8
; truss&
; acid -l/sys/lib/acid/truss $apid
/proc/116801/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
/sys/lib/acid/truss
acid: truss()
sleep(10000)
return value: 0
- erik
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-11 4:07 ` erik quanstrom
@ 2009-08-11 5:26 ` Kenji Arisawa
2009-08-11 15:27 ` Russ Cox
0 siblings, 1 reply; 10+ messages in thread
From: Kenji Arisawa @ 2009-08-11 5:26 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Thanks Erik,
ar% ps -a
...
none 1236297 48578:46 0:00 172K Running
validateaddress /mail/lib/validateaddress ar.aichi-u.ac.jp!hatbox
...
ar% ACID -l /sys/lib/acid/truss 1236297
/proc/1236297/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
/sys/lib/acid/truss
acid: truss()
no output, so I examined the status using ps
ar% ps -a
...
none 1236297 48578:46 0:00 172K Running
validateaddress /mail/lib/validateaddress ar.aichi-u.ac.jp!hatbox
...
bootes 2056324 0:00 0:00 236K Await ACID /bin/ACID -
l /sys/lib/acid/truss 1236297
bootes 2056328 0:00 0:00 1472K Stopwait acid -l /sys/lib/
acid/truss 1236297
bootes 2056329 0:00 0:00 188K Pread ps -a
where ACID does
chmod 660 /proc/1236297/mem
acid -l /sys/lib/acid/truss 1236297
Thanks
Kenji Arisawa
On 2009/08/11, at 13:07, erik quanstrom wrote:
> On Mon Aug 10 23:59:56 EDT 2009, arisawa@ar.aichi-u.ac.jp wrote:
>> Thanks Erik.
>>
>> However I don't know how to truss running process.
>>
>> Kenji Arisawa
>>
>
> for example:
>
> ; cat > truss.c
> #include <u.h>
> #include <libc.h>
>
> void
> main(void)
> {
> for(;;)
> sleep(10*1000);
> }
> ; 8c -FVTw truss.c && 8l -o truss truss.8
> ; truss&
> ; acid -l/sys/lib/acid/truss $apid
> /proc/116801/text:386 plan 9 executable
> /sys/lib/acid/port
> /sys/lib/acid/386
> /sys/lib/acid/truss
> acid: truss()
> sleep(10000)
> return value: 0
>
> - erik
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-11 5:26 ` Kenji Arisawa
@ 2009-08-11 15:27 ` Russ Cox
2009-08-12 6:48 ` Kenji Arisawa
0 siblings, 1 reply; 10+ messages in thread
From: Russ Cox @ 2009-08-11 15:27 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
acid pid
bpset(strcmp)
loop 1,20 do { cont(); print("strcmp '", *(*strcmp:s1\s), "' '",
*(*strcmp:s2\s), "'\n"); }
bpdel(strcmp)
also
bpset(klook)
cont();
# wait a while, see if you hit the breakpoint, probably not
DEL (to stop acid if it didn't hit the breakpoint)
bpdel(klook)
if you do hit the klook breakpoint then try
the same sequence but with yyparse instead
of klook.
the goal is to find some function that isn't being
repeatedly called. that helps narrow down the
source of the infinite loop to code inside that
function or the ones it calls.
russ
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-11 15:27 ` Russ Cox
@ 2009-08-12 6:48 ` Kenji Arisawa
2009-08-12 14:59 ` Russ Cox
0 siblings, 1 reply; 10+ messages in thread
From: Kenji Arisawa @ 2009-08-12 6:48 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Thanks Russ,
ar% ps
...
none 1236297 49979:50 0:00 172K Running validateaddress
...
ar% acid 1236297
/proc/1236297/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: bpset(strcmp)
Waiting...
1236297: exception 50 klook+0x7a MOVL 0x8(DX),DX
acid: loop 1,20 do { cont(); print("strcmp '", *(*strcmp:s1\s), "'
'",*(*strcmp:s2\s), "'\n"); }
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
1236297: breakpoint strcmp+0x3 MOVL s1+0x0(FP),BP
1236297: breakpoint strcmp SUBL $0xc,SP
strcmp 'in' 'prompt'
acid: acid: bpdel(strcmp)
acid: bpset(klook)
acid: cont();
<stdin>:5: (error) msg: pid=1236297 startstop: interrupted
acid: bpdel(klook)
Kenji Arisawa
On 2009/08/12, at 0:27, Russ Cox wrote:
> acid pid
>
> bpset(strcmp)
> loop 1,20 do { cont(); print("strcmp '", *(*strcmp:s1\s), "' '",
> *(*strcmp:s2\s), "'\n"); }
> bpdel(strcmp)
>
> also
>
> bpset(klook)
> cont();
> # wait a while, see if you hit the breakpoint, probably not
> DEL (to stop acid if it didn't hit the breakpoint)
> bpdel(klook)
>
> if you do hit the klook breakpoint then try
> the same sequence but with yyparse instead
> of klook.
>
> the goal is to find some function that isn't being
> repeatedly called. that helps narrow down the
> source of the infinite loop to code inside that
> function or the ones it calls.
>
> russ
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-12 6:48 ` Kenji Arisawa
@ 2009-08-12 14:59 ` Russ Cox
2009-08-13 1:39 ` Kenji Arisawa
0 siblings, 1 reply; 10+ messages in thread
From: Russ Cox @ 2009-08-12 14:59 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
so strcmp is being called a lot but klook isn't.
that means that klook is looping inside, which
basically means the p->next pointer is pointing
at itself.
final script:
kw
mem(kw, "30X") // dumps hash table
*(kw+25*4)
mem(*(kw+25*4), "16X") // dumps entry for 'in'
*(**(kw+25*4)\s) // should print 'in'
i expect that the value printed for *(kw+25*4)
in the third line will also be the third value printed
by the mem on the fourth line, meaning that
the hash table entry in question has a next
pointer pointing at itself. assuming that is true,
i think we're close to the end of what can be done.
the hash table list isn't supposed to loop back
on itself but it is. that means some kind of dangling
pointer or other memory corruption error, which
we're not likely to find retroactively.
russ
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-12 14:59 ` Russ Cox
@ 2009-08-13 1:39 ` Kenji Arisawa
2009-08-13 2:15 ` Russ Cox
0 siblings, 1 reply; 10+ messages in thread
From: Kenji Arisawa @ 2009-08-13 1:39 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Hello Russ,
Your prediction is right as shown below.
ar% acid 1236297
/proc/1236297/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: kw
0x00016120
acid: src(klook)
/sys/src/cmd/rc/var.c:47
42 kenter(SWITCH, "switch");
43 kenter(FN, "fn");
44 }
45
46 tree*
>47 klook(char *name)
48 {
49 struct kw *p;
50 tree *t = token(name, WORD);
51 for(p = kw[hash(name, NKW)];p;p = p->next)
52 if(strcmp(p->name, name)==0){
acid: mem(kw, "30X")
0x00000000 0x00019870 0x00000000 0x000197f0 0x00019830 0x00000000
0x000197b0 0x00000000 0x00000000 0x00019730 0x00000000 0x00000000
0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
0x00000000 0x000196f0 0x00019770 0x00000000 0x000198b0 0x00000000
0x00000000 0x000196b0 0x00000000 0x00000000 0x00000000 0x00000000
acid: *(kw+25*4)
0x000196b0
acid: mem(*(kw+25*4), "16X")
0x00015274 0x0000e003 0x000196b0 0xfaf0f1fe 0x00000000 0x00000000
0x00000000 0x00000000 0x00000000 0x00000000 0xef2c00be 0x00000040
0x0a110c09 0x00000040 0x0000be2c 0x00000000
acid: *(**(kw+25*4)\s)
in
acid:
By the way, how you can find
mem(*(kw+25*4), "16X") // dumps entry for 'in'
?
Kenji Arisawa
On 2009/08/12, at 23:59, Russ Cox wrote:
> so strcmp is being called a lot but klook isn't.
> that means that klook is looping inside, which
> basically means the p->next pointer is pointing
> at itself.
>
> final script:
>
> kw
> mem(kw, "30X") // dumps hash table
> *(kw+25*4)
> mem(*(kw+25*4), "16X") // dumps entry for 'in'
> *(**(kw+25*4)\s) // should print 'in'
>
> i expect that the value printed for *(kw+25*4)
> in the third line will also be the third value printed
> by the mem on the fourth line, meaning that
> the hash table entry in question has a next
> pointer pointing at itself. assuming that is true,
> i think we're close to the end of what can be done.
> the hash table list isn't supposed to loop back
> on itself but it is. that means some kind of dangling
> pointer or other memory corruption error, which
> we're not likely to find retroactively.
>
> russ
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] validateaddress
2009-08-13 1:39 ` Kenji Arisawa
@ 2009-08-13 2:15 ` Russ Cox
0 siblings, 0 replies; 10+ messages in thread
From: Russ Cox @ 2009-08-13 2:15 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
> By the way, how you can find
> mem(*(kw+25*4), "16X") // dumps entry for 'in'
> ?
I read khash and computed the hash for "in",
which was the string you found earlier using
strcmp. It is ('i'*1+'n'*2)%30 == 25.
Russ
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2009-08-13 2:15 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-08-10 6:11 [9fans] validateaddress Kenji Arisawa
2009-08-10 17:13 ` erik quanstrom
2009-08-11 3:57 ` Kenji Arisawa
2009-08-11 4:07 ` erik quanstrom
2009-08-11 5:26 ` Kenji Arisawa
2009-08-11 15:27 ` Russ Cox
2009-08-12 6:48 ` Kenji Arisawa
2009-08-12 14:59 ` Russ Cox
2009-08-13 1:39 ` Kenji Arisawa
2009-08-13 2:15 ` Russ Cox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).