From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <27EA76E9-D63C-411B-8534-9D7314D0D900@ar.aichi-u.ac.jp> From: Kenji Arisawa To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Thu, 13 Aug 2009 10:39:44 +0900 References: <7ED1969C-3B1B-4FE4-8E2D-5B486E636E26@ar.aichi-u.ac.jp> <1B2326AB-19A1-4C73-9BA6-0033FA0191F8@ar.aichi-u.ac.jp> Subject: Re: [9fans] validateaddress Topicbox-Message-UUID: 44d2cce8-ead5-11e9-9d60-3106f5b1d025 Hello Russ, Your prediction is right as shown below. ar% acid 1236297 /proc/1236297/text:386 plan 9 executable /sys/lib/acid/port /sys/lib/acid/386 acid: kw 0x00016120 acid: src(klook) /sys/src/cmd/rc/var.c:47 42 kenter(SWITCH, "switch"); 43 kenter(FN, "fn"); 44 } 45 46 tree* >47 klook(char *name) 48 { 49 struct kw *p; 50 tree *t = token(name, WORD); 51 for(p = kw[hash(name, NKW)];p;p = p->next) 52 if(strcmp(p->name, name)==0){ acid: mem(kw, "30X") 0x00000000 0x00019870 0x00000000 0x000197f0 0x00019830 0x00000000 0x000197b0 0x00000000 0x00000000 0x00019730 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x000196f0 0x00019770 0x00000000 0x000198b0 0x00000000 0x00000000 0x000196b0 0x00000000 0x00000000 0x00000000 0x00000000 acid: *(kw+25*4) 0x000196b0 acid: mem(*(kw+25*4), "16X") 0x00015274 0x0000e003 0x000196b0 0xfaf0f1fe 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0xef2c00be 0x00000040 0x0a110c09 0x00000040 0x0000be2c 0x00000000 acid: *(**(kw+25*4)\s) in acid: By the way, how you can find mem(*(kw+25*4), "16X") // dumps entry for 'in' ? Kenji Arisawa On 2009/08/12, at 23:59, Russ Cox wrote: > so strcmp is being called a lot but klook isn't. > that means that klook is looping inside, which > basically means the p->next pointer is pointing > at itself. > > final script: > > kw > mem(kw, "30X") // dumps hash table > *(kw+25*4) > mem(*(kw+25*4), "16X") // dumps entry for 'in' > *(**(kw+25*4)\s) // should print 'in' > > i expect that the value printed for *(kw+25*4) > in the third line will also be the third value printed > by the mem on the fourth line, meaning that > the hash table entry in question has a next > pointer pointing at itself. assuming that is true, > i think we're close to the end of what can be done. > the hash table list isn't supposed to loop back > on itself but it is. that means some kind of dangling > pointer or other memory corruption error, which > we're not likely to find retroactively. > > russ >