I just started using applescript today, and heard about subroutines. So I decided to write a little test program that takes a number, increments it by 9, subtracts 27, divides by 3, and then returns the result. Only it doesn't return the result; it returns a StackOverFlow error instead. What is a StackOverFlow error?
The program compiled correctly, and I don't know what is wrong. Like I said, I'm very new to applescript. Here is the code that I'm running:
calculate_result(text returned of (display dialog "Enter a number:" default answer ""))
on calculate_result(this_result)
set this_result to this_result + 9
set this_result to this_result - 27
set this_result to this_result / 3
return calculate_result(this_result)
end calculate_result
An excerpt from an answer to a similar question...
Parameters and local variables are allocated on the stack (with reference types the object lives on the heap and a variable references that object). The stack typically lives at the upper end of your address space and as it is used up it heads towards the bottom of the address space (ie towards zero).
Your process also has a heap, which lives at the bottom end of your process. As you allocate memory this heap can grow towards the upper end of your address space. As you can see, there is the potential for the heap to "collide" with the stack (a bit like techtonic plates!!!).
A Stack Overflow error means that the stack (your subroutine) overflowed (executed itself so many times that it crashed). Stack Overflow errors usually result from a bad recursive call (in the case of AppleScript, a bad subroutine call).
In general, if your subroutines return values, make sure that value is not the subroutine name. Otherwise the stack will overflow, crashing your program (if the return statement is not inside a try block). Just change this:
return calculate_result(this_result)
...to this
return this_result
...and you should be good to go!
In some cases it is fine to return the subroutine name, but only if there is a terminating condition. For example, if a user entered an invalid number, the subroutine could rerun itself, but only if the number was invalid (shown below):
on get_input()
set this_number to null
try
set this_number to the text returned of (display dialog "Please enter a number:" default answer "") as number
on error --the user didn't enter a number and the program tried to coerce the result into a number and threw an error, so the program branches here
return get_input()
end try
return this_number
end get_input
In the above case, the terminating condition occurs when a user enters an actual number. You can usually tell when a program will throw a Stack Overflow error because there is no terminating condition.
I hope this information helps!
In "calculate_result", the last line is calling "calculate_result" again. Change the line to:
return (this_result)
The last line in the subroutine is just calling the subroutine again, which calls the subroutine again, which calls the subroutine again, which calls the subroutine again, which calls the subroutine again...
I think you get the idea - the AppleScript, as you've written it - crashes because it just keeps calling itself, and eventually runs out of memory, hence triggering the stack overflow error.
A stack overflow error happens anytime a program runs out of a certain kind of memory space - it's not specific to AppleScript - it can happen in any programming language. See this answer for a more in-depth explanation of a stack overflow error is:
( What is a stack overflow? )
return calculate_result(this_result)
You are recursively calling the subroutine again passing this_result to it and the called function in turn calls the sub-routine and so on. Variables, return address of the function etc., resides on stack. And due to the recursive nature of the sub-routine the stack overflows.
Related
I'm messing around with running old DOS programs in an emulator, and I've gotten to the point where I'd like to trace the program's stack. However, I'm running into a problem, specifically how to detect near calls and far calls. Some pretext:
A near call pushes only the IP onto the stack, and is expected to be paired with a ret which pops only the IP to return to.
A far call pushes both the CS and IP onto the stack, and is expected to be paired with a retf which pops both the CS and IP to return to.
There is no way to know whether a call is a near call or a far call, except by knowing which kind of instruction called it, or which return it uses.
Luckily, for the period this program was developed in, BP-based stack frames were very common, so walking the stack doesn't seem to be a problem: I just follow the BP-chain. Unfortunately, getting the CS and/or IP is difficult, because there doesn't seem to be any way for me to determine whether a call is a near call or a far call by looking at the stack alone.
I have metadata about functions available, so I can tell whether a function is a near or far call if I already know the actual CS and IP, but I can't figure out the IP and CS unless I already know if it's a far call or near call.
I'm having a little success by just guessing and seeing if my guess results in a valid function lookup, but I think this method will produce a lot of false positives.
So my question is this: How did debuggers of the DOS era deal with this problem and produce stack traces? Is there some algorithm for this I'm missing, or did they just encode debug information in the stack? (If this is the case, then I'll have to come up with something else.)
Just a guess, I've never actually used 16-bit x86 development tools (modern or back in the day):
You know the CS:IP value of the current function (or one that triggered a fault or whatever from an exception frame).
You might have metadata that tells you whether this is a "far" function that's called with a far call or not. Or you could attempt decoding until you get to a retn or retf, and use that to decide whether the return address is a near IP or a far CS:IP.
(Assuming this is a normal function that returns with some kind of ret. Or if it ends with a jmp tailcall to another function, then the return address probably matches that, but that's another level of assumptions. And figuring out that a near jmp is the end of a function instead of just a jump within a large function is am ambiguous problem without any symbol metadata.)
But anyway, apply the same thing to the parent function: after one level of successful backtracing, you now have the CS:IP of the instruction after the call in your parent function, and the SS:BP value of the BP linked list.
And BTW, yes there's a very good reason for legacy BP stack frames being widely used: [SP] isn't a valid 16-bit addressing mode, and only [BP] as a base implies SS as a segment, so yes, using BP for access to the stack was the only good option for random access (not just push/pop for temporaries). No reason not to save/restore it first (before any other registers or reserving stack space) to make a conventional stack-frame.
I have written a function in C, which, when called, immediately results in a stack overflow.
Prototype:
void dumpOutput( Settings *, char **, FILE * );
Calling line:
dumpOutput( stSettings, sInput, fpOut );
At the time of calling it, stSettings is already a pointer to Settings structure, sInput is a dynamically allocated 2D array and fpOut is a FILE *. It reaches all the way to the calling line without any errors, no memory leaks etc.
The actual function is rather lengthy and i think its not worth sharing it here as the overflow occurs just as the code enters the function (called the prologue part, i think)
I have tried calling the same function directly from main() with dummy variables for checking if there are any problems with passed arguments but it still throws the stack overflow condition.
The error arises from the chkstk.asm when the function is called. This asm file (according to the comments present in it) tries to probe the stack to check / allocate the memory for the called function. It just keeps jumping to Find next lower page and probe part till the stack overflow occurs.
The local variables in dumpOutput are not memory beasts either, just 6 integers and 2 pointers.
The memory used by code at the point of entering this function is 60,936K, which increases to 61,940K at the point when the stack overflow occurs. Most of this memory goes into the sInput. Is this the cause of error? I don't think so, because only its pointer is being passed. Secondly, i fail to understand why dumpOutput is trying to allocate 1004K of memory on stack?
I am totally at a loss here. Any help will be highly appreciated.
Thanks in advance.
By design, it is _chkstk()'s job to generate a stack overflow exception. You can diagnose it by looking at the generated machine code. After you step into the function, right-click the edit window and click Go To Disassembly. You ought to see something similar to this:
003013B0 push ebp
003013B1 mov ebp,esp
003013B3 mov eax,1000D4h ; <== here
003013B8 call #ILT+70(__chkstk) (30104Bh)
The value passed through the EAX register is the important one, that's the amount of stack space your function needs. Chkstk then verifies it is actually available by probing the pages of stack. If you see it repeatedly looping then the value for EAX in your code is high. Like mine, it is guaranteed to consume all bytes of the stack. And more. Which is what it protects against, you normally get an access violation exception. But there's no guarantee, your code may accidentally write to a mapped page that belongs to, say, the heap. Which would produce an incredibly difficult to diagnose bug. Chkstk() helps you find these bugs before you blow your brains out in frustration.
I simply did it with this little test function:
void test()
{
char kaboom[1024*1024];
}
We can't see yours, but the exception says that you either have a large array as a local variable or you are passing a large value to _alloca(). Fix by allocating that array from the heap instead.
Most likely a stack corruption or recursion error but it's hard to answer without seeing any code
I was immediately suspicious of the crash. A Floating Point Exception in a method whose only arithmetic was a "divide by sizeof(short)".
I looked at the stack crawl & saw that the offset into the method was "+91". Then I examined a disassembly of that method & confirmed that the Program Counter was in fact foobar at the time of the crash. The disassembly showed instructions at +90 and +93 but not +91.
This is a method, 32-bit x86 instructions, that gets called very frequently in the life of the application. This crash has been reported 3 times.
How does this happen? How do I set a debugging trap for the situation?
Generally when you fault in the middle of an instruction, its due to bad flow control(ie: a broken jump, call, retn), an overflow, bad dereferencing or your debug symbols being out-of-sync making the stack trace show incorrect info. Your first step is to reliably reproduce the error everytime, else you'll have trouble trapping it, from there I'd just run it in a debugger, force the conditions to make it explode, then examine the (call) stack and registers to see if they are valid values etc.
Here is the project page
http://www.codeproject.com/KB/threads/StackWalker.aspx
[STACKFRAME64][1] s;
//s contains the current stack frame filled by calling [StackWalk64][2] WinAPI
if (s.AddrPC.Offset == s.AddrReturn.Offset)
{
printf("StackWalk64-Endless-Callstack!");
}
My question is when will this condition be satisfied? What addresses do s.AddrPC.Offset, s.AddrReturn.Offset contain?
Is the return address in the last frame on stack = 0?
Hopefully never, but it is a basic sanity check in case the stack frame got stomped. Which isn't unlikely when you try to walk the stack in an exception handler triggered by a nasty hardware exception like AccessViolation. Without that check the code would enter an endless loop, constantly finding the same stack frame back.
AddrPC is the address of the call instruction, AddrReturn is the return address, the address of the previous call instruction (+5). Not sure what "stack 0" might mean.
How can I recognize that the callstack that is shown by the debugger when my program crashes may be wrong and misleading. For example when the callstack says the following frames may be missing or incorrect, what that actually means? Also what the + number after the function call in the callstack means :
kernel32!LoadLibrary + 0x100 bytes
Should this number be important to me, and is it true that if this number is big the callstack may be incorrect ?
Sorry if I am asking something trivial and obvious
Thank you all
Generally, you can trust your callstack to be correct.
However, if you re-throw exceptions explicitly instead of allowing them to bubble up the callstack naturally, the actual error can be hidden from the stack trace.
To start with the 2nd one: kernel32!LoadLibrary + 0x100 bytes means that the call was from the function LoadLibrary (offset: +100 bytes); appearantly there was no symbolic information exactly identifying the caller. This in itself is no reason for the callstack to be corrupted.
A call stack may be corrupted if functions overwrite values on the stack (i.e. by buffer overflow. This would likely show as '0x41445249' (if it were my name to overwrite it) as a call function. That is something outside your program memory ranges.
A way to diagnose the cause of your crash would be to set breakpoints on functions identified by the call stack. Or use your debugger to backtrace (depending on debugger & system). It is interesting to find out what arguments were included in the calls. Pointers are generally a good start (NULL pointers, uninitialized pointers). Good luck.