Crash on recompare

[AlexL]

Saved changes and pressed <Ctrl>R. EDP crashed. Below is fragment from DrWatson's dump.

Code: Select all

*----> State Dump for Thread Id 0xa58 <----*

eax=00000000 ebx=00000000 ecx=01541780 edx=01541708 esi=0115fd48 edi=03cd45d2
eip=0044319a esp=0115f8d8 ebp=0115f938 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

function: ExamDiff
        0044315f 8945b8           mov     [ebp-0x48],eax
        00443162 8d45b8           lea     eax,[ebp-0x48]
        00443165 50               push    eax
        00443166 e8a6ab0c00       call    ExamDiff+0x10dd11 (0050dd11)
        0044316b eb33             jmp     ExamDiff+0x431a0 (004431a0)
        0044316d 8b4304           mov     eax,[ebx+0x4]
        00443170 33db             xor     ebx,ebx
        00443172 c745bc01000000   mov     dword ptr [ebp-0x44],0x1
        00443179 8b00             mov     eax,[eax]
        0044317b 3b45c0           cmp     eax,[ebp-0x40]
        0044317e 89450c           mov     [ebp+0xc],eax
        00443181 7411             jz      ExamDiff+0x43194 (00443194)
        00443183 8d4d0c           lea     ecx,[ebp+0xc]
        00443186 43               inc     ebx
        00443187 e83ff5fcff       call    ExamDiff+0x126cb (004126cb)
        0044318c 8b45c0           mov     eax,[ebp-0x40]
        0044318f 39450c           cmp     [ebp+0xc],eax
        00443192 75ef             jnz     ExamDiff+0x43183 (00443183)
        00443194 8b4544           mov     eax,[ebp+0x44]
        00443197 8b4004           mov     eax,[eax+0x4]
FAULT ->0044319a 8b0498           mov     eax,[eax+ebx*4]   ds:0023:00000000=????????
        0044319d 89450c           mov     [ebp+0xc],eax
        004431a0 8b450c           mov     eax,[ebp+0xc]
        004431a3 33d2             xor     edx,edx
        004431a5 f77538           div     dword ptr [ebp+0x38]
        004431a8 8b4d34           mov     ecx,[ebp+0x34]
        004431ab 8bdf             mov     ebx,edi
        004431ad 2b5de8           sub     ebx,[ebp-0x18]
        004431b0 d1fb             sar     ebx,1
        004431b2 4b               dec     ebx
        004431b3 3b7dc4           cmp     edi,[ebp-0x3c]
        004431b6 8d0491           lea     eax,[ecx+edx*4]
        004431b9 8945b8           mov     [ebp-0x48],eax
        004431bc 751f             jnz     ExamDiff+0x431dd (004431dd)
        004431be 837e7400         cmp     dword ptr [esi+0x74],0x0
        004431c2 7419             jz      ExamDiff+0x431dd (004431dd)
        004431c4 8b5518           mov     edx,[ebp+0x18]
        004431c7 0b551c           or      edx,[ebp+0x1c]
        004431ca 7506             jnz     ExamDiff+0x431d2 (004431d2)
        004431cc 8d41fc           lea     eax,[ecx-0x4]
        004431cf 8945b8           mov     [ebp-0x48],eax

[psguru]

Is this reproducible (obviously, if we could reproduce the problem, I wouldn't ask)? If so, could you post (send) your files and options?

Thanks.

[AlexL]

Is this reproducible (obviously, if we could reproduce the problem, I wouldn't ask)? If so, could you post (send) your files and options?

Thanks.

No, sorry. Could not reproduce it after crash. I hoped that since I beforehand increased the number of asm commands in DrWatson's dump, it could help you to find and analyze the relevant fragment. But if not, then we have to wait till next similar crash (if any).

[psguru]

The dump always helps, thanks. However, in this case the code in the crash doesn't seem to have a fault.

Let's wait until the next one.

BTW, please let me know if you need a free upgrade license -- you certainly deserve one.

[AlexL]

The dump always helps, thanks. However, in this case the code in the crash doesn't seem to have a fault.

I'm sure you saw that the situation in interest could happen only if both EAX and EBX are zero. EBX is initialized to 0 at 00443170, and is increased at 00443186. If I did not miss something, you can avoid this increment only in case you perform a jump at 00443181, where EAX also seems to be 0 (because of "JZ" opcode). If this happens first time in the loop of EBX (00443183--00443192), you'll get the crash, because both EAX and EBX will be 0 at 0044319a.

Don't know if I understood the situation properly, and if this helps.

BTW, please let me know if you need a free upgrade license -- you certainly deserve one.

Yes, I'll greatly appreciate this step, because it would be very helpful to me.

[psguru]

Don't know if I understood the situation properly, and if this helps.

Thanks but knowing how it could possibly happen in assembly doesn't help much since the code was generated by an optimizing compiler in the release build.

Yes, I'll greatly appreciate this step, because it would be very helpful to me.

You got mail in this forum

[AlexL]

Yes, I'll greatly appreciate this step, because it would be very helpful to me.

You got mail in this forum

...Though could not use it for some time... It crashed when I opened registration window. This window had opened for paste, but I had no time to enter the information: EDP crashed. Same happened with v3.4.2.0. Reinstalled v3.5.0.6 several times - same result each time.

Workaround: reinstall v3.5.0.6 after deleting files from the previous version(s). Then it worked.

Sorry, I had no time to investigate this deeper. Maybe later. Have to go now.

[psguru]

Did you manage to get the crash dump?

[AlexL]

Did you manage to get the crash dump?

Yes, even several. But:

1) I'm already not sure which of 5 dumps from today relates to this problem (too late here). Probably this:

Code: Select all

*----> State Dump for Thread Id 0xf9c <----*

eax=dcbaabcd ebx=00000001 ecx=0012f010 edx=7ffb001c esi=015dfeb4 edi=0012eab8
eip=0056baf5 esp=015dfe8c ebp=015dfec4 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

function: ExamDiff
        0056bad1 5d               pop     ebp
        0056bad2 f8               clc
        0056bad3 ff500c           call    dword ptr [eax+0xc]
        0056bad6 8b16             mov     edx,[esi]
        0056bad8 50               push    eax
        0056bad9 8bce             mov     ecx,esi
        0056badb ff12             call    dword ptr [edx]
        0056badd 8b4508           mov     eax,[ebp+0x8]
        0056bae0 5f               pop     edi
        0056bae1 eb03             jmp     ExamDiff+0x16bae6 (0056bae6)
        0056bae3 6a01             push    0x1
        0056bae5 58               pop     eax
        0056bae6 5e               pop     esi
        0056bae7 5b               pop     ebx
        0056bae8 c9               leave
        0056bae9 c20800           ret     0x8
        0056baec 56               push    esi
        0056baed 8bf1             mov     esi,ecx
        0056baef 8b4c2408         mov     ecx,[esp+0x8]
        0056baf3 8b01             mov     eax,[ecx]
FAULT ->0056baf5 8378f400       cmp dword ptr [eax-0xc],0x0 ds:0023:dcbaabc1=????????
        0056baf9 7c0e             jl      ExamDiff+0x16bb09 (0056bb09)
        0056bafb 8906             mov     [esi],eax
        0056bafd 83c0f4           add     eax,0xfffffff4
        0056bb00 50               push    eax
        0056bb01 ff15ac825a00     call    dword ptr [ExamDiff+0x1a82ac (005a82ac)]
        0056bb07 eb10             jmp     ExamDiff+0x16bb19 (0056bb19)
        0056bb09 a1a4906100       mov     eax,[ExamDiff+0x2190a4 (006190a4)]
        0056bb0e 8906             mov     [esi],eax
        0056bb10 ff31             push    dword ptr [ecx]
        0056bb12 8bce             mov     ecx,esi
        0056bb14 e8fd030000       call    ExamDiff+0x16bf16 (0056bf16)
        0056bb19 8bc6             mov     eax,esi
        0056bb1b 5e               pop     esi
        0056bb1c c20400           ret     0x4
        0056bb1f e805000000       call    ExamDiff+0x16bb29 (0056bb29)
        0056bb24 e912000000       jmp     ExamDiff+0x16bb3b (0056bb3b)
        0056bb29 6a40             push    0x40
        0056bb2b 6890000000       push    0x90
        0056bb30 b9087b6700       mov     ecx,0x677b08
        0056bb35 e872fefaff       call    ExamDiff+0x11b9ac (0051b9ac)

Another variant (almost the same, but this is because I tried several times):

Code: Select all

*----> State Dump for Thread Id 0xc1c <----*

eax=00000000 ebx=00000001 ecx=0012f010 edx=7ffb001c esi=015dfeb4 edi=0012eab8
eip=0056baf5 esp=015dfe8c ebp=015dfec4 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

function: ExamDiff
        0056bad1 5d               pop     ebp
        0056bad2 f8               clc
        0056bad3 ff500c           call    dword ptr [eax+0xc]
        0056bad6 8b16             mov     edx,[esi]
        0056bad8 50               push    eax
        0056bad9 8bce             mov     ecx,esi
        0056badb ff12             call    dword ptr [edx]
        0056badd 8b4508           mov     eax,[ebp+0x8]
        0056bae0 5f               pop     edi
        0056bae1 eb03             jmp     ExamDiff+0x16bae6 (0056bae6)
        0056bae3 6a01             push    0x1
        0056bae5 58               pop     eax
        0056bae6 5e               pop     esi
        0056bae7 5b               pop     ebx
        0056bae8 c9               leave
        0056bae9 c20800           ret     0x8
        0056baec 56               push    esi
        0056baed 8bf1             mov     esi,ecx
        0056baef 8b4c2408         mov     ecx,[esp+0x8]
        0056baf3 8b01             mov     eax,[ecx]
FAULT ->0056baf5 8378f400       cmp dword ptr [eax-0xc],0x0 ds:0023:fffffff4=????????
        0056baf9 7c0e             jl      ExamDiff+0x16bb09 (0056bb09)
        0056bafb 8906             mov     [esi],eax
        0056bafd 83c0f4           add     eax,0xfffffff4
        0056bb00 50               push    eax
        0056bb01 ff15ac825a00     call    dword ptr [ExamDiff+0x1a82ac (005a82ac)]
        0056bb07 eb10             jmp     ExamDiff+0x16bb19 (0056bb19)
        0056bb09 a1a4906100       mov     eax,[ExamDiff+0x2190a4 (006190a4)]
        0056bb0e 8906             mov     [esi],eax
        0056bb10 ff31             push    dword ptr [ecx]
        0056bb12 8bce             mov     ecx,esi
        0056bb14 e8fd030000       call    ExamDiff+0x16bf16 (0056bf16)
        0056bb19 8bc6             mov     eax,esi
        0056bb1b 5e               pop     esi
        0056bb1c c20400           ret     0x4
        0056bb1f e805000000       call    ExamDiff+0x16bb29 (0056bb29)
        0056bb24 e912000000       jmp     ExamDiff+0x16bb3b (0056bb3b)
        0056bb29 6a40             push    0x40
        0056bb2b 6890000000       push    0x90
        0056bb30 b9087b6700       mov     ecx,0x677b08
        0056bb35 e872fefaff       call    ExamDiff+0x11b9ac (0051b9ac)

2) You told that it's too hard to understand crash reasons since the code has been optimized.

[psguru]

I'm already not sure which of 5 dumps from today relates to this problem (too late here). Probably this

Both dumps point to the same fault address. That, however, doesn't make much sense to me (yet).

2) You told that it's too hard to understand crash reasons since the code has been optimized.

No, I said that your analysis of the assembly didn't help much. The dumps are very helpful though. We can map failing addresses to the source code lines almost always. Whether that leads to fixes is another story.

[AlexL]

I'm already not sure which of 5 dumps from today relates to this problem (too late here). Probably this

Both dumps point to the same fault address. That, however, doesn't make much sense to me (yet).

Right. I saw that they lead to the same address, as well as 2 other (totally 4) that point to the same address in the same situation, because as far as I remember I saved 4 dumps with this crash. They differ only by registers' values.

[psguru]

There's something odd going on there on your PC. Let's just keep watching it.

[psguru]

If you got the crash in 3.5.0.7, we may know the reason. The fix will appear in the next build.