EInvalidOp in D2007 FillChar & Move
Craig Peterson
both functions. ;)
We're using Delphi 2007 along with madExcept and we've now had two users
send us bug reports showing "EInvalidOp: Invalid floating pointer
operation" errors, one in System.Move and one in System.FillChar.
I've included the details in below. I don't think we mess with the FPU
in our own code other than using /, *, and Trunc, though I can't rule
out something in a third-party library. Any ideas what we're doing wrong?
Thanks,
Craig Peterson
Scooter Software
***** System.Move Crash **********************************************
cpu registers:
eax = 0345ed18
ebx = 00000003
ecx = 00000006
edx = 05c4f4e8
esi = 05c4f4f6
edi = 00000000
eip = 0040356e
esp = 043efd2c
ebp = 043efd88
disassembling:
[...]
00403551 3636 fild qword ptr [ecx+eax]
00403554 3637 fild qword ptr [eax]
00403556 3638 cmp ecx, 8
00403559 3639 jle loc_40356c
0040355b 3640 fild qword ptr [eax+8]
0040355e 3641 cmp ecx, $10
00403561 3642 jle loc_403569
00403563 3643 fild qword ptr [eax+$10]
00403566 3644 fistp qword ptr [edx+$10]
00403569 3646 fistp qword ptr [edx+8]
0040356c 3648 > fistp qword ptr [edx]
0040356e 3649 fistp qword ptr [ecx+edx]
00403571 3651 ret
00403598 3657 push edx
00403599 3658 fild qword ptr [eax]
004035b0 3668 fild qword ptr [ecx+eax]
004035b3 3669 fistp qword ptr [ecx+edx]
004035b6 3670 add ecx, 8
004035b9 3671 jl loc_4035b0
004035bb 3672 fistp qword ptr [edx]
004035bd 3673 pop edx
[...]
stack dump:
043efd2c ac 5e 40 00 e8 f4 c4 05 - f8 fd 3e 04 03 00 00 00
.^@.......>.....
043efd3c d4 f9 da 03 70 50 34 01 - 4c 00 8c 00 87 09 8c 00
....pP4.L.......
043efd4c e8 e6 b0 05 e4 09 8c 00 - 18 ed 45 03 b8 fd 3e 04
..........E...>.
043efd5c ac 52 40 00 88 fd 3e 04 - 4c 00 8c 00 00 00 00 00
.R@...>.L.......
043efd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
043efd7c f8 fd 3e 04 a8 8b 24 05 - b0 ea 45 03 b0 fd 3e 04
..>...$...E...>.
043efd8c 02 2d 84 00 bc 1d 84 00 - ac 7c 40 00 d8 ea c2 05
.-.......|@.....
043efd9c 4c fe 3e 04 f0 ea c2 05 - 30 4f 84 00 f8 fd 3e 04
L.>.....0O....>.
043efdac 78 8b 24 05 5c fe 3e 04 - 46 14 8c 00 c4 fd 3e 04
x.$.\.>.F.....>.
043efdbc ac 52 40 00 5c fe 3e 04 - d0 fd 3e 04 ac 52 40 00
.R@.\.>...>..R@.
043efdcc 5c fe 3e 04 6c fe 3e 04 - ac 52 40 00 5c fe 3e 04
\.>.l.>..R@.\.>.
043efddc d4 f9 da 03 70 50 34 01 - 4c 00 8c 00 00 00 00 00
....pP4.L.......
043efdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
043efdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 20 00 00 00
................
043efe0c 00 0e f5 1b d5 df c5 01 - 04 a8 84 e6 47 b3 c8 01
............G...
043efe1c 30 e3 66 60 53 99 c8 01 - e8 11 00 00 00 00 00 00
0.f`S...........
043efe2c 00 00 00 00 70 50 34 01 - 4c fb 6d 00 00 00 00 00
....pP4.L.m.....
043efe3c 80 3d 8c 00 4c fe 3e 04 - 00 00 00 00 00 00 00 00
.=..L.>.........
043efe4c 00 00 00 00 00 00 00 00 - 20 2a 1d 05 b0 ea 45 03
.........*....E.
043efe5c 90 fe 3e 04 0c 3d 8c 00 - 8c 2a 1d 05 a8 8b 24 05
..>..=...*....$.
***** System.FillChar Crash *******************************************
cpu registers:
eax = 03cb3b58
ebx = 03cabb68
ecx = fffffff8
edx = ffffa768
esi = 00000000
edi = 00008000
eip = 00403f3d
esp = 0419fc14
ebp = 0419fc44
disassembling:
[...]
00403f21 fld qword ptr [eax]
00403f23 fst qword ptr [edx+eax]
00403f26 fst qword ptr [edx+eax+8]
00403f2a mov ecx, eax
00403f2c and ecx, 7
00403f2f sub ecx, 8
00403f32 sub eax, ecx
00403f34 add edx, ecx
00403f36 add eax, edx
00403f38 neg edx
00403f3a > fst qword ptr [edx+eax]
00403f3d fst qword ptr [edx+eax+8]
00403f41 add edx, $10
00403f44 jl loc_403f3a
00403f46 ffree st
00403f48 ret
00403f49 nop
00403f4a nop
00403f4b nop
00403f4c test edx, edx
00403f4e jle loc_403fa0
[...]
stack dump:
0419fc14 35 74 40 00 38 3b ca 03 - 00 00 00 00 00 80 00 00
5t@.8;..........
0419fc24 60 bb ca 03 08 80 00 00 - 01 00 00 00 75 18 80 7c
`...........u..|
0419fc34 00 00 00 00 00 00 00 00 - 01 00 00 00 b4 fc 19 04
................
0419fc44 74 fc 19 04 82 74 40 00 - 54 fc 19 04 e3 7a 4d 00
t....t@.T....zM.
0419fc54 00 80 00 00 80 fc 19 04 - c0 52 40 00 74 fc 19 04
.........R@.t...
0419fc64 9c 3a 85 00 60 14 17 01 - 38 3b ca 03 00 00 00 00
.:..`...8;......
0419fc74 b8 fc 19 04 a3 13 85 00 - b4 fc 19 04 c4 fc 19 04
................
0419fc84 c0 52 40 00 b8 fc 19 04 - ff ff ff ff 38 3b ca 03
.R@.........8;..
0419fc94 60 14 17 01 00 00 00 00 - 30 3b ca 03 3b 32 40 00
`.......0;..;2@.
0419fca4 b8 fc 19 04 35 74 40 00 - 9c 3a 85 00 00 80 00 00
....5t@..:......
0419fcb4 00 00 00 00 e0 fc 19 04 - 7f 11 85 00 00 00 00 00
................
0419fcc4 ec fc 19 04 c0 52 40 00 - e0 fc 19 04 9c 3a 85 00
.....R@......:..
0419fcd4 08 96 1b 03 00 80 00 00 - 00 00 00 00 20 fd 19 04
................
0419fce4 df 05 85 00 00 00 00 00 - f8 fc 19 04 c0 52 40 00
.............R@.
0419fcf4 20 fd 19 04 30 fd 19 04 - c0 52 40 00 20 fd 19 04
....0....R@.....
0419fd04 38 ec 21 03 d8 5d c9 03 - 9c 3a 85 00 00 00 00 00
8.!..]...:......
0419fd14 70 fd 19 00 60 14 17 01 - 00 00 00 00 98 fd 19 04
p...`...........
0419fd24 1f 66 86 00 26 0e d6 06 - 00 00 00 00 3c fd 19 04
.f..&.......<...
0419fd34 4b 66 86 00 98 fd 19 04 - 48 fd 19 04 c0 52 40 00
Kf......H....R@.
0419fd44 98 fd 19 04 54 fd 19 04 - c0 52 40 00 98 fd 19 04
....T....R@.....
Pierre le Riche
There's a missing fincstp in FillChar. It /might/ be the cause:
> 00403f38 neg edx
> 00403f3a > fst qword ptr [edx+eax]
> 00403f3d fst qword ptr [edx+eax+8]
> 00403f41 add edx, $10
> 00403f44 jl loc_403f3a
> 00403f46 ffree st
fincstp // <-- Insert it here
> 00403f48 ret
Regards,
Pierre
John O'Harrow
stack, causing it to overflow when FillChar or Move try to use it. Do you
have a code snippet with which I can reproduce the symptoms to investigate
this further?
--
Regards,
John
--
The Fastcode Project: http://www.fastcodeproject.org/
"Craig Peterson" <"craig no scootersoftware spam com"> wrote in message
news:48865b96$1...@newsgroups.borland.com...
Craig Peterson
> From your symptoms, it appears that some other code has left data on the FPU
> stack, causing it to overflow when FillChar or Move try to use it. Do you
> have a code snippet with which I can reproduce the symptoms to investigate
> this further?
I wish. :( The FillChar one has occurred for one user a few times, but
it isn't really repeatable, and the Move one has only occurred once so
far. The FillChar ones are generally occurring deep in some Indy code:
00403f3a +032 System 281 +0 @FillChar
00407430 +144 System 281 +0 DynArraySetLength
0040747d +005 System 281 +0 @DynArraySetLength
004d7ade +046 IdGlobal 3974 +2 ToBytes
0085139e +03a IdIOHandler 1862 +5 TIdIOHandler.WriteDirect
0085117a +04e IdIOHandler 1767 +5 TIdIOHandler.Write
008505dc +1b4 IdIOHandler 1309 +47 TIdIOHandler.Write
...
I don't think they'll use too much assembly just for portability
reasons. Are there any op codes or other things related to the FPU that
I can search for to try to narrow it down?
Thanks,
Craig
Pierre le Riche
> From your symptoms, it appears that some other code has left data on the
> FPU stack, causing it to overflow when FillChar or Move try to use it. Do
> you have a code snippet with which I can reproduce the symptoms to
> investigate this further?
Some of the compiler magic routines pass a floating point parameter on the
FPU stack. If the called routine in turn calls FillChar or Move it could
lead to trouble.
Example:
program Program1;
{$APPTYPE CONSOLE}
uses
SysUtils, Variants;
type
TMyVariantClass = class(TCustomVariantType)
public
procedure Clear(var V: TVarData); override;
procedure Copy(var Dest: TVarData; const Source: TVarData;
const Indirect: Boolean); override;
end;
var
MyVarType: TMyVariantClass;
DummyData: array[0..100] of Byte;
{ TMyVariantClass }
procedure TMyVariantClass.Clear(var V: TVarData);
begin
FillChar(DummyData, SizeOf(DummyData), 0);
end;
procedure TMyVariantClass.Copy(var Dest: TVarData; const Source: TVarData;
const Indirect: Boolean);
begin
end;
procedure Test;
var
TestVar1, TestVar2: Variant;
MyInt: Integer;
MyDouble: Double;
begin
MyInt := 1;
MyDouble := 1;
{This works}
TVarData(TestVar1).VType := MyVarType.VarType;
TestVar1 := MyInt;
{This doesn't work}
TVarData(TestVar2).VType := MyVarType.VarType;
TestVar2 := MyDouble;
end;
begin
MyVarType := TMyVariantClass.Create;
try
Test;
except
Writeln('FAIL');
end;
end.
Regards,
Pierre