Bug on Creating instances?

BlitzMax Forums/BlitzMax Programming/Bug on Creating instances?

BladeRunner

(Posted 2013) [#1]

Ok, given the following Code:

SuperStrict
Local test:TBla
Try
	test:TBla = TBla.Create() 
	Print test.blub	'oh-oh, changing a null object
	Print "I never get executed"
	Catch TNull:TBlitzException
		Print "catch: " + Tnull.tostring() 'what happened?
EndTry
Print "Thanks to catch you can read me!"

test.blub = 1337
Print test.blub

Type TBla
	Field blub:Int
	
	Function Create:TBla() 
		Return Null
	End Function
End Type

Running it in debug mode will work as excepted. The first call of Test's int field will be catched. The second one will produce an exception.
Running it in release instead will make it buggy:
All Lines are executed except the catch block. So, there is an object Test in existance although it shouldn't be. You can even alter it's fields. Weird.
Any ideas on how to explain this?

Floyd

(Posted 2013) [#2]

So, there is an object Test in existance

I don't think there is. This must be matter of unitialized memory.

The variable test, of type TBla, exists. But it doesn't point to any object created with New. You could probably work out the internal details of the Type system by wading through the module source code, but I've never done it .

The test variable must at least have some way of knowing whether it is valid, so it can be tested for equality with Null. That part is initialized as you would expect. It must also have a pointer to memory allocated to an object. That's the part which is uninitialized, containing random junk. I'm just guessing at the details, but I think the general idea is right.

Yasha

(Posted 2013) [#3]

I was originally thinking the same as Floyd, but surely the point of having null reference exceptions is that they can be generated reliably? Some people (for reasons known only to them) actually code assuming such. (It's called EAFP - Easier To Ask Forgiveness Than Permission - and is common in interpreted and dynamic languages where there are type and null checks around every operation anyway; not so much in ones where the checks are optimised out.)

I think the code is behaving more or less as designed (for the reasons explained in post #2; to the extent that modifying null has a designed behaviour), but you could call it a "specification bug" if the exception type exists but doesn't fire in this case. Or does it? Is such an exception type even made available in release mode or is it only a debugging tool?

(Stuff I vaguely remember: Null in BlitzMax is a normal object with a very high reference count, to save the RC system the trouble of checking for null on every single assignment; this means it has to be safe to modify, at least for the runtime system; in turn, it can't be memory-protected to generate hardware exceptions "for free" the way true-null does in C++, so I guess there's no efficient way to make this work in release mode; if a value could be null, you should test it before use - ask permission, not forgiveness too late.)

BladeRunner

(Posted 2013) [#4]

If I add a second field, a string, to the type and try to change it's values it will crash with a MAV, so I think this (code runs) is an unwanted case, what I would call a bug.
We did some deeper steps in the assembled code in the german forums and it seems that indeed there is one pointer for nulkl references and because it isn't checked in releasemode can be overwritten. Which is fatal if there is more than one integer (4 Bytes) changed.

Derron

(Posted 2013) [#5]

(I have written the German posts).

I assume all findings there are correct ... but I did not think of using "try...catch" in my code. I just do not trust "foreign variables" and therefor check all of them versus NULL before accessing them.
The only exception is within methods and within "local obj:myobject eachin list" as that should only return objects of the wanted type.

Surely this adds some checks more than needed but this is no hpc-language.
People could also complain about "nullint:int = null" being "0" (which makes it harder to have null-params for functions to handle it with on default getters)

But nethertheless - it is a bug or language-design-mis-decision as being inconsistent a bit.

PS: I am not the one with much knowledge on this topic so @Yasha: does a real "null" add much overhead. I think that a null would have to get checked additionally while a "intNull=0" is just a ...int.

bye
Ron

Yasha

(Posted 2013) [#6]

@Yasha: does a real "null" add much overhead.

By "real null" I meant the one used in C or C++, the one you get by casting 0 to a pointer type.

It's usually a pointer to a page of memory whose protection flags have been set to completely disallow reads or writes, so attempting to access the page will cause the hardware to raise a segfault signal (note that C doesn't actually define what happens here... C++ might, I don't know offhand; at any rate I'm talking about the common x86 case, where this happens). The language runtime can set up a signal handler to catch segfaults and turn them into language-level null reference exceptions if that's what happened; this way to handle exceptions is literally zero-overhead because the check doesn't happen until after null actually gets dereferenced; the exception originates in hardware (so no test gets put into the assembly code).

The downside is that you can only mprotect whole pages of memory at a time (4K on most systems). I guess Mark didn't want to waste a whole page of memory just to mprotect the "fields" of null or something? I don't know how it's actually allocated (as above, null actually gets its refcount adjusted like other objects so as to prevent needing extra tests in the assembly, so Blitz null would need a separate area overlapping two pages, not just to be placed at 0).

Weird combinations of addresses will also potentially defeat it if you get so wildly off track that the address accidentally becomes valid again, although you could design the language around this to prevent such things from being possible to express.

grable

(Posted 2013) [#7]

Its more like a design flaw then a bug perhaps, as it would be too slow to do like debugmode does it.
My guess it was hard coded so as to not have to dereference a pointer on every null check early on, and then later exceptions came and it wasnt changed.

Of course i had to see if i could force the behavior anyway ;)
Sadly it would require tweaking the compiler as well as the runtime so its not perfect.

As Yasha said, this guards an entire page so it might guard stuff its not supposed to.. dont us it for production!
Oh, and win32 only.

Framework BRL.StandardIO
Import BRL.Retro

SuperStrict

Extern "Win32"
	Const PAGE_READONLY:Int = $02
	Const PAGE_READWRITE:Int = $04
	Const PAGE_EXECUTE_READWRITE:Int = $40
	Const PAGE_GUARD:Int = $100
	
	Function VirtualProtect:Int( adr:Byte Ptr, size:Int, newprotect:Int, oldprotect:Int Var)


	Const EXCEPTION_ACCESS_VIOLATION:Int = $C0000005
	Const EXCEPTION_DATATYPE_MISALIGNMENT:Int = $80000002
	Const EXCEPTION_BREAKPOINT:Int = 80000003
	Const EXCEPTION_SINGLE_STEP:Int = 80000004
	Const EXCEPTION_ARRAY_BOUNDS_EXCEEDED:Int = $C000008C
	Const EXCEPTION_FLT_DENORMAL_OPERAND:Int = $C000008D
	Const EXCEPTION_FLT_DIVIDE_BY_ZERO:Int = $C000008E
	Const EXCEPTION_FLT_INEXACT_RESULT:Int = $C000008F
	Const EXCEPTION_FLT_INVALID_OPERATION:Int = $C0000090
	Const EXCEPTION_FLT_OVERFLOW:Int = $C0000091
	Const EXCEPTION_FLT_STACK_CHECK:Int = $C0000092
	Const EXCEPTION_FLT_UNDERFLOW:Int = $C0000093
	Const EXCEPTION_INT_DIVIDE_BY_ZERO:Int = $C0000094
	Const EXCEPTION_INT_OVERFLOW:Int = $C0000095
	Const EXCEPTION_PRIV_INSTRUCTION:Int = $C0000096
	Const EXCEPTION_IN_PAGE_ERROR:Int = $C0000006
	Const EXCEPTION_ILLEGAL_INSTRUCTION:Int = $C000001D
	Const EXCEPTION_NONCONTINUABLE_EXCEPTION:Int = $C0000025
	Const EXCEPTION_STACK_OVERFLOW:Int = $C00000FD
	Const EXCEPTION_INVALID_DISPOSITION:Int = $C0000026
	Const EXCEPTION_GUARD_PAGE:Int = $80000001
	
	Const EXCEPTION_CONTINUE_EXECUTION:Int = -1
	Const EXCEPTION_CONTINUE_SEARCH:Int = 0
	Const EXCEPTION_EXECUTE_HANDLER:Int = 1

	Function SetUnhandledExceptionFilter( fn:Byte Ptr)
	Function AddVectoredExceptionHandler:Int( first:Int, fn:Byte Ptr)

	
	Const MB_OK:Int = 0
		
	Function MessageBoxA:Int( hwnd:Int, msg$z, title$z, flags:Int)
	Function GetActiveWindow:Int()	
EndExtern

Extern "C"
	Function bbOnDebugStop()
	Function bbExThrow( ex:Object)
EndExtern

Const NULL_SIZE:Int = 32

Global nulladdr:Byte Ptr

Function UnhandledExceptionFilter:Int( xinfo:Int Ptr) "win32"
	Local p:String = "EXCEPTION_UNKNOWN"
	
	' xinfo->ExceptionRecord->ExceptionCode
	Select Int Ptr(xinfo[0])[0]
		Case EXCEPTION_ACCESS_VIOLATION p="EXCEPTION_ACCESS_VIOLATION"
		Case EXCEPTION_ARRAY_BOUNDS_EXCEEDED p="EXCEPTION_ARRAY_BOUNDS_EXCEEDED"
		Case EXCEPTION_BREAKPOINT p="EXCEPTION_BREAKPOINT"
		Case EXCEPTION_DATATYPE_MISALIGNMENT p="EXCEPTION_DATATYPE_MISALIGNMENT"
		Case EXCEPTION_FLT_DENORMAL_OPERAND p="EXCEPTION_FLT_DENORMAL_OPERAND"
		Case EXCEPTION_FLT_DIVIDE_BY_ZERO p="EXCEPTION_FLT_DIVIDE_BY_ZERO"
		Case EXCEPTION_FLT_INEXACT_RESULT p="EXCEPTION_FLT_INEXACT_RESULT"
		Case EXCEPTION_FLT_INVALID_OPERATION p="EXCEPTION_FLT_INVALID_OPERATION"
		Case EXCEPTION_FLT_OVERFLOW p="EXCEPTION_FLT_OVERFLOW"
		Case EXCEPTION_FLT_STACK_CHECK p="EXCEPTION_FLT_STACK_CHECK"
		Case EXCEPTION_FLT_UNDERFLOW p="EXCEPTION_FLT_UNDERFLOW"
		Case EXCEPTION_ILLEGAL_INSTRUCTION p="EXCEPTION_ILLEGAL_INSTRUCTION"
		Case EXCEPTION_IN_PAGE_ERROR p="EXCEPTION_IN_PAGE_ERROR"
		Case EXCEPTION_INT_DIVIDE_BY_ZERO p="EXCEPTION_INT_DIVIDE_BY_ZERO"
		Case EXCEPTION_INT_OVERFLOW p="EXCEPTION_INT_OVERFLOW"
		Case EXCEPTION_INVALID_DISPOSITION p="EXCEPTION_INVALID_DISPOSITION"
		Case EXCEPTION_NONCONTINUABLE_EXCEPTION p="EXCEPTION_NONCONTINUABLE_EXCEPTION"
		Case EXCEPTION_PRIV_INSTRUCTION p="EXCEPTION_PRIV_INSTRUCTION"
		Case EXCEPTION_SINGLE_STEP p="EXCEPTION_SINGLE_STEP"
		Case EXCEPTION_STACK_OVERFLOW p="EXCEPTION_STACK_OVERFLOW"
		Case EXCEPTION_GUARD_PAGE
			' treet all guard faults as null derefs
			bbExThrow New TNullObjectException
			Return EXCEPTION_EXECUTE_HANDLER ' never executed
	EndSelect
	
	MessageBoxA( GetActiveWindow(), p, "Windows exception", MB_OK)
	bbOnDebugStop()
	exit_(0)
EndFunction

Function NullPageGuardHandler:Int( xinfo:Int Ptr) "win32"
	' xinfo->ExceptionRecord->ExceptionCode
	Select Int Ptr(xinfo[0])[0]
		Case EXCEPTION_GUARD_PAGE
		 	' xinfo->ExceptionRecord->ExceptionInformation[1]
			Local adr:Byte Ptr = Byte Ptr Int Ptr(xinfo[0])[6]
			If adr >= nulladdr And adr <= nulladdr + NULL_SIZE Then
				Local old:Int
				VirtualProtect( nulladdr, NULL_SIZE, PAGE_READWRITE | PAGE_GUARD, old)
				bbExThrow New TNullObjectException
				Return EXCEPTION_EXECUTE_HANDLER ' never executed
			EndIf
	EndSelect
	
	Return EXCEPTION_CONTINUE_SEARCH
EndFunction

Function GuardNull()
	Local nullobject:Object, old:Int
	nulladdr = Byte Ptr Int Ptr(Varptr nullobject)[0]
	VirtualProtect( nulladdr, NULL_SIZE, PAGE_READWRITE | PAGE_GUARD, old)
	AddVectoredExceptionHandler( True, NullPageGuardHandler)
	SetUnhandledExceptionFilter( UnhandledExceptionFilter)
EndFunction

Function UnGuardNull()
	Local old:Int
	VirtualProtect( nulladdr, NULL_SIZE, PAGE_READWRITE, old)
EndFunction




'
' TEST
'
?Not debug
GuardNull()
?

Type TTest
	Field a:Int
EndType

Local empty:TTest

Try
	Print "trying 1..."
	empty.a = 1
Catch e:TNullObjectException
	Print "oops: " + e.ToString()
EndTry
Print "done"
Print


Try
	Print "trying 2..."
	empty.a = 2
Catch e:TNullObjectException
	Print "oops: " + e.ToString()
EndTry
Print "done"
Print


Print "doing..."
empty.a = 3
Print "done"
Print