BorlandTalk.com

dhoke · Guest

(bds2006)

I have just integrated several basically inert protyped forms (wrt to form
activity - many fields on some, field data processing/activities not
implemented) into a project.

A fresh open of the project, followed by F9 run has failed, yielding the
following stack:

:32702227 std::locale::id::id(this=:0066BA7C, _Val=0)
:00652a71 ; _pure_error_
:32770960 _startup(mod_table=:0066C034)

and displays the following code (fragment):

class _CRTIMP2 locale
: public _Locbase<int>
{ // nonmutable collection of facets that describe a locale
public:
typedef int category;

// CLASS id
class _CRTIMP2 id
{ // identifier stamp, unique for each distinct kind of facet
public:
id(size_t _Val = 0)
: _Id(_Val)
{ // construct with specified stamp value
}

operator size_t()
{ // get stamp, with lazy allocation

==========================
with current line:
: _Id(_Val)

I take it the clues tell me there is an attempt to call a pure virtual
function, seemingly in the library initialization. I've examined all of the
forms, and as stated, they are (mostly) empty (not in terms of fields, but
in terms of any actual processing, or auxiliary data/classes), I believe
with nothing but standard B/CG form controls, with nothing in their "domain"
involving virtual functions that I can spot.

How does one identify who/what is the actual culprit?

Thanks.

dhoke · Guest

I have just removed all of the recently added forms, adding them back one at
a time and running after each one was added. They are not added in the same
order they were originally (when all added at once.)

The error does not occur until after I have added the final form, so I
presume I have the culprit form.

However, this form has no members that are not standard B/CG tool palette
items, and has no code except for an empty constructor.

***Any reasonable guesses, or certainties, as to why this error is
occurring?

Thanks.

"dhoke" <dhoke.nojunk@east-shore.com> wrote in message
news:46364996$1 (AT) newsgroups (DOT) borland.com...

dhoke · Guest

I have found that the "this" addresss passed in as the address of the local
being initialized, appears to point into a jump table, a piece of which
follows (we appear to be attempting to initialize a size_t _ID located
@0x66b5f4 [in the shown instance]):
0066B5F4 FF25A0536A00 jmp dword ptr [$006a53a0]
0066B5FA FF25A4536A00 jmp dword ptr [$006a53a4]
0066B600 FF25A8536A00 jmp dword ptr [$006a53a8]
0066B606 FF25AC536A00 jmp dword ptr [$006a53ac]
0066B60C FF25B0536A00 jmp dword ptr [$006a53b0]
0066B612 FF25B4536A00 jmp dword ptr [$006a53b4]
0066B618 FF25B8536A00 jmp dword ptr [$006a53b8]
0066B61E FF25BC536A00 jmp dword ptr [$006a53bc]
0066B624 FF25C0536A00 jmp dword ptr [$006a53c0]
0066B62A FF25C4536A00 jmp dword ptr [$006a53c4]
0066B630 FF25C8536A00 jmp dword ptr [$006a53c8]
0066B636 FF25CC536A00 jmp dword ptr [$006a53cc]
0066B63C FF25D0536A00 jmp dword ptr [$006a53d0]
0066B642 FF25D4536A00 jmp dword ptr [$006a53d4]
0066B648 FF25D8536A00 jmp dword ptr [$006a53d8]
0066B64E FF25DC536A00 jmp dword ptr [$006a53dc]

the stack view is similar to before (have finally gotten a slightly
different address for "this"):
:32702227 std::locale::id::id(this=:0066B5F4, _Val=0)
:006525f5 ; _pure_error_
:32770960 _startup(mod_table=:0066C034)

Ideas for solutions/workarounds still sought...

Thanks.

"dhoke" <dhoke.nojunk@east-shore.com> wrote in message
news:46364d95$1 (AT) newsgroups (DOT) borland.com...

dhoke · Guest

Update (news is not good):

SUMMARY
It appears the linker has produced incorrect code.

EXPLORATION DETAILS
The "_pure_error_" shown in the stack is apparently the last public symbol
in the module cpprtl\Source\misc\pureerr.cpp, which is linked in _before_
the module containing the offending code. (The actual routine name is
apparently "pure_error()".) It was a misleading clue, apart from offering
some positioning information when I identified it.

The apparently incorrect code from the debugger CPU pane is:
006525E0 A034D16900 mov al,[$0069d134]
006525E5 84C0 test al,al
006525E7 7516 jnz $006525ff
006525E9 6A00 push $00
006525EB 68F4B56600 push $0066b5f4
006525F0 E889900100 call $0066b67e
006525F5 83C408 add esp,$08
006525F8 C60534D1690001 mov byte ptr [$0069d134],$01
006525FF C3 ret

The offending code appears to be contained-in/linked-from a library I have
indirect access to (no control over source), although it appears the code
itself is somehow attributable to B/CG runtime library source contained in
"BDS\4.0\include\dinkumware\iosfwd" (yes, it has no extension.) I have not
yet spotted what in that source might cause the generation of this little
stub of code - although it includes several headers which I haven't yet
explored.

Note that this library itself is the same binary instance in all of the
build link attempts I ran, when I removed and re-added the new forms trying
to "isolate" the error. The form that "causes" the error, is empty, and
does not reference anything from the library, so I do not see how the forms
presence can be a trigger other than by its size/location in the linked
executable - nothing otherwise to do with the problem code. (I have not
tried re-arranging the forms to see if the particular form really is
insignificant.)

(I note that in the map file, there are several apparently generated symbols
of the form "cnnnn_n", and more than one of them apparently reference this
particular code snippet. These symbols do not seem to have debugger
visibility, as I have not been able to "goto" them by name with the goto
address functionality.)

A snippet of tdump output of the library containing the apparent code shows
the following:
==================================================
; Module: c:\program files\borland\bds\4.0\include\dinkumware\iosfwd

; Disassembly of segments:

_TEXT SEGMENT DWORD PUBLIC USE32 'CODE' ; SegID: 1 offsets: 0000 - 001F
;
00000000 A0 00 00 00 00 mov al,[#{1431}...]
00000005 84 C0 test al,al
00000007 75 16 jnz +0x16
00000009 6A 00 push 0x00
0000000B 68 00 00 00 00 push 0x00000000
00000010 E8 00 00 00 00 call std::locale::id::id(unsigned
int)
00000015 83 C4 08 add esp,0x08
00000018 C6 05 00 00 00 00 01 mov byte ptr [#{1431}...],0x01
0000001F C3 ret
;
_TEXT ENDS ; SegID: 1 offsets: 0000 - 001F

_DATA SEGMENT DWORD PUBLIC USE32 'DATA' ; SegID: 2 offsets: 0000 - 012B
;
; the dump of this data segment has been omitted
;
_DATA ENDS ; SegID: 2 offsets: 0000 - 012B
==================================================
which appears to match the offending code from the debugger disassembly.

The library code has zeroes (0) in the instruction values at 0x9 and 0xb,
which are respectively 0 and 0x66b5f4 (at 0x6525e9 and 0x6525eb) in the
linked executable code.

The disassembly of memory at 0x66b5f4 appears thus in the debugger:
0066B5F4 FF25A0536A00 jmp dword ptr [$006a53a0]
0066B5FA FF25A4536A00 jmp dword ptr [$006a53a4]
0066B600 FF25A8536A00 jmp dword ptr [$006a53a8]
0066B606 FF25AC536A00 jmp dword ptr [$006a53ac]
0066B60C FF25B0536A00 jmp dword ptr [$006a53b0]
0066B612 FF25B4536A00 jmp dword ptr [$006a53b4]
0066B618 FF25B8536A00 jmp dword ptr [$006a53b8]
0066B61E FF25BC536A00 jmp dword ptr [$006a53bc]
0066B624 FF25C0536A00 jmp dword ptr [$006a53c0]
0066B62A FF25C4536A00 jmp dword ptr [$006a53c4]
0066B630 FF25C8536A00 jmp dword ptr [$006a53c8]
0066B636 FF25CC536A00 jmp dword ptr [$006a53cc]
0066B63C FF25D0536A00 jmp dword ptr [$006a53d0]
0066B642 FF25D4536A00 jmp dword ptr [$006a53d4]
0066B648 FF25D8536A00 jmp dword ptr [$006a53d8]
0066B64E FF25DC536A00 jmp dword ptr [$006a53dc]
0066B654 FF25E0536A00 jmp dword ptr [$006a53e0]
0066B65A FF25E4536A00 jmp dword ptr [$006a53e4]
0066B660 FF25E8536A00 jmp dword ptr [$006a53e8]
0066B666 FF25EC536A00 jmp dword ptr [$006a53ec]
etc., which very much appears to be a jump table.

Interestingly (at least to me), if one "follows" the jump at 0x66b5f4, the
disassembly there appears as:
3277F2F8 0000 add [eax],al
3277F2FA 0000 add [eax],al
3277F2FC 019090900000 add [eax+$00009090],edx
3277F302 0000 add [eax],al
3277F304 019090900000 add [eax+$00009090],edx
3277F30A 0000 add [eax],al
3277F30C 019090900000 add [eax+$00009090],edx
3277F312 0000 add [eax],al
3277F314 019090900000 add [eax+$00009090],edx
3277F31A 0000 add [eax],al
3277F31C 019090900000 add [eax+$00009090],edx
3277F322 0000 add [eax],al
etc., which looks considerably more like data... Is that the address the
code should have had?

The code reached from the call at 0x6525f0 is an indirect jump (in a jump
table Smile

), which apparently goes to a constructor for locale::id. That
disassembled code is as follows:
xlocale.64: id(size_t _Val = 0)
32702210 55 push ebp
32702211 8BEC mov ebp,esp
32702213 83C4DC add esp,-$24
32702216 53 push ebx
32702217 8B5D08 mov ebx,[ebp+$08]
3270221A B830F37732 mov eax,$3277f330
3270221F E8CCDA0400 call __InitExceptBlockLDTC(void *)
xlocale.65: : _Id(_Val)
32702224 8B550C mov edx,[ebp+$0c]
32702227 8913 mov [ebx],edx
xlocale.67: }
32702229 8B4DDC mov ecx,[ebp-$24]
3270222C 64890D00000000 mov fs:[$00000000],ecx
32702233 8BC3 mov eax,ebx
xlocale.67: }
32702235 5B pop ebx
32702236 8BE5 mov esp,ebp
32702238 5D pop ebp
32702239 C3 ret

At 0x32702217 This code picks up the bogus value 0x66b5f4, which was pushed
back at addr. 0x6525eb. At 0x32702227, the code attempts to store to that
address. (presumably because of DEP - and I think correctly so) the code
generates an access violation trying to store the _Val constructor parameter
into that location, which is code, not data.

Conclusion - it appears to me that a piece of (B/CG [dinkumware] library?)
generated code (generated in code that is part of a library we create) has
been linked improperly - The 0x66b5f4 pushed at 0x6525eb should apparently
be the address of a "locale::id" entity, and it is instead the address in
the middle of a executable code jumptable. (There are many similar jump
instructions preceding the particular address.)

"dhoke" <dhoke.nojunk@east-shore.com> wrote in message
news:46364996$1 (AT) newsgroups (DOT) borland.com...

dhoke · Guest

I have now tried re-arranging the forms, removing one at a time, re-adding.

It seems that if I remove any one of the five recently added, the executable
will startup without crashing.

If I have all five, executable crashes before reaching WinMain().

"dhoke" <dhoke.nojunk@east-shore.com> wrote in message
news:4637494a (AT) newsgroups (DOT) borland.com...