flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > randomly appearing bugs

Author
Thread Post new topic Reply to topic
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 23 Jan 2013, 16:00
I'm in the process of developing a driver for the i8254 NIC (an Intel networking chipset). recently I added code to continue development only to find the software failed to operate as expected (the low level components are finished). in the process of testing my code I found that adding innocent code sequences were causing the problem.

after finding a version of the code that worked I started adding test code to see if I could trigger the problem. I first added tests that simply printed data to the screen. when doing so caused the problem I calculated the size of the code that was added and replaced it with a set of NOPs. the problem remained even with the NOPs. assuming the code works how could adding NOPs cause a problem?

before I get into code I need to say a few things about Emulators / VMs: QEMU has bugs so you won't be able to test on that emulator. VirtualBox also has issues with certain devices but it does implement this particular device with the correct choice of Chipset on the System Page (use PIX3). VMware is the preferred VM to test with however its' current version doesn't like MP handling so you might want to use a Single Processor (code that executes on the secondary processors take an abhorrent length of time). I don't have the hardware to verify whether the VMware/VirtualBox handle it correctly.

I'm using FASM v. 1.70.03 on Windows.

the following code is on line 750 of 'ORB.net.asm' in the Mathis Directory of the included file:
Code:
    struc  i8254.Init.Base
    {
        local continue, tmp
        ORB.Header ORB.Init, .
       .:
            if  dbg.net
                dbg.neo "net: Starting Init", .init
            end if
            
            cal ORB.Services, .init
            
;            tmp=$
;            psh 8
;            continue=$
;            cal ORB.Page, .init
;            dbg.neo "0x" dbg.hex rax, .init
;            dec[rsp+dqz]
;            jnz continue
;            add rsp, 8
;            cal ORB.Instigate, .init
;            dbg.neo "0x" dbg.hex rax, .init
;            cal ORB.Instigate, .init
;            dbg.neo "0x" dbg.hex rax, .init
;            cal ORB.Instigate, .init
;            dbg.neo "0x" dbg.hex rax, .init
;            
;            sho.hex $-tmp; I used this to determine the number of NOPs needed to replace the other code.
            times 0x5E nop;removing this line makes the code work.    

this code is of the version meant for VMware (the i8254 with a Device ID of 0x100F). VirtualBox uses a nearly identical code sequence that starts on line 1000 of the same file.

if you try the code you might think nothing is wrong (it's not apparent from the output). An interrupt is forced at the end of the Initialization sequence. if the code executes properly the interrupt happens (remove the NOPs to see it). if the code doesn't execute properly then the interrupt wont happen. there is a set of counters on the top right corner of the screen. the first should be something like 100. the second is the number of interrupts that have occurred since boot (this will change very quickly [roughly 100 per second]). the third is the number of seconds since boot. the 4th is the number of megabytes remaining to user code. the 5th is the Network Packet Counter. if the code works it'll be 1 shortly after boot. with VirtualBox it will likely be 2 after 5 seconds.

your screen will vary depending on what devices and the number of processors that are available.

-Stefan


Description:
Download
Filename: MathisJan23.zip
Filesize: 265.48 KB
Downloaded: 572 Time(s)


_________________
byte me.


Last edited by BAiC on 23 Jan 2013, 16:38; edited 2 times in total
Post 23 Jan 2013, 16:00
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 23 Jan 2013, 16:27
The forum you posted in suggests you think there is a bug with fasm. But your explanation gives no insight about what you think is wrong.

Are you suggesting there is a bug with fasm or are you requesting help with your driver?
Post 23 Jan 2013, 16:27
View user's profile Send private message Visit poster's website Reply with quote
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 23 Jan 2013, 16:46
revolution: I'm not looking for help developing the driver. I have more than a 100 templates that use the same macros as the template I'm talking about. if something was wrong with my code I think it would have shown itself elsewhere.
Post 23 Jan 2013, 16:46
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 24 Jan 2013, 00:37
If you think there is a bug with fasm's output binary then I think the way to find it would be to disassemble and compare the output to the source to find the discrepancy.
Post 24 Jan 2013, 00:37
View user's profile Send private message Visit poster's website Reply with quote
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 24 Jan 2013, 10:10
comparing the binaries is a nice idea but it looks like the issue is only triggered by adding a certain amount of data. it can be triggered elsewhere.

_________________
byte me.
Post 24 Jan 2013, 10:10
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 24 Jan 2013, 10:22
If you have a binary output that you know is not working then you should be able to identify the instruction(s) that is failing to assemble correctly by comparing the source lines in the .asm file to the disassembled binary file.
Post 24 Jan 2013, 10:22
View user's profile Send private message Visit poster's website Reply with quote
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 24 Jan 2013, 10:50
it's not just a matter of the instructions. I'm also using FASM to generate numeric values for the runtime system to process. disassembling it is meaningless if the data generated is bad.

the templates, by the way, are actually very difficult to disassemble since there are no jump/call instruction that lead to them directly. the runtime software performs "copy and paste" style operations using only the templates the PCI Enumerator tells it are needed then patches the code by using the constants FASM generated and attached to the template (in the header).

Templar is a 2 pass Template Engine. the first pass involves copying the templates to dynamically allocated memory and patching the first ".init" so that it'll record the differential to the last ".init" of the previously copied template. once the first pass is done it starts on the last ".init" of the last template and patches each instruction within the runtime copy of the code.

once the code is copied it prints the output information (such as the time it took, the number of bytes the code occupies and the name of the code) then calls (using a call reg) the Initialization code (which was one of the templates).

The process I've just described works for over 100 other templates in the rest of the Operating System. I honestly don't know what is actually wrong with the code I simply know that adding innocent NOPs (or other innocent code) triggers it.

_________________
byte me.
Post 24 Jan 2013, 10:50
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 24 Jan 2013, 10:59
Maybe using the PREPSRC.INC tool can help you identify the problem.
Post 24 Jan 2013, 10:59
View user's profile Send private message Visit poster's website Reply with quote
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 24 Jan 2013, 11:30
does that include need to be included in my source file?

I've read the README in the TOOLS directory and it says to execute "listing" but there are no executable files with that name.
Post 24 Jan 2013, 11:30
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 24 Jan 2013, 11:58
IIRC you have to assemble to tool manually. I forget how now and I'm not currently at my dev machine so I can't say for sure. Perhaps another reader can post the details.
Post 24 Jan 2013, 11:58
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 24 Jan 2013, 12:04
There are no details:
Code:
cd %fasm%/tools/%your_os%/
fasm %tool%.asm    
Post 24 Jan 2013, 12:04
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 24 Jan 2013, 12:24
JohnFound: let me guess; you typed that up off hand.

edit: types->typed


Last edited by BAiC on 24 Jan 2013, 13:32; edited 1 time in total
Post 24 Jan 2013, 12:24
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 24 Jan 2013, 13:07
If you can get an .exe ready for PREPSRC then feed it the .fas file.
Post 24 Jan 2013, 13:07
View user's profile Send private message Visit poster's website Reply with quote
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 24 Jan 2013, 13:35
yeah. I just did. it's interesting to look at the code expanded (atleast that is what it looks like) but it's incredibly difficult to read it with the formatting.
Post 24 Jan 2013, 13:35
View user's profile Send private message Visit poster's website Reply with quote
shutdownall



Joined: 02 Apr 2010
Posts: 517
Location: Munich
shutdownall 25 Jan 2013, 16:04
BAiC wrote:
it's not just a matter of the instructions. I'm also using FASM to generate numeric values for the runtime system to process. disassembling it is meaningless if the data generated is bad.


Maybe there is a problem in your macro. Shocked
Depending on data size, parameters or special characters/values ?
Post 25 Jan 2013, 16:04
View user's profile Send private message Send e-mail Reply with quote
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 26 Jan 2013, 07:02
shutdownall: you really think I didn't consider that?

_________________
byte me.
Post 26 Jan 2013, 07:02
View user's profile Send private message Visit poster's website Reply with quote
BAiC



Joined: 22 Mar 2011
Posts: 272
Location: California
BAiC 26 Jan 2013, 07:05
shutdownall: I first encountered this bug almost a week ago and only came here after enumerating all of the macros used repeatedly.
Post 26 Jan 2013, 07:05
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.