Menu
▾
▴
#413 Unhandled memory access bug
Hi,
When running the game "fragile allegiance" under dosbox-0.74 on OpenBSD/amd64, I get the following error:
Exit to error: DRC64:Unhandled memory reference
Looking in the code, the error occurs in the function:
static INLINE void gen_memaddr(HostReg reg,void* data) { Bit64s diff = (Bit64s)data-((Bit64s)cache.pos+5); if ((diff<0x80000000LL) && (diff>-0x80000000LL)) { cache_addb(0x05+(reg<<3)); // RIP-relative addressing is offset after the instruction cache_addd((Bit32u)(((Bit64u)diff)&0xffffffffLL)); } else if ((Bit64u)data<0x100000000LL) { cache_addw(0x2504+(reg<<3)); cache_addd((Bit32u)(((Bit64u)data)&0xffffffffLL)); } else { printf("data=%p, reg=%p\n", data, reg); E_Exit("DRC64:Unhandled memory reference"); } }
You can see that I have added a printf in there to debug the error. I ran dosbox three times and triggered the error:
data=0x1ed6236b3698, reg=0x0 data=0x1395ce3b3698, reg=0x0 data=0x121f280b3698, reg=0x0
This is with core=auto. (I have tried core=normal too, and this gets further, but seems to be very very slow. Same with core=simple. Although I guess these are separate issues.)
The svn version of dosbox seems to work better (the game runs), but what would be really useful is a patch to 0.74 that fixes this. Then we could put the patch into OpenBSD packages.
Cheers
Sorry, I do actually see this bug in the svn version with core=auto.
core=normal works well on svn, whereas 0.74 it was horrendously slow.
So looks like we have two separate bugs here.
Last edit: Edd Barrett 2015-03-07
FWIW: I tried this also:
https://trac.macports.org/browser/trunk/dports/emulators/dosbox/files/srccpucore_dynrec__risc_x64.h.diff
Not sure why the functions are named differently in that patch..
gen_reg_memaddr vs gen_memaddr.
A few more details. I also see this crash on C&C red alert. I tried both games under dosbox-0.74 under both OpenBSD and debian on my 64-bit dual boot laptop.
It failed to run on OpenBSD (unhandeled memory exception), but ran on debian.
Thus, I think this is an OpenBSD specific bug.
Actually, I'm seeing this bug on Fedora 23 (current non-Rawhide development branch), running Doom. Same result (dosbox crashes shortly after running the executable, with the Unhandled memory reference error). Using core=normal it works OK.
Could be related to compiler version, perhaps? Fedora's current dosbox-0.74-16.fc23.x86_64 build crashes; the dosbox-0.74-14.fc22.x86_64 build works fine. Narrowing it down further, the slightly older build dosbox-0.74-15.fc23.x86_64 also crashes. You can see build logs from the two different builds here:
(bad) 15.fc23 - https://kojipkgs.fedoraproject.org//packages/dosbox/0.74/16.fc23/data/logs/x86_64/
(good) 14.fc22 - https://kojipkgs.fedoraproject.org//packages/dosbox/0.74/14.fc22/data/logs/x86_64/
15.fc23 was built with gcc 5.1.1-3, 14.fc22 was built with gcc 4.9.2-3. root.log lists the packages in the build environment, so you can check other potentially relevant packages.
There are several type-related warnings when building core_dynrec which rather look like they may be related:
In file included from core_dynrec.cpp:137:0: core_dynrec/cache.h: In function 'void cache_closeblock()': core_dynrec/cache.h:503:107: warning: format '%d' expects argument of type 'int', but argument 2 has type 'Bitu {aka long unsigned int}' [-Wformat=] if (written>block->cache.size+CACHE_MAXSIZE) E_Exit("CacheBlock overrun 1 %d",written-block->cache.size); ^ core_dynrec/cache.h:504:84: warning: format '%d' expects argument of type 'int', but argument 2 has type 'Bitu {aka long unsigned int}' [-Wformat=] } else E_Exit("CacheBlock overrun 2 written %d size %d",written,block->cache.size); ^ core_dynrec/cache.h:504:84: warning: format '%d' expects argument of type 'int', but argument 3 has type 'Bitu {aka long unsigned int}' [-Wformat=] In file included from core_dynrec/decoder.h:22:0, from core_dynrec.cpp:157: core_dynrec/decoder_basic.h: In function 'bool mem_readw_checked_drc(PhysPt)': core_dynrec/decoder_basic.h:714:38: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *((Bit16u*)(&core_dynrec.readdata))=host_readw(tlb_addr+address); ^ core_dynrec/decoder_basic.h: In function 'bool mem_readd_checked_drc(PhysPt)': core_dynrec/decoder_basic.h:725:38: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *((Bit32u*)(&core_dynrec.readdata))=host_readd(tlb_addr+address); ^ In file included from core_dynrec/decoder.h:24:0, from core_dynrec.cpp:157: core_dynrec/decoder_opcodes.h: In function 'void dyn_loop(LoopTypes)': core_dynrec/decoder_opcodes.h:1135:9: warning: enumeration value 'LOOP_NONE' not handled in switch [-Wswitch] switch (type) { ^ core_dynrec/decoder_opcodes.h:1135:9: warning: enumeration value 'LOOP_JCXZ' not handled in switch [-Wswitch] In file included from core_dynrec/decoder.h:26:0, from core_dynrec.cpp:157: core_dynrec/dyn_fpu.h: In function 'void dyn_fpu_esc3()': core_dynrec/dyn_fpu.h:386:91: warning: format '%d' expects argument of type 'int', but argument 2 has type 'Bitu {aka long unsigned int}' [-Wformat=] E_Exit("ESC 3:ILLEGAL OPCODE group %d subfunction %d",decode.modrm.reg,decode.modrm.rm); ^ core_dynrec/dyn_fpu.h:386:91: warning: format '%d' expects argument of type 'int', but argument 3 has type 'Bitu {aka long unsigned int}' [-Wformat=] In file included from core_dynrec/decoder.h:22:0, from core_dynrec.cpp:157: core_dynrec/decoder_basic.h: In function 'void dyn_fill_ea(HostReg, bool)': core_dynrec/decoder_basic.h:951:9: warning: 'base_reg' may be used uninitialized in this function [-Wmaybe-uninitialized] Bit8u base_reg; ^ core_dynrec/decoder_basic.h:939:24: warning: 'imm' may be used uninitialized in this function [-Wmaybe-uninitialized] if (imm) gen_add_imm(ea_reg,(Bit32u)imm);Last edit: Adam Williamson 2015-08-04
There is some discussion and testing going on the forum
http://www.vogons.org/viewtopic.php?f=32&t=45111
I have the same problem on Debian 9.
Linux debian 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2 (2017-06-12) x86_64 GNU/Linux