[fpc-devel] FPC 3.3.1 crash when getting interface from object

Sun Feb 5 19:29:17 CET 2023

I don't currently have many details. (The code in question has been 
working on older 3.3.1, and still works on 3.2.3 and before)

I included various details, but in the end it may be a peephole issues 
in "GetInterfaceByStr"
==> So probably skip ahead to the asm code below.

The code call a method expecting an interface, and providing an instance 
as param. The instance is of a class implementing the interface.
The class uses generics as base, including generics (for the interface) 
for the expected param in the called method.

I tested with O2 and O4 (for my code )
===> and for fpc/rtl: -CX -gl -gw3 -O-1

rev e84e0a16e13a4b73192edafd2aa356254dc2ac88

The line that fails is:
       function TObject.GetInterfaceByStr(const iidstr : shortstring;out 
obj) : boolean;
...
           if result and Assigned(IEntry^.IID) and (IEntry^.IType in 
[etStandard, etFieldValue]) then
             IInterface(obj)._AddRef;

At the time
Result = true
IEntry^ =
( IIDREF: ^PGUID(nil);
   VTABLE: $0000000100719838^: ;
   IOFFSET: 32;
   IOFFSETASCODEPTR: $0000000000000020^: ;
   IIDSTRREF: $00000001007103E8^^: $00000001007103E0^: '';
   ITYPE: ETSTANDARD)

IEntry^.IID gets
     function tinterfaceentry.GetIID: pguid;
       begin
         if Assigned(IIDRef) then
           GetIID:=IIDRef^
         else
           GetIID:=Nil;

The interface for the param is "CORBA". (so IIDRef should be nil, 
according to comments in the code)

Generated asm (as reported by GDB) / Crash line is marked <<<<<<<<<<<<<

=> Something seems strange. There is a "cmp" without any conditional 
after it?

..\inc\objpas.inc:922
0000000100012293 807de400                 cmpb   $0x0,-0x1c(%rbp)
0000000100012297 7441                     je     0x1000122da 
<GETINTERFACEBYSTR+170>
0000000100012299 488b45d8                 mov 
-0x28(%rbp),%rax                // EAX = The address pointing to IEntry
..\inc\objpas.inc:924
000000010001229D 31c9                     xor    %ecx,%ecx
..\inc\objpas.inc:922
000000010001229F 48833800                 cmpq   $0x0,(%rax)
00000001000122A3 488b00                   mov    (%rax),%rax // EAX = 
The first qword in the record. That is RAX = IEntry^.IIDRef

00000001000122A6 488b00                   mov    (%rax),%rax   // 
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< RAX = 0x0

00000001000122A9 488b45d8                 mov    -0x28(%rbp),%rax
00000001000122AD 480f44c1                 cmove  %rcx,%rax
00000001000122B1 4885c0                   test   %rax,%rax
00000001000122B4 7424                     je     0x1000122da 
<GETINTERFACEBYSTR+170>
00000001000122B6 488b45d8                 mov    -0x28(%rbp),%rax
00000001000122BA 8b4020                   mov    0x20(%rax),%eax
00000001000122BD 85c0                     test   %eax,%eax
00000001000122BF 7405                     je     0x1000122c6 
<GETINTERFACEBYSTR+150>
00000001000122C1 83f803                   cmp    $0x3,%eax
00000001000122C4 7514                     jne    0x1000122da 
<GETINTERFACEBYSTR+170>
..\inc\objpas.inc:923

#0 TOBJECT.GETINTERFACEBYSTR(TOBJECT($000000000CF471C0), '', 0) at 
c:\FPC\fpc_3.3.1\source\rtl\inc\objpas.inc:922
#1 TOBJECT.GETINTERFACE(TOBJECT($000000000CF471C0), '', 0) at 
c:\FPC\fpc_3.3.1\source\rtl\inc\objpas.inc:928
#2 fpc_class_as_corbaintf(POINTER($000000000CF471C0), '') at 
c:\FPC\fpc_3.3.1\source\rtl\inc\objpas.inc:262
#3 
TINTERNALDBGMONITORBASE$3$CRC97C7D6C3_CRC46A2B365.SETSUPPLIER(TINTERNALDBGMONITORBASE$3$CRC97C7D6C3_CRC46A2B365($000000000CF471C0), 
Failed to read data from register) at lazdebuggertemplate.pas:112
#4 
TTESTDBGDEBUGGER.INITDEBUGGERMONITORS(TTESTDBGDEBUGGER($000000000CF471C0), 
Failed to read data from register) at 
B:\lazarus_main\components\lazdebuggers\lazdebugtestbase\ttestdbgexecuteables.pas:399