Comments (9)
JohnEarnest
commented on May 13, 2024
Hmm. I'd really like to see a minimal ROM which causes this misbehavior. To get to the heart of this issue we need to see how a return instruction has its own address in its reaching set.
from octo.
james0x0A
commented on May 13, 2024
Starting from the deep8 sample that exhibits the behavior, I was able to reduce down to this program:
edit: a little more reduction
edit2: last of the cruft
[
0x12, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x22, 0x0E, 0x00,
0xEE, 0x00, 0xEE, 0x22, 0x0A, 0x00, 0xEE, 0x12, 0x10, 0x22, 0x0E, 0x22, 0x0E,
0x00, 0xEE, 0xA2, 0x02, 0xF2, 0x65, 0x22, 0x14, 0xA2, 0x02, 0xF2, 0x55, 0x00,
0xEE, 0x22, 0x0A, 0x22, 0x0E, 0x22, 0x1C
]
: scratch 0 0 0 0 0 0 0 0
: func-1-0
func-0
;
: func-0
;
: func-1-1-0
func-1-0
;
: jmp-func-2
jump func-1-1-0
func-0
func-0
;
: smc
i := scratch load v2 jmp-func-2 i := scratch save v2
;
: main
func-1-0
func-0
smc
from octo.
james0x0A
commented on May 13, 2024
I've stepped through the decompile of the above program and identified the point where the return gets its own adress in its reaching set.
: scratch 0 0 0 0 0 0 0 0 #0x200
: func-1-0
func-0
; # 524, 525 : 0x00EE : children = 530, 546, 554, 558; output['rets'] = 530, 546, 554, 558
# successor(524, prevret) and apply(524) eventually return the same values.
# apply(524) calls chaseReturns() which adds reaching[(556)]['rets'] to the output including addr 530
# reaching[each in children] merge with output; return at addr 530 gets itself in its reaching set
: func-0
;
: func-1-1-0
func-1-0
; # 530, 531 : 0x00EE
: jmp-func-2
jump func-1-1-0
func-0
func-0
;
: smc
i := scratch
load v2
jmp-func-2
i := scratch # 546, 547 : 0xA202
save v2
;
: main
func-1-0
func-0 # 554, 555
smc # 556, 557
# 558 : 0x00
from octo.
james0x0A
commented on May 13, 2024
I was able to reproduce this with no other code except nested calls and returns
[
0x12, 0x12,
0x00, 0xEE,
0x22, 0x02,
0x00, 0xEE,
0x22, 0x04,
0x00, 0xEE,
0x22, 0x08,
0x22, 0x02,
0x00, 0xEE,
0x22, 0x02,
0x22, 0x0C
]
: sub-0
;
: sub-1
sub-0
;
: sub-2
sub-1
;
: sub-3
sub-2
sub-0
;
: main
sub-0
sub-3
from octo.
james0x0A
commented on May 13, 2024
This is about as minimal as can be, but it relies on sharing a return instruction, so it may be a different edge case?
[
0x22, 0x02,
0x00, 0xEE
]
: main
sub-0
: sub-0
;
from octo.
james0x0A
commented on May 13, 2024
This is pretty close to minimal without sharing instructions.
[
0x22, 0x06,
0x22, 0x08,
0x00, 0xEE,
0x00, 0xEE,
0x22, 0x06,
0x00, 0xEE
]
: main
sub-0
sub-1
;
: sub-0
;
: sub-1
sub-0
;
from octo.
JohnEarnest
commented on May 13, 2024
Well, the shared example clearly has a return instruction which should have itself in its own successor set due to fallthrough. I'm surprised the analyzer keeps iterating in that case, though, as it shouldn't be inferring any new reaching values.
from octo.
james0x0A
commented on May 13, 2024
It keeps iterating because the return instruction will always be a child of itself and be pushed back into fringe.
from octo.
JohnEarnest
commented on May 13, 2024
Yes, I see now. Returns were treated specially, defeating the implicit check of whether we expanded the set of reaching definitions.
from octo.
Related Issues (20)
- Document another audio playback behavior into XO-ChipSpecification
- Broken link at end of Sorting.md
- Octo UI buttons are invisible on a white background
- Slight bug with the decompiler in the Octo IDE regarding the pitch opcode
- Plane 3 Bug (Only enables the first bit plane) HOT 2
- Gamepad visible in browser HOT 4
- XO-Chip manual section has a broken link to the XO-Chip spec in repo view
- Possible Instruction Prefix Support for XO-CHIP HOT 4
- Add support for viewport scaling to exported HTML HOT 1
- Yet Another Proposal: Stereo Audio with Multi-Voice Support (Sweet and Simple Design)
- Solving the difficulty of writing program's code beyond 4k with banking HOT 1
- No Audio Output Issue on HTML Output HOT 2
- collision enumeration quirk HOT 3
- scroll-up can scroll in pixels which aren't blank HOT 4
- Octo reads .sc8/.xo8 files as plaintext, should read them as binaries HOT 1
- Constants in data interpreted as call HOT 2
- Expected order of operations for vf HOT 2
- Maximum ROM Size for VIP too small HOT 4
- Step function can proceed past Fx0A without input HOT 2
- Add documentation on itch.io export issues
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from octo.