Bug#392774: wormux: blocks the whole X session when GNU touches the first object

Eddy Petrișor eddy.petrisor at gmail.com
Sun Oct 15 14:07:37 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jean Parpaillon wrote:
> Can someone try to reproduce the bug ?

I have tried to see what is happening and seems to some sort of platform
specific issue. I am not that skilled with assembler, but I think either
the generated code is wrong or the FPU has some issues.

The problem occurs at weapon/gnu.cpp:84.

  82
  83   while(angle < -M_PI) angle += M_PI;
  84   while(angle > M_PI) angle -= M_PI;
  85
  86   angle *= 180.0 / M_PI;

The code enters in an endless loop at that line but there seems to be no
apparent reason for that. I have observed that the endless loop occurs
if the gnu hits a wall which is inclined at such an angle that the gnu
hits it with the head on the rising side of a jump.

I will try to explain with some aiding ASCII drawing.

   \
    \
__>__\

Assume ">" is the gnu which goes in the direction indicated by the sign.
The game will enter an endless loop when it gets to the state indicated
below.

   \
   >\
_____\

> Can we have some log of X or something to help ?

The assembler code generated for line 84 is (the first 3 instructions
are relevant):

Dump of assembler code from 0x1009c2f0 to 0x1009c3f0:
    0x1009c2f0 <_ZN3Gnu7RefreshEv+144>:     fsub    f1,f1,f0
    0x1009c2f4 <_ZN3Gnu7RefreshEv+148>:     fcmpu   cr7,f1,f0
    0x1009c2f8 <_ZN3Gnu7RefreshEv+152>:     bgt+    cr7,0x1009c2f0
<_ZN3Gnu7RefreshEv+144>
    0x1009c2fc <_ZN3Gnu7RefreshEv+156>:     lis     r9,4107
    0x1009c300 <_ZN3Gnu7RefreshEv+160>:     lwz     r0,396(r31)
    0x1009c304 <_ZN3Gnu7RefreshEv+164>:     lfd     f13,168(r9)
    0x1009c308 <_ZN3Gnu7RefreshEv+168>:     lis     r9,4107

Although the code (IMO) should do the decrementing of f1 (the register
where the angle is stored) and set cr7 accordingly, it seems that the
decrementing never occurs, as the listing below shows.

The commands are the listed ones by DDD in its console.
The first interrupt was done to define the regs macro which prints the
values of the relevant registers and of the angle variable.

The second interrupt was done after I managed to block the gnu.


Note: Although I have assembler background experience, I don't have such
experience with PowerPC assembler. I think a better skilled person at
PowerPC assembler than myself should analyze the code and say if this is
a GCC bug or a platform bug (at least that's what I think this problems
seems to be).

- --------------8<----------------
(gdb) run
Starting program: /home/eddy/tmp/_eraseme/wormux/wormux-0.7.4/src/wormux
[Thread debugging using libthread_db enabled]
[New Thread 805451968 (LWP 5200)]
=== Versiunea Wormux 0.7.4
=== Autori: Anthony CARRE, Jean-Christophe DUBERGA, Laurent DEFERT
SIMONNEAU, Lawrence AZZOUG, Matthieu FERTRE, Olivier Boyer, Renaud
LOTTIAUX, Victor STINNER
=== Situl web: http://www.wormux.org

Wormux version 0.7.4, Copyright (C) 2001-2006 Wormux team
Wormux comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.

Read COPYING file for details.

[ Rulează jocul ]
[New Thread 816891104 (LWP 5203)]
o Încărcare aspecte: ver, ecureuil, escargot, snortteam, alien,
wilberteam, thunderbirdteam, nupikteam, workraveteam, tuxteam, gnuteam,
poulpe, flament_rose, firefoxteam, phpteam, konqiteam
o Încărcare echipe: ver, nuts, escargot, snortteam, alien, konquiteam,
wilberteam, thunderbirdteam, nupikteam, workraveteam, tuxteam, gnuteam,
poulpe, firefoxteam, phpteam, pink_floyd
o Încărcare hărţi: mer, hell, noel, cowland, qingqong, arbre, leafs,
grenouilles, space, prehistorik, catacombes, cheese, desert, halloween,
island, araignee, electronik, aquarium, paradis, wildwestdv, champignon,
battlenight, monkeybubbleworld, banquise, pirates, vulcano, goodandevil,
libellule

[New Thread 836637920 (LWP 5204)]
open /dev/sequencer: No such device
Opened audio at 44100 Hz 16 bit
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x0f7e536c in poll () from /lib/tls/libc.so.6
(gdb) define regs
Type commands for definition of "regs".
End with a line saying just "end".
>print $f1
>print $f0
>print $cr
>print $cr7
>print angle
>stepi
>end
(gdb) cont
Continuing.

[ Se începe un nou joc ]
Loading game... => Splashscreen is TODO
o Iniţializare
o Se caută o pozitie aleatoare pentru personaje
o Iniţializare teren... finalizat
o Iniţializare obiecte
^C
Program received signal SIGINT, Interrupt.
0x1009c2f0 in Gnu::Refresh (this=0x103138a8) at weapon/gnu.cpp:84
/home/eddy/tmp/_eraseme/wormux/wormux-0.7.4/src/weapon/gnu.cpp:84:2505:beg:0x1009c2f0
(gdb) regs main
$1 = 3.1826378988422823e+306
$2 = 3.1415926535897931
$3 = 570426500
$4 = void
$5 = 3.1826378988422823e+306
(gdb) regs main
$6 = 3.1826378988422823e+306
$7 = 3.1415926535897931
$8 = 570426500
$9 = void
$10 = 3.1826378988422823e+306
(gdb) regs main
$11 = 3.1826378988422823e+306
$12 = 3.1415926535897931
$13 = 570426500
$14 = void
$15 = 3.1826378988422823e+306
(gdb) regs main
$16 = 3.1826378988422823e+306
$17 = 3.1415926535897931
$18 = 570426500
$19 = void
$20 = 3.1826378988422823e+306
(gdb) regs main
$21 = 3.1826378988422823e+306
$22 = 3.1415926535897931
$23 = 570426500
$24 = void
$25 = 3.1826378988422823e+306
(gdb) regs main
$26 = 3.1826378988422823e+306
$27 = 3.1415926535897931
$28 = 570426500
$29 = void
$30 = 3.1826378988422823e+306
(gdb) regs main
$31 = 3.1826378988422823e+306
$32 = 3.1415926535897931
$33 = 570426500
$34 = void
$35 = 3.1826378988422823e+306
(gdb) regs main
$36 = 3.1826378988422823e+306
$37 = 3.1415926535897931
$38 = 570426500
$39 = void
$40 = 3.1826378988422823e+306
(gdb) regs main
$41 = 3.1826378988422823e+306
$42 = 3.1415926535897931
$43 = 570426500
$44 = void
$45 = 3.1826378988422823e+306
(gdb)

> I have found that wormux leads to a total halt and also halts X in the
> following context:
> 
> - start the game with two teams
> - use the weapon GNU launcher after aiming at some scenery object
> - the game will block when the gnu touches the aimed scenery
[according to last observations]... if the scenery is a steep wall so
that the GNU hits the wall with the head during a jump.

> - the whole X session become unusable

This seems to be an issue is the game runs in full screen mode since the
game grabs the mouse and if the game is killed, the mouse pointer will
not appear

> Note: I have tried to reproduce this on a testing (0.7.2-6) i386 machine,
> but I couldn't. I have tried also with 0.7.4-1 on the same i386 machine,
> the bug still doesn't appear. I suppose is a powerpc issue or (maybe) a
> r300 driver issue(?).

In the light of the latest analysis, this seems to be some platform
specific bug either related to (my computer's?)the FPU or the GCC code,
although the code generated by the compiler for the previous while loop
which deals with angle under-runs seems to work fine and seems to be
symmetric (to my PowerPC assembler untrained eyes, but I might be
wrong). The corresponding section seems to start at 0x1009c2d0 with the
fadd instruction.

    0x1009c2a8 <_ZN3Gnu7RefreshEv+72>:      lis     r9,4107
    0x1009c2ac <_ZN3Gnu7RefreshEv+76>:      lfd     f1,16(r1)
    0x1009c2b0 <_ZN3Gnu7RefreshEv+80>:      lfd     f13,-11008(r9)
    0x1009c2b4 <_ZN3Gnu7RefreshEv+84>:      lis     r9,4107
    0x1009c2b8 <_ZN3Gnu7RefreshEv+88>:      fmr     f0,f1
    0x1009c2bc <_ZN3Gnu7RefreshEv+92>:      fcmpu   cr7,f1,f13
    0x1009c2c0 <_ZN3Gnu7RefreshEv+96>:      bge-    cr7,0x1009c2e4
<_ZN3Gnu7RefreshEv+132>
    0x1009c2c4 <_ZN3Gnu7RefreshEv+100>:     fmr     f12,f13
    0x1009c2c8 <_ZN3Gnu7RefreshEv+104>:     lfd     f13,-13720(r9)
    0x1009c2cc <_ZN3Gnu7RefreshEv+108>:     nop
    0x1009c2d0 <_ZN3Gnu7RefreshEv+112>:     fadd    f0,f0,f13
    0x1009c2d4 <_ZN3Gnu7RefreshEv+116>:     fcmpu   cr7,f0,f12
    0x1009c2d8 <_ZN3Gnu7RefreshEv+120>:     blt+    cr7,0x1009c2d0
<_ZN3Gnu7RefreshEv+112>
    0x1009c2dc <_ZN3Gnu7RefreshEv+124>:     stfd    f0,16(r1)
    0x1009c2e0 <_ZN3Gnu7RefreshEv+128>:     fmr     f1,f0
    0x1009c2e4 <_ZN3Gnu7RefreshEv+132>:     lfd     f0,-13720(r9)
    0x1009c2e8 <_ZN3Gnu7RefreshEv+136>:     fcmpu   cr7,f1,f0
    0x1009c2ec <_ZN3Gnu7RefreshEv+140>:     ble-    cr7,0x1009c2fc
<_ZN3Gnu7RefreshEv+156>
    0x1009c2f0 <_ZN3Gnu7RefreshEv+144>:     fsub    f1,f1,f0
    0x1009c2f4 <_ZN3Gnu7RefreshEv+148>:     fcmpu   cr7,f1,f0
    0x1009c2f8 <_ZN3Gnu7RefreshEv+152>:     bgt+    cr7,0x1009c2f0
<_ZN3Gnu7RefreshEv+144>
    0x1009c2fc <_ZN3Gnu7RefreshEv+156>:     lis     r9,4107

> -- System Information:
> Debian Release: testing/unstable
>   APT prefers unstable
>   APT policy: (900, 'unstable'), (100, 'experimental')
> Architecture: powerpc (ppc)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.18-1-powerpc
> Locale: LANG=ro_RO.UTF-8, LC_CTYPE=ro_RO.UTF-8 (charmap=UTF-8)

So the conclusion is, could someone better skilled at PowerPC assembler
look at this issue?

- --
Regards,
EddyP
=============================================
"Imagination is more important than knowledge" A.Einstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFMkCoY8Chqv3NRNoRAuugAKCIRfVw9jz3YXPmfBcl0ipH++2ZjgCfVk5f
/Aq9020jKdMpNUv+rT6Anx4=
=dbEf
-----END PGP SIGNATURE-----





More information about the Pkg-games-devel mailing list