Re: Segfault introduced in b82fc3d on v2.1 branch
- From: Katerina Barone-Adesi <katerinab@xxxxxxxxx>
- To: luajit@xxxxxxxxxxxxx
- Date: Fri, 12 Jun 2015 15:22:36 +0100
I've managed to get dumps from the above code, by varying -Ohotloop=N. The
default value did not cause backtraces when trying to get dumps. I've added
the dumps, as well as notes about them, to the gist at
https://gist.github.com/5a93c82f83c62515cf84.git . All of the notes are
from runs with the argument -jdump=+rsx,file. Several dumps are under 900
lines; the smallest is 595 lines.
Are these dumps small/informative enough to reasonably track down this
issue, or should I try even harder to minimize the code further? Are there
other debug steps that would be useful, beyond what's documented on
http://wiki.luajit.org/Reducing-Testcases ?
Common crash values with -Ohotloop=N (crashes at least ~half the time):
1, 3, 5, 9, 11, 12, 13, 14, 15, 16, 17, 18, 22, 24, 28, 29, 32, 33, 34, 38,
39, 47
Occasional crashes (~one crash in 50-1000 runs):
6, 7, 8, 20, 21
The bug cannot be (quickly?) reproduced with hotloop=N, where N is:
2, 4, 10, 19, 23, 25, 26, 27, 28, 30, 31, 35, 36, 37, 40-46, 48-50
Here is the smallest dump (595 lines), with luajit 458a40b7.
The dump was generated by:
luajit -Ohotloop=12 -jdump=+rsx,dump bug225.lua
---- TRACE 1 start ssa.lua:39
0001 UGET 0 0 ; label_counter
0002 ADDVN 0 0 0 ; 1
0003 USETV 0 0 ; label_counter
0004 KSTR 0 0 ; "L"
0005 UGET 1 0 ; label_counter
0006 CAT 0 0 1
0007 TDUP 1 1
0008 TNEW 2 0
0009 TSETS 2 1 2 ; "bindings"
0010 TSETS 0 1 3 ; "label"
0011 UGET 2 1 ; ssa
0012 TGETS 2 2 4 ; "blocks"
0013 TSETV 1 2 0
0014 RET1 1 2
---- TRACE 1 IR
.... SNAP #0 [ ---- ]
0001 rbp �[1mfun�[m SLOAD #0 R
0002 rbx > p32 UREFO 0001 #0
0003 xmm7 > �[34mnum�[m ULOAD 0002
0004 [10] �[34mnum�[m ADD 0003 �[34m+1 �[m
0005 �[34mnum�[m USTORE 0002 0004
.... SNAP #1 [ ---- ---- ]
0006 �[32mstr�[m TOSTR 0004 NUM
0007 rdi p32 BUFHDR [0x40098414] RESET
0008 rdi p32 BUFPUT 0007 �[32m"L" �[m
0009 rdi p32 BUFPUT 0008 0006
0010 [c] �[32mstr�[m BUFSTR 0009 0007
0011 [8] > �[31mtab�[m TDUP �[31m{0x40ff2f58}�[m
0012 r15 > �[31mtab�[m TNEW #0 #0
0013 rbx p32 FLOAD 0011 tab.node
0014 p32 HREFK 0013 �[32m"bindings"�[m @0
0015 �[31mtab�[m HSTORE 0014 0012
0016 p32 HREFK 0013 �[32m"label"�[m @1
0017 �[32mstr�[m HSTORE 0016 0010
.... SNAP #2 [ ---- �[32m0010�[m �[31m0011�[m ---- ]
0018 rbp > p32 UREFO 0001 #1
0019 rbp > �[31mtab�[m ULOAD 0018
0020 �[35mint�[m FLOAD 0019 tab.hmask
0021 > �[35mint�[m EQ 0020 �[35m+1 �[m
0022 rbp p32 FLOAD 0019 tab.node
0023 > p32 HREFK 0022 �[32m"blocks"�[m @0
0024 rbp > �[31mtab�[m HLOAD 0023
0025 rsi p32 HREF 0024 0010
0026 > p32 EQ 0025 [0x40098458]
0027 �[31mtab�[m FLOAD 0024 tab.meta
0028 > �[31mtab�[m EQ 0027 �[31m[NULL]�[m
0029 rbx p32 NEWREF 0024 0010
0030 �[31mtab�[m HSTORE 0029 0011
0031 nil TBAR 0024
0032 p32 FREF 0024 tab.nomm
0033 �[35mu8 �[m FSTORE 0032 �[35m+0 �[m
.... SNAP #3 [ ---- ---- �[31m0011�[m ]
---- TRACE 1 mcode 441
0bcbfe44 add rsp, -0x10
0bcbfe48 mov dword [0x40098410], 0x1
0bcbfe53 mov edi, [0x400983d8]
0bcbfe5a cmp edi, [0x400983dc]
0bcbfe61 jb 0x0bcbfe7a
0bcbfe63 mov esi, 0x3
0bcbfe68 mov edi, 0x400983b8
0bcbfe6d call 0x00421730 ->lj_gc_step_jit
0bcbfe72 test eax, eax
0bcbfe74 jnz 0x0bcb0010 ->0
0bcbfe7a mov edx, [0x400984b4]
0bcbfe81 mov ebp, [rdx-0x8]
0bcbfe84 mov edi, [rbp+0x14]
0bcbfe87 mov ebx, [rdi+0x10]
0bcbfe8a cmp dword [rbx+0x4], 0xfffeffff
0bcbfe91 jnb 0x0bcb0010 ->0
0bcbfe97 movsd xmm7, [rbx]
0bcbfe9b addsd xmm7, [0x400a9568]
0bcbfea4 movsd [rsp+0x10], xmm7
0bcbfeaa movsd [rbx], xmm7
0bcbfeae mov edi, 0x40098414
0bcbfeb3 mov esi, [rdi+0x8]
0bcbfeb6 mov [rdi], esi
0bcbfeb8 mov esi, 0x4c
0bcbfebd call 0x00421b60 ->lj_buf_putchar
0bcbfec2 mov edi, eax
0bcbfec4 lea rsi, [rsp+0x10]
0bcbfec9 call 0x0040a3c0 ->lj_strfmt_putnum
0bcbfece mov edi, eax
0bcbfed0 call 0x00421ff0 ->lj_buf_tostr
0bcbfed5 mov [rsp+0xc], eax
0bcbfed9 mov edi, [0x400984b0]
0bcbfee0 mov esi, 0x40ff2f58
0bcbfee5 call 0x004223c0 ->lj_tab_dup
0bcbfeea mov ebx, eax
0bcbfeec mov [rsp+0x8], ebx
0bcbfef0 mov edi, [0x400984b0]
0bcbfef7 xor esi, esi
0bcbfef9 call 0x00422350 ->lj_tab_new1
0bcbfefe mov r15d, eax
0bcbff01 mov edi, [0x400984b0]
0bcbff08 mov eax, [rsp+0xc]
0bcbff0c mov ebx, [rbx+0x14]
0bcbff0f mov dword [rbx+0x4], 0xfffffff4
0bcbff16 mov [rbx], r15d
0bcbff19 mov dword [rbx+0x1c], 0xfffffffb
0bcbff20 mov [rbx+0x18], eax
0bcbff23 mov esi, [rbp+0x18]
0bcbff26 mov ebp, [rsi+0x10]
0bcbff29 cmp dword [rbp+0x4], -0x0c
0bcbff2d jnz 0x0bcb0018 ->2
0bcbff33 mov ebp, [rbp+0x0]
0bcbff36 cmp dword [rbp+0x1c], +0x01
0bcbff3a jnz 0x0bcb0018 ->2
0bcbff40 mov ebp, [rbp+0x14]
0bcbff43 mov rsi, 0xfffffffb40ff21d0
0bcbff4d cmp rsi, [rbp+0x8]
0bcbff51 jnz 0x0bcb0018 ->2
0bcbff57 cmp dword [rbp+0x4], -0x0c
0bcbff5b jnz 0x0bcb0018 ->2
0bcbff61 mov ebp, [rbp+0x0]
0bcbff64 mov esi, [rbp+0x1c]
0bcbff67 and esi, [rax+0x8]
0bcbff6a lea esi, [rsi+rsi*2]
0bcbff6d shl esi, 0x03
0bcbff70 add esi, [rbp+0x14]
0bcbff73 cmp dword [rsi+0xc], -0x05
0bcbff77 jnz 0x0bcbff82
0bcbff79 cmp eax, [rsi+0x8]
0bcbff7c jz 0x0bcb0018 ->2
0bcbff82 mov esi, [rsi+0x10]
0bcbff85 test esi, esi
0bcbff87 jnz 0x0bcbff73
0bcbff89 cmp dword [rbp+0x10], +0x00
0bcbff8d jnz 0x0bcb0018 ->2
0bcbff93 mov edx, 0x40098448
0bcbff98 mov dword [rdx+0x4], 0xfffffffb
0bcbff9f mov [rdx], eax
0bcbffa1 mov esi, ebp
0bcbffa3 call 0x00422cf0 ->lj_tab_newkey
0bcbffa8 mov ebx, eax
0bcbffaa mov edx, [0x400984b4]
0bcbffb1 mov eax, [rsp+0x8]
0bcbffb5 mov dword [rbx+0x4], 0xfffffff4
0bcbffbc mov [rbx], eax
0bcbffbe test byte [rbp+0x4], 0x4
0bcbffc2 jz 0x0bcbffd9
0bcbffc4 and byte [rbp+0x4], 0xfb
0bcbffc8 mov edi, [0x400983f4]
0bcbffcf mov [0x400983f4], ebp
0bcbffd6 mov [rbp+0xc], edi
0bcbffd9 mov byte [rbp+0x6], 0x0
0bcbffdd mov dword [rdx+0xc], 0xfffffff4
0bcbffe4 mov [rdx+0x8], eax
0bcbffe7 xor eax, eax
0bcbffe9 mov ebx, 0x40ff3bf8
0bcbffee mov r14d, 0x40099008
0bcbfff4 add rsp, +0x10
0bcbfff8 jmp 0x00420177
---- TRACE 1 stop -> return
---- TRACE 2 start ssa.lua:55
0001 GGET 4 0 ; "assert"
0002 GGET 5 1 ; "type"
0003 MOV 6 0
0004 CALL 5 2 2
0000 . FUNCC ; type
0005 ISEQS 5 2 ; "table"
0006 JMP 5 => 0009
0009 KPRI 5 2
0010 CALL 4 1 2
0000 . FUNCC ; assert
0011 TGETB 4 0 1
0012 ISNES 4 3 ; "if"
0013 JMP 5 => 0037
0014 UGET 5 0 ; add_block
0015 CALL 5 2 1
0000 . JFUNCF 3 1 ; ssa.lua:39
0001 . UGET 0 0 ; label_counter
0002 . ADDVN 0 0 0 ; 1
0003 . USETV 0 0 ; label_counter
0004 . KSTR 0 0 ; "L"
0005 . UGET 1 0 ; label_counter
0006 . CAT 0 0 1
0007 . TDUP 1 1
0008 . TNEW 2 0
0009 . TSETS 2 1 2 ; "bindings"
0010 . TSETS 0 1 3 ; "label"
0011 . UGET 2 1 ; ssa
0012 . TGETS 2 2 4 ; "blocks"
0013 . TSETV 1 2 0
0014 . RET1 1 2
0016 UGET 6 0 ; add_block
0017 CALL 6 2 1
0000 . JFUNCF 3 1 ; ssa.lua:39
0001 . UGET 0 0 ; label_counter
0002 . ADDVN 0 0 0 ; 1
0003 . USETV 0 0 ; label_counter
0004 . KSTR 0 0 ; "L"
0005 . UGET 1 0 ; label_counter
0006 . CAT 0 0 1
0007 . TDUP 1 1
0008 . TNEW 2 0
0009 . TSETS 2 1 2 ; "bindings"
0010 . TSETS 0 1 3 ; "label"
0011 . UGET 2 1 ; ssa
0012 . TGETS 2 2 4 ; "blocks"
0013 . TSETV 1 2 0
0014 . RET1 1 2
0018 UGET 7 1 ; compile_bool
0019 TGETB 8 0 2
0020 MOV 9 1
0021 MOV 10 5
0022 MOV 11 6
0023 CALL 7 1 5
0000 . FUNCF 13 ; ssa.lua:55
0001 . GGET 4 0 ; "assert"
0002 . GGET 5 1 ; "type"
0003 . MOV 6 0
0004 . CALL 5 2 2
0000 . . FUNCC ; type
0005 . ISEQS 5 2 ; "table"
0006 . JMP 5 => 0009
0009 . KPRI 5 2
0010 . CALL 4 1 2
0000 . . FUNCC ; assert
0011 . TGETB 4 0 1
0012 . ISNES 4 3 ; "if"
0013 . JMP 5 => 0037
0037 . ISNES 4 4 ; "let"
0038 . JMP 5 => 0056
0056 . ISNES 4 10 ; "true"
0057 . JMP 5 => 0063
0063 . ISNES 4 11 ; "false"
0064 . JMP 5 => 0070
0070 . ISNES 4 12 ; "match"
0071 . JMP 5 => 0077
0077 . ISNES 4 14 ; "fail"
0078 . JMP 5 => 0084
0084 . GGET 5 0 ; "assert"
0085 . UGET 6 4 ; relops
0086 . TGETV 6 6 4
0087 . CALL 5 1 2
0000 . . FUNCC ; assert
0088 . UGET 5 5 ; finish_if
0089 . MOV 6 1
0090 . MOV 7 0
0091 . MOV 8 2
0092 . MOV 9 3
0093 . CALL 5 1 5
0000 . . FUNCF 6 ; ssa.lua:49
0001 . . TDUP 4 1
0002 . . TSETB 1 4 2
0003 . . TGETS 5 2 2 ; "label"
0004 . . TSETB 5 4 3
0005 . . TGETS 5 3 2 ; "label"
0006 . . TSETB 5 4 4
0007 . . TSETS 4 0 0 ; "control"
0008 . . RET0 0 1
0094 . RET0 0 1
0024 UGET 7 1 ; compile_bool
0025 TGETB 8 0 3
0026 MOV 9 5
0027 MOV 10 2
0028 MOV 11 3
0029 CALL 7 1 5
0000 . FUNCF 13 ; ssa.lua:55
0001 . GGET 4 0 ; "assert"
0002 . GGET 5 1 ; "type"
0003 . MOV 6 0
0004 . CALL 5 2 2
0000 . . FUNCC ; type
0005 . ISEQS 5 2 ; "table"
0006 . JMP 5 => 0009
0009 . KPRI 5 2
0010 . CALL 4 1 2
0000 . . FUNCC ; assert
0011 . TGETB 4 0 1
0012 . ISNES 4 3 ; "if"
0013 . JMP 5 => 0037
0037 . ISNES 4 4 ; "let"
0038 . JMP 5 => 0056
0056 . ISNES 4 10 ; "true"
0057 . JMP 5 => 0063
0063 . ISNES 4 11 ; "false"
0064 . JMP 5 => 0070
0070 . ISNES 4 12 ; "match"
0071 . JMP 5 => 0077
0077 . ISNES 4 14 ; "fail"
0078 . JMP 5 => 0084
0084 . GGET 5 0 ; "assert"
0085 . UGET 6 4 ; relops
0086 . TGETV 6 6 4
0087 . CALL 5 1 2
0000 . . FUNCC ; assert
0088 . UGET 5 5 ; finish_if
0089 . MOV 6 1
0090 . MOV 7 0
0091 . MOV 8 2
0092 . MOV 9 3
0093 . CALL 5 1 5
0000 . . FUNCF 6 ; ssa.lua:49
0001 . . TDUP 4 1
0002 . . TSETB 1 4 2
0003 . . TGETS 5 2 2 ; "label"
0004 . . TSETB 5 4 3
0005 . . TGETS 5 3 2 ; "label"
0006 . . TSETB 5 4 4
0007 . . TSETS 4 0 0 ; "control"
0008 . . RET0 0 1
0094 . RET0 0 1
0030 UGET 7 1 ; compile_bool
0031 TGETB 8 0 4
0032 MOV 9 6
0033 MOV 10 2
0034 MOV 11 3
0035 CALL 7 1 5
0000 . FUNCF 13 ; ssa.lua:55
0001 . GGET 4 0 ; "assert"
0002 . GGET 5 1 ; "type"
0003 . MOV 6 0
0004 . CALL 5 2 2
0000 . . FUNCC ; type
0005 . ISEQS 5 2 ; "table"
0006 . JMP 5 => 0009
0009 . KPRI 5 2
0010 . CALL 4 1 2
0000 . . FUNCC ; assert
0011 . TGETB 4 0 1
0012 . ISNES 4 3 ; "if"
0013 . JMP 5 => 0037
0037 . ISNES 4 4 ; "let"
0038 . JMP 5 => 0056
0056 . ISNES 4 10 ; "true"
0057 . JMP 5 => 0063
0063 . ISNES 4 11 ; "false"
0064 . JMP 5 => 0070
0065 . UGET 5 2 ; finish_goto
0066 . MOV 6 1
0067 . MOV 7 3
0068 . CALL 5 1 3
0000 . . FUNCF 4 ; ssa.lua:52
0001 . . TDUP 2 1
0002 . . TGETS 3 1 2 ; "label"
0003 . . TSETB 3 2 2
0004 . . TSETS 2 0 0 ; "control"
0005 . . RET0 0 1
0069 . JMP 5 => 0094
0094 . RET0 0 1
0036 JMP 5 => 0094
0094 RET0 0 1
---- TRACE 2 abort ssa.lua:79 -- retry recording
---- TRACE 2 start ssa.lua:55
0001 GGET 4 0 ; "assert"
0002 GGET 5 1 ; "type"
0003 MOV 6 0
0004 CALL 5 2 2
0000 . FUNCC ; type
0005 ISEQS 5 2 ; "table"
0006 JMP 5 => 0009
0009 KPRI 5 2
0010 CALL 4 1 2
0000 . FUNCC ; assert
0011 TGETB 4 0 1
0012 ISNES 4 3 ; "if"
0013 JMP 5 => 0037
0037 ISNES 4 4 ; "let"
0038 JMP 5 => 0056
0056 ISNES 4 10 ; "true"
0057 JMP 5 => 0063
0063 ISNES 4 11 ; "false"
0064 JMP 5 => 0070
0065 UGET 5 2 ; finish_goto
0066 MOV 6 1
0067 MOV 7 3
0068 CALL 5 1 3
0000 . FUNCF 4 ; ssa.lua:52
0001 . TDUP 2 1
0002 . TGETS 3 1 2 ; "label"
0003 . TSETB 3 2 2
0004 . TSETS 2 0 0 ; "control"
0005 . RET0 0 1
0069 JMP 5 => 0094
0094 RET0 0 1
---- TRACE 2 IR
.... SNAP #0 [ ---- ---- ---- ---- ---- ]
0001 rbp �[1mfun�[m SLOAD #0 R
0002 rbx �[31mtab�[m FLOAD 0001 func.env
0003 rsi p32 HREF 0002 �[32m"assert"�[m
0004 > p32 EQ 0003 [0x40098458]
0005 r15 �[31mtab�[m FLOAD 0002 tab.meta
0006 > �[31mtab�[m NE 0005 �[31m[NULL]�[m
0007 �[35mint�[m FLOAD 0005 tab.hmask
0008 > �[35mint�[m EQ 0007 �[35m+1 �[m
0009 r15 p32 FLOAD 0005 tab.node
0010 > p32 HREFK 0009 �[32m"__index"�[m @1
0011 r15 > �[31mtab�[m HLOAD 0010
0012 �[35mint�[m FLOAD 0011 tab.hmask
0013 > �[35mint�[m EQ 0012 �[35m+63 �[m
0014 r15 p32 FLOAD 0011 tab.node
0015 > p32 HREFK 0014 �[32m"assert"�[m @3
0016 > �[1mfun�[m HLOAD 0015
0017 rsi p32 HREF 0002 �[32m"type"�[m
0018 > p32 EQ 0017 [0x40098458]
0019 > p32 HREFK 0014 �[32m"type"�[m @60
0020 > �[1mfun�[m HLOAD 0019
0021 rbx > �[31mtab�[m SLOAD #1 T
0022 > �[1mfun�[m EQ 0020 �[1mtype�[m
0023 > �[1mfun�[m EQ 0016 �[1massert�[m
0024 �[35mint�[m FLOAD 0021 tab.asize
0025 > �[35mint�[m ABC 0024 �[35m+1 �[m
0026 rbx p32 FLOAD 0021 tab.array
0027 p32 AREF 0026 �[35m+1 �[m
0028 rbx > �[32mstr�[m ALOAD 0027
.... SNAP #1 [ ---- ---- ---- ---- ---- �[32m0028�[m ]
0029 > �[32mstr�[m NE 0028 �[32m"if"�[m
.... SNAP #2 [ ---- ---- ---- ---- ---- �[32m0028�[m ]
0030 > �[32mstr�[m NE 0028 �[32m"let"�[m
.... SNAP #3 [ ---- ---- ---- ---- ---- �[32m0028�[m ]
0031 > �[32mstr�[m NE 0028 �[32m"true"�[m
.... SNAP #4 [ ---- ---- ---- ---- ---- �[32m0028�[m ]
0032 > �[32mstr�[m EQ 0028 �[32m"false"�[m
.... SNAP #5 [ ---- ---- ---- ---- ---- �[32m0028�[m ]
0033 > �[1mfun�[m EQ 0001 �[1mssa.lua:55�[m
0034 rbp > �[31mtab�[m SLOAD #2 T
0035 r15 > �[31mtab�[m SLOAD #4 T
0036 [8] > �[31mtab�[m TDUP �[31m{0x40ff43e8}�[m
0037 �[35mint�[m FLOAD 0035 tab.hmask
0038 > �[35mint�[m EQ 0037 �[35m+1 �[m
0039 r15 p32 FLOAD 0035 tab.node
0040 > p32 HREFK 0039 �[32m"label"�[m @1
0041 r15 > �[32mstr�[m HLOAD 0040
0042 rax p32 FLOAD 0036 tab.array
0043 p32 AREF 0042 �[35m+2 �[m
0044 �[32mstr�[m ASTORE 0043 0041
.... SNAP #6 [ �[1mssa.lua:55�[m|---- ---- ---- ----
�[32m0028�[m �[1mssa.lua:52�[m|�[31m0034�[m ---- �[31m0036�[m ---- ]
0045 rsi p32 HREF 0034 �[32m"control"�[m
0046 > p32 EQ 0045 [0x40098458]
0047 �[31mtab�[m FLOAD 0034 tab.meta
0048 > �[31mtab�[m EQ 0047 �[31m[NULL]�[m
0049 rbx p32 NEWREF 0034 �[32m"control"�[m
0050 �[31mtab�[m HSTORE 0049 0036
0051 nil TBAR 0034
.... SNAP #7 [ �[1mssa.lua:55�[m|]
---- TRACE 2 mcode 719
0bcbfb6e mov dword [0x40098410], 0x2
0bcbfb79 mov edi, [0x400983d8]
0bcbfb80 cmp edi, [0x400983dc]
0bcbfb87 jb 0x0bcbfba0
0bcbfb89 mov esi, 0x1
0bcbfb8e mov edi, 0x400983b8
0bcbfb93 call 0x00421730 ->lj_gc_step_jit
0bcbfb98 test eax, eax
0bcbfb9a jnz 0x0bcb0010 ->0
0bcbfba0 mov edi, [0x400984b0]
0bcbfba7 mov edx, [0x400984b4]
0bcbfbae mov ebp, [rdx-0x8]
0bcbfbb1 mov ebx, [rbp+0x8]
0bcbfbb4 mov esi, [rbx+0x1c]
0bcbfbb7 and esi, 0xce2b6183
0bcbfbbd lea esi, [rsi+rsi*2]
0bcbfbc0 shl esi, 0x03
0bcbfbc3 add esi, [rbx+0x14]
0bcbfbc6 cmp dword [rsi+0xc], -0x05
0bcbfbca jnz 0x0bcbfbd9
0bcbfbcc cmp dword [rsi+0x8], 0x4009adb0
0bcbfbd3 jz 0x0bcb0010 ->0
0bcbfbd9 mov esi, [rsi+0x10]
0bcbfbdc test esi, esi
0bcbfbde jnz 0x0bcbfbc6
0bcbfbe0 mov r15d, [rbx+0x10]
0bcbfbe4 test r15d, r15d
0bcbfbe7 jz 0x0bcb0010 ->0
0bcbfbed cmp dword [r15+0x1c], +0x01
0bcbfbf2 jnz 0x0bcb0010 ->0
0bcbfbf8 mov r15d, [r15+0x14]
0bcbfbfc mov rsi, 0xfffffffb4009a4c8
0bcbfc06 cmp rsi, [r15+0x20]
0bcbfc0a jnz 0x0bcb0010 ->0
0bcbfc10 cmp dword [r15+0x1c], -0x0c
0bcbfc15 jnz 0x0bcb0010 ->0
0bcbfc1b mov r15d, [r15+0x18]
0bcbfc1f cmp dword [r15+0x1c], +0x3f
0bcbfc24 jnz 0x0bcb0010 ->0
0bcbfc2a mov r15d, [r15+0x14]
0bcbfc2e mov rsi, 0xfffffffb4009adb0
0bcbfc38 cmp rsi, [r15+0x50]
0bcbfc3c jnz 0x0bcb0010 ->0
0bcbfc42 cmp dword [r15+0x4c], -0x09
0bcbfc47 jnz 0x0bcb0010 ->0
0bcbfc4d mov esi, [rbx+0x1c]
0bcbfc50 and esi, 0x798a813c
0bcbfc56 lea esi, [rsi+rsi*2]
0bcbfc59 shl esi, 0x03
0bcbfc5c add esi, [rbx+0x14]
0bcbfc5f cmp dword [rsi+0xc], -0x05
0bcbfc63 jnz 0x0bcbfc72
0bcbfc65 cmp dword [rsi+0x8], 0x4009afb0
0bcbfc6c jz 0x0bcb0010 ->0
0bcbfc72 mov esi, [rsi+0x10]
0bcbfc75 test esi, esi
0bcbfc77 jnz 0x0bcbfc5f
0bcbfc79 mov rsi, 0xfffffffb4009afb0
0bcbfc83 cmp rsi, [r15+0x5a8]
0bcbfc8a jnz 0x0bcb0010 ->0
0bcbfc90 cmp dword [r15+0x5a4], -0x09
0bcbfc98 jnz 0x0bcb0010 ->0
0bcbfc9e cmp dword [rdx+0x4], -0x0c
0bcbfca2 jnz 0x0bcb0010 ->0
0bcbfca8 mov ebx, [rdx]
0bcbfcaa cmp dword [r15+0x5a0], 0x4009af18
0bcbfcb5 jnz 0x0bcb0010 ->0
0bcbfcbb cmp dword [r15+0x48], 0x4009ad88
0bcbfcc3 jnz 0x0bcb0010 ->0
0bcbfcc9 cmp dword [rbx+0x18], +0x01
0bcbfccd jbe 0x0bcb0010 ->0
0bcbfcd3 mov ebx, [rbx+0x8]
0bcbfcd6 cmp dword [rbx+0xc], -0x05
0bcbfcda jnz 0x0bcb0010 ->0
0bcbfce0 mov ebx, [rbx+0x8]
0bcbfce3 cmp ebx, 0x4009a8f8
0bcbfce9 jz 0x0bcb0014 ->1
0bcbfcef cmp ebx, 0x400ae1f0
0bcbfcf5 jz 0x0bcb0018 ->2
0bcbfcfb cmp ebx, 0x4009aa18
0bcbfd01 jz 0x0bcb001c ->3
0bcbfd07 cmp ebx, 0x4009a870
0bcbfd0d jnz 0x0bcb0020 ->4
0bcbfd13 cmp ebp, 0x400b5240
0bcbfd19 jnz 0x0bcb0024 ->5
0bcbfd1f cmp dword [rdx+0xc], -0x0c
0bcbfd23 jnz 0x0bcb0024 ->5
0bcbfd29 mov ebp, [rdx+0x8]
0bcbfd2c cmp dword [rdx+0x1c], -0x0c
0bcbfd30 jnz 0x0bcb0024 ->5
0bcbfd36 mov r15d, [rdx+0x18]
0bcbfd3a mov esi, 0x40ff43e8
0bcbfd3f call 0x004223c0 ->lj_tab_dup
0bcbfd44 mov [rsp+0x8], eax
0bcbfd48 mov edi, [0x400984b0]
0bcbfd4f cmp dword [r15+0x1c], +0x01
0bcbfd54 jnz 0x0bcb0024 ->5
0bcbfd5a mov r15d, [r15+0x14]
0bcbfd5e mov rsi, 0xfffffffb40ff2270
0bcbfd68 cmp rsi, [r15+0x20]
0bcbfd6c jnz 0x0bcb0024 ->5
0bcbfd72 cmp dword [r15+0x1c], -0x05
0bcbfd77 jnz 0x0bcb0024 ->5
0bcbfd7d mov r15d, [r15+0x18]
0bcbfd81 mov eax, [rax+0x8]
0bcbfd84 mov dword [rax+0x14], 0xfffffffb
0bcbfd8b mov [rax+0x10], r15d
0bcbfd8f mov esi, [rbp+0x1c]
0bcbfd92 and esi, 0x2a54dc55
0bcbfd98 lea esi, [rsi+rsi*2]
0bcbfd9b shl esi, 0x03
0bcbfd9e add esi, [rbp+0x14]
0bcbfda1 cmp dword [rsi+0xc], -0x05
0bcbfda5 jnz 0x0bcbfdb4
0bcbfda7 cmp dword [rsi+0x8], 0x40ff29d8
0bcbfdae jz 0x0bcb0028 ->6
0bcbfdb4 mov esi, [rsi+0x10]
0bcbfdb7 test esi, esi
0bcbfdb9 jnz 0x0bcbfda1
0bcbfdbb cmp dword [rbp+0x10], +0x00
0bcbfdbf jnz 0x0bcb0028 ->6
0bcbfdc5 mov edx, 0x40098448
0bcbfdca mov dword [rdx+0x4], 0xfffffffb
0bcbfdd1 mov dword [rdx], 0x40ff29d8
0bcbfdd7 mov esi, ebp
0bcbfdd9 call 0x00422cf0 ->lj_tab_newkey
0bcbfdde mov ebx, eax
0bcbfde0 mov edx, [0x400984b4]
0bcbfde7 mov eax, [rsp+0x8]
0bcbfdeb mov dword [rbx+0x4], 0xfffffff4
0bcbfdf2 mov [rbx], eax
0bcbfdf4 test byte [rbp+0x4], 0x4
0bcbfdf8 jz 0x0bcbfe0f
0bcbfdfa and byte [rbp+0x4], 0xfb
0bcbfdfe mov edi, [0x400983f4]
0bcbfe05 mov [0x400983f4], ebp
0bcbfe0c mov [rbp+0xc], edi
0bcbfe0f mov eax, [0x400984b0]
0bcbfe16 mov eax, [rax+0x20]
0bcbfe19 sub eax, edx
0bcbfe1b cmp eax, +0x68
0bcbfe1e jb 0x0bcb002c ->7
0bcbfe24 mov dword [rdx-0x8], 0x400b5240
0bcbfe2b xor eax, eax
0bcbfe2d mov ebx, 0x40ff3a38
0bcbfe32 mov r14d, 0x40099008
0bcbfe38 jmp 0x00420177
---- TRACE 2 stop -> return
---- TRACE 2 exit 4
---- TRACE 2 exit 1
---- TRACE 2 exit 1
---- TRACE 2 exit 1
---- TRACE 2 exit 4
---- TRACE 2 exit 2
Other related posts:
