https://bugzilla.novell.com/show_bug.cgi?id=223718 ------- Comment #20 from matz@novell.com 2006-11-27 12:11 MST ------- Are you sure that this is the place where it segfaults? Because the code is correct. You missed some surrounding code which checks that "timers != 0". In effect we have this code in WaitForSomething: .. if (timers) { now = GetTimeInMillis(); timeout = timers->expires - now; if (timeout > 0 && timeout > timers->delta + 250) { CheckAllTimers(now); timeout = timers->expires - now; asm("# foo CheckAllTimers3\n"); } .... } The call to CheckAllTimers is expanded inline, and it contains this loop: CheckAllTimers(CARD32 now) { OsTimerPtr timer; start: for (timer = timers; timer; timer = timer->next) { if (timer->expires - now > timer->delta + 250) { TimerForce(timer); goto start; } } } So, inside that call to CheckAllTimers we know that "timers" will be non-zero. Now the code from CheckAllTimers will be combined with the one from the caller, and in effect it will look like so: if (timers) { timeout = timers->expires - now; if (timeout > 0 && timeout > timers->delta + 250) { OsTimerPtr timer; start: for (timer = timers; timer; timer = timer->next) { if (timer->expires - now > timer->delta + 250) { TimerForce(timer); goto start; } } timeout = timers->expires - now; } .... What you see as load from an address which could be zero is the load of "timer->expires" in the loop (guarded by the loop guard), and the "timers->expires" from after the loop. If you look at the assembler it loads r11 from r28+0, from the TOC, i.e. the address of "times" and then checks it for zero. Let's ignore the check for a moment but see if it can become 0 at that point at all. I think it can't. We can come there only through label L199 and L195, and L195 isn't used in a jump. So only from L199. There are two jumps to L199, reachable from labels L200 and L194. L200 can be reached from fallthough of L194 and from label L201. L201 can only be reached from label L200 (i.e. a loop). So only reachable from L194, which in turn can only be reached as fallthrough from L391 and from the block we started from (also shown in comment #14). So, we must pass the path from L391 to L194 when we want to hit this test. But that very path contains these insns: LVL151: .loc 1 201 0 lwz 9,0(28) cmpwi 7,9,0 beq 7,.L188 I.e. here we test if (r28) is zero and jump to L188 if that's the case. We never go into the loop, so actually the test shown in comment #14 will never be true (i.e. at that point (r28) will never be zero), so the code is okay as far as I can see. So again, my question: Are you sure that this is the place where it segfaults? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.