Figure 1 demonstrates the error of calling a nonexistent function. This routine was compiled with the compiler options LP64, GONUM, LIST, OFFSET, and RENT and was run with the option TERMTHDACT(UADUMP).
Figure 1. C/C++ example
of calling a nonexistent subroutine (AMODE 64)
/* C/C++ Example of Calling a Nonexistent Subroutine */
/* from LE Debugging Guide */
#pragma options(noinline)
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <signal.h>
void funca(int* aa);
int (*func_ptr)(void)=0;
int main(void) {
int aa;
funca(&aa);
printf("result of funca = %d\n",aa);
return;
}
void funca(int* aa) {
*aa = func_ptr();
return;
}To debug this routine, use the following steps:
- Locate the Original Condition message in the Condition Information
for Active Routines section of the dump, shown in Figure 2. In this example, the message is CEE3201S
The system detected an operation exception (System Completion Code=0C1). This
message suggests that the error was caused by an attempt to branch
to an unknown address. For additional information about CEE3201S,
see z/OS Language Environment Runtime Messages.
The Location section of the dump indicates that the exception occurred at offset X'-209000D0'' within function funca and that there may have been a bad branch from statement 17 offset X'+00000036'' within function funca. The negative offset indicates that the offset cannot be used to locate the instruction that caused the error. Another indication of bad data is the value of X'00000002' in the instruction address of the PSW shown in the Condition Information section. This address indicates that an instruction in the routine branched outside the bounds of the routine.
In the traceback, the statement number displayed for entry 'main' points to line 12 in the source code shown in Figure 1. This line contains the statement "funca(&aa); " in which entry 'funca' is called. As message CEE3841I explains, for entry 'funca' no statement number could be displayed. In this example, this problem is caused because 'funca' has an invalid offset. For further information about this message seez/OS Language Environment Runtime Messages.
Figure 2. Sections of the dump from example C routine (AMODE 64) (Part 1 of 3)CEE3DMP V1 R9.0: Condition processing resulted in the unhandled condition. Mon Jan 22 16:39:06 2007 Page: 1 ASID: 00CC Job ID: JOB04367 Job name: QEXIST Step name: STEP1 UserID: HEALY CEE3845I CEEDUMP Processing started. Information for enclave main Information for thread 8000000000000000 Traceback: DSA Entry E Offset Statement Load Mod Program Unit Service Status 1 CEEHDSP +00000000 CELQLIB CEEHDSP D1908 Call 2 CELQHROD +0000024E CELQLIB CELQHROD D1908 Call 3 funca -209000D0 EXIST Exception CEE3841I A statement number is not available for this DSA. An internal routine failed with return code 08 and reason code 1C 4 main +00000034 12 EXIST EXIST Call 5 CELQINIT +0000134C CELQLIB CELQINIT D1908 Call DSA DSA Addr E Addr PU Addr PU Offset Comp Date Compile Attributes 1 00000001082FC520 0000000020AB3680 0000000020AB3680 00000000 20061215 CEL XPLINK EBCDIC HFP 2 00000001082FEE40 0000000020AC6AA0 0000000020AC6AA0 0000024E 20061215 CEL XPLINK EBCDIC HFP 3 00000001082FF080 00000000209000D0 0000000000000000 ******** 20070122 C/C++ XPLINK EBCDIC IEEE 4 00000001082FF180 0000000020900138 0000000000000000 ******** 20070122 C/C++ XPLINK EBCDIC IEEE 5 00000001082FF280 0000000020903010 0000000020903010 0000134C 20061215 CEL XPLINK EBCDIC HFP Fully Qualified Names DSA Entry Program Unit Load Module 4 main PLPSC://'POSIX.CRTL.C(EXIST)' EXIST Condition Information for Active Routines Condition Information for (DSA address 00000001082FF080) CIB Address: 00000001082FD860 Current Condition: CEE0198S The termination of a thread was signaled due to an unhandled condition. Original Condition: CEE3201S The system detected an operation exception (System Completion Code=0C1). Location: Program Unit: Entry: funca Statement: Offset: -209000D0 Possible Bad Branch: Statement: 17 Offset: +00000036 Machine State: ILC..... 0002 Interruption Code..... 0001 PSW..... 0785240180000000 0000000000000002 GPR0..... 0000000108300060 GPR1..... 00000001082FFA40 GPR2..... 0000000108401F60 GPR3..... 0000000108400070 GPR4..... 00000001082FF080 GPR5..... 000A0000000130E1 GPR6..... 0000000000000000 GPR7..... 0000000020900108 GPR8..... 00000000209000DC GPR9..... 00000000209001A0 GPR10.... 00000000209002A8 GPR11.... 0000000108401F50 GPR12.... 0000000100005340 GPR13.... 0000000000006F58 GPR14.... 0000000020B4E0A0 GPR15.... 000000000000001F Storage dump near condition, beginning at location(0000000000000000) +0000 0000000000000000 Inaccessible storage. +0010 0000000000000010 Inaccessible storage. GPREG STORAGE: Storage around GPR0 (0000000108300060) -0020 0000000108300040 00000001 08300000 00000000 00000060 |...............-| -0010 0000000108300050 C36DE6E2 C1F6F440 40404040 40404040 |C_WSA64 | +0000 0000000108300060 94818995 0086A495 83810000 00000000 |main.funca......| +0010 0000000108300070 00000001 08300090 00000000 209000D0 |................| +0020 0000000108300080 00000000 000000C0 00000000 20E71FF8 |.............X.8| +0030 0000000108300090 00000000 00000000 00000000 00000000 |................| Storage around GPR1 (00000001082FFA40) -0020 00000001082FFA20 00000000 00000000 00000000 00000000 |................| -0010 00000001082FFA30 - +FFFFFF 00000001082FFA3F same as above +0000 00000001082FFA40 00000000 00000000 00000001 08300060 |...............-| +0010 00000001082FFA50 00000000 00000000 00000000 00000000 |................| +0020 00000001082FFA60 - +00003F 00000001082FFA7F same as aboveFigure 3. Sections of the dump from example C routine (AMODE 64) (Part 2 of 3)Storage around GPR2 (0000000108401F60) -0020 0000000108401F40 00000001 08400000 00000000 00000040 |..... ......... | -0010 0000000108401F50 00000001 00000020 00000001 08401F60 |............. .-| +0000 0000000108401F60 00000001 08401BF0 00000000 00000000 |..... .0........| +0010 0000000108401F70 00000000 00000000 00000000 00000000 |................| +0020 0000000108401F80 00000001 08400000 00000000 000014E0 |..... ..........| +0030 0000000108401F90 C3C4D3C7 6DC8C4D9 00000001 08401FBC |CDLG_HDR..... ..| Storage around GPR3 (0000000108400070) -0020 0000000108400050 00000000 00000000 00000000 00000000 |................| -0010 0000000108400060 00000001 08400000 00000000 000000C0 |..... ..........| +0000 0000000108400070 00000001 084042B0 00000000 00000000 |..... ..........| +0010 0000000108400080 00000000 00000000 00000000 20900000 |................| +0020 0000000108400090 00000000 00000000 00000001 08300050 |...............&| +0030 00000001084000A0 00000000 00000000 00000001 80C00000 |................| Storage around GPR4 (00000001082FF080) +0800 00000001082FF880 00000001 082FF180 00000001 08300060 |......1........-| +0810 00000001082FF890 00000000 209000D0 00000000 2090016E |...............>| +0820 00000001082FF8A0 00000000 20900144 00000000 209001A0 |................| +0830 00000001082FF8B0 00000000 209002A8 00000001 08401F50 |.......y..... .&| +0840 00000001082FF8C0 00000001 00005340 00000000 00006F58 |....... ......?.| +0850 00000001082FF8D0 00000000 20B4E0A0 00000000 0000001F |................| Storage around GPR5 (000A0000000130E1) -0020 000A0000000130C1 Inaccessible storage. -0010 000A0000000130D1 Inaccessible storage. +0000 000A0000000130E1 Inaccessible storage. +0010 000A0000000130F1 Inaccessible storage. +0020 000A000000013101 Inaccessible storage. +0030 000A000000013111 Inaccessible storage. Storage around GPR6 (0000000000000000) +0000 0000000000000000 Inaccessible storage. +0010 0000000000000010 Inaccessible storage. +0020 0000000000000020 Inaccessible storage. +0030 0000000000000030 Inaccessible storage. +0040 0000000000000040 Inaccessible storage. +0050 0000000000000050 Inaccessible storage. Storage around GPR7 (0000000020900108) -0020 00000000209000E8 E3104980 0024E360 48080004 E3606010 |T.....T-....T--.| -0010 00000000209000F8 0004E360 60000004 EB566000 00040D76 |..T--.....-.....| +0000 0000000020900108 0700B904 0003E360 49800004 50006000 |......T-....&.-.| +0010 0000000020900118 47F08040 EB484800 000447F0 70020000 |.0. .......0....| +0020 0000000020900128 00C300C5 00C500F1 000000B0 00000100 |.C.E.E.1........| +0030 0000000020900138 EB494700 0024A74B FF000D80 C0900000 |......x.........| ⋮ Enclave Control Blocks: ⋮ DLL Information: WSA Addr Module Addr Thread ID Use Count Name 0000000108300050 00000001 main 0000000108301210 000000002105B000 8000000000000000 00000002 CDAEQED 0000000108306E10 00000000210D0000 8000000000000000 00000001 CDAEQDPI 000000010830FE90 0000000021194000 8000000000000000 00000001 CELQDSNF ⋮Figure 4. Sections of the dump from example C routine (AMODE 64) (Part 3 of 3)
⋮
Process Control Blocks:
PCB(0000000100003CA0)
+0000 0000000100003CA0 C3C5C5D7 C3C24040 00000000 00000000 |CEEPCB ........|
+0010 0000000100003CB0 00000000 00000000 00000000 00000000 |................|
+0020 0000000100003CC0 - +0000FF 0000000100003D9F same as above
+0100 0000000100003DA0 03030208 00000000 00000000 00000000 |................|
+0110 0000000100003DB0 00000001 00004048 00000000 00000000 |...... .........|
+0120 0000000100003DC0 00000000 00000000 00000000 00000000 |................|
+0130 0000000100003DD0 00000000 00000000 00000001 00003A10 |................|
+0140 0000000100003DE0 7F800000 00000000 00000000 00000000 |"...............|
+0150 0000000100003DF0 00000000 00000000 00000000 00000000 |................|
+0160 0000000100003E00 - +0001BF 0000000100003E5F same as above
MEML(0000000100004048)
+0000 0000000100004048 00000000 00000000 00000000 00000000 |................|
+0010 0000000100004058 - +00005F 00000001000040A7 same as above
+0060 00000001000040A8 00000001 00008688 00000000 00000000 |......fh........|
+0070 00000001000040B8 00000000 00000000 00000000 00000000 |................|
+0080 00000001000040C8 - +0001AF 00000001000041F7 same as above
CEE3846I CEEDUMP Processing completed. - Find the branch instructions for funca in the
listing in Figure 5. Notice the BASR
r7,r6 instruction at offset X'000036'. This branch
is part of the instruction aa=func_ptr(); in statement
17 in Figure 1 . Figure 5. Pseudo assembly listing (AMODE 64) (Part 1 of 2)
OFFSET OBJECT CODE LINE# FILE# P S E U D O A S S E M B L Y L I S T I N G Timestamp and Version Information 000010 F2F0 F0F7 =C'2007' Compiled Year 000014 F0F1 F2F2 =C'0122' Compiled Date MMDD 000018 F1F6 F2F5 F4F6 =C'162546' Compiled Time HHMMSS 00001E F0F1 F0F9 F0F0 =C'010900' Compiler Version Timestamp and Version End OFFSET OBJECT CODE LINE# FILE# P S E U D O A S S E M B L Y L I S T I N G 000016 | * void funca(int* aa) { 000028 @2L0 DS 0D 000028 00C300C5 =F'12779717' XPLink entrypoint marker 00002C 00C500F1 =F'12910833' 000030 000000F8 =F'248' 000034 00000100 =F'256' 000000 000016 | funca DS 0D 000000 EB48 4700 0024 000016 | STMG r4,r8,1792(r4) 000006 A74B FF00 000016 | AGHI r4,H'-256' 00000A 0D80 000016 | BASR r8,0 00000C End of Prolog 00000C E350 4808 0024 000016 | STG r5,#Save_ADA_Ptr_2(,r4,2056) 000012 E350 48C0 0024 000016 | STG r5,#Save_WSA_Ptr_2(,r4,2240) 000018 E310 4980 0024 000016 | STG r1,aa(,r4,2432) 000017 | * *aa = func_ptr(); 00001E E360 4808 0004 000017 | LG r6,#Save_ADA_Ptr_2(,r4,2056) 000024 E360 6010 0004 000017 | LG r6,=A(func_ptr)(,r6,16) 00002A E360 6000 0004 000017 | LG r6,func_ptr(,r6,0) 000030 EB56 6000 0004 000017 | LMG r5,r6,&ADA_&EPA(r6,0) 000036 0D76 000017 | BASR r7,r6 000038 0700 000017 | NOPR 0 00003A B904 0003 000017 | LGR r0,r3 00003E E360 4980 0004 000017 | LG r6,aa(,r4,2432) 000044 5000 6000 000017 | ST r0,(*)int(,r6,0) 000018 | * return; 000048 47F0 8040 000018 | B @2L3 000019 | * } 00004C 000019 | @2L3 DS 0H 00004C Start of Epilog 00004C EB48 4800 0004 000019 | LMG r4,r8,2048(r4) 000052 47F0 7002 000019 | B 2(,r7) *** General purpose registers used: 1111111110000000 *** Floating point registers used: 1111111100000000 *** Size of register spill area: 256(max) 0(used) *** Size of dynamic storage: 0 *** Size of executable code: 86 OFFSET OBJECT CODE LINE# FILE# P S E U D O A S S E M B L Y L I S T I N G 000001 | * /* C/C++ Example of Calling a Nonexistent Subroutine */ 000002 | * /* from LE Debugging Guide */ 000003 | * #pragma options(noinline) 000004 | * #include <stdio.h> 000005 | * #include <stdlib.h> 000006 | * #include <errno.h> 000007 | * #include <signal.h> 000008 | * void funca(int* aa); 000009 | * int (*func_ptr)(void)=0; 000010 | * int main(void) {Figure 6. Pseudo assembly listing (AMODE 64) (Part 2 of 2)000090 @1L0 DS 0D 000090 00C300C5 =F'12779717' XPLink entrypoint marker 000094 00C500F1 =F'12910833' 000098 000000B0 =F'176' 00009C 00000100 =F'256' 000000 000010 | main DS 0D 000000 EB49 4700 0024 000010 | STMG r4,r9,1792(r4) 000006 A74B FF00 000010 | AGHI r4,H'-256' 00000A 0D80 000010 | BASR r8,0 00000C End of Prolog 00000C C090 0000 002E 000000 | LARL r9,F'46' 000012 E350 4808 0024 000010 | STG r5,#Save_ADA_Ptr_1(,r4,2056) 000018 E350 48C8 0024 000010 | STG r5,#Save_WSA_Ptr_1(,r4,2248) 000011 | * int aa; 000012 | * funca(&aa); 00001E 4110 48C0 000012 | LA r1,aa(,r4,2240) 000022 E350 4808 0004 000012 | LG r5,#Save_ADA_Ptr_1(,r4,2056) 000028 E360 4808 0004 000012 | LG r6,#Save_ADA_Ptr_1(,r4,2056) 00002E E360 6018 0004 000012 | LG r6,=V(funca)(,r6,24) 000034 0D76 000012 | BASR r7,r6 000036 0700 000012 | NOPR 0 000013 | * printf("result of funca = %d\n",aa); 000038 E320 48C0 0014 000013 | LGF r2,aa(,r4,2240) 00003E E360 4808 0004 000013 | LG r6,#Save_ADA_Ptr_1(,r4,2056) 000044 EB56 6020 0004 000013 | LMG r5,r6,=A(printf)(r6,32) 00004A B904 0019 000013 | LGR r1,r9 00004E 0D76 000013 | BASR r7,r6 000050 0700 000013 | NOPR 0 000014 | * return; 000052 47F0 804A 000014 | B @1L2 000015 | * } 000056 000015 | @1L2 DS 0H 000056 Start of Epilog 000056 EB49 4800 0004 000015 | LMG r4,r9,2048(r4) 00005C B909 0033 000015 | SGR r3,r3 000060 47F0 7002 000015 | B 2(,r7) *** General purpose registers used: 1111111111000000 *** Floating point registers used: 1111111100000000 *** Size of register spill area: 256(max) 0(used) *** Size of dynamic storage: 0 *** Size of executable code: 100 OFFSET OBJECT CODE LINE# FILE# P S E U D O A S S E M B L Y L I S T I N G 000104 0000 0000 Constant Area 000000 9985A2A4 93A34096 864086A4 95838140 |result of funca | 000010 7E406C84 1500 |= %d.. | - Find the offset of func_ptr in the Writable Static
Map, shown in Figure 7. Figure 7. Writable static map (AMODE 64)
--------------- CLASS C_WSA64 LENGTH = 48 ATTRIBUTES = MRG, DEFER , RMODE= 64 OFFSET = 0 IN SEGMENT 002 ALIGN = QDWORD --------------- CLASS OFFSET NAME TYPE LENGTH SECTION 0 $PRIV000012 PART 10 10 EXIST#S PART 30 EXIST#C 40 func_ptr PART 8 func_ptr - Add the offset of func_ptr (X'40') to
the address of WSA (X'108300050') (the WSA address was obtained
from the dump report in Figure 5).
The result ( X'108300090') is the address of the function
pointer func_ptr in the writable static storage area.
This value is 0, indicating the variable is uninitialized. Figure 8 shows the sections of the dump. Figure 8. IPCS storage display of the writeable static area (AMODE 64)
LIST 01_08300050. ASID(X'00CC') LENGTH(X'0100') AREA _8300050. C36DE6E2 C1F6F440 40404040 40404040 |C_WSA64 | _8300060. 94818995 0086A495 83810000 00000000 |main.funca......| _8300070. 00000001 08300090 00000000 209000D0 |...............}| _8300080. 00000000 000000C0 00000000 20E71FF8 |.......{.....X.8| _8300090 LENGTH(X'10')==>All bytes contain X'00' _83000A0. 00000001 08300000 00000000 00000220 |................| _83000B0. 00000001 083002D0 00000001 083004B8 |.......}........| _83000C0. 00000001 083004F5 00000001 08300532 |.......5........| _83000D0. 00000001 0830056F 00000001 083005AC |.......?........| _83000E0. 00000001 083005E9 00000001 08300626 |.......Z........| _83000F0. 00000001 08300663 00000001 08300A70 |................| _8300100. 00000001 08300AAD 00000000 00000000 |................| _8300110 LENGTH(X'40')==>All bytes contain X'00'