'386 question

[Sean Eric Fagan]

I've been playing with something, lately, and have been getting a core-dump,
and I'm not entirely sure why.

Basicly, gccv2.0 will have nested functions.  When you take the address of a
nested function, it will take a code prototype (in binary form), and push it
on the stack, and then modify it appropriately.  On the '386, the prototype
(called a "trampoline") is

	mov $static, %ecx	; 0xb9 0x0000 0x0000
	mov $function_addr, %eax ; 0xb8 0x0000 0x0000
	jmp *%eax	; 0xff 0x40

The actual value of the address given as the function pointer is the stack
address where that code is; this sets up the frame pointers properly.

Now, the following code:

	main() {
		int foobar() {
			return 34;
		}
		int (*fp)();

		fp = foobar;
		(*fp)();
	}

will memory-fault at the 'jmp *%eax' instruction, and I'm not sure why.  I
actually expected it to die when it tried executing code on the stack, but
that didn't seem to be a problem; it was when it tried to transfer out.

I've examined the reigster using adb and codeview, and, in both cases, %eax
holds the proper address.  (Actually, it's quite fun.  codeview will core 
dump itself if I try to use it to step through the code.)

Any thoughts, people?  Thanks in advance...

-- 
Sean Eric Fagan  | "I made the universe, but please don't blame me for it;
sef at kithrup.COM  |  I had a bellyache at the time."
-----------------+           -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.