A serious gas/gld bug

A serious gas/gld bug

[H.J. Lu]

> 
> >>>>> H J Lu <hjl@nynexst.com> writes:
> 
> >> >>>>> H J Lu <hjl@nynexst.com> writes:
> 
> >> > crtstuff.c is responsible for the .fini section which is registered
> >> > via atexit().  The .fini section contains your crtstuff.c messed up
> >> > 'i' after the .fini section returns.
> 
> >> I don't understand how this could happen.  Can't you step through the call
> 
> > I can guess 'i' is in a register. The weird things we did in crtstuff
> > as well as the linker did didn't help much. The rfg's approach is very
> > reasonable. It uses a complete function which is combined from
> > two parts.
> 
> If 'i' is in a register that is going to be clobbered, it should be
> reloaded after the call.  My approach is more in line with existing
> practice -- crt[in].o provide a function prologue and epilogue, why don't
> we use them?
> 
> >> to _fini and see why 'i' is being clobbered?
> 

It is gas/gld who clobbered ebx which is used by 'i'. Here is the test
case. Jason, could you please verify gas/gld on x86 UnixWare? I am
curious why you didn't see problem on x86 UnixWare.

It seems that gas/gld cannot handle

	.section	.fini/.init

right. As you can see from objdump --disassemble,

fini_dummy:
	.section        .fini
	call __do_global_dtors_aux

becomes

	call __do_global_dtors_aux+2

At the final linking, a.out.asm, you can see it become

	call __do_global_dtors_aux+1

Similar thing also happens to __do_global_ctors_aux. That screwed up
everything since it skip the very importmant

	push	%ebx


H.J.
---

begin 644 binutils-bug.tar.gz
M'XL( .,9P2X  ^U<RV\D1QDOQT[8:1(@B ,2' IG(VW8<:>[IQ\>9^.L$V\V
MB4PVBAU K*#I1[4]9F9Z--V3]49(!)D#4A3)AQP0XL A!_X"A,1Q)<[\&7M%
MXKC(5/6[JKH]8^,9=K/U2>.>ZOI]]?BJOE=[NN17]YWH53!7@KIB&08$$*JF
M99(K['3TY)J1 J%AFHJFZKJNX;)E:": QGR'E=(DBITQA.#@L'\FKA>=7?^$
MDIRLOR.'DUAVHL%<^E 5Q=3UQO6W3$O+U[]CF2J&X:L&H#*7T3#TE*^_E"S]
M1K(00:^/8!".!TX,43_H:&N]SKHI2=N]R(DB-'#[]V$8P AY<2\<0KDW[,4;
MDK*N8%I7X V;W-B$GM/O$YW&]RVDJOB^[8?V?C]TG;[MQ>$XLIW)T75U,V<U
M,M;KQB8<HY@,Y:IRI#3V&Z.CHM\NZ=>VO7%L^Y/!X+YM;\)1."(#>!EY1SE*
M95&X>S@(/TYQT:C],G(+<(<#=UBP4X -#FQ4P-X1!OL%V.+ UB9T?#\%^S2X
MRX&[S6"7 [LLN!RSSX'] HPEKU?!#B?@ZZJ"93R)#OJDZ1)8(V.U BSDZV@\
M4*L BU5S^(50RY7  UU?IT:ZSL/7JW"ENLH.+P052Z$WS/??NI(C QX95-O5
M_.HP7)V#:WKC,%Q^E;5N[3!<?HDUM[+5G*,V06/Q^NL9B\>O74<I6##Z6K*=
MU5>JX_?X\7?TFGZZR"KZX2?1Z28LG]SKPWQ47K47GQ^:7KNM?'Y;Z2IE9#0]
MW:,1BH/1Q+N7VQ7?Y#E-=I]'HQS-ST'OTOUT$B-G]WNNEYJZG!7QK*B82[*&
MV!+J^4(B?EL;';HG!>&>'&SGRDX0O[N-]<;9('ZS&"[51]5D9TP!OR:F0C.I
M.L8,G-ZPX.'MGVG4K6/ KX9ITK-6R7ZMSCG@9V&Z%?M>:%'@\4!O$P[#$=&B
M',1KO.ES('XM3<2!>(M@!@P(!SWPAA\.457UU8H*J(J1 HC#X/5=5:RL&KN(
MPT'2,M-P#NQFP"XW!">K<;@:-ZMQN1HOJV'EIRI^5L,*35505L-*2E6"K(83
MCXIGL>]YFNV%@Q$./'RYQE>H;/C@5\*'JB,@"F;H[2JGV<1)=MU@5!CC@CMG
M])L8\;P/$2P70O,:!^?EBZ,&31A.(IK2V%QIM*^1*5;MM:IIC6Q:H5\_K#+H
MC0PZ:U *<6I6(Y-%RS,=8<[F-++A/7DX1!5IGC5]:0:)\W9!U1K7DOCZ+-;,
ML:@1RVUKK7%556Y9.WA> 3:SJ:DH>Y7DA"0I#92)=NT0XY?%8BZ9B=,GXG0R
M<6)0D(."$N3W\1X.$G+=BO1Q\,ULC3+XQCO#1U[NT'-XIPF.W=-AOU@KC#2:
MD,:F-!T"PS$9>3(_Y0B[QO6.3P_<;6)V2V;WH(T_.8??Q$%KK878/>1Q6HM;
M"YHPS/+BYI3&YIJU%K,U+DVMUF(&O9&!TMIT(P1>J;R8UVKDI90WXPW:U&*P
M.NPUZ? 484@SR)_388QO7%E6AS$6-6(1MW"-:\SJL(6(#I-(B=5AHK]-62K1
M^8V,GT1--KG!1%-GN;><U<A8V>SX<O+_]/D/CF1<M-\;RM'EM$K3E.<_:L<L
MGO_H&@Y[(';>BB&>_RR"6C)YZM-:Q3L@BB=!('NK4DO^&(TCO(E;JXHJ*^JJ
M1 =J&U+R" ;CG'YO?XA7%7^-[X]0"]9NYO;-8#),M$*JK=^06FGDEVA]*[&9
M5VU[>^_.A_;.N[M[))]*S5DKL557E393*[6PB9=W.L60=$G>,3:RMJK6MY7H
M7VI86XG5O,JVG1F_%K%LN!7<4H>,D!BF%(BUL&[NI9.O3+B\N2&]M/7!!QB=
M68A68B&DE]Z_8R?WDX'5RB=G3(1>X,DH9-^)G<JDBZ&$8P_9<6B3^O;-T#W$
M?4K477XXB0%LKSKW5MLW1^-PW^W%4=D=UX=MOU4N0=$'=1>+3>Z'PWVXIG*]
M^>?M;;NVM^WZWEIRST?#N+5Z^ZVW-N"UV^]_] K49%/&>_G_K7&/%]'V?W<N
M#F":_;<4E;7_EB;L_T+H,;/_48_V!8E1E'<L;(0MV@BGMMN^O7/GS:T=^\[;
M;^_>VK/WMM[<N65?ORNO8?S/,[O>1TZ?MA\W;]_9PQR47TA0>IIMM=.!Y XA
MNSO5R42]LYU,M<T4?H:3R;X2GHOZFSI)=G%/W7-*LIM)\J+^Z^8'.WOU/HQQ
MJL*=+=R=%?8?#?WY1/\SQ/^&P=I_S5*%_5\$S='^>U/LOS<E_D\T[];[V[:]
M1H?H:VJ;KOV?PG^^\8LF .43@LJ,RYN\B2)U9QA0[XE( )(U8 UF<K.P8,HE
MF4NVJ^VZKD3H?QZJVO_Y1/_3[;]I6:S]U[6.L/^+H,?,_L\Q_B_M4F/XOU87
M_V.'L'89&<":SC9["3G 5)<S[QQ@5A?V).4 3Y-'8Y[_AY=@4CB:8O\US2Q_
M_ZMI!K'_AF4)^[\(^LVMG;>7EI:*\A)8!DN5^H-GTJN>_+T&O@&^3O'O_GT%
M_SU^G?P%\0LGGRV?_O/XP<KQ:V#R[[L/3DX>X-M7BK8!2!P*OC[\S^GI*;Z>
M9@38O8VW9G1_$#LNOL;C]'J0?R,6!,ACU,^^$>T'LAM%0!Z&,0+)HXD4D'Y+
M# %(E127PL$ *U2=/*IS7P'_.GV>JEL"WZN4G\%EE:IO@3?P%5;JWZ/JE\%/
MJ?(54"5:\J2\S)17F/*S3/DYILRVWV+*V'Z4CA_07A[4/LL!U#,*4#YN I0I
M!M2#$S [$?D2*>0SN8D_/ZC4?RN[DGO5V?QA):U[/N,GDB*SOYZ5<TGZ3'^Y
M1-4,/PUGXL_7*O<)[CN5<KZ"-YAY'.'/LS6X-YEY_&4E'<?S&6\^CQUF'I]6
MQE0=WRZ#^UT#[F> WNN_QY]OUXSOQ4I;A/Z(/UX-CER? 4P%_KP TG59R:XM
MICW"%-2T1]I:RF1!KDG[M#H(N@1B__\SCP!@FO_75<[_6ZKP_PNA:?[_;U/\
M_X]W'Y++W=\^(,KY^3$I?#Y:.3Y: ?$W3TY./GL.QP/_6#G>)/' +QZ<4/"[
M#^IC@T=?C=C@-E7? A^1.5;J?TG5+X,A59X6&RP^5JC&.HD?/G?L4)=?SC>B
MJ(LGWF#G ?AXXB$6WW?!]'CB4Z:_IGBB"<?&$P0W2SSQ!9@MGB"@6>*)/X'9
MXHD_-^#8>.)+,%L\\5<P6SSQ?7P#9O'$BZ YGKB!F7Y=TQ[)E*47,Q[,W,W*
MR=H^Q7$%]?^_N63_,^3_AL[Z?\W4A?]?!$WS__[4_)\XZ^/7R=_3(O]_=/S:
MZ6SY?T&7Z^/)8\D4D'Y;4/Y_!6P".O]_EZI?!C^ARJR/?6SS?Z^2_Y>/0T'Y
MI)ESUN633# K733W_^(KDOM_^13F_C[#EMT6N?^"B/[_[WP"@ OD_[HB?O^S
M$)I/_O_H^.C1:27_?W2\>7K^_+^@)S0VH//_*V /T/F_3=4O@P%5GA8;/#'Y
MOS<U_Y];1"'R_Z<Q__^DICV1_]<3\___N1P!-?WW7^7['T;R^R]-[0C_OQ"2
MRI]^7.P0J.PPIHP:7F=ECG9(:;:C'?)3"%*:_5 '/6>9Y3B'=#QG'^>0TDS'
M.:3-G?LXAY3M',<YI SG/,XA93KW<0XIVTS'.4R??M[<[,<YI/C9CG-(L;,=
MYY!B9SO.(2&-.<YAR_?'*(J@<J2IL!?!<!(3_7##R="/IKX=7E&;RG\WRK?$
MLSY)??6%5VWSLG[+G-K_#V]M;?_HUB4UR=$4^P]-I?S]KY78?T47Y_\MAM[I
MM27IW1AO3#2(8'R K3[>$'C_#7&R! ^<H=]'$OO2UZOISSZE<6__();A5@3O
MAQ/"0YJ!P3@<P- ]Q HR@FMK?J$!"'=%O9^6MYIOA/2-LK/>A)9<A),,%$EG
MH:YKDK05X\D@\HZ<TX?]WO!7O>%^&Q;G7+:I$?=BF+8KG=VN*DF[O4&OCS=,
M?( ;A$X_"K&01B,TQ,(+ZW_Z*L,](M;(&Z-[R(>3D80^1N/[20NR)+TCOR>+
M-Q,$"1(D2) @08($"1(D2) @08($"1(D2) @08($"1(D2) @08($78S^"WT%
&IXH >   
 
end

Re: A serious gas/gld bug

[Jason Merrill]

>>>>> H J Lu <hjl@nynexst.com> writes:

> It is gas/gld who clobbered ebx which is used by 'i'. Here is the test
> case. Jason, could you please verify gas/gld on x86 UnixWare? I am
> curious why you didn't see problem on x86 UnixWare.

They seem to work properly on x86 Unixware.

> It seems that gas/gld cannot handle

> 	.section	.fini/.init

> right. As you can see from objdump --disassemble,

> fini_dummy:
> 	.section        .fini
> 	call __do_global_dtors_aux

> becomes

> 	call __do_global_dtors_aux+2

Hmm.  On UnixWare, it becomes

Disassembly of section .fini:
	call 00000001 <__DTOR_LIST__+1>

which I assume is a reference to the first relocation entry for .fini:

RELOCATION RECORDS FOR [.fini]:
OFFSET   TYPE              VALUE 
00000001 R_386_PLT32       __do_global_dtors_aux

Are there two relocation entries for .fini under Linux-ELF?

> At the final linking, a.out.asm, you can see it become

> 	call __do_global_dtors_aux+1

On UnixWare, the link creating the shared library fixes up the reference to
be an actual call to the function.  It does not seem to be off by one.

objdump -xd libg++.so
...
SYMBOL TABLE:
...
000672f4 l       .text  __do_global_ctors_aux
...
0001eadc l       .text  __do_global_dtors_aux
...
Disassembly of section .init:
0001cc14 <_init> call   000672f4 <__do_global_ctors_aux>
0001cc19 <_init+5> ret    $0x0
...
Disassembly of section .fini:
00067350 <_fini> call   0001eadc <__do_global_dtors_aux>
00067355 <_fini+5> ret    $0x0
...

> Similar thing also happens to __do_global_ctors_aux. That screwed up
> everything since it skip the very importmant

> 	push	%ebx

Did this happen when you were stepping through at runtime?

Jason