public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption @ 2006-09-21 13:34 matz at gcc dot gnu dot org 2006-09-21 13:35 ` [Bug middle-end/29166] " matz at gcc dot gnu dot org ` (8 more replies) 0 siblings, 9 replies; 10+ messages in thread From: matz at gcc dot gnu dot org @ 2006-09-21 13:34 UTC (permalink / raw) To: gcc-bugs Attached is a testcase which shows that some registers are clobbered over throwing/catching an exception: bash>c++ unwind_test.cpp bash>./a.out Checksum not OK ( 42895 != 58377 ). Register corruption in stack unwinding. In the debugger you can see, that the fixed integer registers r4-r7 are not reset correctly during stack unwinding. The value of the callee-saved registers r4-r7 differ before and after the call to test() from main(). This error was reported against gcc-3.3.3 but still happens with gcc 4.1. -- Summary: broken unwind information for many life variables resulting in register corruption Product: gcc Version: 4.1.2 Status: UNCONFIRMED Keywords: EH Severity: normal Priority: P3 Component: middle-end AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: matz at gcc dot gnu dot org GCC host triplet: ia64-linux http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org @ 2006-09-21 13:35 ` matz at gcc dot gnu dot org 2006-09-21 13:39 ` matz at gcc dot gnu dot org ` (7 subsequent siblings) 8 siblings, 0 replies; 10+ messages in thread From: matz at gcc dot gnu dot org @ 2006-09-21 13:35 UTC (permalink / raw) To: gcc-bugs ------- Comment #1 from matz at gcc dot gnu dot org 2006-09-21 13:35 ------- Created an attachment (id=12303) --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=12303&action=view) Breaking testcase. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org 2006-09-21 13:35 ` [Bug middle-end/29166] " matz at gcc dot gnu dot org @ 2006-09-21 13:39 ` matz at gcc dot gnu dot org 2006-09-21 13:40 ` matz at gcc dot gnu dot org ` (6 subsequent siblings) 8 siblings, 0 replies; 10+ messages in thread From: matz at gcc dot gnu dot org @ 2006-09-21 13:39 UTC (permalink / raw) To: gcc-bugs ------- Comment #2 from matz at gcc dot gnu dot org 2006-09-21 13:39 ------- Some more analysis of the original bugreport ( https://bugzilla.novell.com/show_bug.cgi?id=201157 ) : For gcc version 4.1.2 20060731 (prerelease) (SUSE Linux), r4-r7 contain before the call: 86, 87, 88, 89 and after the call: 87, 88, 89, 4611686018427403552 (gdb) p/x $r7 $2 = 0x4000000000003d20 (gdb) info symbol $r7 test() + 64 in section .text (gdb) b *$r7 Breakpoint 4 at 0x4000000000003d20: file unw.cc, line 85. (gdb) l 85 80 } 81 82 void test() 83 { 84 try { 85 doIt(); 86 } catch( Ex& ) { } 87 } 88 89 int main(char** argv, int argc) The address in r7 is the return address of the call. I googled a bit for "unwind ia64 r4" and found e.g. this: http://www.gelato.unsw.edu.au/archives/linux-ia64/0506/14430.html This is a patch for the kernel, but it's about using some wrong code in it's own unwinder leading to clobber r4-7, so perhaps similar code is used in libunwind? Looks like the unwind information is broken, the addresses for the register contents for r4-r7 is off-by-8. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org 2006-09-21 13:35 ` [Bug middle-end/29166] " matz at gcc dot gnu dot org 2006-09-21 13:39 ` matz at gcc dot gnu dot org @ 2006-09-21 13:40 ` matz at gcc dot gnu dot org 2006-11-15 15:52 ` [Bug target/29166] " matz at gcc dot gnu dot org ` (5 subsequent siblings) 8 siblings, 0 replies; 10+ messages in thread From: matz at gcc dot gnu dot org @ 2006-09-21 13:40 UTC (permalink / raw) To: gcc-bugs ------- Comment #3 from matz at gcc dot gnu dot org 2006-09-21 13:40 ------- Hmpf. I wonder if there's any tool to really inspect the unwind info, like it is possible for dwarf. But readelf doesn't help very much: % readelf -wf a.out <nothing, no wonder, it's no dwarf> % readelf -u a.out ... <_Z4doItv>: [0x4000000000000b00-0x4000000000003ce0], info at +0x87b0 v1, flags=0x0 (), len=40 bytes R2:prologue_gr(mask=[psp],grsave=r119,rlen=49) P5:frgr_mem(grmask=[r4,r5,r6,r7],frmask=[f2,f3,f4,f5,f16,f17,f18,f19,f20,f21,f22,f23,f24,f25,f26,f27,f28,f29,f30,f31]) P4:spill_mask(imask=[---,---,---,---,rr-,rr-,-f-,ff-,ff-,ff-,ff-,ff-,ff-,ff-,ff-,ff-,f]) P7:mem_stack_v(t=3) P7:unat_when(t=7) P7:unat_psprel(pspoff=0x10-0x180) P7:pfs_when(t=9) P7:pfs_psprel(pspoff=0x10-0x178) P7:rp_when(t=18) P7:rp_psprel(pspoff=0x10-0x148) R3:body(rlen=2345) R1:prologue(rlen=0) R1:prologue(rlen=0) <_Z4testv>: [0x4000000000003ce0-0x4000000000003db0], info at +0x87e0 v1, flags=0x3 ( ehandler uhandler), len=16 bytes R2:prologue_gr(mask=[rp,ar.pfs,psp],grsave=r32,rlen=5) P7:pfs_when(t=0) P7:mem_stack_v(t=1) P7:rp_when(t=4) R3:body(rlen=34) B2:epilogue(t=2,ecount=0) R1:prologue(rlen=0) R1:prologue(rlen=0) R1:prologue(rlen=0) I traced the things in libunwind a bit, and know that the one writing the wrong location of R4-7 into context->loc is the IA64_INSN_ADD_PSP_NAT unwind script instruction, interpreted in _ULia64_find_save_locs (in run_script actually). And it happens while context still is set to the doIt() function. But I have no idea, how that script is generated, or how it relates to the assembler file. For instance, the start of doIt() has this code: .save.g 0x1 .mem.offset 344, 0 // st8.spill [r18] = r4, 16 //, ;; .save.g 0x2 .mem.offset 336, 0 // st8.spill [r17] = r5, 16 //, .save.g 0x4 .mem.offset 328, 0 // st8.spill [r18] = r6, 16 //, ;; .save.g 0x8 .mem.offset 320, 0 // st8.spill [r17] = r7, 16 //, I assume (because there are no explicit unwind sections in the assembler source) that these .save.g and .mem.offset somehow are pseudo instructions which somehow produce unwind info. But I'm at a loss here. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org ` (2 preceding siblings ...) 2006-09-21 13:40 ` matz at gcc dot gnu dot org @ 2006-11-15 15:52 ` matz at gcc dot gnu dot org 2006-11-24 22:20 ` patchapp at dberlin dot org ` (4 subsequent siblings) 8 siblings, 0 replies; 10+ messages in thread From: matz at gcc dot gnu dot org @ 2006-11-15 15:52 UTC (permalink / raw) To: gcc-bugs ------- Comment #4 from matz at gcc dot gnu dot org 2006-11-15 15:52 ------- Created an attachment (id=12623) --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=12623&action=view) Assembler code This is the assembler produced by gcc 4.1.0, in case someone needs the full asm to determine something non-matching. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org ` (3 preceding siblings ...) 2006-11-15 15:52 ` [Bug target/29166] " matz at gcc dot gnu dot org @ 2006-11-24 22:20 ` patchapp at dberlin dot org 2006-11-24 22:31 ` pinskia at gcc dot gnu dot org ` (3 subsequent siblings) 8 siblings, 0 replies; 10+ messages in thread From: patchapp at dberlin dot org @ 2006-11-24 22:20 UTC (permalink / raw) To: gcc-bugs ------- Comment #5 from patchapp at dberlin dot org 2006-11-24 22:20 ------- Subject: Bug number PR29166 A patch for this bug has been added to the patch tracker. The mailing list url for the patch is http://gcc.gnu.org/ml/gcc-patches/2006-11/msg01681.html -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org ` (4 preceding siblings ...) 2006-11-24 22:20 ` patchapp at dberlin dot org @ 2006-11-24 22:31 ` pinskia at gcc dot gnu dot org 2007-01-01 22:03 ` schwab at gcc dot gnu dot org ` (2 subsequent siblings) 8 siblings, 0 replies; 10+ messages in thread From: pinskia at gcc dot gnu dot org @ 2006-11-24 22:31 UTC (permalink / raw) To: gcc-bugs -- pinskia at gcc dot gnu dot org changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://gcc.gnu.org/ml/gcc- | |patches/2006- | |11/msg01681.html Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 Keywords| |patch Last reconfirmed|0000-00-00 00:00:00 |2006-11-24 22:31:20 date| | http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org ` (5 preceding siblings ...) 2006-11-24 22:31 ` pinskia at gcc dot gnu dot org @ 2007-01-01 22:03 ` schwab at gcc dot gnu dot org 2007-01-01 22:07 ` schwab at gcc dot gnu dot org 2007-01-01 22:11 ` schwab at suse dot de 8 siblings, 0 replies; 10+ messages in thread From: schwab at gcc dot gnu dot org @ 2007-01-01 22:03 UTC (permalink / raw) To: gcc-bugs ------- Comment #6 from schwab at gcc dot gnu dot org 2007-01-01 22:03 ------- Subject: Bug 29166 Author: schwab Date: Mon Jan 1 22:03:23 2007 New Revision: 120319 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=120319 Log: PR target/29166 * config/ia64/ia64.c (ia64_compute_frame_size): Account space for save of BR0 in extra_spill_size instead of spill_size. (ia64_expand_prologue): Save BR0 outside of the gr/br/fr spill area. (ia64_expand_epilogue): Restore BR0 from its new location. testsuite/: * g++.dg/eh/pr29166.C: New test. Added: trunk/gcc/testsuite/g++.dg/eh/pr29166.C Modified: trunk/gcc/ChangeLog trunk/gcc/config/ia64/ia64.c trunk/gcc/testsuite/ChangeLog -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org ` (6 preceding siblings ...) 2007-01-01 22:03 ` schwab at gcc dot gnu dot org @ 2007-01-01 22:07 ` schwab at gcc dot gnu dot org 2007-01-01 22:11 ` schwab at suse dot de 8 siblings, 0 replies; 10+ messages in thread From: schwab at gcc dot gnu dot org @ 2007-01-01 22:07 UTC (permalink / raw) To: gcc-bugs ------- Comment #7 from schwab at gcc dot gnu dot org 2007-01-01 22:07 ------- Subject: Bug 29166 Author: schwab Date: Mon Jan 1 22:07:30 2007 New Revision: 120320 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=120320 Log: PR target/29166 * config/ia64/ia64.c (ia64_compute_frame_size): Account space for save of BR0 in extra_spill_size instead of spill_size. (ia64_expand_prologue): Save BR0 outside of the gr/br/fr spill area. (ia64_expand_epilogue): Restore BR0 from its new location. testsuite/: * g++.dg/eh/pr29166.C: New test. Added: branches/gcc-4_2-branch/gcc/testsuite/g++.dg/eh/pr29166.C Modified: branches/gcc-4_2-branch/gcc/ChangeLog branches/gcc-4_2-branch/gcc/config/ia64/ia64.c branches/gcc-4_2-branch/gcc/testsuite/ChangeLog -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug target/29166] broken unwind information for many life variables resulting in register corruption 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org ` (7 preceding siblings ...) 2007-01-01 22:07 ` schwab at gcc dot gnu dot org @ 2007-01-01 22:11 ` schwab at suse dot de 8 siblings, 0 replies; 10+ messages in thread From: schwab at suse dot de @ 2007-01-01 22:11 UTC (permalink / raw) To: gcc-bugs ------- Comment #8 from schwab at suse dot de 2007-01-01 22:11 ------- Fixed for 4.2+. -- schwab at suse dot de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED Target Milestone|--- |4.2.0 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29166 ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2007-01-01 22:11 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2006-09-21 13:34 [Bug middle-end/29166] New: broken unwind information for many life variables resulting in register corruption matz at gcc dot gnu dot org 2006-09-21 13:35 ` [Bug middle-end/29166] " matz at gcc dot gnu dot org 2006-09-21 13:39 ` matz at gcc dot gnu dot org 2006-09-21 13:40 ` matz at gcc dot gnu dot org 2006-11-15 15:52 ` [Bug target/29166] " matz at gcc dot gnu dot org 2006-11-24 22:20 ` patchapp at dberlin dot org 2006-11-24 22:31 ` pinskia at gcc dot gnu dot org 2007-01-01 22:03 ` schwab at gcc dot gnu dot org 2007-01-01 22:07 ` schwab at gcc dot gnu dot org 2007-01-01 22:11 ` schwab at suse dot de
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).