From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id C65103858D35; Mon,  9 Oct 2023 02:17:55 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C65103858D35
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1696817875;
	bh=AJuNMyuiNH6J2ItdTkaS4HO4EaOkiu2lga7dBDBKvwE=;
	h=From:To:Subject:Date:From;
	b=qrOrHQNY982DLJSvWJkDaL6asJHY2n2+mMuvD9soh1w06KGR9wAduiSgr2yF+xamn
	 n8y2Nhc/hM7rnZEUTvqnXclGdLXca7JB9+ZiZTvvptVPRyxxKHo9eU0EjE8MbFY6dR
	 mtxaWbgB4Igx5yGQZuicVhgg97B3hZrlh3y4wrZA=
From: "crazylht at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libgcc/111731] New: [13/14 regression] gcc_assert is hit at
 libgcc/unwind-dw2-fde.c#L291
Date: Mon, 09 Oct 2023 02:17:55 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: libgcc
X-Bugzilla-Version: 14.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: crazylht at gmail dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-111731-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D111731

            Bug ID: 111731
           Summary: [13/14 regression] gcc_assert is hit at
                    libgcc/unwind-dw2-fde.c#L291
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libgcc
          Assignee: unassigned at gcc dot gnu.org
          Reporter: crazylht at gmail dot com
  Target Milestone: ---

The issue is not solved by PR110956'fix.

I did some debugging with gdb, and here are the logs:

The first time gdb stop at
https://github.com/gcc-mirror/gcc/blob/master/libgcc/unwind-dw2-fde.c#L143

=E2=94=82   138           ob->next =3D unseen_objects;=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20
=E2=94=82   139           unseen_objects =3D ob;=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20
=E2=94=82   140=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20
=E2=94=82   141           __gthread_mutex_unlock (&object_mutex);=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
=E2=94=82   142         #endif=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
=E2=94=82  >143         }=20=20=20=20=20=20=20=20=20=20=20=20

(gdb) frame
#0  __register_frame_info_bases (begin=3D0x7fffd551e000, ob=3D0x1e386d0, tb=
ase=3D0x0,
dbase=3D0x0) at ../../../libgcc/unwind-dw2-fde.c:143
(gdb) p registered_frames->root->entry_count
$31 =3D 2
(gdb) p registered_frames->root->content.entries[0]
$32 =3D {base =3D 140736772300800, size =3D 1, ob =3D 0x1e386d0}
(gdb) p registered_frames->root->content.entries[1]
$33 =3D {base =3D 140736772317184, size =3D 178483158, ob =3D 0x1e386d0}

The second time gdb stop at
https://github.com/gcc-mirror/gcc/blob/master/libgcc/unwind-dw2-fde.c#L143

=E2=94=82   138           ob->next =3D unseen_objects;=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20
=E2=94=82   139           unseen_objects =3D ob;=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20
=E2=94=82   140=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20
=E2=94=82   141           __gthread_mutex_unlock (&object_mutex);=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
=E2=94=82   142         #endif=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
=E2=94=82  >143         }=20=20=20=20

(gdb) frame
#0  __register_frame_info_bases (begin=3D0x7fffd409c000, ob=3D0x26b2e00, tb=
ase=3D0x0,
dbase=3D0x0) at ../../../libgcc/unwind-dw2-fde.c:143
(gdb) p registered_frames->root->entry_count
$34 =3D 4
(gdb) p registered_frames->root->content.entries[0]
$35 =3D {base =3D 140736750796800, size =3D 1, ob =3D 0x26b2e00}
(gdb) p registered_frames->root->content.entries[1]
$36 =3D {base =3D 140736750817280, size =3D 199987168, ob =3D 0x26b2e00}
(gdb) p registered_frames->root->content.entries[2]
$37 =3D {base =3D 140736772300800, size =3D 1, ob =3D 0x1e386d0}
(gdb) p registered_frames->root->content.entries[3]
$38 =3D {base =3D 140736772317184, size =3D 178483158, ob =3D 0x1e386d0}

The first time gdb stop at unexpected line
https://github.com/gcc-mirror/gcc/blob/master/libgcc/unwind-dw2-btree.h#L82=
9:

=E2=94=82   825           unsigned slot =3D btree_node_find_leaf_slot (iter=
, base);=20=20=20=20=20=20=20
=E2=94=82   826           if ((slot >=3D iter->entry_count) ||
(iter->content.entries[slot].base !=3D base))=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20
=E2=94=82   827             {=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
=E2=94=82   828               // Not found, this should never happen.=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
=E2=94=82  >829               btree_node_unlock_exclusive (iter);=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
=E2=94=82   830               return NULL;=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20
=E2=94=82   831             }=20

(gdb) p slot
$26 =3D 1
(gdb) p iter->content.entries[slot]
$27 =3D {base =3D 140736750817280, size =3D 199987168, ob =3D 0x26e7900}
(gdb) p iter->content.entries[2]
$28 =3D {base =3D 140736772300800, size =3D 1, ob =3D 0x1e386d0}
We can see that when we try to remove btree node of
0x7fffd551e000(140736772300800).

 The return value of btree_node_find_leaf_slot is 1, but I think it should
return 2.=20


Both btree_insert and btree_remove will call

// Find the position for a slot in a leaf node.
static unsigned
btree_node_find_leaf_slot (const struct btree_node *n, uintptr_type value)
{
  for (unsigned index =3D 0, ec =3D n->entry_count; index !=3D ec; ++index)
   if (n->content.entries[index].base + n->content.entries[index].size > va=
lue)=20
     return index;
  return n->entry_count;
}=20


But

registered_frames->root->content.entries[1].base +
registered_frames->root->content.entries[1].size >
registered_frames->root->content.entries[2].base

registered_frames->root->content.entries[2].base +
registered_frames->root->content.entries[2].size >
registered_frames->root->content.entries[1].base=20

and it makes btree_node_find_leaf_slot return wrong slot(at btree_insert, it
will return slot 1 for base1, and move base2 to slot2, but at btree_remove,=
 it
still return slot 1 bacause of upper logic), I'm not sure if this is the
rootcause.=