[Bug regression/47037] New: 465.tonto Segmentation Fault in memset

[Bug regression/47037] New: 465.tonto Segmentation Fault in memset

[changpeng.fang at amd dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

           Summary: 465.tonto Segmentation Fault in memset
           Product: gcc
           Version: 4.6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: regression
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: changpeng.fang@amd.com


We have a new system and I saw a segmentation fault in memset (with current gcc
trunk).

gfortran -O2 -static (-march=generic64):

(gdb) r < stdin
Starting program:
/local/home/chfang/cpu2006/benchspec/CPU2006/465.tonto/build/build_base_cfangO3.0000/tonto
< stdin

Program received signal SIGSEGV, Segmentation fault.
memset () at ../sysdeps/x86_64/memset.S:496
496    ../sysdeps/x86_64/memset.S: No such file or directory.
    in ../sysdeps/x86_64/memset.S
Current language:  auto
The current source language is "auto; currently asm".
(gdb) bt
#0  memset () at ../sysdeps/x86_64/memset.S:496
#1  0x2020202020202020 in ?? ()
#2  0x2020202020202020 in ?? ()
#3  0x2020202020202020 in ?? ()
#4  0x2020202020202020 in ?? ()
#5  0x2020202020202020 in ?? ()
#6  0x2020202020202020 in ?? ()
#7  0x2020202020202020 in ?? ()
#8  0x2020202020202020 in ?? ()
#9  0x2020202020202020 in ?? ()
#10 0x2020202020202020 in ?? ()
#11 0x2020202020202020 in ?? ()
#12 0x2020202020202020 in ?? ()
#13 0x2020202020202020 in ?? ()
#14 0x2020202020202020 in ?? ()
#15 0x2020202020202020 in ?? ()
#16 0x2020202020202020 in ?? ()
#17 0x2020202020202020 in ?? ()
#18 0x0000000000b613a0 in ?? ()
#19 0x2020202020202020 in ?? ()
#20 0x0000000120202020 in ?? ()
#21 0x2020202000000001 in ?? ()
#22 0x2020202020202020 in ?? ()
#23 0x0000000000b60eb0 in ?? ()
#24 0x0000000000b60b20 in ?? ()
#25 0x0000000000000080 in ?? ()
#26 0x0000000000000001 in ?? ()
#27 0x0000000000411d6c in read_label (self=...) at atom.fppized.f90:1155
#28 0x0000000000415318 in process_keyword (self=..., keyword=<value optimized
out>, _keyword=-11776) at atom.fppized.f90:1028
#29 0x0000000000415b74 in process_keys (self=...) at atom.fppized.f90:1440
#30 0x000000000042d689 in data_length (self=<value optimized out>) at
atomvec.fppized.f90:1388
#31 0x000000000042ed3a in read_data (self=..., ignore_braces=Cannot access
memory at address 0x0
) at atomvec.fppized.f90:1351
#32 0x00000000004314f8 in read_list_keywords (self=...) at
atomvec.fppized.f90:1306
#33 0x00000000006256e5 in read_atoms (self=...) at mol.fppized.f90:9579
#34 0x0000000000647d3e in process_keyword (self=0xb5b490, keyword="atom",
_keyword=<value optimized out>) at mol_main.fppized.f90:3836
#35 0x0000000000648418 in read_keywords (self=0xb5b490) at
mol_main.fppized.f90:3807
#36 0x0000000000648489 in main (self=0xb5b490) at mol_main.fppized.f90:3744
#37 0x00000000006b9ea2 in run_mol () at run_mol.fppized.f90:125
#38 main () at run_mol.fppized.f90:22
#39 0x0000000000000000 in ?? ()

[Bug regression/47037] 465.tonto Segmentation Fault in memset

[changpeng.fang at amd dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

--- Comment #1 from Changpeng Fang <changpeng.fang at amd dot com> 2010-12-22 00:55:35 UTC ---
Initially I thought it is a glibc bug, but seems it is not:

(1) A workaround flag is -fno-caller-saves
(2) The compile binary (NOTE: with -static) runs correctly on other systems

The bad code is in atom.fppized:

 subroutine set_label_and_atomic_number(self,label)
    type(atom_type) :: self
    !Set an type(atom_type) "label" and extract the atomic number from it.
      character(*) :: label
      integer(kind=kind(1)) :: lensym,z
      character(128) :: symbol
      logical(kind=kind(.true.)) :: error

      self%label = label


The memset is for the label copy:

.LBB633:
        .loc 1 967 0 discriminator 2
        movq    %r13, %rdx
        movq    %rbx, %rsi
        movq    %rsp, %rdi
        call    memcpy
        movl    $128, %edx
        leaq    (%rsp,%r13), %rdi ## <---- bad address
        movl    $32, %esi
        subq    %r13, %rdx
        movq    %rsp, %r12
        call    memset
        jmp     .L707
.LVL646:
        .p2align 4,,10
        .p2align 3
.L717:


Looks like %rsp value is not correct (stack corrupted).

[Bug regression/47037] 465.tonto Segmentation Fault in memset

[tkoenig at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

Thomas Koenig <tkoenig at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tkoenig at gcc dot gnu.org

--- Comment #2 from Thomas Koenig <tkoenig at gcc dot gnu.org> 2010-12-23 09:13:59 UTC ---
Can you supply a simplified test case?

This might be a gfortran bug, but it's hard to tell.

[Bug regression/47037] 465.tonto Segmentation Fault in memset with -fcaller-saves (default at -O2 or higher)

[changpeng.fang at amd dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

Changpeng Fang <changpeng.fang at amd dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|465.tonto Segmentation      |465.tonto Segmentation
                   |Fault in memset             |Fault in memset with
                   |                            |-fcaller-saves (default at
                   |                            |-O2 or higher)

--- Comment #3 from Changpeng Fang <changpeng.fang at amd dot com> 2010-12-23 18:05:02 UTC ---
.LBB633:
        .loc 1 967 0 discriminator 2
        movq    %r13, %rdx
        movq    %rbx, %rsi
        movq    %rsp, %rdi
        call    memcpy
        movl    $128, %edx
        leaq    (%rsp,%r13), %rdi ## <---- bad address
        movl    $32, %esi
        subq    %r13, %rdx
        movq    %rsp, %r12
        call    memset
        jmp     .L707
.LVL646:
        .p2align 4,,10
        .p2align 3


Actually, the segfault is in copying label to symbol at line 967:

character(128) :: symbol
symbol = label(1:lensym)

The memset is to set the remainder of the 128 bytes to ZEROs. The local code
seems
good to me. It might be that the %rsp is not appropriately set. Anyway, it is
not likely to be a fortran bug because it only occurs at -O2 or higher when
-fcaller-saves is turned on,

[Bug regression/47037] 465.tonto Segmentation Fault in memset with -fcaller-saves (default at -O2 or higher)

[changpeng.fang at amd dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

--- Comment #4 from Changpeng Fang <changpeng.fang at amd dot com> 2010-12-23 18:08:44 UTC ---
(In reply to comment #2)
> Can you supply a simplified test case?
> 

The difficulty is that the bug only shows up on a new AMD system (bobcat). The
compiled binary on bobcat can run correctly on other systems.

[Bug regression/47037] 465.tonto Segmentation Fault in memset with -fcaller-saves (default at -O2 or higher)

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2010.12.28 16:06:39
     Ever Confirmed|0                           |1

--- Comment #5 from Richard Guenther <rguenth at gcc dot gnu.org> 2010-12-28 16:06:39 UTC ---
Does your glibc have CPU specific optimizations?

[Bug regression/47037] 465.tonto Segmentation Fault in memset with -fcaller-saves (default at -O2 or higher)

[changpeng.fang at amd dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

--- Comment #6 from Changpeng Fang <changpeng.fang at amd dot com> 2011-01-03 21:59:44 UTC ---
(In reply to comment #5)
> Does your glibc have CPU specific optimizations?

I don't think so. 

The OS is SLES 11, SP1. The machine (bobcat) indeed does not
support some instructions that K8 supports.

gcc (4.3, coming up with the systems) works fine.

[Bug regression/47037] 465.tonto Segmentation Fault in memset with -fcaller-saves (default at -O2 or higher)

[hjl.tools at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

--- Comment #7 from H.J. Lu <hjl.tools at gmail dot com> 2011-01-03 22:04:06 UTC ---
(In reply to comment #6)
> The OS is SLES 11, SP1. The machine (bobcat) indeed does not
> support some instructions that K8 supports.
> 

Which instructions are missing in Bobcat?

[Bug regression/47037] 465.tonto Segmentation Fault in memset with -fcaller-saves (default at -O2 or higher)

[changpeng.fang at amd dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

--- Comment #8 from Changpeng Fang <changpeng.fang at amd dot com> 2011-01-03 22:30:22 UTC ---

> 
> Which instructions are missing in Bobcat?

At least 3DNow instructions.

[Bug regression/47037] 465.tonto Segmentation Fault in memset with -fcaller-saves (default at -O2 or higher)

[pinskia at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47037

--- Comment #9 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-02-02 08:12:54 UTC ---
Does this work now?