[Bug target/47619] New: ICE in printf() with -fsplit-stack enabled.

[Bug target/47619] New: ICE in printf() with -fsplit-stack enabled.

[pluto at agmk dot net]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

           Summary: ICE in printf() with -fsplit-stack enabled.
           Product: gcc
           Version: 4.6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: pluto@agmk.net


$ g++46 0.cpp -Wall -O1 -g2 -fsplit-stack

(gdb) r
Starting program: /home/users/pluto/src/gcc/PRs/a.out
i = 32768, rsp = 0x7fffffffdd30
i = 32767, rsp = 0x7fffffffdc20
i = 32766, rsp = 0x7fffffffdb10
(...)
i = 32705, rsp = 0x7ffff7ff8ab0
i = 32704, rsp = 0x7ffff7ff89a0
i = 32703, rsp = 0x7ffff7ff8890

Program received signal SIGSEGV, Segmentation fault.
_IO_new_file_xsputn (f=0x7ffff763a7a0, data=0x401ae4, n=4) at fileops.c:1288

(gdb) bt 8
#0  _IO_new_file_xsputn (f=0x7ffff763a7a0, data=0x401ae4, n=4) at
fileops.c:1288
#1  0x00007ffff72f3e45 in _IO_vfprintf_internal (s=0x7ffff763a7a0,
format=0x401ae4 "i = %ld, rsp = %p\n", ap=0x7ffff7ff86a0) at vfprintf.c:1314
#2  0x00007ffff72feaba in __printf (format=<value optimized out>) at
printf.c:35
#3  0x0000000000400c89 in foo (i=<value optimized out>) at 0.cpp:7
#4  0x0000000000400ca7 in foo (i=<value optimized out>) at 0.cpp:11
#5  0x0000000000400ca7 in foo (i=<value optimized out>) at 0.cpp:11
#6  0x0000000000400ca7 in foo (i=<value optimized out>) at 0.cpp:11
#7  0x0000000000400ca7 in foo (i=<value optimized out>) at 0.cpp:11

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[pluto at agmk dot net]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #1 from Pawel Sikora <pluto at agmk dot net> 2011-02-06 10:17:05 UTC ---
Created attachment 23254
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=23254
testcase.

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[pluto at agmk dot net]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

Pawel Sikora <pluto at agmk dot net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Target|                            |x86_64-gnu-linux
               Host|                            |x86_64-gnu-linux
              Build|                            |x86_64-gnu-linux

--- Comment #2 from Pawel Sikora <pluto at agmk dot net> 2011-02-06 10:19:41 UTC ---
gcc-4.6.0-20110205, binutils-2.21.51.0.6, glibc-2.13.

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

Ian Lance Taylor <ian at airs dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |ASSIGNED
   Last reconfirmed|                            |2011.02.06 19:37:49
                 CC|                            |ian at airs dot com
         AssignedTo|unassigned at gcc dot       |ian at airs dot com
                   |gnu.org                     |
     Ever Confirmed|0                           |1

--- Comment #3 from Ian Lance Taylor <ian at airs dot com> 2011-02-06 19:37:49 UTC ---
Thanks for the bug report.  If you are not using the gold linker, then this
kind of thing is expected behaviour.  The problem is that glibc itself was not
compiled with -fsplit-stack.  gold knows how to fix up that kind of call; the
GNU linker does not.  This is mentioned in the documentation for the
-fsplit-stack option.

So: where you using the gold linker?

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[pluto at agmk dot net]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

Pawel Sikora <pluto at agmk dot net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |INVALID

--- Comment #4 from Pawel Sikora <pluto at agmk dot net> 2011-02-06 20:22:53 UTC ---
(In reply to comment #3)
> Thanks for the bug report.  If you are not using the gold linker, then this
> kind of thing is expected behaviour.  The problem is that glibc itself was not
> compiled with -fsplit-stack.  gold knows how to fix up that kind of call; the
> GNU linker does not.  This is mentioned in the documentation for the
> -fsplit-stack option.
> 
> So: where you using the gold linker?

yup, i'm using the classic (bfd) linker.
the http://gcc.gnu.org/wiki/SplitStacks doesn't explictly mention
that gold linker is required. my fault :(

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #5 from Ian Lance Taylor <ian at airs dot com> 2011-02-07 01:48:58 UTC ---
Good point, I added a note to the wiki page.

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[hjl.tools at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

H.J. Lu <hjl.tools at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |

--- Comment #6 from H.J. Lu <hjl.tools at gmail dot com> 2011-02-07 20:25:37 UTC ---
With GNU gold (GNU Binutils 2.21.51.20110207) 1.11, I got

...
i = 1970, rsp = 0x7fffe615a8b0
make: *** [all] Segmentation fault
[hjl@gnu-6 pr47619]$

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #7 from Ian Lance Taylor <ian at airs dot com> 2011-02-08 15:41:35 UTC ---
Works for me with current mainline gold and eglibc 2.11.1 on Ubuntu Lucid.  Can
you show me the -v line from your link command?

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[hjl.tools at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

H.J. Lu <hjl.tools at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hjl.tools at gmail dot com

--- Comment #8 from H.J. Lu <hjl.tools at gmail dot com> 2011-02-08 15:50:06 UTC ---
I have glibc 2.13 on Fedora 14:

[hjl@gnu-6 pr47619]$ /usr/gcc-4.6/bin/gcc -O -fsplit-stack -B./ -o x x.o -Wl,-v
collect2 version 4.6.0 20110202 (experimental) [trunk revision 169766] (x86-64
Linux/ELF)
./ld --demangle --eh-frame-hdr -m elf_x86_64 -dynamic-linker
/lib64/ld-linux-x86-64.so.2 -o x /usr/lib/../lib64/crt1.o
/usr/lib/../lib64/crti.o
/usr/gcc-4.6/lib/gcc/x86_64-unknown-linux-gnu/4.6.0/crtbegin.o -L.
-L/usr/gcc-4.6/lib/gcc/x86_64-unknown-linux-gnu/4.6.0
-L/usr/gcc-4.6/lib/gcc/x86_64-unknown-linux-gnu/4.6.0/../../../../lib64
-L/lib/../lib64 -L/usr/lib/../lib64
-L/usr/gcc-4.6/lib/gcc/x86_64-unknown-linux-gnu/4.6.0/../../.. x.o -v
--wrap=pthread_create -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc
--as-needed -lgcc_s --no-as-needed
/usr/gcc-4.6/lib/gcc/x86_64-unknown-linux-gnu/4.6.0/crtend.o
/usr/lib/../lib64/crtn.o
GNU gold (GNU Binutils 2.21.51.20110207) 1.11

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #9 from Ian Lance Taylor <ian at airs dot com> 2011-02-08 18:41:53 UTC ---
I just tried glibc 2.12.2 on Fedora 13 and it worked there too.  I don't have a
Fedora 14 system.

This program eats memory and your numbers show it had allocated over 434M when
it crashed for you; do you have a ulimit set?

Otherwise I'm not sure what to suggest without the ability to debug the
program.  I suppose a partial backtrace and some idea of precisely which
instruction was executing at the crash might suggest something (note that the
full backtrace will be huge, and uninteresting).

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[hjl.tools at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #10 from H.J. Lu <hjl.tools at gmail dot com> 2011-02-08 21:07:09 UTC ---
[hjl@gnu-6 pr47619]$ cat x.c 
#include <stdio.h>
#include <string.h>

void foo( long i )
{
    register void* rsp asm( "rsp" );
    printf( "i = %ld, rsp = %p\n", i, rsp );
    char buf[ 256 ];
    memset( buf, 0, sizeof( buf ) );
    if ( i > 0 )
        foo( i - 1 );
}

int main()
{
    foo( 32*1024 );
    return 0;
}
[hjl@gnu-6 pr47619]$ make x
/usr/gcc-4.6/bin/gcc -O -g -fsplit-stack -B./   -c -o x.o x.c
/usr/gcc-4.6/bin/gcc -O -g -fsplit-stack -B./ -o x x.o
[hjl@gnu-6 pr47619]$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 63592
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 63592
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[hjl@gnu-6 pr47619]$ free
             total       used       free     shared    buffers     cached
Mem:       8158716    7916268     242448          0    2117116    3197192
-/+ buffers/cache:    2601960    5556756
Swap:     16777212          0   16777212
i = 1952, rsp = 0x7fffff7ff830

Program received signal SIGSEGV, Segmentation fault.
0x0000003f7d244d8a in vfprintf () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.13-1.0.f14.x86_64
libgcc-4.5.1-4.fc14.x86_64
(gdb) bt
#0  0x0000003f7d244d8a in vfprintf () from /lib64/libc.so.6
#1  0x0000003f7d24faea in printf () from /lib64/libc.so.6
#2  0x0000000000400be9 in foo (i=<value optimized out>) at x.c:7
#3  0x0000000000400c07 in foo (i=<value optimized out>) at x.c:11
#4  0x0000000000400c07 in foo (i=<value optimized out>) at x.c:11
#5  0x0000000000400c07 in foo (i=<value optimized out>) at x.c:11
#6  0x0000000000400c07 in foo (i=<value optimized out>) at x.c:11
...
(gdb) disass
Dump of assembler code for function vfprintf:
   0x0000003f7d244cf0 <+0>:    push   %rbp
   0x0000003f7d244cf1 <+1>:    mov    %rsp,%rbp
   0x0000003f7d244cf4 <+4>:    mov    %rbx,-0x28(%rbp)
   0x0000003f7d244cf8 <+8>:    mov    %r13,-0x18(%rbp)
   0x0000003f7d244cfc <+12>:    mov    %rdi,%rbx
   0x0000003f7d244cff <+15>:    mov    %r14,-0x10(%rbp)
   0x0000003f7d244d03 <+19>:    mov    %r15,-0x8(%rbp)
   0x0000003f7d244d07 <+23>:    mov    %rsi,%r14
   0x0000003f7d244d0a <+26>:    mov    %r12,-0x20(%rbp)
   0x0000003f7d244d0e <+30>:    sub    $0x650,%rsp
   0x0000003f7d244d15 <+37>:    mov    0x350284(%rip),%r15        #
0x3f7d594fa0
   0x0000003f7d244d1c <+44>:    mov    %rdx,%r13
   0x0000003f7d244d1f <+47>:    mov    %fs:(%r15),%eax
   0x0000003f7d244d23 <+51>:    mov    %eax,-0x504(%rbp)
   0x0000003f7d244d29 <+57>:    mov    0xc0(%rdi),%eax
   0x0000003f7d244d2f <+63>:    test   %eax,%eax
   0x0000003f7d244d31 <+65>:    jne    0x3f7d244ec0 <vfprintf+464>
   0x0000003f7d244d37 <+71>:    movl   $0xffffffff,0xc0(%rdi)
   0x0000003f7d244d41 <+81>:    mov    (%rbx),%r12d
   0x0000003f7d244d44 <+84>:    test   $0x8,%r12b
   0x0000003f7d244d48 <+88>:    jne    0x3f7d244f18 <vfprintf+552>
---Type <return> to continue, or q <return> to quit---
   0x0000003f7d244d4e <+94>:    test   %r14,%r14
   0x0000003f7d244d51 <+97>:    je     0x3f7d244ef0 <vfprintf+512>
   0x0000003f7d244d57 <+103>:    test   $0x2,%r12b
   0x0000003f7d244d5b <+107>:    jne    0x3f7d244f00 <vfprintf+528>
   0x0000003f7d244d61 <+113>:    mov    0x0(%r13),%rax
   0x0000003f7d244d65 <+117>:    mov    $0x25,%esi
   0x0000003f7d244d6a <+122>:    mov    %r14,%rdi
   0x0000003f7d244d6d <+125>:    mov    %rax,-0xf0(%rbp)
   0x0000003f7d244d74 <+132>:    mov    0x8(%r13),%rax
   0x0000003f7d244d78 <+136>:    mov    %rax,-0xe8(%rbp)
   0x0000003f7d244d7f <+143>:    mov    0x10(%r13),%rax
   0x0000003f7d244d83 <+147>:    mov    %rax,-0xe0(%rbp)
=> 0x0000003f7d244d8a <+154>:    callq  0x3f7d289750 <strchrnul>
   0x0000003f7d244d8f <+159>:    and    $0x8000,%r12d
   0x0000003f7d244d96 <+166>:    mov    %rax,-0x510(%rbp)
   0x0000003f7d244d9d <+173>:    movl   $0x0,-0x508(%rbp)
   0x0000003f7d244da7 <+183>:    jne    0x3f7d244e1c <vfprintf+300>

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #11 from Ian Lance Taylor <ian at airs dot com> 2011-02-08 21:29:59 UTC ---
Thanks.  Can you also disassemble the start of the function foo in the
executable?

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[hjl.tools at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #12 from H.J. Lu <hjl.tools at gmail dot com> 2011-02-08 21:31:12 UTC ---
(gdb) disass foo
Dump of assembler code for function foo:
   0x0000000000400ba4 <+0>:    lea    -0x4108(%rsp),%r11
   0x0000000000400bac <+8>:    cmp    %fs:0x70,%r11
   0x0000000000400bb5 <+17>:    jae    0x400bc9 <foo+37>
   0x0000000000400bb7 <+19>:    mov    $0x108,%r10d
   0x0000000000400bbd <+25>:    mov    $0x0,%r11d
   0x0000000000400bc3 <+31>:    callq  0x400c48 <__morestack_non_split>
   0x0000000000400bc8 <+36>:    retq   
   0x0000000000400bc9 <+37>:    push   %rbx
   0x0000000000400bca <+38>:    sub    $0x100,%rsp
   0x0000000000400bd1 <+45>:    mov    %rdi,%rbx
   0x0000000000400bd4 <+48>:    mov    %rsp,%rdx
   0x0000000000400bd7 <+51>:    mov    %rdi,%rsi
   0x0000000000400bda <+54>:    mov    $0x4019e4,%edi
   0x0000000000400bdf <+59>:    mov    $0x0,%eax
   0x0000000000400be4 <+64>:    callq  0x4009c8 <printf@plt>
   0x0000000000400be9 <+69>:    mov    $0x20,%ecx
   0x0000000000400bee <+74>:    mov    $0x0,%eax
   0x0000000000400bf3 <+79>:    mov    %rsp,%rdi
   0x0000000000400bf6 <+82>:    rep stos %rax,%es:(%rdi)
   0x0000000000400bf9 <+85>:    test   %rbx,%rbx
   0x0000000000400bfc <+88>:    jle    0x400c07 <foo+99>
   0x0000000000400bfe <+90>:    lea    -0x1(%rbx),%rdi
---Type <return> to continue, or q <return> to quit---
   0x0000000000400c02 <+94>:    callq  0x400ba4 <foo>
   0x0000000000400c07 <+99>:    add    $0x100,%rsp
   0x0000000000400c0e <+106>:    pop    %rbx
   0x0000000000400c0f <+107>:    retq   
End of assembler dump.
(gdb)

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #13 from Ian Lance Taylor <ian at airs dot com> 2011-02-09 01:33:53 UTC ---
I'm stumped.  Everything looks OK, but it also looks like the stack is getting
overrun.  The function foo is asking for 0x4000 bytes in addition to what it
needs itself; that should be enough to run printf.  I don't know why this is
failing.

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #14 from Ian Lance Taylor <ian at airs dot com> 2011-02-14 21:32:08 UTC ---
I built current binutils mainline on a Fedora 14 x86_64 system using
--enable-gold.  I built current gcc mainline on the same system using --with-ld
to point it at the newly built gold linker.  I compiled and ran the test case,
and it worked fine.  There must be some difference between your system, but I
don't know what it is.

Can you attach the a.out, the libc.so that it uses, and the core dump?  Perhaps
I will be able to see something.

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #15 from Ian Lance Taylor <ian at airs dot com> 2011-03-09 05:18:36 UTC ---
H.J., are you still seeing this?  Everything seems fine for me on Fedora 14 and
every other system I've tried it on.

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[hjl.tools at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #16 from H.J. Lu <hjl.tools at gmail dot com> 2011-03-09 07:16:39 UTC ---
(In reply to comment #15)
> H.J., are you still seeing this?  Everything seems fine for me on Fedora 14 and
> every other system I've tried it on.

I still see it on Fedora 14/x86-64 with glibc 2.13-1 and kernel
2.6.35.11-83.fc14

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #17 from Ian Lance Taylor <ian at airs dot com> 2011-03-09 14:11:36 UTC ---
I have the exact same glibc and kernel versions on FC14, and I don't see it.

Can you attach your executable and your core dump?

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[hjl.tools at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

--- Comment #18 from H.J. Lu <hjl.tools at gmail dot com> 2011-03-09 15:11:38 UTC ---
(In reply to comment #17)
> I have the exact same glibc and kernel versions on FC14, and I don't see it.
> 
> Can you attach your executable and your core dump?

I think it may have something to do with system configuration.
The same binary works on another Fedora 13.

[Bug target/47619] ICE in printf() with -fsplit-stack enabled.

[ian at airs dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47619

Ian Lance Taylor <ian at airs dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |WORKSFORME

--- Comment #19 from Ian Lance Taylor <ian at airs dot com> 2011-04-01 00:30:07 UTC ---
Please reopen if you can get more information about this problem.