From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2441 invoked by alias); 7 Feb 2002 20:06:02 -0000 Mailing-List: contact gcc-prs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-prs-owner@gcc.gnu.org Received: (qmail 2374 invoked by uid 71); 7 Feb 2002 20:06:01 -0000 Resent-Date: 7 Feb 2002 20:06:01 -0000 Resent-Message-ID: <20020207200601.2373.qmail@sources.redhat.com> Resent-From: gcc-gnats@gcc.gnu.org (GNATS Filer) Resent-To: nobody@gcc.gnu.org Resent-Cc: gcc-prs@gcc.gnu.org, gcc-bugs@gcc.gnu.org Resent-Reply-To: gcc-gnats@gcc.gnu.org, emaste@sandvine.com Received:(qmail 25758 invoked by uid 61); 7 Feb 2002 19:57:22 -0000 Message-Id:<20020207195722.25756.qmail@sources.redhat.com> Date: Thu, 07 Feb 2002 12:06:00 -0000 From: emaste@sandvine.com Reply-To: emaste@sandvine.com To: gcc-gnats@gcc.gnu.org X-Send-Pr-Version:gnatsweb-2.9.3 (1.1.1.1.2.31) Subject: libstdc++/5625: exception unwinding creates invalid pointer on mips X-SW-Source: 2002-02/txt/msg00180.txt.bz2 List-Id: >Number: 5625 >Category: libstdc++ >Synopsis: exception unwinding creates invalid pointer on mips >Confidential: no >Severity: serious >Priority: medium >Responsible: unassigned >State: open >Class: sw-bug >Submitter-Id: net >Arrival-Date: Thu Feb 07 12:06:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Ed Maste >Release: 3.0.3 >Organization: >Environment: host is CYGWIN_NT-5.0 EMASTE-PC1 1.3.9(0.51/3/2) 2002-01-21 12:48 i686 unknown gcc configured with --target=mips-wrs-vxworks --enable-threads >Description: I've discovered what I believe to be a bug in the exception unwinding code of gcc 3.0.3. I wrote a short test function (attached) with just a try & catch in a function, and the unwinder crashes at run time. I've traced the unwinding through to the call to the C++ personality function in eh_personality.cc. At the end of the personality function, _Unwind_SetGR is called to set up a pointer to the exceptionObject for the call to __cxa_begin_catch later on (eh_personality.cc:393): _Unwind_SetGR (context, __builtin_eh_return_data_regno (0), (_Unwind_Ptr) &xh->unwindHeader); _Unwind_SetGR takes an _Unwind_Word as its third argument. I'm using a MIPS processor; sizeof(_Unwind_Ptr) is 32 bits, and sizeof(_Unwind_Word) is 64 bits. _Unwind_Word is an unsigned type (unwind.h:32): typedef unsigned _Unwind_Word __attribute__((__mode__(__word__))); When gcc generates the call to _Unwind_SetGR in the personality function, it takes the &xh->unwindHeader and zero-extends it to 64 bits. Later on, the generated code for my "catch" calls __cxa_begin_catch, and the result of the _Unwind_SetGR is in the a0 register. __cxa_begin_catch tries to read a value from the exceptionObject. The beginning of __cxa_begin_catch looks like this (mips assembly): __cxa_begin_catch: addiu sp,sp,-48 sd s0,32(sp) sd ra,40(sp) jal __cxa_get_globals addiu s0,a0,-48 lw v1,20(s0) So here's the problem: addiu requires its register operand to be a valid 64-bit sign extended representation of a 32-bit value; if it is not, the result is unpredictable[1]. The zero-extended version that the compiler generates violates this rule. This problem won't show up with user pointers that end up < 0x80000000; in kernel mode my pointers are >= 0x80000000. It seems that almost all MIPS processors implement addiu as "do a 32 bit add and then sign extend" so the unpredictable behaviour produces the expected result. The processor I'm working with has different unpredictable behaviour (the result of the addiu still has zeros in bits 63-32), so the "lw" instruction following causes a MIPS processor exception. [1] http://www.mips.com/publications/documentation/MD00087-2B-MIPS64BIS-AFP-00.95.pdf, page 39 >How-To-Repeat: Try to throw and catch a c++ exception on a 64 bit MIPS processor where memory is mapped in at 0x80000000 and up (i.e. kseg0) using 32 bit pointers. The MIPS addiu instruction gets used with a register that results in "unpredictable" behaviour. >Fix: The following quick hack works for me but isn't generally applicable: --- eh_personality.cc@@/main/1 Wed Jan 23 22:58:24 2002 +++ eh_personality.cc Thu Feb 7 13:20:06 2002 @@ -391,7 +391,7 @@ } _Unwind_SetGR (context, __builtin_eh_return_data_regno (0), - (_Unwind_Ptr) &xh->unwindHeader); + (_Unwind_Sword)((int) &xh->unwindHeader)); _Unwind_SetGR (context, __builtin_eh_return_data_regno (1), handler_switch_value); _Unwind_SetIP (context, landing_pad); >Release-Note: >Audit-Trail: >Unformatted: