Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

[cgd]

The following reply was made to PR libstdc++/5625; it has been noted by GNATS.

From: cgd@broadcom.com
To: echristo@gcc.gnu.org,
	cgd@broadcom.com,
	echristo@gcc.gnu.org,
	echristo@redhat.com,
	emaste@sandvine.com,
	gcc-bugs@gcc.gnu.org,
	gcc-prs@gcc.gnu.org,
	gcc-gnats@gcc.gnu.org
Cc:  
Subject: Re: libstdc++/5625: exception unwinding creates invalid pointer
 on mips
Date: 18 Nov 2002 13:20:32 -0800

 At 18 Nov 2002 20:30:11 -0000, echristo@gcc.gnu.org wrote:
 > Synopsis: exception unwinding creates invalid pointer on mips
 > 
 > State-Changed-From-To: suspended->feedback
 > State-Changed-By: echristo
 > State-Changed-When: Mon Nov 18 12:30:10 2002
 > State-Changed-Why:
 >     Chris,
 >     Can you take a look at this with the mips-rewrite branch please? or did you check your sim changes into the external repository?
 
 All of the relevant sim changes are in the public sim sources.
 
 test with target mipsisa64-elf, target board mips-sim-idt64.
 
 
 chris
 

Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

[neroden]

Synopsis: exception unwinding creates invalid pointer on mips

State-Changed-From-To: feedback->analyzed
State-Changed-By: neroden
State-Changed-When: Tue Mar 11 22:46:59 2003
State-Changed-Why:
    Someone needs to see if it's still valid; can be tested with sim

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=5625

Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

[echristo]

Synopsis: exception unwinding creates invalid pointer on mips

State-Changed-From-To: suspended->feedback
State-Changed-By: echristo
State-Changed-When: Mon Nov 18 12:30:10 2002
State-Changed-Why:
    Chris,
    Can you take a look at this with the mips-rewrite branch please? or did you check your sim changes into the external repository?
    
    -eric

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=5625

Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

[bkoz]

Synopsis: exception unwinding creates invalid pointer on mips

State-Changed-From-To: feedback->suspended
State-Changed-By: bkoz
State-Changed-When: Mon Nov 18 12:25:32 2002
State-Changed-Why:
    Yo! Dude. You've got to either reply to emails about this, or not complain when I close it.
    
    -benjamin

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=5625

Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

[bkoz]

Synopsis: exception unwinding creates invalid pointer on mips

State-Changed-From-To: analyzed->feedback
State-Changed-By: bkoz
State-Changed-When: Fri Nov  1 18:27:33 2002
State-Changed-Why:
    Ping... is this resolved?

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=5625

Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

[echristo]

Synopsis: exception unwinding creates invalid pointer on mips

State-Changed-From-To: feedback->analyzed
State-Changed-By: echristo
State-Changed-When: Thu Apr 25 19:30:43 2002
State-Changed-Why:
    Feedback received. Looks like an issue with pointer extension
    when Pmode > POINTER_SIZE.

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=5625

Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

[echristo]

Synopsis: exception unwinding creates invalid pointer on mips

State-Changed-From-To: open->feedback
State-Changed-By: echristo
State-Changed-When: Tue Apr 23 12:20:23 2002
State-Changed-Why:
    As a note, while your point about sign extension is correct the documentation that you point me at also says that the result of the addiu is sign extended before being placed in the destination register. 

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=5625

Re: libstdc++/5625: exception unwinding creates invalid pointer on mips

[bkoz]

Synopsis: exception unwinding creates invalid pointer on mips

Responsible-Changed-From-To: unassigned->echristo
Responsible-Changed-By: bkoz
Responsible-Changed-When: Mon Apr  1 11:34:11 2002
Responsible-Changed-Why:
    Eric, can you please look at this? It's MIPS-specific.
    
    -benjamin

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=5625

libstdc++/5625: exception unwinding creates invalid pointer on mips

[emaste]

>Number:         5625
>Category:       libstdc++
>Synopsis:       exception unwinding creates invalid pointer on mips
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Feb 07 12:06:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Ed Maste
>Release:        3.0.3
>Organization:
>Environment:
host is CYGWIN_NT-5.0 EMASTE-PC1 1.3.9(0.51/3/2) 2002-01-21 12:48 i686 unknown
gcc configured with --target=mips-wrs-vxworks --enable-threads
>Description:
I've discovered what I believe to be a bug in the exception unwinding code of gcc 3.0.3.  I wrote a short test function (attached) with just a try & catch in a function, and the unwinder crashes at run time.

I've traced the unwinding through to the call to the C++ personality function in eh_personality.cc.  At the end of the personality function, _Unwind_SetGR is called to set up a pointer to the exceptionObject for the call to __cxa_begin_catch later on (eh_personality.cc:393):

  _Unwind_SetGR (context, __builtin_eh_return_data_regno (0),
		 (_Unwind_Ptr) &xh->unwindHeader);

_Unwind_SetGR takes an _Unwind_Word as its third argument.

I'm using a MIPS processor; sizeof(_Unwind_Ptr) is 32 bits, and sizeof(_Unwind_Word) is 64 bits.  _Unwind_Word is an unsigned type (unwind.h:32):

typedef unsigned _Unwind_Word __attribute__((__mode__(__word__)));

When gcc generates the call to _Unwind_SetGR in the personality function, it takes the &xh->unwindHeader and zero-extends it to 64 bits.  Later on, the generated code for my "catch" calls __cxa_begin_catch, and the result of the _Unwind_SetGR is in the a0 register.

__cxa_begin_catch tries to read a value from the exceptionObject.  The beginning of __cxa_begin_catch looks like this (mips assembly):

__cxa_begin_catch:
addiu           sp,sp,-48
sd              s0,32(sp)
sd              ra,40(sp)
jal             __cxa_get_globals
addiu           s0,a0,-48
lw              v1,20(s0)

So here's the problem: addiu requires its register operand 
to be a valid 64-bit sign extended representation of a 
32-bit value; if it is not, the result is unpredictable[1].  The zero-extended version that the compiler generates violates this rule.  This problem won't show up with user pointers that end up < 0x80000000; in kernel mode my pointers are >= 0x80000000.

It seems that almost all MIPS processors implement addiu as
"do a 32 bit add and then sign extend" so the unpredictable
behaviour produces the expected result.

The processor I'm working with has different unpredictable
behaviour (the result of the addiu still has zeros in bits
63-32), so the "lw" instruction following causes a MIPS 
processor exception.

[1]
http://www.mips.com/publications/documentation/MD00087-2B-MIPS64BIS-AFP-00.95.pdf, page 39
>How-To-Repeat:
Try to throw and catch a c++ exception on a 64 bit MIPS processor where memory is mapped in at 0x80000000 and up (i.e. kseg0) using 32 bit pointers.  The MIPS addiu instruction gets used with a register that results in "unpredictable" behaviour.
>Fix:
The following quick hack works for me but isn't generally applicable:

--- eh_personality.cc@@/main/1  Wed Jan 23 22:58:24 2002
+++ eh_personality.cc   Thu Feb  7 13:20:06 2002
@@ -391,7 +391,7 @@
     }

   _Unwind_SetGR (context, __builtin_eh_return_data_regno (0),
-                (_Unwind_Ptr) &xh->unwindHeader);
+                (_Unwind_Sword)((int) &xh->unwindHeader));
   _Unwind_SetGR (context, __builtin_eh_return_data_regno (1),
                 handler_switch_value);
   _Unwind_SetIP (context, landing_pad);
>Release-Note:
>Audit-Trail:
>Unformatted: