From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9868 invoked by alias); 20 Oct 2011 04:22:29 -0000 Received: (qmail 9856 invoked by uid 22791); 20 Oct 2011 04:22:27 -0000 X-SWARE-Spam-Status: No, hits=4.2 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,TW_GJ,TW_NX,TW_TJ X-Spam-Check-By: sourceware.org Received: from mail-ey0-f175.google.com (HELO mail-ey0-f175.google.com) (209.85.215.175) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 20 Oct 2011 04:22:11 +0000 Received: by eyd9 with SMTP id 9so2466263eyd.20 for ; Wed, 19 Oct 2011 21:22:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.213.104.135 with SMTP id p7mr1171325ebo.149.1319084528728; Wed, 19 Oct 2011 21:22:08 -0700 (PDT) Received: by 10.213.9.69 with HTTP; Wed, 19 Oct 2011 21:22:08 -0700 (PDT) In-Reply-To: <4E9F3BB4.3050604@mc.net> References: <4E9BB180.6080506@mc.net> <4E9C0497.2000605@siriusit.co.uk> <4E9C3703.3040109@mc.net> <4E9C645A.5060200@twiddle.net> <4E9C9C08.20001@mc.net> <4E9CAACE.4070804@mc.net> <4E9F3BB4.3050604@mc.net> Date: Thu, 20 Oct 2011 06:08:00 -0000 Message-ID: Subject: Re: gcc auto-omit-frame-pointer vs msvc longjmp From: xunxun To: Bob Breuer Cc: Kai Tietz , "gcc@gcc.gnu.org" , Richard Henderson , qemu-devel , Mark Cave-Ayland Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes Mailing-List: contact gcc-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-owner@gcc.gnu.org X-SW-Source: 2011-10/txt/msg00332.txt.bz2 Hi, all I think this issue causes the gdb crash on XP. You can see the thread: http://sourceware.org/ml/gdb/2011-10/msg00056.html My many friends and I can reproduce this crash issue, but no problem on Win= 7. On Thu, Oct 20, 2011 at 5:05 AM, Bob Breuer wrote: > Kai Tietz wrote: >> 2011/10/18 Bob Breuer : >>> Kai Tietz wrote: >>>> 2011/10/17 Bob Breuer : >>>>> Richard Henderson wrote: >>>>>> On 10/17/2011 07:09 AM, Bob Breuer wrote: >>>>>>> Google finds a mention of longjmp failing with -fomit-frame-pointer: >>>>>>> http://lua-users.org/lists/lua-l/2005-02/msg00158.html >>>>>>> >>>>>>> Looks like gcc 4.6 turns on -fomit-frame-pointer by default. >>>>>> Hmm. =C2=A0This is the first I've heard of a longjmp implementation >>>>>> failing without a frame pointer. =C2=A0Presumably this is with the >>>>>> mingw i.e. msvc libc? >>>>> Yeah, mingw from www.mingw.org which I believe uses msvcrt.dll, packa= ge >>>>> gcc-core-4.6.1-2-mingw32-bin. >>>>> >>>>>> This is something that could be worked around in gcc, I suppose. >>>>>> We recognize longjmp for some things, we could force the use of >>>>>> a frame pointer for msvc targets too. >>>>>> >>>>>> For now it might be best to simply force -fno-omit-frame-pointer >>>>>> for mingw host in the configure script. >>>>> Here's a testcase that crashes on the longjmp: >>>>> >>>>> #include >>>>> #include >>>>> >>>>> jmp_buf env; >>>>> >>>>> int test(void) >>>>> { >>>>> =C2=A0int i; >>>>> >>>>> =C2=A0asm("xor %%ebp,%%ebp" ::: "ebp"); >>>>> >>>>> =C2=A0i =3D setjmp(env); >>>>> =C2=A0printf("i =3D %d\n", i); >>>>> >>>>> =C2=A0if (i =3D=3D 0) >>>>> =C2=A0 =C2=A0longjmp(env, 2); >>>>> >>>>> =C2=A0return i; >>>>> } >>>>> >>>>> int main(void) >>>>> { >>>>> =C2=A0return test(); >>>>> } >>>>> >>>>> Remove the asm statement to make it not crash. =C2=A0Obviously with >>>>> omit-frame-pointer, gcc can shove anything into ebp. >>>>> >>>>> Bob >>>> This crash isn'r related to ebp existing, or not. The issue is the >>>> hidden argument of setjmp, which is missing. =C2=A0If you can try the >>>> following at top of file after include section. >>>> >>>> #define setjmp(BUF) _setjmpex((BUF), NULL) >>>> int __cdecl __attribute__ ((__nothrow__,__returns_twice__)) >>>> _setjmp3(jmp_buf _Buf, void *_Ctx); >>>> ... >>> Did you mean _setjmp3 instead of _setjmpex? =C2=A0With _setjmp3, it wor= ks >>> without the asm, but still crashes if I zero out ebp before the setjmp. >>> =C2=A0Aren't the function arguments on the stack anyway? >> >> Yes, I mean _setjmp3 (pasto from headers and missed the second line >> prototyping _setjmp3). >> I repeat myself here. =C2=A0setjmp() has an hidden arguement, which is >> passed on x86 on stack. =C2=A0By not passing this required argument, set= jmp >> will take a random-value from stack. =C2=A0In your case 'i'. =C2=A0btw i= f you >> would pre-initialize 'i' with zero, I would assume you won't see a >> crash, but anyway this is just by chance. >> For this I suggest to use here _setjmp3 instead, as here >> second-argument is documented as being present. >> >> Btw I tested your code with i686-pc-mingw32 version 4.6.x and 4.7.x >> gcc version. =C2=A0With my suggested pattern, I don't see a crash for yo= ur >> provide test-code with, or without zero-ing ebp. > > > We probably have a difference in build or run environment. =C2=A0I've > double-checked with another machine and can get the same crash in > longjmp when running the test executable on both WinXP and Win2k, but > not on Win7. =C2=A0So it looks like Microsoft may have changed this "feat= ure" > somewhere between WinXP and Win7. > > The msvcrt implementation of longjmp (or at least the one I'm looking > at) does a ebp based access using the saved value of ebp. =C2=A0Here's the > relevant disassembly of longjmp: > > 0x7801e6f3 in longjmpex () from C:\WINNT\system32\msvcrt.dll > (gdb) disas > Dump of assembler code for function longjmpex: > =C2=A0 0x7801e6ef <+0>: =C2=A0 =C2=A0 mov =C2=A0 =C2=A00x4(%esp),%ebx > =3D> 0x7801e6f3 <+4>: =C2=A0 =C2=A0 mov =C2=A0 =C2=A0(%ebx),%ebp > ... > =C2=A0 0x7801e73d <+78>: =C2=A0 =C2=A0call =C2=A0 0x7800bd5e > ... > =C2=A0 0x7800bd5e <+56>: =C2=A0 =C2=A0push =C2=A0 %ebx > =C2=A0 0x7800bd5f <+57>: =C2=A0 =C2=A0push =C2=A0 %ecx > =C2=A0 0x7800bd60 <+58>: =C2=A0 =C2=A0mov =C2=A0 =C2=A0$0x7803dc64,%ebx > =3D> 0x7800bd65 <+63>: =C2=A0 =C2=A0mov =C2=A0 =C2=A00x8(%ebp),%ecx > > It crashes on the access of 0x8(%ebp). =C2=A0Those are the only 2 places > where this version of longjmp touches ebp. =C2=A0Is it possible to force a > stackframe by just adding a suitable attribute to either the setjmp > function prototype, or the function which calls setjmp? > > Bob > --=20 Best Regards, xunxun