From: Kai Tietz <ktietz70@googlemail.com>
To: xunxun <xunxun1982@gmail.com>
Cc: Bob Breuer <breuerr@mc.net>, "gcc@gcc.gnu.org" <gcc@gcc.gnu.org>,
Richard Henderson <rth@twiddle.net>,
qemu-devel <qemu-devel@nongnu.org>,
Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>
Subject: Re: gcc auto-omit-frame-pointer vs msvc longjmp
Date: Thu, 20 Oct 2011 15:01:00 -0000 [thread overview]
Message-ID: <CAEwic4ZJfwJBUgA2=Vwh3GBzCfqkTavYvXrZO7aicy=snVkQzg@mail.gmail.com> (raw)
In-Reply-To: <CA+BR0wxgvJ8=u5YtZRj7wSq=y6tafSFCHWV6-Zv3hsNbq3q6ZA@mail.gmail.com>
2011/10/20 xunxun <xunxun1982@gmail.com>:
> Hi, all
>
> I think this issue causes the gdb crash on XP.
> You can see the thread: http://sourceware.org/ml/gdb/2011-10/msg00056.html
>
> My many friends and I can reproduce this crash issue, but no problem on Win7.
>
> On Thu, Oct 20, 2011 at 5:05 AM, Bob Breuer <breuerr@mc.net> wrote:
>> Kai Tietz wrote:
>>> 2011/10/18 Bob Breuer <breuerr@mc.net>:
>>>> Kai Tietz wrote:
>>>>> 2011/10/17 Bob Breuer <breuerr@mc.net>:
>>>>>> Richard Henderson wrote:
>>>>>>> On 10/17/2011 07:09 AM, Bob Breuer wrote:
>>>>>>>> Google finds a mention of longjmp failing with -fomit-frame-pointer:
>>>>>>>> http://lua-users.org/lists/lua-l/2005-02/msg00158.html
>>>>>>>>
>>>>>>>> Looks like gcc 4.6 turns on -fomit-frame-pointer by default.
>>>>>>> Hmm. This is the first I've heard of a longjmp implementation
>>>>>>> failing without a frame pointer. Presumably this is with the
>>>>>>> mingw i.e. msvc libc?
>>>>>> Yeah, mingw from www.mingw.org which I believe uses msvcrt.dll, package
>>>>>> gcc-core-4.6.1-2-mingw32-bin.
>>>>>>
>>>>>>> This is something that could be worked around in gcc, I suppose.
>>>>>>> We recognize longjmp for some things, we could force the use of
>>>>>>> a frame pointer for msvc targets too.
>>>>>>>
>>>>>>> For now it might be best to simply force -fno-omit-frame-pointer
>>>>>>> for mingw host in the configure script.
>>>>>> Here's a testcase that crashes on the longjmp:
>>>>>>
>>>>>> #include <stdio.h>
>>>>>> #include <setjmp.h>
>>>>>>
>>>>>> jmp_buf env;
>>>>>>
>>>>>> int test(void)
>>>>>> {
>>>>>> int i;
>>>>>>
>>>>>> asm("xor %%ebp,%%ebp" ::: "ebp");
>>>>>>
>>>>>> i = setjmp(env);
>>>>>> printf("i = %d\n", i);
>>>>>>
>>>>>> if (i == 0)
>>>>>> longjmp(env, 2);
>>>>>>
>>>>>> return i;
>>>>>> }
>>>>>>
>>>>>> int main(void)
>>>>>> {
>>>>>> return test();
>>>>>> }
>>>>>>
>>>>>> Remove the asm statement to make it not crash. Obviously with
>>>>>> omit-frame-pointer, gcc can shove anything into ebp.
>>>>>>
>>>>>> Bob
>>>>> This crash isn'r related to ebp existing, or not. The issue is the
>>>>> hidden argument of setjmp, which is missing. If you can try the
>>>>> following at top of file after include section.
>>>>>
>>>>> #define setjmp(BUF) _setjmpex((BUF), NULL)
>>>>> int __cdecl __attribute__ ((__nothrow__,__returns_twice__))
>>>>> _setjmp3(jmp_buf _Buf, void *_Ctx);
>>>>> ...
>>>> Did you mean _setjmp3 instead of _setjmpex? With _setjmp3, it works
>>>> without the asm, but still crashes if I zero out ebp before the setjmp.
>>>> Aren't the function arguments on the stack anyway?
>>>
>>> Yes, I mean _setjmp3 (pasto from headers and missed the second line
>>> prototyping _setjmp3).
>>> I repeat myself here. setjmp() has an hidden arguement, which is
>>> passed on x86 on stack. By not passing this required argument, setjmp
>>> will take a random-value from stack. In your case 'i'. btw if you
>>> would pre-initialize 'i' with zero, I would assume you won't see a
>>> crash, but anyway this is just by chance.
>>> For this I suggest to use here _setjmp3 instead, as here
>>> second-argument is documented as being present.
>>>
>>> Btw I tested your code with i686-pc-mingw32 version 4.6.x and 4.7.x
>>> gcc version. With my suggested pattern, I don't see a crash for your
>>> provide test-code with, or without zero-ing ebp.
>>
>>
>> We probably have a difference in build or run environment. I've
>> double-checked with another machine and can get the same crash in
>> longjmp when running the test executable on both WinXP and Win2k, but
>> not on Win7. So it looks like Microsoft may have changed this "feature"
>> somewhere between WinXP and Win7.
>>
>> The msvcrt implementation of longjmp (or at least the one I'm looking
>> at) does a ebp based access using the saved value of ebp. Here's the
>> relevant disassembly of longjmp:
>>
>> 0x7801e6f3 in longjmpex () from C:\WINNT\system32\msvcrt.dll
>> (gdb) disas
>> Dump of assembler code for function longjmpex:
>> 0x7801e6ef <+0>: mov 0x4(%esp),%ebx
>> => 0x7801e6f3 <+4>: mov (%ebx),%ebp
>> ...
>> 0x7801e73d <+78>: call 0x7800bd5e <abnormal_termination+56>
>> ...
>> 0x7800bd5e <+56>: push %ebx
>> 0x7800bd5f <+57>: push %ecx
>> 0x7800bd60 <+58>: mov $0x7803dc64,%ebx
>> => 0x7800bd65 <+63>: mov 0x8(%ebp),%ecx
>>
>> It crashes on the access of 0x8(%ebp). Those are the only 2 places
>> where this version of longjmp touches ebp. Is it possible to force a
>> stackframe by just adding a suitable attribute to either the setjmp
>> function prototype, or the function which calls setjmp?
>>
>> Bob
>>
>
>
>
> --
> Best Regards,
> xunxun
This now makes sense. I use here Vista 64-bit, and Win7 64-bit and I
didn't found the issue. But well, it is indeed related to different
msvcrt-version.
So there might be some need to have for a function using setjmp the
frame-pointer enabled. I can confirm this by an older msvcrt.dll
version on my 64-bit box, too.
So bug can be re-opened.
Thanks,
Kai
next prev parent reply other threads:[~2011-10-20 14:48 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4E9BB180.6080506@mc.net>
[not found] ` <4E9C0497.2000605@siriusit.co.uk>
[not found] ` <4E9C3703.3040109@mc.net>
2011-10-17 21:20 ` Richard Henderson
2011-10-17 21:32 ` [Qemu-devel] " Blue Swirl
2011-10-17 22:23 ` Richard Henderson
2011-10-17 22:56 ` Bob Breuer
2011-10-18 2:06 ` Kai Tietz
2011-10-18 4:20 ` Bob Breuer
2011-10-18 4:22 ` Kai Tietz
2011-10-20 3:26 ` Bob Breuer
2011-10-20 4:18 ` Richard Henderson
2011-10-20 6:08 ` xunxun
2011-10-20 15:01 ` Kai Tietz [this message]
2011-10-20 17:12 ` Kai Tietz
2011-10-21 22:47 ` jojelino
2011-10-22 12:30 ` xunxun
2011-10-22 13:18 ` xunxun
2011-10-22 14:21 ` Kai Tietz
2011-10-22 22:59 ` asmwarrior
2011-10-24 20:05 ` [Qemu-devel] " Bob Breuer
2011-10-24 23:25 ` Kai Tietz
2011-10-25 17:00 ` Bob Breuer
2011-10-20 14:16 ` jojelino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEwic4ZJfwJBUgA2=Vwh3GBzCfqkTavYvXrZO7aicy=snVkQzg@mail.gmail.com' \
--to=ktietz70@googlemail.com \
--cc=breuerr@mc.net \
--cc=gcc@gcc.gnu.org \
--cc=mark.cave-ayland@siriusit.co.uk \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=xunxun1982@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).