From owner-freebsd-current@FreeBSD.ORG Mon Jan 7 23:21:21 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id B21248A6; Mon, 7 Jan 2013 23:21:21 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (cl-327.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:146::2]) by mx1.freebsd.org (Postfix) with ESMTP id 388D2C25; Mon, 7 Jan 2013 23:21:21 +0000 (UTC) Received: from [IPv6:2001:7b8:3a7:0:406f:4ff9:6789:6380] (unknown [IPv6:2001:7b8:3a7:0:406f:4ff9:6789:6380]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 3C7025C37; Tue, 8 Jan 2013 00:21:18 +0100 (CET) Message-ID: <50EB5868.2050509@FreeBSD.org> Date: Tue, 08 Jan 2013 00:21:12 +0100 From: Dimitry Andric Organization: The FreeBSD Project User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20121128 Thunderbird/18.0 MIME-Version: 1.0 To: Stefan Farfeleder Subject: Re: clang 3.2 RC2 miscompiles libgcc? References: <20121227150724.GA1431@mole.fafoe.narf.at> <50DC65F5.6060004@freebsd.org> <50E0BD66.4070609@FreeBSD.org> <20130102135950.GA1464@mole.fafoe.narf.at> <20130104154940.GD1430@mole.fafoe.narf.at> <20130106141708.GA1418@mole.fafoe.narf.at> <50E9916F.3040500@FreeBSD.org> <20130106160331.GB1418@mole.fafoe.narf.at> In-Reply-To: <20130106160331.GB1418@mole.fafoe.narf.at> Content-Type: multipart/mixed; boundary="------------080402030204060302080304" Cc: freebsd-current@freebsd.org, David Chisnall , Nathan Whitehorn X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jan 2013 23:21:21 -0000 This is a multi-part message in MIME format. --------------080402030204060302080304 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 2013-01-06 17:03, Stefan Farfeleder wrote: > On Sun, Jan 06, 2013 at 03:59:59PM +0100, Dimitry Andric wrote: ... > The bug also affects ports software, e.g., I also experienced strange > rtorrent segfaults that are now gone. Can you please try the attached patch, which is a very horrid, atrocious hack, and will only work for amd64. Then rebuild libgcc with clang, and please try if this fixes at least some of the crashes... This is at least the direction I'm looking at. It seems that in some cases with __builtin_eh_return(), llvm does not see that registers can be clobbered, and it doesn't save and restore them. After a lot of splitting up of unwind-dw2.c, I arrived at _Unwind_Resume which when compiled by clang caused the crashes, but when compiled by gcc ran OK. Here is a side-by-side overview of the output; sorry for going over any 72-char margin, but this is for illustration. You can see that gcc saves most registers on the stack, and restores them just before the eh return. Clang does not, at least by default: GCC OUTPUT CLANG OUTPUT ================================================= ========================================================= _Unwind_Resume: _Unwind_Resume: # @_Unwind_Resume pushq %rbp pushq %rbp movq %rsp, %rbp movq %rsp, %rbp pushq %r15 pushq %rdx pushq %r14 pushq %rax pushq %r13 subq $528, %rsp # imm = 0x210 pushq %r12 movq %rdi, -24(%rbp) pushq %rbx movq %rbp, %rdi pushq %rdx addq $16, %rdi pushq %rax movq 8(%rbp), %rdx subq $536, %rsp leaq -264(%rbp), %rcx movq %rdi, -584(%rbp) movq %rdi, -536(%rbp) # 8-byte Spill movq 8(%rbp), %rax movq %rcx, %rdi movq %rax, %rdx movq -536(%rbp), %rsi # 8-byte Reload leaq 16(%rbp), %rsi callq uw_init_context_1@PLT leaq -336(%rbp), %rdi movabsq $240, %rdx call uw_init_context_1@PLT leaq -264(%rbp), %rcx leaq -576(%rbp), %rdi leaq -504(%rbp), %rsi leaq -336(%rbp), %rsi movq %rsi, %rdi movl $240, %edx movq %rcx, %rsi call memcpy@PLT callq memcpy@PLT movq -584(%rbp), %rax movq -24(%rbp), %rcx movq 16(%rax), %rax cmpq $0, 16(%rcx) testq %rax, %rax jne .LBB0_2 jne .L59 leaq -504(%rbp), %rsi leaq -576(%rbp), %rsi movq -24(%rbp), %rdi movq -584(%rbp), %rdi callq _Unwind_RaiseException_Phase2@PLT call _Unwind_RaiseException_Phase2@PLT movl %eax, -508(%rbp) movl %eax, -84(%rbp) jmp .LBB0_3 jmp .L61 .LBB0_2: # %if.else .L59: leaq -504(%rbp), %rsi leaq -576(%rbp), %rsi movq -24(%rbp), %rdi movq -584(%rbp), %rdi callq _Unwind_ForcedUnwind_Phase2@PLT call _Unwind_ForcedUnwind_Phase2@PLT movl %eax, -508(%rbp) movl %eax, -84(%rbp) .LBB0_3: # %if.end .L61: cmpl $7, -508(%rbp) cmpl $7, -84(%rbp) je .LBB0_5 je .L62 callq abort@PLT call abort@PLT .LBB0_5: # %cond.false .L62: jmp .LBB0_6 leaq -576(%rbp), %rsi .LBB0_6: # %cond.end leaq -336(%rbp), %rdi leaq -264(%rbp), %rdi call uw_install_context_1@PLT leaq -504(%rbp), %rsi movq %rax, -80(%rbp) callq uw_install_context_1@PLT movq -424(%rbp), %rax movq %rax, -520(%rbp) movq %rax, -72(%rbp) movq -352(%rbp), %rsi movq -80(%rbp), %rcx movq %rsi, -528(%rbp) movq -72(%rbp), %rax movq -520(%rbp), %rsi movq %rax, 8(%rbp,%rcx) movq -528(%rbp), %rdi movq -56(%rbp), %rax movq %rbp, %rax movq -48(%rbp), %rdx movq %rdi, 8(%rax,%rsi) movq -40(%rbp), %rbx leaq 8(%rax,%rsi), %rcx movq -32(%rbp), %r12 addq $528, %rsp # imm = 0x210 movq -24(%rbp), %r13 popq %rax movq -16(%rbp), %r14 popq %rdx movq -8(%rbp), %r15 popq %rbp leaq 8(%rbp,%rcx), %rcx movq %rcx, %rsp movq 0(%rbp), %rbp ret # eh_return, addr: %rcx movq %rcx, %rsp ret --------------080402030204060302080304 Content-Type: text/x-diff; name="unwind-clobber-1.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="unwind-clobber-1.diff" Index: contrib/gcc/unwind-dw2.c =================================================================== --- contrib/gcc/unwind-dw2.c (revision 244663) +++ contrib/gcc/unwind-dw2.c (working copy) @@ -1448,6 +1448,7 @@ uw_init_context_1 (struct _Unwind_Context *context { \ long offset = uw_install_context_1 ((CURRENT), (TARGET)); \ void *handler = __builtin_frob_return_addr ((TARGET)->ra); \ + __asm __volatile(" " : : : "r15", "r14", "r13", "r12", "rbx", "rdx", "rax"); \ __builtin_eh_return (offset, handler); \ } \ while (0) --------------080402030204060302080304--