NetBSD Problem Report #45576

From is@netbsd.org  Sun Nov  6 11:00:52 2011
Return-Path: <is@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id A205863B974
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  6 Nov 2011 11:00:52 +0000 (UTC)
Message-Id: <20111106110043.419F02091C@beverly.kleinbus.org>
Date: Sun,  6 Nov 2011 12:00:42 +0100 (CET)
From: is@netbsd.org
Reply-To: is@netbsd.org
To: gnats-bugs@gnats.NetBSD.org
Subject: toolchain
X-Send-Pr-Version: 3.95

>Number:         45576
>Category:       toolchain
>Synopsis:       ARM compiler bug extracting consecutive pointers from struct
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    toolchain-manager
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 06 11:05:00 +0000 2011
>Closed-Date:    Sat Dec 31 21:17:49 +0000 2011
>Last-Modified:  Sat Dec 31 21:17:49 +0000 2011
>Originator:     Ignatios Souvatzis
>Release:        NetBSD 5.1
>Organization:
me
>Environment:


System: NetBSD marie 5.1 NetBSD 5.1 (MARIE) #0: Wed Jan 5 20:52:48 CET 2011 ignatios@random87:/var/itch/obj/shark/sys/arch/shark/compile/MARIE shark
Architecture: arm
Machine: shark
Compiler:
Using built-in specs.
Target: arm--netbsdelf
Configured with: /usr/src/tools/gcc/../../gnu/dist/gcc4/configure --enable-long-long --disable-multilib --enable-threads --disable-symvers --build=x86_64-unknown-netbsd4.99.72 --host=arm--netbsdelf --target=arm--netbsdelf --enable-__cxa_atexit
Thread model: posix
gcc version 4.1.3 20080704 prerelease (NetBSD nb2 20081120)
>Description:

	When extracting two consecutive pointers in a struct to subtract
	them, for a certain range of offsets from the start of the struct,
	gcc 4.1.3 overwrites the register used for the struct base with
	the first pointer extracted, thus extracting garbage or getting 
	a SIGBUS when accessing the 2nd one.

	(Found when hunting down why wip/hplip3 SIGBUSsed on me on ARM,
	 but not on i386).

	This happens with -O2 and -O1, but not with -O0

	The affected pointer offsets are 1024/1028 to 4088/4092 bytes 
	from struct start.

	Non-consecutive pointers are not affected.

>How-To-Repeat:
Here's a demo program:
% cat pointerdiff.c
#define testit(cs,ds) \
struct foo##cs##_##ds { \
	char c[cs]; \
	char *a; \
	char d[ds]; \
	char *b; \
}; \
int try##cs##_##ds (struct foo##cs##_##ds *g) {\
	return g->b - g->a; \
}

testit(0,0)
testit(16,0)
testit(64,0)
testit(256,0)
testit(1020,0)
testit(1024,0)
testit(4088,0)
testit(4092,0)
testit(4096,0)
testit(32768,0)
testit(0,12)
testit(1024,12)
testit(4096,12)
testit(0,1212)
testit(1024,1212)
testit(4096,1212)

% gcc -O1 -S pointerdiff.c

>Fix:
Workaround: Use gcc -O0 for affected programs. This is not very satisfactory,
as the code needs three to four times memory accesses and instructions.

I don't have a gcc 4.[456] for ARM around yet to test with that.

>Release-Note:

>Audit-Trail:

From: Ignatios Souvatzis <is@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: toolchain/45576: toolchain
Date: Mon, 7 Nov 2011 20:15:25 +0100

 FTR:

 * Richard Earnshaw reports this is still broken in gcc-4.4, but fixed in
   gcc-current.

 * I tested that this is fixed in gcc-4.5.3 (as in NetBSD-current)

 * Richard Earnshaw proposed to temporarily fix this my removing the
   pattern "arith_adjacentmem" from arm.md.

   I've tested this as a cross-compiler and in NetBSD-5.1
   A patch will be submitted to pullup-5 shortly.

From: "Ignatios Souvatzis" <is@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/45576 CVS commit: src/gnu/dist/gcc4/gcc
Date: Mon, 7 Nov 2011 20:35:39 +0000

 Module Name:	src
 Committed By:	is
 Date:		Mon Nov  7 20:35:39 UTC 2011

 Modified Files:
 	src/gnu/dist/gcc4/gcc: version.c
 	src/gnu/dist/gcc4/gcc/config/arm: arm.md

 Log Message:
 Remove pattern for arith_adjacentmem in arm.md, thus fixing
 PR toolchain/45576 at a very small run-time cost.

 This was suggested by Richard Earnshaw.

 A real fix is known to be in gcc 4.5.3 (as in NetBSD-current) and in
 gcc-current; don't apply in that tree.


 To generate a diff of this commit:
 cvs rdiff -u -r1.18 -r1.19 src/gnu/dist/gcc4/gcc/version.c
 cvs rdiff -u -r1.1.1.2 -r1.2 src/gnu/dist/gcc4/gcc/config/arm/arm.md

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Stephen Borrill" <sborrill@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/45576 CVS commit: [netbsd-5] src/gnu/dist/gcc4/gcc
Date: Fri, 18 Nov 2011 21:35:21 +0000

 Module Name:	src
 Committed By:	sborrill
 Date:		Fri Nov 18 21:35:21 UTC 2011

 Modified Files:
 	src/gnu/dist/gcc4/gcc [netbsd-5]: version.c
 	src/gnu/dist/gcc4/gcc/config/arm [netbsd-5]: arm.md

 Log Message:
 Pull up the following revisions(s) (requested by is in ticket #1689):
 	gnu/dist/gcc4/gcc/version.c:		revision 1.19
 	gnu/dist/gcc4/gcc/config/arm/arm.md:	revision 1.1.1.2-1.2

 Remove pattern for arith_adjacentmem in arm.md, thus fixing
 PR toolchain/45576 at a very small run-time cost.


 To generate a diff of this commit:
 cvs rdiff -u -r1.16.10.1 -r1.16.10.2 src/gnu/dist/gcc4/gcc/version.c
 cvs rdiff -u -r1.1.1.2 -r1.1.1.2.24.1 src/gnu/dist/gcc4/gcc/config/arm/arm.md

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 31 Dec 2011 21:17:49 +0000
State-Changed-Why:
Fixed in November.


>Unformatted:

Home	PR Database Search