NetBSD Problem Report #48026

From mlelstv@twitty.1st.de  Sat Jul  6 16:17:20 2013
Return-Path: <mlelstv@twitty.1st.de>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 184EF718A2
	for <gnats-bugs@gnats.NetBSD.org>; Sat,  6 Jul 2013 16:17:20 +0000 (UTC)
Message-Id: <20130706161706.005AAD125@twitty.1st.de>
Date: Sat,  6 Jul 2013 18:17:05 +0200 (CEST)
From: mlelstv@serpens.de
Reply-To: mlelstv@serpens.de
To: gnats-bugs@NetBSD.org
Subject: devel/bison crashes on earm because of compiler bug
X-Send-Pr-Version: 3.95

>Number:         48026
>Category:       toolchain
>Synopsis:       devel/bison crashes on earm because of compiler bug
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    toolchain-manager
>State:          feedback
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 06 16:20:00 +0000 2013
>Closed-Date:    
>Last-Modified:  Tue Dec 25 14:17:01 +0000 2018
>Originator:     Michael van Elst
>Release:        NetBSD 6.99.22
>Organization:

>Environment:


System: NetBSD twitty 6.99.22 NetBSD 6.99.22 (TWITTY) #1: Sat Jun 29 18:09:58 CEST 2013 mlelstv@pussyfoot:/home/netbsd-current/obj.evbarm/home/netbsd-current/src/sys/arch/evbarm/compile/TWITTY evbarm
Architecture: earm
Machine: evbarm
>Description:

Building x11/wxGTK28 on earm fails because bison crashes with a bus error.
The crash seems to be caused by a compiler bug.

bison crashes in function action_row:

Core was generated by `bison'.
Program terminated with signal 10, Bus error.
#0  0x00033678 in action_row ()
(gdb) bt
#0  0x00033678 in action_row ()
#1  0x00033e18 in tables_generate ()
#2  0x00015538 in main ()
(gdb) info registers
r0             0x9      9
r1             0xbfffba80       3221207680
r2             0x4023a2c0       1076077248
r3             0xbfffba80       3221207680
r4             0xbfffba7c       3221207676
r5             0x0      0
r6             0x60758  395096
r7             0x4020f330       1075901232
r8             0xbfffca84       3221211780
r9             0x1      1
r10            0xbfffca7c       3221211772
r11            0xbfffcab4       3221211828
r12            0x4024c5d8       1076151768
sp             0xbfffba40       0xbfffba40
lr             0x1      1
pc             0x33678  0x33678 <action_row+344>
cpsr           0xa0000110       2684354832

The relevant code part is:

   0x3364c <action_row+300>:    sub     r0, r11, #4096  ; 0x1000
   0x33650 <action_row+304>:    str     r9, [r0, #-64]  ; 0x40
   0x33654 <action_row+308>:    ldr     r9, [r2, r9, lsl #2]
   0x33658 <action_row+312>:    cmp     r9, #0
   0x3365c <action_row+316>:    beq     0x33680 <action_row+352>
   0x33660 <action_row+320>:    sub     r0, r11, #4096  ; 0x1000
   0x33664 <action_row+324>:    ldr     r0, [r0, #-64]  ; 0x40
   0x33668 <action_row+328>:    mov     lr, #1
   0x3366c <action_row+332>:    sub     r9, r11, #4096  ; 0x1000
   0x33670 <action_row+336>:    str     lr, [r9, #-72]  ; 0x48
   0x33674 <action_row+340>:    mov     r9, lr
=> 0x33678 <action_row+344>:    ldr     lr, [r0, #-104] ; 0x68
   0x3367c <action_row+348>:    str     r9, [lr, r0, lsl #2]
   0x33680 <action_row+352>:......

which corresponds to the source fragment (src/tables.c:265ff)
from bison-2.7.1:

          /* and record this rule as the rule to use if that
             token follows.  */
          if (actrow[j] != 0)
            {
              conflicted = true;
              conflrow[j] = 1;
            }

global variables:
static action_number *actrow;
static unsigned int *conflrow;

local variable:
  bool conflicted = false;



store j
   0x3364c <action_row+300>:    sub     r0, r11, #4096  ; 0x1000
   0x33650 <action_row+304>:    str     r9, [r0, #-64]  ; 0x40

fetch actrow[j]
   0x33654 <action_row+308>:    ldr     r9, [r2, r9, lsl #2]

if == 0 skip then part
   0x33658 <action_row+312>:    cmp     r9, #0
   0x3365c <action_row+316>:    beq     0x33680 <action_row+352>

fetch j
   0x33660 <action_row+320>:    sub     r0, r11, #4096  ; 0x1000
   0x33664 <action_row+324>:    ldr     r0, [r0, #-64]  ; 0x40

store 1 (==true) to the local variable conflicted
   0x33668 <action_row+328>:    mov     lr, #1
conflicted is accessed like a global variable?
   0x3366c <action_row+332>:    sub     r9, r11, #4096  ; 0x1000
   0x33670 <action_row+336>:    str     lr, [r9, #-72]  ; 0x48

store 1 to the global variable conflrow[j]
   0x33674 <action_row+340>:    mov     r9, lr
assumes r0 contains pointer to global variables to fetch conflrow
=> 0x33678 <action_row+344>:    ldr     lr, [r0, #-104] ; 0x68
assumes r0 contains index j
   0x3367c <action_row+348>:    str     r9, [lr, r0, lsl #2]

next instruction after then-part
   0x33680 <action_row+352>:......


The compiler made 'conflicted' a global variable, but that might
be a valid optimization.

The problem is that r0 is assumed to contain the global variable
base address and also the value of the index j.





>How-To-Repeat:
Build gxGTK28 on evbarm with eabi to see bison crashing.

>Fix:


>Release-Note:

>Audit-Trail:
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@NetBSD.org
Cc: tsutsui@ceres.dti.ne.jp
Subject: Re: toolchain/48026: devel/bison crashes on earm because of compiler
	 bug
Date: Sun, 7 Jul 2013 01:57:27 +0900

 > >Synopsis:       devel/bison crashes on earm because of compiler bug

 pkgsrc/devel/bison/hacks.mk already has the following lines:
 ---
 ### gcc-4.5.3 in NetBSD/arm 5.99.59 also breaks bison in net/libIDL.
 ### -O seems enough for workaround in this case.
 .if !empty(MACHINE_PLATFORM:MNetBSD-*-arm) && !empty(CC_VERSION:Mgcc-4.5.*)
 PKG_HACKS+=             optimisation
 BUILDLINK_TRANSFORM+=   rename:-O[0-9]*:-O
 .endif
 ---

 How about -O (or -O2 -fno-ipa-sra as mentioned in PR/47798) even for earm?

 ---
 Izumi Tsutsui

From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@NetBSD.org
Cc: toolchain-manager@NetBSD.org, gnats-admin@NetBSD.org,
        netbsd-bugs@NetBSD.org
Subject: Re: toolchain/48026: devel/bison crashes on earm because of compiler
 bug
Date: Sun, 7 Jul 2013 12:14:29 +0200

 On Sat, Jul 06, 2013 at 05:00:00PM +0000, Izumi Tsutsui wrote:

 >  pkgsrc/devel/bison/hacks.mk already has the following lines:
 >  ---
 >  ### gcc-4.5.3 in NetBSD/arm 5.99.59 also breaks bison in net/libIDL.
 >  ### -O seems enough for workaround in this case.
 >  .if !empty(MACHINE_PLATFORM:MNetBSD-*-arm) && !empty(CC_VERSION:Mgcc-4.5.*)
 >  PKG_HACKS+=             optimisation
 >  BUILDLINK_TRANSFORM+=   rename:-O[0-9]*:-O
 >  .endif

 I included MACHINE_PLATFORM:MNetBSD-*-earm, and the bison compiled
 with just -O does not crash.


 Greetings,
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."

From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@NetBSD.org
Cc: toolchain-manager@NetBSD.org, gnats-admin@NetBSD.org,
        netbsd-bugs@NetBSD.org
Subject: Re: toolchain/48026: devel/bison crashes on earm because of compiler
 bug
Date: Mon, 8 Jul 2013 01:21:51 +0200

 On Sun, Jul 07, 2013 at 12:14:29PM +0200, Michael van Elst wrote:
 > On Sat, Jul 06, 2013 at 05:00:00PM +0000, Izumi Tsutsui wrote:
 > 
 > >  pkgsrc/devel/bison/hacks.mk already has the following lines:
 > >  ---
 > >  ### gcc-4.5.3 in NetBSD/arm 5.99.59 also breaks bison in net/libIDL.
 > >  ### -O seems enough for workaround in this case.
 > >  .if !empty(MACHINE_PLATFORM:MNetBSD-*-arm) && !empty(CC_VERSION:Mgcc-4.5.*)
 > >  PKG_HACKS+=             optimisation
 > >  BUILDLINK_TRANSFORM+=   rename:-O[0-9]*:-O
 > >  .endif
 > 
 > I included MACHINE_PLATFORM:MNetBSD-*-earm, and the bison compiled
 > with just -O does not crash.

 The same problem exists for graphics/png. The hack that disables the
 optimization should probably always match for arm and earm platforms
 until the compiler bug is fixed.


 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."

From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: mlelstv@serpens.de
Cc: gnats-bugs@NetBSD.org, tsutsui@ceres.dti.ne.jp
Subject: Re: toolchain/48026: devel/bison crashes on earm because of compilerbug
Date: Tue, 9 Jul 2013 00:09:17 +0900

 mlelstv@ wrote:

 > > >  pkgsrc/devel/bison/hacks.mk already has the following lines:
 > > >  ---
 > > >  ### gcc-4.5.3 in NetBSD/arm 5.99.59 also breaks bison in net/libIDL.
 > > >  ### -O seems enough for workaround in this case.
 > > >  .if !empty(MACHINE_PLATFORM:MNetBSD-*-arm) && !empty(CC_VERSION:Mgcc-4.5.*)
 > > >  PKG_HACKS+=             optimisation
 > > >  BUILDLINK_TRANSFORM+=   rename:-O[0-9]*:-O
 > > >  .endif
 > > 
 > > I included MACHINE_PLATFORM:MNetBSD-*-earm, and the bison compiled
 > > with just -O does not crash.
 > 
 > The same problem exists for graphics/png. The hack that disables the
 > optimization should probably always match for arm and earm platforms
 > until the compiler bug is fixed.

 I wonder which is better:
 (1) disable -fipa-sra by default in src/external/gpl3/gcc/dist/gcc/opts.c
 (2) set "DBG?= -O2 -fno-ipa-sra" in src/share/mk/sys.mk
     in case of ${MACHINE_CPU} == arm

 gcc also has a bug ticket "IPA-SRA decreases quality of debug info"
 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47858
 and opensuse had a patch that disabled -fipa-sra on gcc-4.5.x to avoid it:
 http://lists.opensuse.org/archive/opensuse-commit/2010-05/msg00505.html

 ---
 Izumi Tsutsui

From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@NetBSD.org
Cc: mlelstv@serpens.de, tsutsui@ceres.dti.ne.jp
Subject: Re: toolchain/48026: devel/bison crashes on earm because of compilerbug
Date: Tue, 9 Jul 2013 22:24:02 +0900

 I wrote:

 > I wonder which is better:
 > (1) disable -fipa-sra by default in src/external/gpl3/gcc/dist/gcc/opts.c
 > (2) set "DBG?= -O2 -fno-ipa-sra" in src/share/mk/sys.mk
 >     in case of ${MACHINE_CPU} == arm

 After build tests on pkgsrc/devel/bison and pkgsrc/net/libIDL,
 it turns out that "-O2 -fno-ipa-sra" doesn't help bison issue.
 So conservative "DBG?= -O1" for all arm and earm port default
 might be safer.

 Who can make a decision about this issue?

 ---
 Izumi Tsutsui

State-Changed-From-To: open->feedback
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 25 Dec 2018 14:17:01 +0000
State-Changed-Why:
bison only has this hack for GCC-4.5 now and netbsd-6 is EOL. I haven't heard similar complaints about bison. What do you think?


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.