NetBSD Problem Report #49337

From martin@duskware.de  Thu Oct 30 08:36:52 2014
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id B1DA1A6675
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 30 Oct 2014 08:36:52 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: __popcountsi2() triggers illegal instruction
X-Send-Pr-Version: 3.95

>Number:         49337
>Category:       port-arm
>Synopsis:       __popcountsi2() triggers illegal instruction
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-arm-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 30 08:40:00 +0000 2014
>Closed-Date:    Mon Nov 03 08:33:23 +0000 2014
>Last-Modified:  Mon Nov 03 08:33:23 +0000 2014
>Originator:     Martin Husemann
>Release:        NetBSD 7.99.1
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD space-truckin.duskware.de 7.99.1 NetBSD 7.99.1 (CUBIETRUCK) #37: Wed Oct 29 15:19:37 CET 2014 martin@night-owl.duskware.de:/usr/src/sys/arch/evbarm/compile/CUBIETRUCK evbarm
Architecture: earmv7hfeb
Machine: evbarm
>Description:

fc-cache dumps core with an invalid instruction.
This simple test program reproduces it:

#include <stdio.h>

int __popcountsi2(int);

int main(int argc, char **argv)
{
	int i = 1;

	printf("popcount(%d) = %d\n", i, __popcountsi2(i));

	return 0;
}


>How-To-Repeat:
s/a

>Fix:
n/a

>Release-Note:

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: port-arm/49337: __popcountsi2() triggers illegal instruction
Date: Sat, 1 Nov 2014 23:03:19 +0100

 This is caused by the additional ld -x -r step during our build of libgcc
 object files.

 Not very helpfully objdump swaps them for display again, so the output
 is confusing and you need to double check with hexdump.

 How to reproduce:

 create a pop.S file:
 .global my__popcountsi2
 .hidden my__popcountsi2
         .text
 my__popcountsi2:
         ldr     r1, [pc, #52]
         mov     r2, #0
         ldr     ip, [pc, #48]
         mov     r3, r2

 and link it into a static binary, then use objdump -D to check:
 000103e8 <my__popcountsi2>:
    103e8:       e59f1034        ldr     r1, [pc, #52]   ; 10424 <my__popcountsi2+0x3c>
    103ec:       e3a02000        mov     r2, #0
    103f0:       e59fc030        ldr     ip, [pc, #48]   ; 10428 <my__popcountsi2+0x40>
    103f4:       e1a03002        mov     r3, r2

 Now create a ld -x -r variant of that .o file and link the result into a
 static binary, objdump -D again:

 000103e8 <my__popcountsi2>:
    103e8:       e59f1034        ldrcc   r9, [r0], #-4069        ; 0xfe5
    103ec:       e3a02000        eoreq   sl, r0, r3, ror #1
    103f0:       e59fc030        sbccc   r9, r0, r5, ror #31
    103f4:       e1a03002        eorseq  sl, r0, #225    ; 0xe1

 Martin

From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: port-arm/49337: __popcountsi2() triggers illegal instruction
Date: Sun, 2 Nov 2014 10:41:39 +0100

 To reproduce you can use the cross tools and check objdump output; for
 simplicity, here is a "how to reproduce" with native tools:

 [/tmp/demo] martin@space-truckin > cat hello.c 
 #include <stdio.h>
 int main(int argc, char **argv)
 {
         printf("hello world\n");
         return 0;
 }
 [/tmp/demo] martin@space-truckin > cc -Wall -O2 -static -c hello.c
 [/tmp/demo] martin@space-truckin > cc -static -o first hello.o
 [/tmp/demo] martin@space-truckin > ./first 
 hello world
 [/tmp/demo] martin@space-truckin > ld -x -r hello.o -o ldx_hello.o
 [/tmp/demo] martin@space-truckin > cc -static -o second ldx_hello.o
 [/tmp/demo] martin@space-truckin > ./second 
 Illegal instruction (core dumped)
 [/tmp/demo] martin@space-truckin > objdump -D first | sed '1,/<main>:/d' | head -9
    2da40:       e1a0c00d        mov     ip, sp
    2da44:       e30d0e8c        movw    r0, #56972      ; 0xde8c
    2da48:       e92dd800        push    {fp, ip, lr, pc}
    2da4c:       e3400002        movt    r0, #2
    2da50:       e24cb004        sub     fp, ip, #4
    2da54:       ebffa6b6        bl      17534 <puts>
    2da58:       e3a00000        mov     r0, #0
    2da5c:       e89da800        ldm     sp, {fp, sp, pc}
 [/tmp/demo] martin@space-truckin > objdump -D second | sed '1,/<main>:/d' | head -9
    2da40:       e1a0c00d        stcleq  0, cr10, [r0, #900]     ; 0x384
    2da44:       e30d0e8c        stchi   13, cr0, [lr], {227}    ; 0xe3
    2da48:       e92dd800        sbcseq  r2, r8, r9, ror #27
    2da4c:       e3400002        andeq   r4, r0, #227    ; 0xe3
    2da50:       e24cb004        ldrteq  r4, [r0], #3298 ; 0xce2
    2da54:       ebffa6b6        strtlt  pc, [r6], fp, ror #31
    2da58:       e3a00000        andeq   sl, r0, r3, ror #1
    2da5c:       e89da800        adceq   r9, r8, r8, ror #27


 Note the identical hex opcode output here - this is part of the confusion
 hiding the original problem.

 Martin

State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Mon, 03 Nov 2014 08:33:23 +0000
State-Changed-Why:
Matt fixed the libgcc build (ld -x considered harmfull on --eb8,
ld needs magic local symbols $d/$m/... )


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.