llvm FreeBSD powerpc ABI target bug fix: Re: [Bug 26519] Clang 4.0.0's "Target: powerpc-unknown-freebsd11.0" code generation is violating the SVR4 ABI (SEGV can result)
Mark Millard
markmi at dsl-only.net
Sat May 6 09:59:43 UTC 2017
[I'm top posting a find of another stack
handling failure example from the updated
compiler for TARGET_ARCH=powerpc .]
Bad news: Another code generation error, this
time demonstrated in compiling part of perl5. . .
(I tried to build a port that indirectly
tried build perl5 but perl5's miniperl crashes.)
/usr/obj/portswork/usr/ports/lang/perl5.24/work/perl-5.24.1/numeric.c
has Perl_cast_iv(NV f) for which clang double stores
two different things to one address [24(r1)]. Below
the => lines are the double store, the second
destroying the r30 value that was saved in the first:
Dump of assembler code for function Perl_cast_iv:
0x0196a114 <+0>: mflr r0
0x0196a118 <+4>: stw r0,4(r1)
0x0196a11c <+8>: stwu r1,-32(r1)
0x0196a120 <+12>: stw r31,28(r1)
=> 0x0196a124 <+16>: stw r30,24(r1)
0x0196a128 <+20>: mr r31,r1
0x0196a12c <+24>: mfcr r12
=> 0x0196a130 <+28>: stw r12,24(r31)
Note: r31 == r1 for that second "=>" line.
The return code sequence has a similar
problem: two loads from the same address
for what should be distinct values.
Note: r31 == r1 here too.
=> 0x0196a1bc <+168>: lwz r12,24(r31)
0x0196a1c0 <+172>: lwz r0,36(r1)
0x0196a1c4 <+176>: lwz r31,28(r1)
=> 0x0196a1c8 <+180>: lwz r30,24(r1)
0x0196a1cc <+184>: mtcrf 32,r12
0x0196a1d0 <+188>: addi r1,r1,32
0x0196a1d4 <+192>: mtlr r0
0x0196a1d8 <+196>: blr
The Perl_cast_iv source code looks like:
IV
Perl_cast_iv(NV f)
{
if (f < IV_MAX_P1)
return f < IV_MIN ? IV_MIN : (IV) f;
if (f < UV_MAX_P1) {
#if CASTFLAGS & 2
/* For future flexibility allowing for sizeof(UV) >= sizeof(IV) */
if (f < UV_MAX_P1_HALF)
return (IV)(UV) f;
f -= UV_MAX_P1_HALF;
return (IV)(((UV) f) | (1 + (UV_MAX >> 1)));
#else
return (IV)(UV) f;
#endif
}
return f > 0 ? (IV)UV_MAX : 0 /* NaN */;
}
This sort of thing might explain the
occasional panic that names ffs_truncate
if there is some infrequently used
routine that messes up the stack.
On 2017-May-6, at 12:06 AM, Mark Millard <markmi at dsl-only.net> wrote:
> On 2017-May-5, at 10:13 PM, Mark Millard <markmi at dsl-only.net> wrote:
>
>
>> On 2017-May-5, at 6:11 PM, Mark Millard <markmi at dsl-only.net> wrote:
>>
>>>>> . . .
>>>>>
>>>>> For the gcc 4.2.1 based kernel boot I have
>>>>> had one odd fatal kernel trap (0x903a64a,
>>>>> "unknown") where the lr showed 0x907f . It
>>>>> reported being stopped at:
>>>>>
>>>>> ffs_truncate+0x1080
>>>>>
>>>>> It appears that "call doadump" worked but
>>>>> I've not looked at what was put in
>>>>> /var/crash/ .
>>>>
>>>> If I leave the PowerMac idle running:
>
> It also happens when busy.
>
>>>> # uname -paKU
>>>> FreeBSD FBSDG4S 12.0-CURRENT FreeBSD 12.0-CURRENT r317820M powerpc powerpc 1200030 1200030
>>>>
>>>> it eventually gets the same ffs_truncate-tied fatal
>>>> kernel trap, with the same odd lr and the like.
>>>>
>>>> So, while I cannot directly cause the problem
>>>> at a specific time, the problem is repeatable.
>>>>
>>>> . . .
>>>
>>> The ffs_truncate issue is odd:
>>>
>>> A) It was gcc 4.2.1 based for both kernel and world.
>>> B) I built a gcc 4.2.1 based debug kernel and
>>> installed it but that does not get the problem.
>>>
>>> I sam trying the gcc 4.2.1 debug kernel with the
>>> system clang 4 world now and will later switch
>>> to the gcc 4.2.1 non-debug kernel to see what
>>> happens.
>>>
>>> But being a pure gcc 4.2.1 environment originally
>>> suggests that the ffs_truncate issue is not
>>> clang-toolchain related.
>>
>> I found a bad (old) kernel module in /boot/kernel/
>> and eliminating it appears to have removed the
>> ffs_truncate problem.
>>
>> . . .
>
> For the ffs_truncate problem I spoke too
> soon: It happened again, this time while
> the old PowerMac was busy.
>
> The detail numbers and such were again the
> same.
===
Mark Millard
markmi at dsl-only.net
More information about the freebsd-ppc
mailing list