Bug 77709 - gcc profiling option lead to app. core-dump
Summary: gcc profiling option lead to app. core-dump
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gcc
Version: 7.3
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-11-12 16:21 UTC by Francois-Xavier 'FiX' KOWALSKI
Modified: 2007-04-18 16:48 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-10-03 10:39:49 UTC
Embargoed:

Attachments (Terms of Use)
pre-processed offending source code (56.04 KB, text/plain)
2002-11-12 16:22 UTC, Francois-Xavier 'FiX' KOWALSKI 		no flags Details
assembly code generated using -ggdb (73.60 KB, text/plain)
2002-11-12 16:23 UTC, Francois-Xavier 'FiX' KOWALSKI 		no flags Details
asembly code generated using -pg -a -ggdb (75.70 KB, text/plain)
2002-11-12 16:24 UTC, Francois-Xavier 'FiX' KOWALSKI 		no flags Details
View All

Description Francois-Xavier 'FiX' KOWALSKI 2002-11-12 16:21:04 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021017

Description of problem:
"GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.3 2.96-112)" cause
core-dumps when using profiling option -pg.

The following extract of a pre-processed C source code leads to core
dump when compiled with the profiling options -pg.

If you wan the complete .i file, please let me know.

	/* extracts of .h files */
	
	typedef unsigned char X;
	
	typedef struct STC
	{
	  struct STC *stnext ;
	}
	ST, *STp;
	
	typedef int (*P3_fxit) (STp , int , unsigned long) ;
	
	typedef void (*P2_txit) (STp , A) ;
	
	typedef void (*P3_nots) (STp , int , int) ;
	
	typedef struct hspa
	{
	  P3_fxit hsp_fxit ;
	  P2_txit hsp_ftxt ;
	
	  short hsp_id ;
	  X hsp_num ;
	  X hsp_ctrl ;
	  X hsp_alpr ;
	  X hsp_trace ;
	  int hsp_oerno ;
	  long hsp_serno ;
	  P3_nots hsp_not ;
	  long hsp_wrq ;
	  short hsp_wflg ;
	  STp hsp_gea ;
	
	  tlkcbT tsp_lock ;
	
	  bfmhspT tsp_bfm ;
	
	}
	hspacbT, *hspacbTp ;
	
	/* actual code */
	int osmtik
	(hspacbTp TESPAP)
	{
	   TESPAP->tsp_lock.tsp_cslk = &TESPAP->tsp_lock.tsp_stlk[0];
	
	   TESPAP->tsp_lock.tsp_cslk->lck_use = 0;
	   TESPAP->tsp_lock.tsp_cslk->lck_cb = &lockD;
	
	   return 0;
	}

The assembly code generated with the debug-only command line works
fine.  command line is:

gcc -g -ggdb -Wno-trigraphs -Wno-unused -Wpointer-arith -fno-common
-fno-strict-aliasing -c build/OCframeworks/code/C_GEA/gtolkm.c -E

generated code is:

.globl osmtik
        .type    osmtik,@function
osmtik:
.LFB1:
.LM1:

        pushl   %ebp
.LCFI0:
        movl    %esp, %ebp
.LCFI1:
.LM2:

        movl    8(%ebp), %edx
        movl    8(%ebp), %eax
        addl    $40, %eax
        movl    %eax, 120(%edx)
.LM3:

        movl    8(%ebp), %eax
        movl    120(%eax), %eax
        movl    $0, 4(%eax)
.LM4:

        movl    8(%ebp), %eax
        movl    120(%eax), %eax
        movl    $lockD, (%eax)
.LM5:

        movl    $0, %eax
.LM6:

        popl    %ebp
        ret
.LFE1:
.Lfe1:
        .size    osmtik,.Lfe1-osmtik
        .align 4

The profiling compilation command-line is:

gcc -g -ggdb -pg -a -Wno-trigraphs -Wno-unused -Wpointer-arith
-fno-common -fno-strict-aliasing -c
build/OCframeworks/code/C_GEA/gtolkm.c -E

.globl osmtik
        .type    osmtik,@function
osmtik:
.LFB1:
.LM1:

.LPB0:
        incl    .LPBX2
        pushl   %ebp
.LCFI0:
        movl    %esp, %ebp
.LCFI1:
        cmpl    $0, .LPBX0
        jne     .LPBZ0
        pushl   $.LPBX0
        call    __bb_init_func
        addl    $4, %esp
.LPBZ0:
        call    mcount
.LM2:

        movl    8(%ebp), %edx
        movl    8(%ebp), %eax
        addl    $40, %eax
        movl    %eax, 120(%edx)
.LM3:

        movl    8(%ebp), %eax
        movl    120(%eax), %eax
        movl    $0, 4(%eax)
.LM4:

        movl    8(%ebp), %eax
        movl    120(%eax), %eax
        movl    $lockD, (%eax)
.LM5:

        movl    $0, %eax
.LM6:

        popl    %ebp
        ret
.LFE1:
.Lfe1:
        .size    osmtik,.Lfe1-osmtik
        .align 4


The crash occurs at line 108, whereas the first line of the osmtik()
function is 109, i.e. it occurs in the profiling prologue.

Here is a step-by step execution of the code under gdb starting from
line 108.

Breakpoint 3, osmtik (TESPAP=0x0) at gtolkm.c:108
108	gtolkm.c: No such file or directory.
	in gtolkm.c
(gdb) info registers eip esp ebp
eip            0x81d3f40	0x81d3f40
esp            0xbfffeabc	0xbfffeabc
ebp            0xbfffeb28	0xbfffeb28
(gdb) x/25i 0x81d3f40
0x81d3f40 <osmtik>:	incl   0x8524240
0x81d3f46 <osmtik+6>:	push   %ebp
0x81d3f47 <osmtik+7>:	mov    %esp,%ebp
0x81d3f49 <osmtik+9>:	cmpl   $0x0,0x7380
0x81d3f50 <osmtik+16>:	jne    0x81d3f5f <osmtik+31>
0x81d3f52 <osmtik+18>:	push   $0x7380
0x81d3f57 <osmtik+23>:	call   0x826a0d0 <__bb_init_func>
0x81d3f5c <osmtik+28>:	add    $0x4,%esp
0x81d3f5f <osmtik+31>:	call   0x804c0ec <mcount>
0x81d3f64 <osmtik+36>:	mov    0x8(%ebp),%edx
0x81d3f67 <osmtik+39>:	mov    0x8(%ebp),%eax
0x81d3f6a <osmtik+42>:	add    $0x28,%eax
0x81d3f6d <osmtik+45>:	mov    %eax,0x78(%edx)
0x81d3f70 <osmtik+48>:	mov    0x8(%ebp),%eax
0x81d3f73 <osmtik+51>:	mov    0x78(%eax),%eax
0x81d3f76 <osmtik+54>:	movl   $0x0,0x4(%eax)
0x81d3f7d <osmtik+61>:	mov    0x8(%ebp),%eax
0x81d3f80 <osmtik+64>:	mov    0x78(%eax),%eax
0x81d3f83 <osmtik+67>:	movl   $0x848f020,(%eax)
0x81d3f89 <osmtik+73>:	mov    $0x0,%eax
0x81d3f8e <osmtik+78>:	pop    %ebp
0x81d3f8f <osmtik+79>:	ret    
0x81d3f90 <osmplk>:	incl   0x8524244
0x81d3f96 <osmplk+6>:	push   %ebp
0x81d3f97 <osmplk+7>:	mov    %esp,%ebp
(gdb) 

breakpoint in the calling function:

Breakpoint 5, BF_GtoTRMsg_impl::init (P_traceFunc=0, P_status=@0xbfffed60) at
build/OCframeworks/code/TrfRep/BF_TRMsg_impl.C:479
479	   if (LkmTinit(TESPAP) < 0) {
(gdb) stepi
0x081c1a28	479	   if (LkmTinit(TESPAP) < 0) {
(gdb) stepi
0x081c1a2b	479	   if (LkmTinit(TESPAP) < 0) {
(gdb) display TESPAP
2: TESPAP = 0x8524280
(gdb) stepi
0x081c1a31	479	   if (LkmTinit(TESPAP) < 0) {
2: TESPAP = 0x8524280
(gdb) 

Breakpoint 3, osmtik (TESPAP=0x0) at gtolkm.c:108
108	gtolkm.c: No such file or directory.
	in gtolkm.c
2: TESPAP = 0x8524280
Current language:  auto; currently c
(gdb) i r eip
eip            0x81d3f40	0x81d3f40
(gdb) x/25i 0x81d3f40
0x81d3f40 <osmtik>:	incl   0x8524240
0x81d3f46 <osmtik+6>:	push   %ebp
0x81d3f47 <osmtik+7>:	mov    %esp,%ebp
0x81d3f49 <osmtik+9>:	cmpl   $0x0,0x7380
0x81d3f50 <osmtik+16>:	jne    0x81d3f5f <osmtik+31>
0x81d3f52 <osmtik+18>:	push   $0x7380
0x81d3f57 <osmtik+23>:	call   0x826a0d0 <__bb_init_func>
0x81d3f5c <osmtik+28>:	add    $0x4,%esp
0x81d3f5f <osmtik+31>:	call   0x804c0ec <mcount>
0x81d3f64 <osmtik+36>:	mov    0x8(%ebp),%edx
0x81d3f67 <osmtik+39>:	mov    0x8(%ebp),%eax
0x81d3f6a <osmtik+42>:	add    $0x28,%eax
0x81d3f6d <osmtik+45>:	mov    %eax,0x78(%edx)
0x81d3f70 <osmtik+48>:	mov    0x8(%ebp),%eax
0x81d3f73<osmtik+51>:	mov    0x78(%eax),%eax
0x81d3f76 <osmtik+54>:	movl   $0x0,0x4(%eax)
0x81d3f7d <osmtik+61>:	mov    0x8(%ebp),%eax
0x81d3f80 <osmtik+64>:	mov    0x78(%eax),%eax
0x81d3f83 <osmtik+67>:	movl   $0x848f020,(%eax)
0x81d3f89 <osmtik+73>:	mov    $0x0,%eax
0x81d3f8e <osmtik+78>:	pop    %ebp
0x81d3f8f <osmtik+79>:	ret    
0x81d3f90 <osmplk>:	incl   0x8524244
0x81d3f96 <osmplk+6>:	push   %ebp
0x81d3f97 <osmplk+7>:	mov    %esp,%ebp

here is the step-by-step execution tracing:

(gdb) i r eip
eip            0x81d3f40	0x81d3f40
(gdb) x/5i 0x81d3f40
0x81d3f40 <osmtik>:	incl   0x8524240
0x81d3f46 <osmtik+6>:	push   %ebp
0x81d3f47 <osmtik+7>:	mov    %esp,%ebp
0x81d3f49 <osmtik+9>:	cmpl   $0x0,0x7380
0x81d3f50 <osmtik+16>:	jne    0x81d3f5f <osmtik+31>
(gdb) stepi
0x081d3f46	108	in gtolkm.c
3: TESPAP = (struct hspa *) 0x0
2: TESPAP = 0x8524280
(gdb) i r eip
eip            0x81d3f46	0x81d3f46
(gdb) x/5i 0x81d3f46
0x81d3f46 <osmtik+6>:	push   %ebp
0x81d3f47 <osmtik+7>:	mov    %esp,%ebp
0x81d3f49 <osmtik+9>:	cmpl   $0x0,0x7380
0x81d3f50 <osmtik+16>:	jne    0x81d3f5f <osmtik+31>
0x81d3f52 <osmtik+18>:	push   $0x7380
(gdb) i r ebp
ebp            0xbfffeb28	0xbfffeb28
(gdb) stepi
0x081d3f47	108	in gtolkm.c
3: TESPAP = (struct hspa *) 0x0
2: TESPAP = 0x8524280
(gdb) i r eip    
eip            0x81d3f47	0x81d3f47
(gdb) x/5i 0x81d3f47
0x81d3f47 <osmtik+7>:	mov    %esp,%ebp
0x81d3f49 <osmtik+9>:	cmpl   $0x0,0x7380
0x81d3f50 <osmtik+16>:	jne    0x81d3f5f <osmtik+31>
0x81d3f52 <osmtik+18>:	push   $0x7380
0x81d3f57 <osmtik+23>:	call   0x826a0d0 <__bb_init_func>
(gdb) i r ebp
ebp            0xbfffeb28	0xbfffeb28
(gdb) stepi
0x081d3f49 in osmtik (TESPAP=0x848e9a0) at gtolkm.c:108
108	in gtolkm.c
3: TESPAP = (struct hspa *) 0x848e9a0
2: TESPAP = 0x8524280
(gdb) i r eip
eip            0x81d3f49	0x81d3f49
(gdb) x/5i 0x81d3f49
0x81d3f49 <osmtik+9>:	cmpl   $0x0,0x7380
0x81d3f50 <osmtik+16>:	jne    0x81d3f5f <osmtik+31>
0x81d3f52 <osmtik+18>:	push   $0x7380
0x81d3f57 <osmtik+23>:	call   0x826a0d0 <__bb_init_func>
0x81d3f5c <osmtik+28>:	add    $0x4,%esp
(gdb) stepi

Program received signal SIGSEGV, Segmentation fault.
0x081d3f49 in osmtik (TESPAP=0x848e9a0) at gtolkm.c:108
108	in gtolkm.c
3: TESPAP = (struct hspa *) 0x848e9a0
2: TESPAP = 0x8524280
(gdb) 

Execution fails at the first line of the following section, generated
by GCC profiling option:

.LCFI1:
        cmpl    $0, .LPBX0
        jne     .LPBZ0
        pushl   $.LPBX0
        call    __bb_init_func
        addl    $4, %esp


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. re-compile the attached pre-processed file with or without profiling option
Eeek, readhat's bugzilla does not allow to attach pre-processed files to the
report... :-(
2. call the offending compiled function
3. SIGSEGV
	

Actual Results:  The application core-dump when running the profiling function
prologue.

Expected Results:  The application should pass through non-user code without
core-dump, only user-scode is expected to lead to core-dump

Additional info:

(gdb) bt
#0  0x081d3f49 in osmtik (TESPAP=0x848e9a0) at gtolkm.c:108
#1  0xbfffeb28 in ?? ()
#2  0x081c1a36 in BF_GtoTRMsg_impl::init (P_traceFunc=0, P_status=@0xbfffed60)
    at build/OCframeworks/code/TrfRep/BF_TRMsg_impl.C:479
#3  0x081c4a11 in BF_IBase::fill (this=0x8545248, P_status=@0xbfffed60) at
build/OCframeworks/code/Meta/BF_IBase.C:358
#4  0x081f465c in BF_MDMsgSet_impl::fillMsgSet (this=0x8545290,
P_iBase=@0x8545248, P_msgSet=0x8545280, P_status=@0xbfffed60)
    at build/OCframeworks/code/Meta/BF_MDMsgSet_impl.C:218
#5  0x081cc24d in BF_MDMsgSet::BF_MDMsgSet (this=0x8545280, P_iBase=@0x8545248,
P_status=@0xbfffed60)
    at build/OCframeworks/code/Meta/BF_MDMsgSet.C:46
#6  0x081eff16 in BF_MDMgr_impl::createMsgSet (this=0x853ac30,
P_iBase=@0x8545248, P_status=@0xbfffede0)
    at build/OCframeworks/code/Meta/BF_MDMgr_impl.C:270
#7  0x081c2d5a in BF_MDMgr::createMsgSet (P_msgSetName=0x8540b98 "IsupA95",
P_status=@0xbfffede0)
    at build/OCframeworks/code/Meta/BF_MDMgr.C:128
#8  0x08107571 in IsupInfoMgr::installMsgSet (P_msgSetName=0x8540b98 "IsupA95",
P_msgSetId=@0xbfffee6e)
    at build/OCISUP/code/message/IsupInfoMgr_impl.C:183
#9  0x08180555 in IsupMocMsgSet::IsupMocMsgSet (this=0x8545230,
P_msgSetName=0x8540b98 "IsupA95")
    at build/OCISUP/code/MIB/IsupCircuit.C:163
#10 0x080ab1e2 in IsupNavigator::getMessageSetName (this=0x848e9a0,
P_msgSetName=@0xbfffef40, P_lpc=@0x8544ea8, 
    P_msgSet=@0xbfffeffc) at build/OCISUP/code/protocol/IsupNavigator.C:3605
#11 0x080aae71 in IsupNavigator::getMessageSetName (this=0x85408b8, P_file=7,
P_section=@0xbffff0b0, P_lpc=@0x8544ea8, 
    P_msgSet=@0xbfffeffc) at build/OCISUP/code/protocol/IsupNavigator.C:3555
#12 0x080b533e in IsupNavigator::addDpc (this=0x85408b8, P_mocLpc=0x8544ea8,
P_file=7, P_section=@0xbffff0b0, P_mocDpc=@0xbffff0a8)
    at build/OCISUP/code/protocol/IsupNavigator.C:6213
#13 0x080a498f in IsupNavigator::initMocCircuitFromConfig (this=0x85408b8, P_file=7)
    at build/OCISUP/code/protocol/IsupNavigator.C:1378
#14 0x080a7b3c in IsupNavigator::instance (P_status=@0xbffff1d0, P_applicationId=0)
    at build/OCISUP/code/protocol/IsupNavigator.C:2236
#15 0x080688b5 in IsupMgr::init (P_applicationId=0) at
build/OCISUP/code/isupcore/IsupMgr.C:384
#16 0x08068e87 in IsupMgr::init (P_mgr=@0x84e7e58, P_applicationId=0) at
build/OCISUP/code/isupcore/IsupMgr.C:479
#17 0x08053744 in main (argc=14, argv=0xbffff3b4) at
build/OCISUP/code/isupgen/isupgen.C:1265
#18 0x42017589 in ?? ()
Comment 1 Francois-Xavier 'FiX' KOWALSKI 2002-11-12 16:22:24 UTC 
Created attachment 84684 [details]
pre-processed offending source code
Comment 2 Francois-Xavier 'FiX' KOWALSKI 2002-11-12 16:23:45 UTC 
Created attachment 84685 [details]
assembly code generated using -ggdb
Comment 3 Francois-Xavier 'FiX' KOWALSKI 2002-11-12 16:24:27 UTC 
Created attachment 84686 [details]
asembly code generated using -pg -a -ggdb
Comment 4 Alan Cox 2002-12-16 02:08:18 UTC 
Seems happy with gcc 3.2 / RH 8.0
Comment 5 Francois-Xavier 'FiX' KOWALSKI 2002-12-17 08:33:14 UTC 
Did attempt to duplicate on the 2.96 source-code baseline?
Comment 6 Richard Henderson 2004-10-03 10:39:49 UTC 
This was "fixed" by removing the -a option, which never did work right.
There are other alternative profiling options in current gcc releases.
Note You need to log in before you can comment on or make changes to this bug.