[Bug target/97431] [SH] Python crashes with 'Segmentation fault with -finline-small-functions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97431 John David Anglin changed: What|Removed |Added CC||danglin at gcc dot gnu.org --- Comment #8 from John David Anglin --- The same or a similar problem is present on hppa. Building Python 3.9 with -finline-small-functions causes wrong code and build failure: https://buildd.debian.org/status/fetch.php?pkg=python3.9=hppa=3.9.0-4=1603018299=0
[Bug target/97431] [SH] Python crashes with 'Segmentation fault with -finline-small-functions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97431 --- Comment #7 from John Paul Adrian Glaubitz --- Created attachment 49380 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49380=edit Archive containing C source, preprocessed source as well as assembly and object output I have created the pre-processed source with the following command line: sh4-linux-gnu-gcc -pthread -c -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -g -fdebug-prefix-map=//build/python3.9-m4kjWv/python3.9-3.9.0=. -fstack-protector -Wformat -Werror=format-security-std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -fvisibility=hidden -I../Include/internal -IObjects -IInclude -IPython -I. -I../Include -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPy_BUILD_CORE -o Objects/longobject.o ../Objects/longobject.c -save-temps I have included the C sources, assembly output and resulting object file to make sure we got everything in one archive.
[Bug target/97431] [SH] Python crashes with 'Segmentation fault with -finline-small-functions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97431 --- Comment #6 from Oleg Endo --- (In reply to John Paul Adrian Glaubitz from comment #5) So the difference seems to be only the -fPIC option? Can you get the preprocessed .i file with -save-temps ?
[Bug target/97431] [SH] Python crashes with 'Segmentation fault with -finline-small-functions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97431 --- Comment #5 from John Paul Adrian Glaubitz --- (In reply to Oleg Endo from comment #4) > Just to point out the obvious, r13 is never initialized nor referenced by > anything else throughout the function. What are the compiler options? One additional observation. It seems that the static build does not crash, just the shared build. >From the build log, we have for the shared build that crashes: sh4-linux-gnu-gcc -pthread -c -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -g -fdebug-prefix-map=/<>=. -fstack-protector -Wformat -Werror=format-security-std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -fvisibility=hidden -I../Include/internal -IObjects -IInclude -IPython -I. -I../Include -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPy_BUILD_CORE -o Objects/longobject.o ../Objects/longobject.c For the static build, which did not crash in my test, we have: sh4-linux-gnu-gcc -pthread -c -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -g -fdebug-prefix-map=/<>=. -fstack-protector -Wformat -Werror=format-security-std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -fvisibility=hidden -I../Include/internal -IObjects -IInclude -IPython -I. -I../Include -Wdate-time -D_FORTIFY_SOURCE=2 -DPy_BUILD_CORE -o Objects/longobject.o ../Objects/longobject.c
[Bug target/97431] [SH] Python crashes with 'Segmentation fault with -finline-small-functions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97431 Oleg Endo changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed||2020-10-15 Status|UNCONFIRMED |NEW --- Comment #4 from Oleg Endo --- (In reply to John Paul Adrian Glaubitz from comment #3) > r110x5 5 > r120x299f367c 698300028 > r130x8b82232 > r140x2a15f4a0 706081952 > > Disassembled function: > > Dump of assembler code for function long_richcompare: >0x29631850 <+0>: mov.l r8,@-r15 >0x29631852 <+2>: mova0x296318e8 ,r0 >0x29631854 <+4>: mov.l r12,@-r15 >0x29631856 <+6>: mov.l @(4,r4),r1 >0x29631858 <+8>: mov.l 0x296318e8 ,r12 ! > 0x3c1d94 >0x2963185a <+10>:add #64,r1 >0x2963185c <+12>:mov.l @(20,r1),r2 >0x2963185e <+14>:mov.l 0x296318ec ,r1 ! > 0x100 >0x29631860 <+16>:tst r1,r2 >0x29631862 <+18>:bt.s0x296318d8 >0x29631864 <+20>:add r0,r12 >0x29631866 <+22>:mov.l @(4,r5),r2 >0x29631868 <+24>:add #64,r2 >0x2963186a <+26>:mov.l @(20,r2),r2 >0x2963186c <+28>:tst r1,r2 >0x2963186e <+30>:bt.s0x296318d8 >0x29631870 <+32>:cmp/eq r5,r4 >0x29631872 <+34>:bt.s0x29631940 >0x29631874 <+36>:mov #5,r1 >0x29631876 <+38>:mov.l @(8,r4),r7 >0x29631878 <+40>:mov.l @(8,r5),r1 >0x2963187a <+42>:mov r7,r8 >0x2963187c <+44>:cmp/eq r1,r7 >0x2963187e <+46>:bf.s0x296318e8 >0x29631880 <+48>:sub r1,r8 > > > >0x296318e6 <+150>: mov.l @r15+,r8 > => 0x296318e8 <+152>: mov.l r9,@(16,r13) Just to point out the obvious, r13 is never initialized nor referenced by anything else throughout the function. What are the compiler options?
[Bug target/97431] [SH] Python crashes with 'Segmentation fault with -finline-small-functions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97431 --- Comment #3 from John Paul Adrian Glaubitz --- (In reply to Rich Felker from comment #1) > Do you have a complete disassembly of the function it crashed in and > register dump at the point of crash? That would help. Register dump: (gdb) info registers r0 0x296318e8 694360296 r1 0x1 1 r2 0x104140017044480 r3 0x3e81000 r4 0x2a15f490 706081936 r5 0x2a15f4a0 706081952 r6 0x5 5 r7 0x0 0 r8 0x -1 r9 0x4154e8 4281576 r100x2a15f490 706081936 r110x5 5 r120x299f367c 698300028 r130x8b82232 r140x2a15f4a0 706081952 r150x7bffea64 2080369252 pc 0x296318e8 694360296 pr 0x2964f740 694482752 gbr0x29576d78 693595512 mach 0xa 10 macl 0x0 0 (gdb) Disassembled function: Dump of assembler code for function long_richcompare: 0x29631850 <+0>: mov.l r8,@-r15 0x29631852 <+2>: mova0x296318e8 ,r0 0x29631854 <+4>: mov.l r12,@-r15 0x29631856 <+6>: mov.l @(4,r4),r1 0x29631858 <+8>: mov.l 0x296318e8 ,r12 ! 0x3c1d94 0x2963185a <+10>:add #64,r1 0x2963185c <+12>:mov.l @(20,r1),r2 0x2963185e <+14>:mov.l 0x296318ec ,r1! 0x100 0x29631860 <+16>:tst r1,r2 0x29631862 <+18>:bt.s0x296318d8 0x29631864 <+20>:add r0,r12 0x29631866 <+22>:mov.l @(4,r5),r2 0x29631868 <+24>:add #64,r2 0x2963186a <+26>:mov.l @(20,r2),r2 0x2963186c <+28>:tst r1,r2 0x2963186e <+30>:bt.s0x296318d8 0x29631870 <+32>:cmp/eq r5,r4 0x29631872 <+34>:bt.s0x29631940 0x29631874 <+36>:mov #5,r1 0x29631876 <+38>:mov.l @(8,r4),r7 0x29631878 <+40>:mov.l @(8,r5),r1 0x2963187a <+42>:mov r7,r8 0x2963187c <+44>:cmp/eq r1,r7 0x2963187e <+46>:bf.s0x296318e8 0x29631880 <+48>:sub r1,r8 0x29631882 <+50>:cmp/pz r7 0x29631884 <+52>:mov r7,r1 0x29631886 <+54>:bt 0x2963188a 0x29631888 <+56>:neg r7,r1 0x2963188a <+58>:mov r1,r2 0x2963188c <+60>:add r2,r2 0x2963188e <+62>:add #12,r2 0x29631890 <+64>:add r2,r4 0x29631892 <+66>:add r2,r5 0x29631894 <+68>:mov r1,r2 0x29631896 <+70>:mov #-1,r3 0x29631898 <+72>:add #-1,r1 0x2963189a <+74>:cmp/ge r3,r1 0x2963189c <+76>:bf.s0x2963193c 0x2963189e <+78>:add #1,r2 0x296318a0 <+80>:dt r2 0x296318a2 <+82>:bt.s0x296318ba 0x296318a4 <+84>:cmp/pz r7 0x296318a6 <+86>:add #-2,r4 0x296318a8 <+88>:add #-2,r5 0x296318aa <+90>:mov.w @r4,r1 0x296318ac <+92>:mov.w @r5,r3 0x296318ae <+94>:sub r3,r1 0x296318b0 <+96>:exts.w r1,r1 0x296318b2 <+98>:tst r1,r1 0x296318b4 <+100>: bt.s0x296318a0 0x296318b6 <+102>: cmp/pz r7 0x296318b8 <+104>: mov r1,r8 0x296318ba <+106>: bt 0x296318be 0x296318bc <+108>: neg r8,r8 0x296318be <+110>: mov #5,r1 0x296318c0 <+112>: cmp/hi r1,r6 0x296318c2 <+114>: bf 0x296318f8 0x296318c4 <+116>: cmp/pz r8 0x296318c6 <+118>: bt 0x29631914 0x296318c8 <+120>: mov.l 0x296318f0 ,r0! 0xa70 0x296318ca <+122>: mov.l @(r0,r12),r0 0x296318cc <+124>: mov.l @r0,r1 0x296318ce <+126>: add #1,r1 0x296318d0 <+128>: mov.l r1,@r0 0x296318d2 <+130>: mov.l @r15+,r12 0x296318d4 <+132>: rts 0x296318d6 <+134>: mov.l @r15+,r8 0x296318d8 <+136>: mov.l 0x296318f4 ,r0! 0x8b8 0x296318da <+138>: mov.l @(r0,r12),r0 0x296318dc <+140>: mov.l @r0,r1 0x296318de <+142>: add #1,r1 0x296318e0 <+144>: mov.l r1,@r0 0x296318e2 <+146>: mov.l @r15+,r12 0x296318e4 <+148>: rts 0x296318e6 <+150>: mov.l @r15+,r8 => 0x296318e8 <+152>: mov.l r9,@(16,r13) 0x296318ea <+154>: mov.b @(r0,r3),r0 0x296318ec <+156>: .word 0x 0x296318ee <+158>: .word 0x0100 0x296318f0 <+160>: .word 0x0a70 0x296318f2 <+162>: .word 0x 0x296318f4 <+164>: .word 0x08b8 0x296318f6 <+166>: .word 0x 0x296318f8 <+168>: mova0x29631904 ,r0 0x296318fa <+170>: add r6,r6 0x296318fc <+172>: mov.w @(r0,r6),r6 0x296318fe <+174>: brafr6 0x29631900 <+176>: nop 0x29631902 <+178>: nop 0x29631904 <+180>: mov.l @(r0,r0),r0 0x29631906 <+182>: stc vbr,r0 0x29631908 <+184>: mov.l @(r0,r5),r0 0x2963190a <+186>: .word 0x0032 0x2963190c <+188>: sts pr,r0 0x2963190e <+190>: .word
[Bug target/97431] [SH] Python crashes with 'Segmentation fault with -finline-small-functions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97431 --- Comment #2 from Yoshinori Sato --- Since 0x296318e8 is data, we need to investigate where we jumped. The backtrace looks normal, so I think you're getting anomalous jumps when optimizing long_richcompare.
[Bug target/97431] [SH] Python crashes with 'Segmentation fault with -finline-small-functions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97431 --- Comment #1 from Rich Felker --- Do you have a complete disassembly of the function it crashed in and register dump at the point of crash? That would help.
