Fix PPC Mac OS X memory access problem in includes/SMP.h
The following session uses a recently pulled ghc HEAD which has been built with -debug:
$ gdb /Users/thorkilnaur/tn/GHCDarcsRepository/ghc-HEAD-for-HughesPJ-wrong-fill-indent-20070506_1304/ghc/compiler/stage2/ghc-6.7.20070513
...
(gdb) run -B/Users/thorkilnaur/tn/GHCDarcsRepository/ghc-HEAD-for-HughesPJ-wrong-fill-indent-20070506_1304/ghc
Starting program: /Users/thorkilnaur/tn/GHCDarcsRepository/ghc-HEAD-for-HughesPJ-wrong-fill-indent-20070506_1304/ghc/compiler/stage2/ghc-6.7.20070513 -B/Users/thorkilnaur/tn/GHCDarcsRepository/ghc-HEAD-for-HughesPJ-wrong-fill-indent-20070506_1304/ghc
Reading symbols for shared libraries ..+. done
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00cb2744
0x00d8f5e8 in xchg (p=0x2dff000, w=13313840) at ../includes/SMP.h:74
74 __asm__ __volatile__ (
(gdb) where
#0 0x00d8f5e8 in xchg (p=0x2dff000, w=13313840) at ../includes/SMP.h:74
#1 0x00d8f564 in lockClosure (p=0x2dff000) at ../includes/SMP.h:185
#2 0x00d8f0dc in threadStackOverflow (cap=0x1103b00, tso=0x2dff000) at Schedule.c:2762
#3 0x00d8d75c in scheduleHandleStackOverflow (cap=0x1103b00, task=0x2b00430, t=0x2dff000) at Schedule.c:1643
#4 0x00d8c700 in schedule (initialCapability=0x1103b00, task=0x2b00430) at Schedule.c:681
#5 0x00d8e974 in scheduleWaitThread (tso=0x2d80800, ret=0x0, cap=0x1103b00) at Schedule.c:2466
#6 0x00e8aff0 in rts_evalLazyIO (cap=0x1103b00, p=0x10119d8, ret=0x0) at RtsAPI.c:510
#7 0x00c0ae20 in main (argc=2, argv=0xbffff600) at Main.c:105
(gdb) info threads
3 process 5257 thread 0x2003 0x9002c548 in semaphore_wait_signal_trap ()
2 process 5257 thread 0x20f 0x9001fa0c in select ()
* 1 process 5257 local thread 0xf03 0x00d8f5e8 in xchg (p=0x2dff000, w=13313840) at ../includes/SMP.h:74
(gdb) quit
The program is running. Exit anyway? (y or n) y
error while killing target (killing anyway): assertion failure on line 274 of "/SourceCache/gdb/gdb-437/src/gdb/macosx/macosx-nat-inferior-util.c" in function "macosx_inferior_suspend_ptrace": status.value.sig == TARGET_SIGNAL_STOP
warning: error on line 1729 of "/SourceCache/gdb/gdb-437/src/gdb/macosx/macosx-nat-inferior.c" in function "macosx_kill_inferior_safe": (os/kern) failure (0x5x)
$The memory access error occurs in the function xchg in libraries/SMP.h, here is a disassembly produced by gdb:
(gdb) disassemble xchg
Dump of assembler code for function xchg:
0x00d8f5c8 <xchg+0>: stmw r30,-8(r1)
0x00d8f5cc <xchg+4>: stwu r1,-64(r1)
0x00d8f5d0 <xchg+8>: mr r30,r1
0x00d8f5d4 <xchg+12>: stw r3,88(r30)
0x00d8f5d8 <xchg+16>: stw r4,92(r30)
0x00d8f5dc <xchg+20>: lwz r2,92(r30)
0x00d8f5e0 <xchg+24>: lwz r0,88(r30)
0x00d8f5e4 <xchg+28>: lwarx r0,r0,r0
0x00d8f5e8 <xchg+32>: stwcx. r2,r0,r0
0x00d8f5ec <xchg+36>: bne- 0xd8f5e4 <xchg+28>
0x00d8f5f0 <xchg+40>: stw r0,24(r30)
0x00d8f5f4 <xchg+44>: lwz r0,24(r30)
0x00d8f5f8 <xchg+48>: mr r3,r0
0x00d8f5fc <xchg+52>: lwz r1,0(r1)
0x00d8f600 <xchg+56>: lmw r30,-8(r1)
0x00d8f604 <xchg+60>: blr
End of assembler dump.The problem is in xchg+28-xchg+36 which is generated from this code
in includes/SMP.h:
INLINE_HEADER StgWord
xchg(StgPtr p, StgWord w)
{
StgWord result;
#if i386_HOST_ARCH || x86_64_HOST_ARCH
...
#elif powerpc_HOST_ARCH
__asm__ __volatile__ (
"1: lwarx %0, 0, %2\n"
" stwcx. %1, 0, %2\n"
" bne- 1b"
:"=r" (result)
:"r" (w), "r" (p)
);
#elif sparc_HOST_ARCH
...
#endif
return result;
}What happens is that gcc decides to allocate register r0 to both result and p. And that leads to interesting results.
The attached patch solves the problem by specifying the register assigned to result as "early clobbered".
Best regards Thorkil
Trac metadata
| Trac field | Value |
|---|---|
| Version | 6.7 |
| Type | Bug |
| TypeOfFailure | OtherFailure |
| Priority | normal |
| Resolution | Unresolved |
| Component | Runtime System |
| Test case | |
| Differential revisions | |
| BlockedBy | |
| Related | |
| Blocking | |
| CC | |
| Operating system | |
| Architecture |