Skip to content

Crash in stg_ap_p_fast on ARM on executable output by registerised/LLVM cross compiler

Tested here with the latest master ghc and llvm-3.2, cross compiled to arm linux.

singpolyma has noted this bug also at: http://osdir.com/ml/glasgow-haskell-users@haskell.org/2013-01/msg00237.html

This debug session shows that at the end of stg_ap_p_fast it is jumping to what would appear to be a garbage address.

root@ldu:~# gdb ./hello
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /root/hello...done.
(gdb) run
Starting program: /root/hello 
[Thread debugging using libthread_db enabled]

Program received signal SIGILL, Illegal instruction.
0xb6c0300c in ?? ()
(gdb) where
#0  0xb6c0300c in ?? ()
#1  0x003e4358 in stg_ap_p_fast ()
#2  0x003e4358 in stg_ap_p_fast ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) up         
#1  0x003e4358 in stg_ap_p_fast ()
(gdb) disassemble
Dump of assembler code for function stg_ap_p_fast:
0x003e4278 <stg_ap_p_fast+0>:	and	r3, r7, #3
0x003e427c <stg_ap_p_fast+4>:	cmp	r3, #1
0x003e4280 <stg_ap_p_fast+8>:	bne	0x3e4298 <stg_ap_p_fast+32>
0x003e4284 <stg_ap_p_fast+12>:	sub	r3, r7, #1
0x003e4288 <stg_ap_p_fast+16>:	ldr	r0, [r3]
0x003e428c <stg_ap_p_fast+20>:	mov	lr, pc
0x003e4290 <stg_ap_p_fast+24>:	mov	pc, r0
0x003e4294 <stg_ap_p_fast+28>:	mov	pc, lr
0x003e4298 <stg_ap_p_fast+32>:	bic	r7, r7, #3
0x003e429c <stg_ap_p_fast+36>:	ldr	r0, [r7]
0x003e42a0 <stg_ap_p_fast+40>:	ldrsh	r3, [r0, #-4]
0x003e42a4 <stg_ap_p_fast+44>:	sub	r3, r3, #9
0x003e42a8 <stg_ap_p_fast+48>:	cmp	r3, #7
0x003e42ac <stg_ap_p_fast+52>:	bcs	0x3e42cc <stg_ap_p_fast+84>
0x003e42b0 <stg_ap_p_fast+56>:	ldrh	r3, [r0, #-10]
0x003e42b4 <stg_ap_p_fast+60>:	cmp	r3, #1
0x003e42b8 <stg_ap_p_fast+64>:	bne	0x3e42d8 <stg_ap_p_fast+96>
0x003e42bc <stg_ap_p_fast+68>:	orr	r7, r7, #1
0x003e42c0 <stg_ap_p_fast+72>:	mov	lr, pc
0x003e42c4 <stg_ap_p_fast+76>:	mov	pc, r0
0x003e42c8 <stg_ap_p_fast+80>:	mov	pc, lr
0x003e42cc <stg_ap_p_fast+84>:	sub	r5, r5, #4
---Type <return> to continue, or q <return> to quit---
0x003e42d0 <stg_ap_p_fast+88>:	bl	0x3e5dc4 <stg_ap_p_info>
0x003e42d4 <stg_ap_p_fast+92>:	mov	pc, lr
0x003e42d8 <stg_ap_p_fast+96>:	lsl	r2, r3, #16
0x003e42dc <stg_ap_p_fast+100>:	cmp	r3, #3
0x003e42e0 <stg_ap_p_fast+104>:	add	r6, r6, #16
0x003e42e4 <stg_ap_p_fast+108>:	sub	r3, r5, #4
0x003e42e8 <stg_ap_p_fast+112>:	asr	r1, r2, #16
0x003e42ec <stg_ap_p_fast+116>:	ldr	r2, [r4, #132]	; 0x84
0x003e42f0 <stg_ap_p_fast+120>:	addls	r7, r7, r1
0x003e42f4 <stg_ap_p_fast+124>:	cmp	r6, r2
0x003e42f8 <stg_ap_p_fast+128>:	bls	0x3e4318 <stg_ap_p_fast+160>
0x003e42fc <stg_ap_p_fast+132>:	mov	r5, #16
0x003e4300 <stg_ap_p_fast+136>:	str	r5, [r4, #156]	; 0x9c
0x003e4304 <stg_ap_p_fast+140>:	ldr	r5, [pc, #84]	; 0x3e4360 <stg_ap_p_fast+232>
0x003e4308 <stg_ap_p_fast+144>:	str	r5, [r3]
0x003e430c <stg_ap_p_fast+148>:	mov	r5, r3
0x003e4310 <stg_ap_p_fast+152>:	bl	0x3dee98 <__stg_gc_enter_1>
0x003e4314 <stg_ap_p_fast+156>:	mov	pc, lr
0x003e4318 <stg_ap_p_fast+160>:	ldr	r0, [pc, #60]	; 0x3e435c <stg_ap_p_fast+228>
0x003e431c <stg_ap_p_fast+164>:	add	r1, r1, #255	; 0xff
0x003e4320 <stg_ap_p_fast+168>:	mov	r2, r6
---Type <return> to continue, or q <return> to quit---
0x003e4324 <stg_ap_p_fast+172>:	add	r1, r1, #65280	; 0xff00
0x003e4328 <stg_ap_p_fast+176>:	str	r0, [r2, #-12]!
0x003e432c <stg_ap_p_fast+180>:	strh	r1, [r6, #-8]
0x003e4330 <stg_ap_p_fast+184>:	sub	r1, r6, #4
0x003e4334 <stg_ap_p_fast+188>:	str	r7, [r1]
0x003e4338 <stg_ap_p_fast+192>:	mov	r7, #1
0x003e433c <stg_ap_p_fast+196>:	strh	r7, [r6, #-6]
0x003e4340 <stg_ap_p_fast+200>:	ldr	r7, [r3, #4]
0x003e4344 <stg_ap_p_fast+204>:	str	r7, [r6]
0x003e4348 <stg_ap_p_fast+208>:	ldr	r0, [r5, #4]!
0x003e434c <stg_ap_p_fast+212>:	mov	r7, r2
0x003e4350 <stg_ap_p_fast+216>:	mov	lr, pc
0x003e4354 <stg_ap_p_fast+220>:	mov	pc, r0
0x003e4358 <stg_ap_p_fast+224>:	mov	pc, lr
0x003e435c <stg_ap_p_fast+228>:	eorseq	lr, sp, r0, ror #2
0x003e4360 <stg_ap_p_fast+232>:	eorseq	r5, lr, r4, asr #27
End of assembler dump.
(gdb) break *0x003e4354
Breakpoint 1 at 0x3e4354
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /root/hello 
[Thread debugging using libthread_db enabled]

Breakpoint 1, 0x003e4354 in stg_ap_p_fast ()
(gdb) info registers
r0             0xb6c02000	3066044416
r1             0xb6c02010	3066044432
r2             0xb6c02008	3066044424
r3             0xb6c033ac	3066049452
r4             0x452910	4532496
r5             0xb6c033b4	3066049460
r6             0xb6c02014	3066044436
r7             0xb6c02008	3066044424
r8             0x42c818	4376600
r9             0xb6ff76e0	3070195424
r10            0x452ab8	4532920
r11            0xb6c03064	3066048612
r12            0x0	0
sp             0xbeffdc00	0xbeffdc00
lr             0x3e4358	4080472
pc             0x3e4354	0x3e4354 <stg_ap_p_fast+220>
fps            0x1001000	16781312
cpsr           0x80000010	2147483664
(gdb) stepi
0xb6c02000 in ?? ()
(gdb)
Trac metadata
Trac field Value
Version 7.7
Type Bug
TypeOfFailure OtherFailure
Priority normal
Resolution Unresolved
Component Compiler (LLVM)
Test case
Differential revisions
BlockedBy
Related
Blocking
CC
Operating system
Architecture
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information