[GHC] #7640: Crash in stg_ap_p_fast on ARM on executable output by registerised/LLVM cross compiler
GHC
cvs-ghc at haskell.org
Thu Jan 31 11:18:10 CET 2013
#7640: Crash in stg_ap_p_fast on ARM on executable output by registerised/LLVM
cross compiler
------------------------------+---------------------------------------------
Reporter: StephenBlackheath | Owner:
Type: bug | Status: new
Priority: normal | Component: Compiler (LLVM)
Version: 7.7 | Keywords:
Os: Unknown/Multiple | Architecture: arm
Failure: Runtime crash | Blockedby:
Blocking: | Related:
------------------------------+---------------------------------------------
Tested here with the latest master ghc and llvm-3.2, cross compiled to arm
linux.
singpolyma has noted this bug also at: http://osdir.com/ml/glasgow-
haskell-users at haskell.org/2013-01/msg00237.html
This debug session shows that at the end of stg_ap_p_fast it is jumping to
what would appear to be a garbage address.
{{{
root at ldu:~# gdb ./hello
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /root/hello...done.
(gdb) run
Starting program: /root/hello
[Thread debugging using libthread_db enabled]
Program received signal SIGILL, Illegal instruction.
0xb6c0300c in ?? ()
(gdb) where
#0 0xb6c0300c in ?? ()
#1 0x003e4358 in stg_ap_p_fast ()
#2 0x003e4358 in stg_ap_p_fast ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) up
#1 0x003e4358 in stg_ap_p_fast ()
(gdb) disassemble
Dump of assembler code for function stg_ap_p_fast:
0x003e4278 <stg_ap_p_fast+0>: and r3, r7, #3
0x003e427c <stg_ap_p_fast+4>: cmp r3, #1
0x003e4280 <stg_ap_p_fast+8>: bne 0x3e4298 <stg_ap_p_fast+32>
0x003e4284 <stg_ap_p_fast+12>: sub r3, r7, #1
0x003e4288 <stg_ap_p_fast+16>: ldr r0, [r3]
0x003e428c <stg_ap_p_fast+20>: mov lr, pc
0x003e4290 <stg_ap_p_fast+24>: mov pc, r0
0x003e4294 <stg_ap_p_fast+28>: mov pc, lr
0x003e4298 <stg_ap_p_fast+32>: bic r7, r7, #3
0x003e429c <stg_ap_p_fast+36>: ldr r0, [r7]
0x003e42a0 <stg_ap_p_fast+40>: ldrsh r3, [r0, #-4]
0x003e42a4 <stg_ap_p_fast+44>: sub r3, r3, #9
0x003e42a8 <stg_ap_p_fast+48>: cmp r3, #7
0x003e42ac <stg_ap_p_fast+52>: bcs 0x3e42cc <stg_ap_p_fast+84>
0x003e42b0 <stg_ap_p_fast+56>: ldrh r3, [r0, #-10]
0x003e42b4 <stg_ap_p_fast+60>: cmp r3, #1
0x003e42b8 <stg_ap_p_fast+64>: bne 0x3e42d8 <stg_ap_p_fast+96>
0x003e42bc <stg_ap_p_fast+68>: orr r7, r7, #1
0x003e42c0 <stg_ap_p_fast+72>: mov lr, pc
0x003e42c4 <stg_ap_p_fast+76>: mov pc, r0
0x003e42c8 <stg_ap_p_fast+80>: mov pc, lr
0x003e42cc <stg_ap_p_fast+84>: sub r5, r5, #4
---Type <return> to continue, or q <return> to quit---
0x003e42d0 <stg_ap_p_fast+88>: bl 0x3e5dc4 <stg_ap_p_info>
0x003e42d4 <stg_ap_p_fast+92>: mov pc, lr
0x003e42d8 <stg_ap_p_fast+96>: lsl r2, r3, #16
0x003e42dc <stg_ap_p_fast+100>: cmp r3, #3
0x003e42e0 <stg_ap_p_fast+104>: add r6, r6, #16
0x003e42e4 <stg_ap_p_fast+108>: sub r3, r5, #4
0x003e42e8 <stg_ap_p_fast+112>: asr r1, r2, #16
0x003e42ec <stg_ap_p_fast+116>: ldr r2, [r4, #132] ; 0x84
0x003e42f0 <stg_ap_p_fast+120>: addls r7, r7, r1
0x003e42f4 <stg_ap_p_fast+124>: cmp r6, r2
0x003e42f8 <stg_ap_p_fast+128>: bls 0x3e4318 <stg_ap_p_fast+160>
0x003e42fc <stg_ap_p_fast+132>: mov r5, #16
0x003e4300 <stg_ap_p_fast+136>: str r5, [r4, #156] ; 0x9c
0x003e4304 <stg_ap_p_fast+140>: ldr r5, [pc, #84] ; 0x3e4360
<stg_ap_p_fast+232>
0x003e4308 <stg_ap_p_fast+144>: str r5, [r3]
0x003e430c <stg_ap_p_fast+148>: mov r5, r3
0x003e4310 <stg_ap_p_fast+152>: bl 0x3dee98 <__stg_gc_enter_1>
0x003e4314 <stg_ap_p_fast+156>: mov pc, lr
0x003e4318 <stg_ap_p_fast+160>: ldr r0, [pc, #60] ; 0x3e435c
<stg_ap_p_fast+228>
0x003e431c <stg_ap_p_fast+164>: add r1, r1, #255 ; 0xff
0x003e4320 <stg_ap_p_fast+168>: mov r2, r6
---Type <return> to continue, or q <return> to quit---
0x003e4324 <stg_ap_p_fast+172>: add r1, r1, #65280 ; 0xff00
0x003e4328 <stg_ap_p_fast+176>: str r0, [r2, #-12]!
0x003e432c <stg_ap_p_fast+180>: strh r1, [r6, #-8]
0x003e4330 <stg_ap_p_fast+184>: sub r1, r6, #4
0x003e4334 <stg_ap_p_fast+188>: str r7, [r1]
0x003e4338 <stg_ap_p_fast+192>: mov r7, #1
0x003e433c <stg_ap_p_fast+196>: strh r7, [r6, #-6]
0x003e4340 <stg_ap_p_fast+200>: ldr r7, [r3, #4]
0x003e4344 <stg_ap_p_fast+204>: str r7, [r6]
0x003e4348 <stg_ap_p_fast+208>: ldr r0, [r5, #4]!
0x003e434c <stg_ap_p_fast+212>: mov r7, r2
0x003e4350 <stg_ap_p_fast+216>: mov lr, pc
0x003e4354 <stg_ap_p_fast+220>: mov pc, r0
0x003e4358 <stg_ap_p_fast+224>: mov pc, lr
0x003e435c <stg_ap_p_fast+228>: eorseq lr, sp, r0, ror #2
0x003e4360 <stg_ap_p_fast+232>: eorseq r5, lr, r4, asr #27
End of assembler dump.
(gdb) break *0x003e4354
Breakpoint 1 at 0x3e4354
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /root/hello
[Thread debugging using libthread_db enabled]
Breakpoint 1, 0x003e4354 in stg_ap_p_fast ()
(gdb) info registers
r0 0xb6c02000 3066044416
r1 0xb6c02010 3066044432
r2 0xb6c02008 3066044424
r3 0xb6c033ac 3066049452
r4 0x452910 4532496
r5 0xb6c033b4 3066049460
r6 0xb6c02014 3066044436
r7 0xb6c02008 3066044424
r8 0x42c818 4376600
r9 0xb6ff76e0 3070195424
r10 0x452ab8 4532920
r11 0xb6c03064 3066048612
r12 0x0 0
sp 0xbeffdc00 0xbeffdc00
lr 0x3e4358 4080472
pc 0x3e4354 0x3e4354 <stg_ap_p_fast+220>
fps 0x1001000 16781312
cpsr 0x80000010 2147483664
(gdb) stepi
0xb6c02000 in ?? ()
(gdb)
}}}
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/7640>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list