[GHC] #14675: GHC 8.4.1 regression: segfault when loading doctest on a module with ANNs on Ubuntu 16.04 or later

GHC ghc-devs at haskell.org
Wed Feb 21 13:53:38 UTC 2018 

#14675: GHC 8.4.1 regression: segfault when loading doctest on a module with ANNs
on Ubuntu 16.04 or later
-------------------------------------+-------------------------------------
        Reporter:  RyanGlScott       |                Owner:  bgamari
            Type:  bug               |               Status:  new
        Priority:  highest           |            Milestone:  8.4.1
       Component:  GHC API           |              Version:  8.4.1-alpha1
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  Runtime crash     |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:  #14603            |  Differential Rev(s):
       Wiki Page:                    |
-------------------------------------+-------------------------------------

Comment (by simonmar):

 Ok, I think I have a bit more info on this, and a better workaround.

 For me the crash happened here:

 {{{
 (gdb) disassemble 0x0000000040792900,0x0000000040792910
 Dump of assembler code from 0x40792900 to 0x40792910:
    0x0000000040792900:  mov    0x10(%rbp),%rax
    0x0000000040792904:  mov    %rbx,%rcx
    0x0000000040792907:  and    $0x7,%ecx
 => 0x000000004079290a:  jmpq   *0x403ff568(,%rcx,8)
 }}}

 and the memory at 0x403ff568 looks bogus.  By using `+RTS -Dl` and digging
 through the logs, correlating this with `objdump --reloc
 HSbase-4.11.0.0.o`, I got that this relocation is:

 {{{
 00000000004228cd R_X86_64_32S      .rodata-0x0000000000451cd8
 }}}

 which is utterly bogus: we should never have a negative offset into a
 section.

 The original object file, before it was squashed into `HSbase-4.11.0.0.o`
 has this:

 {{{
 0000000000000b3d R_X86_64_32S      .rodata..LneLq
 }}}

 which is a sensible relocation to the unique section name
 `.rodata..LneLq`.  Looks like something has gone wrong when we squashed
 the object files together to make `HSBase-4.11.0.0.o`.

 Indeed, if I take the command line to squash the object files and replace
 `ld.gold` with `ld`, then I get this relocation:

 {{{
 00000000004228cd R_X86_64_32S      .rodata+0x000000000000e158
 }}}

 which is much more sensible. And after doing that, the crashing program
 now works.

 So this suggests that the workaround should be to avoid using `ld.gold`
 for squashing objects together, I'll make a diff.

-- 
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/14675#comment:22>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list