[GHC] #15508: concprog001 fails with various errors

GHC ghc-devs at haskell.org
Fri Jan 4 11:59:27 UTC 2019 

#15508: concprog001 fails with various errors
-------------------------------------+-------------------------------------
        Reporter:  osa1              |                Owner:  osa1
            Type:  bug               |               Status:  new
        Priority:  highest           |            Milestone:  8.8.1
       Component:  Compiler          |              Version:  8.5
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  Runtime crash     |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:  #15571            |  Differential Rev(s):  Phab:D5051
       Wiki Page:                    |  (reverted), Phab:D5165, Phab:D5178
-------------------------------------+-------------------------------------

Comment (by osa1):

 One of the remaining issues is this: sometimes with prof+threaded builds
 we
 increment info pointers. This either segfaults, or the GC thinks that the
 object
 is already evacuated (because info pointer looks like a forwarding pointer
 when we increment it) and
 chaos ensues. Here's an example, in this generated code for
 `GHC.Conc.Sync.childHandler`:

 {{{
 Dump of assembler code for function
 base_GHCziConcziSync_childHandler1_info:
    0x000000000051c5c8 <+0>:     add    $0x28,%r12
    0x000000000051c5cc <+4>:     cmp    0x358(%r13),%r12
    0x000000000051c5d3 <+11>:    ja     0x51c61a
 <base_GHCziConcziSync_childHandler1_info+82>
    0x000000000051c5d5 <+13>:    mov    0x360(%r13),%rax
 => 0x000000000051c5dc <+20>:    addq   $0x3,0x48(%rax)
    0x000000000051c5e1 <+25>:    movq   $0x51bd50,-0x20(%r12)
    0x000000000051c5ea <+34>:    mov    0x360(%r13),%rax
    0x000000000051c5f1 <+41>:    mov    %rax,-0x18(%r12)
    0x000000000051c5f6 <+46>:    mov    0xd34988,%eax
    0x000000000051c5fd <+53>:    shl    $0x1e,%rax
    0x000000000051c601 <+57>:    mov    %rax,-0x10(%r12)
    0x000000000051c606 <+62>:    mov    %r14,(%r12)
    0x000000000051c60a <+66>:    mov    $0xb57742,%r14d
    0x000000000051c610 <+72>:    lea    -0x20(%r12),%rbx
    0x000000000051c615 <+77>:    jmpq   0xa3c4d0 <stg_catchzh>
    0x000000000051c61a <+82>:    movq   $0x28,0x388(%r13)
    0x000000000051c625 <+93>:    mov    $0xb57770,%ebx
    0x000000000051c62a <+98>:    jmpq   *-0x8(%r13)
 }}}

 The highlighted line increments this object's info pointer:

 {{{
 >>> print *(StgClosure*)0x4207528048
 $34 = {
   header = {
     info = 0x9f2200 <ghczmprim_GHCziTypes_ZC_con_info>,
     prof = {
       ccs = 0xb44390,
       hp = {
         rs = 0x0,
         ldvw = 0
       }
     }
   },
   payload = 0x4207528060
 }
 >>> call printClosure((StgClosure*)0x4207528048)
 ghc-prim:GHC.Types.:(0x42075280b9, 0x4207528092)
 }}}

 After that line:

 {{{
 >>> print *(StgClosure*)0x4207528048
 $40 = {
   header = {
     info = 0x9f2203 <ghczmprim_GHCziTypes_ZC_con_info+3>,
     prof = {
       ccs = 0xb44390,
       hp = {
         rs = 0x0,
         ldvw = 0
       }
     }
   },
   payload = 0x4207528060
 }
 }}}

 This is not a valid closure anymore.

 I don't know what that code is supposed to increment. I'll try to generate
 Cmm
 for `GHC.Conc.Sync.childHandler` and see.

-- 
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/15508#comment:26>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list