NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: port-sh3/59466 (new gmake crashes when trying to build libxml2)
The following reply was made to PR port-sh3/59466; it has been noted by GNATS.
From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: port-sh3/59466 (new gmake crashes when trying to build libxml2)
Date: Sat, 14 Jun 2025 12:36:09 +0200
This seems to be a gcc issue. The crash happens here:
#2 0x00418104 in hash_find_slot (ht=0x465d5c <strings>, key=0x7637300d) at src/hash.c:109
109 if ((*ht->ht_compare) (key, *slot) == 0)
the function looks like this:
/* Returns the address of the table slot matching 'key'. If 'key' is
not found, return the address of an empty slot suitable for
inserting 'key'. The caller is responsible for incrementing
ht_fill on insertion. */
void **
hash_find_slot (struct hash_table *ht, const void *key)
{
void **slot;
void **deleted_slot = 0;
unsigned int hash_2 = 0;
unsigned int hash_1 = (*ht->ht_hash_1) (key);
ht->ht_lookups++;
for (;;)
{
hash_1 &= (ht->ht_size - 1);
slot = &ht->ht_vec[hash_1];
if (*slot == 0)
return (deleted_slot ? deleted_slot : slot);
if (*slot == hash_deleted_item)
{
if (deleted_slot == 0)
deleted_slot = slot;
}
else
{
if (key == *slot)
return slot;
>>> if ((*ht->ht_compare) (key, *slot) == 0)
return slot;
ht->ht_collisions++;
}
if (!hash_2)
hash_2 = (*ht->ht_hash_2) (key) | 1;
hash_1 += hash_2;
}
}
And in this case we have (not suprisingly) found the key in the hash:
(gdb) p (const char *)key
$1 = 0x7637300d "."
(gdb) p (const char *)(*slot)
$2 = 0x760ff0d5 "."
All types seem to match, no argument promotion involved:
(gdb) ptype key
type = void *
(gdb) ptype *slot
type = void *
(gdb) ptype ht->ht_compare
type = int (*)(const void *, const void *)
and ht_compare is
(gdb) p ht->ht_compare
$3 = (hash_cmp_func_t) 0x43a11e <str_hash_cmp>
but: that already receives the wrong arguments:
(gdb) down
#1 0x0043a154 in str_hash_cmp (x=0x7637300d, y=0x371d05) at src/strcache.c:175
175 return_ISTRING_COMPARE ((const char *) x, (const char *) y);
Note that x matches "key" from the call site, but y is different
(0x371d05 != 0x760ff0d5 aka *slot from the call site).
The function str_hash_cmp is simple:
static int
str_hash_cmp (const void *x, const void *y)
{
return_ISTRING_COMPARE ((const char *) x, (const char *) y);
}
and return_ISTRING_COMPARE is a macro:
#define return_ISTRING_COMPARE(X, Y) return_STRING_COMPARE ((X), (Y))
with
#define return_STRING_COMPARE(X, Y) do { \
return (X) == (Y) ? 0 : strcmp ((X), (Y)); \
} while (0)
But the critical question is: how come the function pointer call ends
up with a garbled second argument?
(gdb) disas hash_find_slot
Dump of assembler code for function hash_find_slot:
0x00417ff0 <+0>: mov.l r8,@-r15
0x00417ff2 <+2>: mov.l r14,@-r15
0x00417ff4 <+4>: sts.l pr,@-r15
0x00417ff6 <+6>: add #-24,r15
0x00417ff8 <+8>: mov r15,r14
0x00417ffa <+10>: mov r14,r1
0x00417ffc <+12>: add #-40,r1
0x00417ffe <+14>: mov.l r4,@(44,r1)
0x00418000 <+16>: mov r14,r1
0x00418002 <+18>: add #-40,r1
0x00418004 <+20>: mov.l r5,@(40,r1)
0x00418006 <+22>: mov r14,r1
0x00418008 <+24>: add #-40,r1
0x0041800a <+26>: mov #0,r2
0x0041800c <+28>: mov.l r2,@(48,r1)
0x0041800e <+30>: mov r14,r1
0x00418010 <+32>: add #-40,r1
0x00418012 <+34>: mov #0,r2
0x00418014 <+36>: mov.l r2,@(52,r1)
0x00418016 <+38>: mov r14,r1
0x00418018 <+40>: add #-40,r1
0x0041801a <+42>: mov.l @(44,r1),r1
0x0041801c <+44>: mov.l @(4,r1),r1
0x0041801e <+46>: mov r14,r8
0x00418020 <+48>: add #-40,r8
0x00418022 <+50>: mov r14,r2
0x00418024 <+52>: add #-40,r2
0x00418026 <+54>: mov.l @(40,r2),r4
0x00418028 <+56>: jsr @r1
0x0041802a <+58>: nop
0x0041802c <+60>: mov r0,r1
0x0041802e <+62>: mov.l r1,@(56,r8)
0x00418030 <+64>: mov r14,r1
0x00418032 <+66>: add #-40,r1
0x00418034 <+68>: mov.l @(44,r1),r1
0x00418036 <+70>: mov.l @(36,r1),r1
0x00418038 <+72>: mov r1,r2
0x0041803a <+74>: add #1,r2
0x0041803c <+76>: mov r14,r1
0x0041803e <+78>: add #-40,r1
0x00418040 <+80>: mov.l @(44,r1),r1
0x00418042 <+82>: mov.l r2,@(36,r1)
0x00418044 <+84>: mov r14,r1
0x00418046 <+86>: add #-40,r1
0x00418048 <+88>: mov.l @(44,r1),r1
0x0041804a <+90>: mov.l @(16,r1),r1
0x0041804c <+92>: mov r1,r2
0x0041804e <+94>: add #-1,r2
0x00418050 <+96>: mov r14,r1
0x00418052 <+98>: add #-40,r1
0x00418054 <+100>: mov r14,r3
0x00418056 <+102>: add #-40,r3
0x00418058 <+104>: mov.l @(56,r3),r3
0x0041805a <+106>: and r3,r2
0x0041805c <+108>: mov.l r2,@(56,r1)
0x0041805e <+110>: mov r14,r1
0x00418060 <+112>: add #-40,r1
0x00418062 <+114>: mov.l @(44,r1),r1
0x00418064 <+116>: mov.l @r1,r3
0x00418066 <+118>: mov r14,r1
0x00418068 <+120>: add #-40,r1
0x0041806a <+122>: mov.l @(56,r1),r1
0x0041806c <+124>: mov r1,r2
0x0041806e <+126>: shll2 r2
0x00418070 <+128>: mov r14,r1
0x00418072 <+130>: add #-40,r1
0x00418074 <+132>: add r3,r2
0x00418076 <+134>: mov.l r2,@(60,r1)
0x00418078 <+136>: mov r14,r1
0x0041807a <+138>: add #-40,r1
0x0041807c <+140>: mov.l @(60,r1),r1
0x0041807e <+142>: mov.l @r1,r1
0x00418080 <+144>: tst r1,r1
0x00418082 <+146>: bf 0x4180a2 <hash_find_slot+178>
0x00418084 <+148>: mov r14,r1
0x00418086 <+150>: add #-40,r1
0x00418088 <+152>: mov.l @(48,r1),r1
0x0041808a <+154>: tst r1,r1
0x0041808c <+156>: bt 0x418098 <hash_find_slot+168>
0x0041808e <+158>: mov r14,r1
0x00418090 <+160>: add #-40,r1
0x00418092 <+162>: mov.l @(48,r1),r1
0x00418094 <+164>: bra 0x418168 <hash_find_slot+376>
0x00418096 <+166>: nop
0x00418098 <+168>: mov r14,r1
0x0041809a <+170>: add #-40,r1
0x0041809c <+172>: mov.l @(60,r1),r1
0x0041809e <+174>: bra 0x418168 <hash_find_slot+376>
0x004180a0 <+176>: nop
0x004180a2 <+178>: mov r14,r1
0x004180a4 <+180>: add #-40,r1
0x004180a6 <+182>: mov.l @(60,r1),r1
0x004180a8 <+184>: mov.l @r1,r2
0x004180aa <+186>: mov.l 0x418178 <hash_find_slot+392>,r1 ! 4629f8
0x004180ac <+188>: mov.l @r1,r1
0x004180ae <+190>: cmp/eq r1,r2
0x004180b0 <+192>: bf 0x4180cc <hash_find_slot+220>
0x004180b2 <+194>: mov r14,r1
0x004180b4 <+196>: add #-40,r1
0x004180b6 <+198>: mov.l @(48,r1),r1
0x004180b8 <+200>: tst r1,r1
0x004180ba <+202>: bf 0x418128 <hash_find_slot+312>
0x004180bc <+204>: mov r14,r1
0x004180be <+206>: add #-40,r1
0x004180c0 <+208>: mov r14,r2
0x004180c2 <+210>: add #-40,r2
0x004180c4 <+212>: mov.l @(60,r2),r2
0x004180c6 <+214>: mov.l r2,@(48,r1)
0x004180c8 <+216>: bra 0x418128 <hash_find_slot+312>
0x004180ca <+218>: nop
0x004180cc <+220>: mov r14,r1
0x004180ce <+222>: add #-40,r1
0x004180d0 <+224>: mov.l @(60,r1),r1
0x004180d2 <+226>: mov.l @r1,r1
0x004180d4 <+228>: mov r14,r2
0x004180d6 <+230>: add #-40,r2
0x004180d8 <+232>: mov.l @(40,r2),r2
0x004180da <+234>: cmp/eq r1,r2
0x004180dc <+236>: bf 0x4180e8 <hash_find_slot+248>
0x004180de <+238>: mov r14,r1
0x004180e0 <+240>: add #-40,r1
0x004180e2 <+242>: mov.l @(60,r1),r1
0x004180e4 <+244>: bra 0x418168 <hash_find_slot+376>
0x004180e6 <+246>: nop
0x004180e8 <+248>: mov r14,r1
0x004180ea <+250>: add #-40,r1
0x004180ec <+252>: mov.l @(44,r1),r1
0x004180ee <+254>: mov.l @(12,r1),r1 # r1 = ht->ht_compare
0x004180f0 <+256>: mov r14,r2
0x004180f2 <+258>: add #-40,r2
0x004180f4 <+260>: mov.l @(60,r2),r2 # r2 = slot
0x004180f6 <+262>: mov.l @r2,r3 # r3 = *slot
0x004180f8 <+264>: mov r14,r2
0x004180fa <+266>: add #-40,r2
0x004180fc <+268>: mov r3,r5 # r5 = *slot
0x004180fe <+270>: mov.l @(40,r2),r4 # r4 = key
0x00418100 <+272>: jsr @r1 # call ht->ht_compare(r4, r5)
0x00418102 <+274>: nop
=> 0x00418104 <+276>: mov r0,r1
0x00418106 <+278>: tst r1,r1
0x00418108 <+280>: bf 0x418114 <hash_find_slot+292>
0x0041810a <+282>: mov r14,r1
0x0041810c <+284>: add #-40,r1
0x0041810e <+286>: mov.l @(60,r1),r1
0x00418110 <+288>: bra 0x418168 <hash_find_slot+376>
0x00418112 <+290>: nop
0x00418114 <+292>: mov r14,r1
0x00418116 <+294>: add #-40,r1
0x00418118 <+296>: mov.l @(44,r1),r1
0x0041811a <+298>: mov.l @(32,r1),r1
0x0041811c <+300>: mov r1,r2
0x0041811e <+302>: add #1,r2
0x00418120 <+304>: mov r14,r1
0x00418122 <+306>: add #-40,r1
0x00418124 <+308>: mov.l @(44,r1),r1
0x00418126 <+310>: mov.l r2,@(32,r1)
0x00418128 <+312>: mov r14,r1
0x0041812a <+314>: add #-40,r1
0x0041812c <+316>: mov.l @(52,r1),r1
0x0041812e <+318>: tst r1,r1
0x00418130 <+320>: bf 0x418150 <hash_find_slot+352>
0x00418132 <+322>: mov r14,r1
0x00418134 <+324>: add #-40,r1
0x00418136 <+326>: mov.l @(44,r1),r1
0x00418138 <+328>: mov.l @(8,r1),r1
0x0041813a <+330>: mov r14,r2
0x0041813c <+332>: add #-40,r2
0x0041813e <+334>: mov.l @(40,r2),r4
0x00418140 <+336>: jsr @r1
0x00418142 <+338>: nop
0x00418144 <+340>: mov r0,r1
0x00418146 <+342>: mov r14,r2
0x00418148 <+344>: add #-40,r2
0x0041814a <+346>: mov #1,r3
0x0041814c <+348>: or r3,r1
0x0041814e <+350>: mov.l r1,@(52,r2)
0x00418150 <+352>: mov r14,r1
0x00418152 <+354>: add #-40,r1
0x00418154 <+356>: mov r14,r3
0x00418156 <+358>: add #-40,r3
0x00418158 <+360>: mov r14,r2
0x0041815a <+362>: add #-40,r2
0x0041815c <+364>: mov.l @(56,r3),r3
0x0041815e <+366>: mov.l @(52,r2),r2
0x00418160 <+368>: add r3,r2
0x00418162 <+370>: mov.l r2,@(56,r1)
0x00418164 <+372>: bra 0x418044 <hash_find_slot+84>
0x00418166 <+374>: nop
0x00418168 <+376>: mov r1,r0
0x0041816a <+378>: add #24,r14
0x0041816c <+380>: mov r14,r15
0x0041816e <+382>: lds.l @r15+,pr
0x00418170 <+384>: mov.l @r15+,r14
0x00418172 <+386>: mov.l @r15+,r8
0x00418174 <+388>: rts
0x00418176 <+390>: nop
0x00418178 <+392>: tst r15,r9
0x0041817a <+394>: mov.l r4,@(r0,r0)
End of assembler dump.
The call site looks correct to me.
(gdb) disas str_hash_cmp
Dump of assembler code for function str_hash_cmp:
0x0043a11e <+0>: mov.l r14,@-r15
0x0043a120 <+2>: sts.l pr,@-r15
0x0043a122 <+4>: add #-8,r15
0x0043a124 <+6>: mov r15,r14
0x0043a126 <+8>: mov r14,r1
0x0043a128 <+10>: add #-56,r1
0x0043a12a <+12>: mov.l r4,@(60,r1) # save x on stack
0x0043a12c <+14>: mov r14,r1
0x0043a12e <+16>: add #-56,r1
0x0043a130 <+18>: mov.l r5,@(56,r1) # save y on stack
0x0043a132 <+20>: mov r14,r2
0x0043a134 <+22>: add #-56,r2
0x0043a136 <+24>: mov r14,r1
0x0043a138 <+26>: add #-56,r1
0x0043a13a <+28>: mov.l @(60,r2),r2 # r2 = x
0x0043a13c <+30>: mov.l @(56,r1),r1 # r1 = y
0x0043a13e <+32>: cmp/eq r1,r2 # x == y ?
0x0043a140 <+34>: bt 0x43a15a <str_hash_cmp+60>
0x0043a142 <+36>: mov r14,r2
0x0043a144 <+38>: add #-56,r2
0x0043a146 <+40>: mov r14,r1
0x0043a148 <+42>: add #-56,r1
0x0043a14a <+44>: mov.l @(56,r2),r5 # r5 = y
0x0043a14c <+46>: mov.l @(60,r1),r4 # r4 = x
0x0043a14e <+48>: mov.l 0x43a16c <str_hash_cmp+78>,r1 ! 405204
0x0043a150 <+50>: jsr @r1
0x0043a152 <+52>: nop
=> 0x0043a154 <+54>: mov r0,r1
0x0043a156 <+56>: bra 0x43a15c <str_hash_cmp+62>
0x0043a158 <+58>: nop
0x0043a15a <+60>: mov #0,r1
0x0043a15c <+62>: mov r1,r0
0x0043a15e <+64>: add #8,r14
0x0043a160 <+66>: mov r14,r15
0x0043a162 <+68>: lds.l @r15+,pr
0x0043a164 <+70>: mov.l @r15+,r14
0x0043a166 <+72>: rts
0x0043a168 <+74>: nop
0x0043a16a <+76>: nop
0x0043a16c <+78>: mov.l @(16,r0),r2
0x0043a16e <+80>: .word 0x0040
End of assembler dump.
.. and I don't see what the calle does wrong before invoking strcmp() either.
The stupid stores and loads are an artefact of compiling gmake with -g and
no optimiziation (I guess), but exactly the same crash happens in the
regular pkgsrc build of gmake.
Martin
Home |
Main Index |
Thread Index |
Old Index