Ubuntu
gcc-9 package

gcc crashes on LP, needs updating

Bug #1979054 reported by stsp
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Dosemu2
Fix Released
Unknown
gcc
Fix Released
Medium
gcc-10 (Ubuntu)
Fix Released
Undecided
Unassigned
gcc-8 (Ubuntu)
Won't Fix
Undecided
Unassigned
gcc-9 (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Currently the bad gcc release
appeared on LP for ubuntu-20.04
and 21.10 (22.xx are OK).
It simply crashes, you can see
the logs here:
https://launchpadlibrarian.net/606710867/buildlog_ubuntu-focal-amd64.dosemu2_2.0~pre9-7464-30ac640ad+202206121231~ubuntu20.04.1_BUILDING.txt.gz
https://launchpadlibrarian.net/606710840/buildlog_ubuntu-impish-amd64.dosemu2_2.0~pre9-7464-30ac640ad+202206121231~ubuntu21.10.1_BUILDING.txt.gz

I filled the upstream ticket:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105936
and as the result, they back-ported
the previously existing fix to gcc-10
branch:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=f2851a7cff4d74edca26d39c7bfa1264355a22ed
They say that the gcc-9 branch is
EOL and won't be updated, so this
needs to be done by hands by ubuntu.
Fortunately the patch is very small
and can be trivially back-ported.

Revision history for this message
In , stsp (stsp-0) wrote :

Created attachment 53124
pre-processed source

The problem happens with 9.4.0
in ubuntu-20, and with more recent
gcc in ubuntu-21.10, but not sure
what exact version of gcc is there.

$ gcc -O2 -c -xc int.E

during RTL pass: sched2
/<<PKGBUILDDIR>>/build/../src/base/core/int.c: In function ‘int33_unrevect_fixup’:
/<<PKGBUILDDIR>>/build/../src/base/core/int.c:1746:1: internal compiler error: in move_insn, at haifa-sched.c:5463

Revision history for this message
In , Pinskia (pinskia) wrote :

Reduced testcase:
typedef struct {
    unsigned short offset;
    unsigned short segment;
} far_t;

extern __thread int vm86u[8];
int int33_hooked;
int is_revectored(void);
void log_printf(void);

far_t int33_unrevect(unsigned short gg)
{
    far_t ret = {};
    if (int33_hooked)
        return ret;
    if (is_revectored())
    {
        log_printf();
        __asm__ __volatile__("" : :"m" (vm86u[0]));
    }
    else
    {
        if (gg)
                log_printf();
    }
    ret.segment = 0x0f000;
    ret.offset = 0xf847;
    return ret;
}

Revision history for this message
In , Pinskia (pinskia) wrote :

Note my reduced testcase fails on 11.2.0 but passes on both 10.x and 11.3.0. So I might have reduced it to the wrong one.

Revision history for this message
In , Ubizjak (ubizjak) wrote :

For some reason, split1 pass converts (insn):

(insn 54 51 109 9 (parallel [
            (asm_operands/v ("btrl %1,%0") ("") 0 [
                    (mem/c:BLK (plus:DI (plus:DI (unspec:DI [
                                        (const_int 0 [0])
                                    ] UNSPEC_TP)
                                (reg:DI 100))
                            (const_int 96 [0x60])) [21 MEM[(struct revectored_struct *)&vm86u + 96B]+0 S32 A32])
                    (reg:SI 101)
                ]
                 [
                    (asm_input:BLK ("m") ../../../src/include/cpu.h:355)
                    (asm_input:SI ("r") ../../../src/include/cpu.h:355)
                ]
                 [] ../../../src/include/cpu.h:355)
            (clobber (reg:CC 17 flags))
        ]) "../../../src/include/cpu.h":355:2 -1
     (expr_list:REG_DEAD (reg:SI 101)
        (expr_list:REG_DEAD (reg:DI 100)
            (expr_list:REG_UNUSED (reg:CC 17 flags)
                (nil)))))

to (jump_insn):

(jump_insn 111 51 113 9 (parallel [
            (asm_operands/v ("btrl %1,%0") ("") 0 [
                    (mem/c:BLK (plus:DI (reg:DI 100)
                            (const_int 96 [0x60])) [21 MEM[(struct revectored_struct *)&vm86u + 96B]+0 S32 A32 AS1])
                    (reg:SI 101)
                ]
                 [
                    (asm_input:BLK ("m") ../../../src/include/cpu.h:355)
                    (asm_input:SI ("r") ../../../src/include/cpu.h:355)
                ]
                 [] ../../../src/include/cpu.h:355)
            (clobber (reg:CC 17 flags))
        ]) "../../../src/include/cpu.h":355:2 -1
     (nil))

This confuses sched2 pass.

Revision history for this message
In , Ubizjak (ubizjak) wrote :

Digging a bit further with current gcc-10 branch...

Instrumenting a TLS address splitter in i386.md with some creative printfs:

(define_split
  [(match_operand 0 "tls_address_pattern")]
  "TARGET_TLS_DIRECT_SEG_REFS"
  [(match_dup 0)]
{
  debug_rtx (curr_insn);
  debug_rtx (operands[0]);
  printf ("%s\n", GET_RTX_NAME (classify_insn (operands[0])));
  operands[0] = ix86_rewrite_tls_address (operands[0]);
  debug_rtx (operands[0]);
  printf ("%s\n", GET_RTX_NAME (classify_insn (operands[0])));
})

we get:

(insn 54 51 109 9 (parallel [
            (asm_operands/v ("btrl %1,%0") ("") 0 [
                    (mem/c:BLK (plus:DI (plus:DI (unspec:DI [
                                        (const_int 0 [0])
                                    ] UNSPEC_TP)
                                (reg:DI 100))
                            (const_int 96 [0x60])) [21 MEM[(struct revectored_struct *)&vm86u + 96B]+0 S32 A32])
                    (reg:SI 101)
                ]
                 [
                    (asm_input:BLK ("m") ../../../src/include/cpu.h:355)
                    (asm_input:SI ("r") ../../../src/include/cpu.h:355)
                ]
                 [] ../../../src/include/cpu.h:355)
            (clobber (reg:CC 17 flags))
        ]) "../../../src/include/cpu.h":355:2 -1
     (expr_list:REG_DEAD (reg:SI 101)
        (expr_list:REG_DEAD (reg:DI 100)
            (expr_list:REG_UNUSED (reg:CC 17 flags)
                (nil)))))
(parallel [
        (asm_operands/v ("btrl %1,%0") ("") 0 [
                (mem/c:BLK (plus:DI (plus:DI (unspec:DI [
                                    (const_int 0 [0])
                                ] UNSPEC_TP)
                            (reg:DI 100))
                        (const_int 96 [0x60])) [21 MEM[(struct revectored_struct *)&vm86u + 96B]+0 S32 A32])
                (reg:SI 101)
            ]
             [
                (asm_input:BLK ("m") ../../../src/include/cpu.h:355)
                (asm_input:SI ("r") ../../../src/include/cpu.h:355)
            ]
             [] ../../../src/include/cpu.h:355)
        (clobber (reg:CC 17 flags))
    ])
jump_insn
(parallel [
        (asm_operands/v ("btrl %1,%0") ("") 0 [
                (mem/c:BLK (plus:DI (reg:DI 100)
                        (const_int 96 [0x60])) [21 MEM[(struct revectored_struct *)&vm86u + 96B]+0 S32 A32 AS1])
                (reg:SI 101)
            ]
             [
                (asm_input:BLK ("m") ../../../src/include/cpu.h:355)
                (asm_input:SI ("r") ../../../src/include/cpu.h:355)
            ]
             [] ../../../src/include/cpu.h:355)
        (clobber (reg:CC 17 flags))
    ])
jump_insn

Please note that classify_insn declares the pattern as JUMP_INSN due to:

  if (GET_CODE (x) == ASM_OPERANDS && ASM_OPERANDS_LABEL_VEC (x))
    return JUMP_INSN;

but no label is defined in asm operands.

Revision history for this message
In , Ubizjak (ubizjak) wrote :

Dup of PR104777, the patch from the PR should be backported to gcc-10.

*** This bug has been marked as a duplicate of bug 104777 ***

Revision history for this message
In , stsp (stsp-0) wrote :

But no patch is back-ported,
and already closing the ticket?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gcc-10 (Ubuntu):
status: New → Confirmed
Changed in gcc-8 (Ubuntu):
status: New → Confirmed
Changed in gcc-9 (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gcc:
importance: Unknown → Medium
status: Unknown → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in dosemu2:
status: Unknown → Fix Released
Revision history for this message
Matthias Klose (doko) wrote :

this is fixed in gcc-10 10.5.0 and newer upstream versions. gcc-10 in 20.04 will be updated to gcc-10 10.5.0.

Changed in gcc-10 (Ubuntu):
status: Confirmed → Fix Released
Changed in gcc-8 (Ubuntu):
status: Confirmed → Won't Fix
Changed in gcc-9 (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.