Building Python 3.9 on Debian/sh4 unstable with -finline-small-functions causes the Python interpreter to segfault during build. Backtrace: Program received signal SIGSEGV, Segmentation fault. long_richcompare (self=0x2a15f490, other=0x2a15f4a0, op=<optimized out>) at ../Objects/longobject.c:3031 3031 long_richcompare(PyObject *self, PyObject *other, int op) (gdb) bt #0 long_richcompare (self=0x2a15f490, other=0x2a15f4a0, op=<optimized out>) at ../Objects/longobject.c:3031 #1 0x2964f740 in do_richcompare (op=5, w=0x2a15f4a0, v=0x2a15f490, tstate=0x4154e8) at ../Objects/object.c:673 #2 PyObject_RichCompare (v=0x2a15f490, w=0x2a15f4a0, op=5) at ../Objects/object.c:723 #3 0x295cde98 in _PyEval_EvalFrameDefault (tstate=<optimized out>, f=<optimized out>, throwflag=<optimized out>) at ../Python/ceval.c:2978 #4 0x296d689c in _PyEval_EvalFrame (throwflag=0, f=0x2a19f448, tstate=0x4154e8) at ../Include/internal/pycore_ceval.h:40 #5 _PyEval_EvalCode (tstate=0x4154e8, _co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=0x2a1b5458, argcount=3, kwnames=0x0, kwargs=0x2a1b5464, kwcount=0, kwstep=1, defs=0x0, defcount=0, kwdefs=0x2a1a3d70, closure=0x0, name=0x2a198470, qualname=0x2a198470) at ../Python/ceval.c:4299 #6 0x2960d8ac in _PyFunction_Vectorcall (func=<optimized out>, stack=0x2a1b5458, nargsf=<optimized out>, kwnames=<optimized out>) at ../Objects/call.c:395 #7 0x295d1ae0 in _PyObject_VectorcallTstate (kwnames=0x0, nargsf=<optimized out>, args=<optimized out>, callable=0x2a170e80, tstate=<optimized out>) at ../Include/cpython/abstract.h:118 #8 PyObject_Vectorcall (kwnames=0x0, nargsf=<optimized out>, args=<optimized out>, callable=0x2a170e80) at ../Include/cpython/abstract.h:127 #9 call_function (kwnames=0x0, oparg=<optimized out>, pp_stack=<synthetic pointer>, tstate=0x4154e8) at ../Python/ceval.c:5044 #10 _PyEval_EvalFrameDefault (tstate=<optimized out>, f=<optimized out>, throwflag=<optimized out>) at ../Python/ceval.c:3490 #11 0x295cac90 in _PyEval_EvalFrame (throwflag=0, f=0x2a1b5318, tstate=0x4154e8) at ../Include/internal/pycore_ceval.h:40 #12 function_code_fastcall (tstate=0x4154e8, co=<optimized out>, args=0x2a1b1574, nargs=1, globals=0x2a1a3ca8) at ../Objects/call.c:329 #13 0x2960d990 in _PyFunction_Vectorcall (func=<optimized out>, stack=0x2a1b1570, nargsf=<optimized out>, kwnames=<optimized out>) at ../Objects/call.c:366 #14 0x295d1ae0 in _PyObject_VectorcallTstate (kwnames=0x0, nargsf=<optimized out>, args=<optimized out>, callable=0x2a1af460, tstate=<optimized out>) at ../Include/cpython/abstract.h:118 #15 PyObject_Vectorcall (kwnames=0x0, nargsf=<optimized out>, args=<optimized out>, callable=0x2a1af460) at ../Include/cpython/abstract.h:127 Disassembly: (gdb) x/-10i $pc 0x296318d4 <long_richcompare+132>: rts 0x296318d6 <long_richcompare+134>: mov.l @r15+,r8 0x296318d8 <long_richcompare+136>: mov.l 0x296318f4 <long_richcompare+164>,r0 ! 0x8b8 0x296318da <long_richcompare+138>: mov.l @(r0,r12),r0 0x296318dc <long_richcompare+140>: mov.l @r0,r1 0x296318de <long_richcompare+142>: add #1,r1 0x296318e0 <long_richcompare+144>: mov.l r1,@r0 0x296318e2 <long_richcompare+146>: mov.l @r15+,r12 0x296318e4 <long_richcompare+148>: rts 0x296318e6 <long_richcompare+150>: mov.l @r15+,r8 (gdb) x/10i $pc => 0x296318e8 <long_richcompare+152>: mov.l r9,@(16,r13) 0x296318ea <long_richcompare+154>: mov.b @(r0,r3),r0 0x296318ec <long_richcompare+156>: .word 0x0000 0x296318ee <long_richcompare+158>: .word 0x0100 0x296318f0 <long_richcompare+160>: .word 0x0a70 0x296318f2 <long_richcompare+162>: .word 0x0000 0x296318f4 <long_richcompare+164>: .word 0x08b8 0x296318f6 <long_richcompare+166>: .word 0x0000 0x296318f8 <long_richcompare+168>: mova 0x29631904 <long_richcompare+180>,r0 0x296318fa <long_richcompare+170>: add r6,r6 (gdb) Full build log in: https://buildd.debian.org/status/fetch.php?pkg=python3.9&arch=sh4&ver=3.9.0-1&stamp=1601938112&raw=0 Let me know where to dig next.
Do you have a complete disassembly of the function it crashed in and register dump at the point of crash? That would help.
Since 0x296318e8 is data, we need to investigate where we jumped. The backtrace looks normal, so I think you're getting anomalous jumps when optimizing long_richcompare.
(In reply to Rich Felker from comment #1) > Do you have a complete disassembly of the function it crashed in and > register dump at the point of crash? That would help. Register dump: (gdb) info registers r0 0x296318e8 694360296 r1 0x1 1 r2 0x1041400 17044480 r3 0x3e8 1000 r4 0x2a15f490 706081936 r5 0x2a15f4a0 706081952 r6 0x5 5 r7 0x0 0 r8 0xffffffff -1 r9 0x4154e8 4281576 r10 0x2a15f490 706081936 r11 0x5 5 r12 0x299f367c 698300028 r13 0x8b8 2232 r14 0x2a15f4a0 706081952 r15 0x7bffea64 2080369252 pc 0x296318e8 694360296 pr 0x2964f740 694482752 gbr 0x29576d78 693595512 mach 0xa 10 macl 0x0 0 (gdb) Disassembled function: Dump of assembler code for function long_richcompare: 0x29631850 <+0>: mov.l r8,@-r15 0x29631852 <+2>: mova 0x296318e8 <long_richcompare+152>,r0 0x29631854 <+4>: mov.l r12,@-r15 0x29631856 <+6>: mov.l @(4,r4),r1 0x29631858 <+8>: mov.l 0x296318e8 <long_richcompare+152>,r12 ! 0x3c1d94 0x2963185a <+10>: add #64,r1 0x2963185c <+12>: mov.l @(20,r1),r2 0x2963185e <+14>: mov.l 0x296318ec <long_richcompare+156>,r1 ! 0x1000000 0x29631860 <+16>: tst r1,r2 0x29631862 <+18>: bt.s 0x296318d8 <long_richcompare+136> 0x29631864 <+20>: add r0,r12 0x29631866 <+22>: mov.l @(4,r5),r2 0x29631868 <+24>: add #64,r2 0x2963186a <+26>: mov.l @(20,r2),r2 0x2963186c <+28>: tst r1,r2 0x2963186e <+30>: bt.s 0x296318d8 <long_richcompare+136> 0x29631870 <+32>: cmp/eq r5,r4 0x29631872 <+34>: bt.s 0x29631940 <long_richcompare+240> 0x29631874 <+36>: mov #5,r1 0x29631876 <+38>: mov.l @(8,r4),r7 0x29631878 <+40>: mov.l @(8,r5),r1 0x2963187a <+42>: mov r7,r8 0x2963187c <+44>: cmp/eq r1,r7 0x2963187e <+46>: bf.s 0x296318e8 <long_richcompare+152> 0x29631880 <+48>: sub r1,r8 0x29631882 <+50>: cmp/pz r7 0x29631884 <+52>: mov r7,r1 0x29631886 <+54>: bt 0x2963188a <long_richcompare+58> 0x29631888 <+56>: neg r7,r1 0x2963188a <+58>: mov r1,r2 0x2963188c <+60>: add r2,r2 0x2963188e <+62>: add #12,r2 0x29631890 <+64>: add r2,r4 0x29631892 <+66>: add r2,r5 0x29631894 <+68>: mov r1,r2 0x29631896 <+70>: mov #-1,r3 0x29631898 <+72>: add #-1,r1 0x2963189a <+74>: cmp/ge r3,r1 0x2963189c <+76>: bf.s 0x2963193c <long_richcompare+236> 0x2963189e <+78>: add #1,r2 0x296318a0 <+80>: dt r2 0x296318a2 <+82>: bt.s 0x296318ba <long_richcompare+106> 0x296318a4 <+84>: cmp/pz r7 0x296318a6 <+86>: add #-2,r4 0x296318a8 <+88>: add #-2,r5 0x296318aa <+90>: mov.w @r4,r1 0x296318ac <+92>: mov.w @r5,r3 0x296318ae <+94>: sub r3,r1 0x296318b0 <+96>: exts.w r1,r1 0x296318b2 <+98>: tst r1,r1 0x296318b4 <+100>: bt.s 0x296318a0 <long_richcompare+80> 0x296318b6 <+102>: cmp/pz r7 0x296318b8 <+104>: mov r1,r8 0x296318ba <+106>: bt 0x296318be <long_richcompare+110> 0x296318bc <+108>: neg r8,r8 0x296318be <+110>: mov #5,r1 0x296318c0 <+112>: cmp/hi r1,r6 0x296318c2 <+114>: bf 0x296318f8 <long_richcompare+168> 0x296318c4 <+116>: cmp/pz r8 0x296318c6 <+118>: bt 0x29631914 <long_richcompare+196> 0x296318c8 <+120>: mov.l 0x296318f0 <long_richcompare+160>,r0 ! 0xa70 0x296318ca <+122>: mov.l @(r0,r12),r0 0x296318cc <+124>: mov.l @r0,r1 0x296318ce <+126>: add #1,r1 0x296318d0 <+128>: mov.l r1,@r0 0x296318d2 <+130>: mov.l @r15+,r12 0x296318d4 <+132>: rts 0x296318d6 <+134>: mov.l @r15+,r8 0x296318d8 <+136>: mov.l 0x296318f4 <long_richcompare+164>,r0 ! 0x8b8 0x296318da <+138>: mov.l @(r0,r12),r0 0x296318dc <+140>: mov.l @r0,r1 0x296318de <+142>: add #1,r1 0x296318e0 <+144>: mov.l r1,@r0 0x296318e2 <+146>: mov.l @r15+,r12 0x296318e4 <+148>: rts 0x296318e6 <+150>: mov.l @r15+,r8 => 0x296318e8 <+152>: mov.l r9,@(16,r13) 0x296318ea <+154>: mov.b @(r0,r3),r0 0x296318ec <+156>: .word 0x0000 0x296318ee <+158>: .word 0x0100 0x296318f0 <+160>: .word 0x0a70 0x296318f2 <+162>: .word 0x0000 0x296318f4 <+164>: .word 0x08b8 0x296318f6 <+166>: .word 0x0000 0x296318f8 <+168>: mova 0x29631904 <long_richcompare+180>,r0 0x296318fa <+170>: add r6,r6 0x296318fc <+172>: mov.w @(r0,r6),r6 0x296318fe <+174>: braf r6 0x29631900 <+176>: nop 0x29631902 <+178>: nop 0x29631904 <+180>: mov.l @(r0,r0),r0 0x29631906 <+182>: stc vbr,r0 0x29631908 <+184>: mov.l @(r0,r5),r0 0x2963190a <+186>: .word 0x0032 0x2963190c <+188>: sts pr,r0 0x2963190e <+190>: .word 0xffc2 0x29631910 <+192>: cmp/pz r8 0x29631912 <+194>: bt 0x296318c8 <long_richcompare+120> 0x29631914 <+196>: mov.l 0x29631950 <long_richcompare+256>,r0 ! 0xb80 0x29631916 <+198>: mov.l @(r0,r12),r0 0x29631918 <+200>: mov.l @r0,r1 0x2963191a <+202>: add #1,r1 0x2963191c <+204>: mov.l r1,@r0 0x2963191e <+206>: mov.l @r15+,r12 0x29631920 <+208>: rts 0x29631922 <+210>: mov.l @r15+,r8 0x29631924 <+212>: cmp/pl r8 0x29631926 <+214>: bt 0x296318c8 <long_richcompare+120> 0x29631928 <+216>: bra 0x29631914 <long_richcompare+196> 0x2963192a <+218>: nop 0x2963192c <+220>: cmp/pl r8 0x2963192e <+222>: bt 0x29631914 <long_richcompare+196> 0x29631930 <+224>: bra 0x296318c8 <long_richcompare+120> 0x29631932 <+226>: nop 0x29631934 <+228>: tst r8,r8 0x29631936 <+230>: bf 0x29631914 <long_richcompare+196> 0x29631938 <+232>: bra 0x296318c8 <long_richcompare+120> 0x2963193a <+234>: nop 0x2963193c <+236>: bra 0x296318a0 <long_richcompare+80> 0x2963193e <+238>: mov #1,r2 0x29631940 <+240>: cmp/hi r1,r6 0x29631942 <+242>: bt 0x296318e8 <long_richcompare+152> 0x29631944 <+244>: mova 0x29631954 <long_richcompare+260>,r0 0x29631946 <+246>: add r6,r6 0x29631948 <+248>: mov.w @(r0,r6),r6 0x2963194a <+250>: braf r6 0x2963194c <+252>: nop 0x2963194e <+254>: nop 0x29631950 <+256>: .word 0x0b80 0x29631952 <+258>: .word 0x0000 0x29631954 <+260>: .word 0xff7a 0x29631956 <+262>: .word 0xffc6 0x29631958 <+264>: .word 0xffc6 0x2963195a <+266>: .word 0xff7a 0x2963195c <+268>: .word 0xff7a 0x2963195e <+270>: .word 0xffc6 0x29631960 <+272>: tst r8,r8 0x29631962 <+274>: bf 0x296318c8 <long_richcompare+120> 0x29631964 <+276>: bra 0x29631914 <long_richcompare+196> 0x29631966 <+278>: nop End of assembler dump. C source of function can be found here: https://sources.debian.org/src/python3.9/3.9.0-1/Objects/longobject.c/?hl=3031#L3031
(In reply to John Paul Adrian Glaubitz from comment #3) > r11 0x5 5 > r12 0x299f367c 698300028 > r13 0x8b8 2232 > r14 0x2a15f4a0 706081952 > > Disassembled function: > > Dump of assembler code for function long_richcompare: > 0x29631850 <+0>: mov.l r8,@-r15 > 0x29631852 <+2>: mova 0x296318e8 <long_richcompare+152>,r0 > 0x29631854 <+4>: mov.l r12,@-r15 > 0x29631856 <+6>: mov.l @(4,r4),r1 > 0x29631858 <+8>: mov.l 0x296318e8 <long_richcompare+152>,r12 ! 0x3c1d94 > 0x2963185a <+10>: add #64,r1 > 0x2963185c <+12>: mov.l @(20,r1),r2 > 0x2963185e <+14>: mov.l 0x296318ec <long_richcompare+156>,r1 ! 0x1000000 > 0x29631860 <+16>: tst r1,r2 > 0x29631862 <+18>: bt.s 0x296318d8 <long_richcompare+136> > 0x29631864 <+20>: add r0,r12 > 0x29631866 <+22>: mov.l @(4,r5),r2 > 0x29631868 <+24>: add #64,r2 > 0x2963186a <+26>: mov.l @(20,r2),r2 > 0x2963186c <+28>: tst r1,r2 > 0x2963186e <+30>: bt.s 0x296318d8 <long_richcompare+136> > 0x29631870 <+32>: cmp/eq r5,r4 > 0x29631872 <+34>: bt.s 0x29631940 <long_richcompare+240> > 0x29631874 <+36>: mov #5,r1 > 0x29631876 <+38>: mov.l @(8,r4),r7 > 0x29631878 <+40>: mov.l @(8,r5),r1 > 0x2963187a <+42>: mov r7,r8 > 0x2963187c <+44>: cmp/eq r1,r7 > 0x2963187e <+46>: bf.s 0x296318e8 <long_richcompare+152> > 0x29631880 <+48>: sub r1,r8 > > .... > > 0x296318e6 <+150>: mov.l @r15+,r8 > => 0x296318e8 <+152>: mov.l r9,@(16,r13) Just to point out the obvious, r13 is never initialized nor referenced by anything else throughout the function. What are the compiler options?
(In reply to Oleg Endo from comment #4) > Just to point out the obvious, r13 is never initialized nor referenced by > anything else throughout the function. What are the compiler options? One additional observation. It seems that the static build does not crash, just the shared build. From the build log, we have for the shared build that crashes: sh4-linux-gnu-gcc -pthread -c -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -g -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector -Wformat -Werror=format-security -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -fvisibility=hidden -I../Include/internal -IObjects -IInclude -IPython -I. -I../Include -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPy_BUILD_CORE -o Objects/longobject.o ../Objects/longobject.c For the static build, which did not crash in my test, we have: sh4-linux-gnu-gcc -pthread -c -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -g -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector -Wformat -Werror=format-security -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -fvisibility=hidden -I../Include/internal -IObjects -IInclude -IPython -I. -I../Include -Wdate-time -D_FORTIFY_SOURCE=2 -DPy_BUILD_CORE -o Objects/longobject.o ../Objects/longobject.c
(In reply to John Paul Adrian Glaubitz from comment #5) So the difference seems to be only the -fPIC option? Can you get the preprocessed .i file with -save-temps ?
Created attachment 49380 [details] Archive containing C source, preprocessed source as well as assembly and object output I have created the pre-processed source with the following command line: sh4-linux-gnu-gcc -pthread -c -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -g -fdebug-prefix-map=//build/python3.9-m4kjWv/python3.9-3.9.0=. -fstack-protector -Wformat -Werror=format-security -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -fvisibility=hidden -I../Include/internal -IObjects -IInclude -IPython -I. -I../Include -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPy_BUILD_CORE -o Objects/longobject.o ../Objects/longobject.c -save-temps I have included the C sources, assembly output and resulting object file to make sure we got everything in one archive.
The same or a similar problem is present on hppa. Building Python 3.9 with -finline-small-functions causes wrong code and build failure: https://buildd.debian.org/status/fetch.php?pkg=python3.9&arch=hppa&ver=3.9.0-4&stamp=1603018299&raw=0