This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

LSDA unwind information is off by one (in __gcc_personality_v0)

From: Florian Weimer <fweimer at redhat dot com>
To: "gcc at gnu dot org" <gcc at gnu dot org>
Date: Thu, 20 Oct 2016 18:28:04 +0200
Subject: LSDA unwind information is off by one (in __gcc_personality_v0)
Authentication-results: sourceware.org; auth=none

We have a fun little glibc bug which causes pthread_cond_wait to writeout of bounds on i386:


  https://sourceware.org/bugzilla/show_bug.cgi?id=20719

Root cause is this in libgcc/unwind-c.c:

    130   int ip_before_insn = 0;
    …
    158   /* Parse the LSDA header.  */
    159   p = parse_lsda_header (context, language_specific_data, &info);
    160 #ifdef HAVE_GETIPINFO
    161   ip = _Unwind_GetIPInfo (context, &ip_before_insn);
    162 #else
    163   ip = _Unwind_GetIP (context);
    164 #endif
    165   if (! ip_before_insn)
    166     --ip;
    167   landing_pad = 0;

The PC decrement cannot be possibly meaningful on CISC architectureswith variable instruction lengths. I suspect it's an unintentionalleftover from the ia64 port.

I wonder how GCC itself copes with the decrement in__gcc_personality_v0. This probably matters to Ada the most because itsupports asynchronous exceptions by default.


with Ada.Strings.Unbounded; use Ada.Strings.Unbounded;
with System.Machine_Code; use System.Machine_Code;

procedure Proc is
begin
   Asm ("# BEFORE", Volatile => True);
   declare
      B : Unbounded_String;
   begin
      Asm ("# WITHIN", Volatile => True);
   end;
   Asm ("# AFTER", Volatile => True);
end Proc;

Looking at the assembly, there does not seem to be any adjustment forthe off-by-one, but the asynchronous exception handler can be safelyexecuted multiple times (it has an internal guard flag), so maybe thisnever matters. This off-by-one only matters for the exit from exceptionhandling regions because at the entry, we always get a PC value which isat least one greater than the initial label because on i386 and x86_64,the PC coming in from the kernel points after the last executed instruction.


I guess my question is if this is all working as designed.

If the decrement is ever removed from the libgcc unwinder, we should adda compensating NOP in the glibc code. Otherwise, we can just adjust theunwind tables.


Florian

Follow-Ups:
- Re: LSDA unwind information is off by one (in __gcc_personality_v0)
  - From: Andreas Schwab
- Re: LSDA unwind information is off by one (in __gcc_personality_v0)
  - From: Jeff Law

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]