[Bug fortran/50201] gfortran with -static causes seg fault at runtime for writing double prec array with precision increased to kind=16
jouko.orava at iki dot fi
gcc-bugzilla@gcc.gnu.org
Thu Feb 6 18:46:00 GMT 2014
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50201
Jouko Orava <jouko.orava at iki dot fi> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jouko.orava at iki dot fi
--- Comment #6 from Jouko Orava <jouko.orava at iki dot fi> ---
Confirmed. The second test case still segfaults when run if compiled with
-static in Linux 3.8.0 x86_64 kernel on Ubuntu 12.04.4 LTS, using gfortran
4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5).
When gdb is run on the static binary, it warns that "no loadable sections found
in added symbol-file system-supplied DSO at 0x7ffff7ffd000".
gdb backtrace:
(gdb) run
Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0 0x0000000000000000 in ?? ()
#1 0x000000000040bb83 in write_float ()
#2 0x0000000000404d27 in formatted_transfer ()
#3 0x000000000040318a in _gfortran_transfer_array ()
#4 0x00000000004013a5 in MAIN__ () at fdp1.f90:4
(gdb) info registers
rax 0x1 1
rbx 0x6fb6e8 7321320
rcx 0x27 39
rdx 0x4be712 4974354
rsi 0x31 49
rdi 0x7fffffffdb80 140737488345984
rbp 0x28 0x28
rsp 0x7fffffffdab8 0x7fffffffdab8
r8 0x0 0
r9 0x0 0
r10 0x0 0
r11 0xb33333333333 197032483697459
r12 0x7fffffffddc0 140737488346560
r13 0x7fffffffdb80 140737488345984
r14 0x0 0
r15 0x0 0
rip 0x0 0
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x63 99
gs 0x0 0
The disassembly of the write_float () up to the segmentation fault:
000000000040ba60 <write_float>:
40ba60: 41 57 push %r15
40ba62: 41 56 push %r14
40ba64: 41 55 push %r13
40ba66: 41 54 push %r12
40ba68: 49 89 fc mov %rdi,%r12
40ba6b: 55 push %rbp
40ba6c: bd 28 00 00 00 mov $0x28,%ebp
40ba71: 53 push %rbx
40ba72: 48 89 f3 mov %rsi,%rbx
40ba75: 48 81 ec 08 01 00 00 sub $0x108,%rsp
40ba7c: 44 8b 2e mov (%rsi),%r13d
40ba7f: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
40ba86: 00 00
40ba88: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
40ba8f: 00
40ba90: 31 c0 xor %eax,%eax
40ba92: 41 83 fd 1e cmp $0x1e,%r13d
40ba96: 74 0a je 40baa2 <write_float+0x42>
40ba98: 41 83 fd 1c cmp $0x1c,%r13d
40ba9c: 0f 85 06 05 00 00 jne 40bfa8 <write_float+0x548>
40baa2: 83 f9 08 cmp $0x8,%ecx
40baa5: 0f 84 4a 05 00 00 je 40bff5 <write_float+0x595>
40baab: 0f 8e 6f 08 00 00 jle 40c320 <write_float+0x8c0>
40bab1: 83 f9 0a cmp $0xa,%ecx
40bab4: 0f 84 7e 08 00 00 je 40c338 <write_float+0x8d8>
40baba: 83 f9 10 cmp $0x10,%ecx
40babd: 0f 1f 00 nopl (%rax)
40bac0: 0f 85 63 08 00 00 jne 40c329 <write_float+0x8c9>
40bac6: 66 0f 6f 02 movdqa (%rdx),%xmm0
40baca: 66 0f 7f 44 24 40 movdqa %xmm0,0x40(%rsp)
40bad0: e8 9b 27 01 00 callq 41e270 <__trunctfdf2>
40bad5: 66 44 0f 50 f0 movmskpd %xmm0,%r14d
40bada: 66 0f 6f 54 24 40 movdqa 0x40(%rsp),%xmm2
40bae0: 41 83 e6 01 and $0x1,%r14d
40bae4: 66 0f db 15 44 30 0b pand 0xb3044(%rip),%xmm2 #
4beb30 <CSWTCH.109+0xb0>
40baeb: 00
40baec: 66 0f 6f 0d 4c 30 0b movdqa 0xb304c(%rip),%xmm1 #
4beb40 <CSWTCH.109+0xc0>
40baf3: 00
40baf4: 66 0f 6f c2 movdqa %xmm2,%xmm0
40baf8: 66 0f 7f 54 24 10 movdqa %xmm2,0x10(%rsp)
40bafe: e8 ed 25 01 00 callq 41e0f0 <__unordtf2>
40bb03: 48 85 c0 test %rax,%rax
40bb06: 66 0f 6f 54 24 10 movdqa 0x10(%rsp),%xmm2
40bb0c: 0f 85 8e 0c 00 00 jne 40c7a0 <write_float+0xd40>
40bb12: 66 0f 6f 0d 26 30 0b movdqa 0xb3026(%rip),%xmm1 #
4beb40 <CSWTCH.109+0xc0>
40bb19: 00
40bb1a: 66 0f 6f c2 movdqa %xmm2,%xmm0
40bb1e: e8 8d 2c 01 00 callq 41e7b0 <__getf2>
40bb23: 48 85 c0 test %rax,%rax
40bb26: 0f 8f 74 0c 00 00 jg 40c7a0 <write_float+0xd40>
40bb2c: 45 85 f6 test %r14d,%r14d
40bb2f: 74 14 je 40bb45 <write_float+0xe5>
40bb31: 66 0f 6f 44 24 40 movdqa 0x40(%rsp),%xmm0
40bb37: 66 0f ef 05 11 30 0b pxor 0xb3011(%rip),%xmm0 #
4beb50 <CSWTCH.109+0xd0>
40bb3e: 00
40bb3f: 66 0f 7f 44 24 40 movdqa %xmm0,0x40(%rsp)
40bb45: 66 0f ef c9 pxor %xmm1,%xmm1
40bb49: 4c 8d ac 24 c0 00 00 lea 0xc0(%rsp),%r13
40bb50: 00
40bb51: 66 0f 6f 44 24 40 movdqa 0x40(%rsp),%xmm0
40bb57: e8 14 30 01 00 callq 41eb70 <__eqtf2>
40bb5c: 8d 4d ff lea -0x1(%rbp),%ecx
40bb5f: 66 0f 6f 44 24 40 movdqa 0x40(%rsp),%xmm0
40bb65: 48 85 c0 test %rax,%rax
40bb68: ba 12 e7 4b 00 mov $0x4be712,%edx
40bb6d: be 31 00 00 00 mov $0x31,%esi
40bb72: 4c 89 ef mov %r13,%rdi
40bb75: b8 01 00 00 00 mov $0x1,%eax
40bb7a: 41 0f 94 c7 sete %r15b
40bb7e: e8 7d 44 bf ff callq 0 <__libc_tsd_LOCALE>
40bb83: 83 3b 20 cmpl $0x20,(%rbx)
Jumping over the __libc_tsd_LOCALE call (setting breakpoint at 0x40bb7e, and
jumping to 0x40bb8c or 0x40c70a) four times avoids the segmentation fault, but
the output consists of
16
?.*** ?.*** ?.*** ?.***
where the ? refers to code \xb6 (182), and * to ASCII NUL (zero).
If I've understood the situation correctly, __libc_tsd_LOCALE is supposed to be
a per-thread pointer, initialized to point to a structure that defines the
current locale settings. (That matches the current GNU libc code, at least.)
Calling __libc_tsd_LOCAL seems obviously incorrect.
More information about the Gcc-bugs
mailing list