Re: [GHC] #8834: 64-bit windows cabal.exe segfaults in GC

#8834: 64-bit windows cabal.exe segfaults in GC ----------------------------------+---------------------------------- Reporter: awson | Owner: Type: bug | Status: new Priority: highest | Milestone: 7.8.1 Component: Compiler | Version: 7.8.1-rc2 Resolution: | Keywords: Operating System: Windows | Architecture: x86_64 (amd64) Type of failure: Runtime crash | Difficulty: Unknown Test Case: | Blocked By: Blocking: | Related Tickets: ----------------------------------+---------------------------------- Comment (by thoughtpolice): Okay, I spent some time boiling some things down, and I've at least determined the approximate location of the segfault in the code during compilation, which is `stmtToInstrs` in `compiler/nativeGen/X86/CodeGen.hs`. Here's just a quick dump (to not loose findings) and I'll keep looking around. The fault is when compiling `System.Time` in profiling. Run under gdb: {{{ $ gdb --args "inplace/bin/ghc-stage2.exe" -v3 -hisuf p_hi -osuf p_o -hcsuf p_hc -static -prof -H32m -O -package-name old-time-1.i -ilibraries/old-time/. -ilibraries/old-time/dist-install/build -ilibraries /old-time/dist-install/build/autogen -Ilibraries/old-timearies/old-time /dist-install/build/autogen -Ilibraries/old-time/include -optP-include -optPlibraries/old-time/dist-install/build/auage base-4.7.0.0 -package old-locale-1.0.0.6 -Wall -XHaskell2010 -O2 -no-user-package-db -rtsopts -odir libraries/old-time/distaries/old-time/dist-install/build -stubdir libraries/old-time/dist-install/build -c libraries/old-time/dist- install/build/System/Tie/dist-install/build/System/Time.p_o +RTS -DS GNU gdb (GDB) 7.6.1 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-msys". For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Traceback (most recent call last): File "<string>", line 3, in <module> ImportError: No module named libstdcxx.v6.printers /etc/gdbinit:6: Error in sourced command file: Error while executing Python code. Reading symbols from /home/Administrator/ghc/inplace/bin/ghc- stage2.exe...done. warning: File "/home/Administrator/ghc/.gdbinit" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto- load". To enable execution of this file add add-auto-load-safe-path /home/Administrator/ghc/.gdbinit line to your configuration file "/home/Administrator/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/Administrator/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" (gdb) load .gdbinit You can't do that when your target is `exec' (gdb) source .gdbinit (gdb) r Starting program: /home/Administrator/ghc/inplace/bin/ghc-stage2.exe -v3 -hisuf p_hi -osuf p_o -hcsuf p_hc -static -prof -H32m -O -package-name old-time-1.1.0.2 -hide-all-packages -i -ilibraries/old-time/. -ilibraries /old-time/dist-install/build -ilibraries/old-time/dist- install/build/autogen -Ilibraries/old-time/dist-install/build -Ilibraries /old-time/dist-install/build/autogen -Ilibraries/old-time/include -optP- include -optPlibraries/old-time/dist-install/build/autogen/cabal_macros.h -package base-4.7.0.0 -package old-locale-1.0.0.6 -Wall -XHaskell2010 -O2 -no-user-package-db -rtsopts -odir libraries/old-time/dist-install/build -hidir libraries/old-time/dist-install/build -stubdir libraries/old-time /dist-install/build -c libraries/old-time/dist- install/build/System/Time.hs -o libraries/old-time/dist- install/build/System/Time.p_o +RTS -DS [New Thread 1136.0xcc8] cc8: cap 0: initialised [New Thread 1136.0x15e8] [New Thread 1136.0x1658] [New Thread 1136.0x11b8] [New Thread 1136.0x11e8] [New Thread 1136.0x1718] Glasgow Haskell Compiler, Version 7.9.20140329, stage 2 booted by GHC version 7.6.3 Using binary package database: C:\Users\Administrator\Desktop\msys32\home\Administrator\ghc\inplace\lib\package.conf.d\package.cache wired-in package ghc-prim mapped to ghc-prim-0.3.1.0-inplace wired-in package integer-gmp mapped to integer-gmp-0.5.1.0-inplace wired-in package base mapped to base-4.7.0.0-inplace wired-in package rts mapped to builtin_rts wired-in package template-haskell mapped to template- haskell-2.10.0.0-inplace wired-in package dph-seq not found. wired-in package dph-par not found. Hsc static flags: *** Checking old interface for old-time-1.1.0.2:System.Time: *** Parser: *** Renamer/typechecker: *** Desugar: Result size of Desugar (after optimization) = {terms: 5,701, types: 3,843, coercions: 29} ... *** Tidy Core: Result size of Tidy Core = {terms: 15,413, types: 10,079, coercions: 582} Created temporary directory: C:\Users\Administrator\Desktop\msys32\tmp\ghc1136_0 *** CorePrep: Result size of CorePrep = {terms: 18,936, types: 12,028, coercions: 582} *** Stg2Stg: *** CodeOutput: *** New CodeGen: *** CPSZ: *** CPSZ: *** CPSZ: *** CPSZ: *** CPSZ: Program received signal SIGSEGV, Segmentation fault. 0x02137032 in c1hhA_info () (gdb) bt #0 0x02137032 in c1hhA_info () Cannot access memory at address 0x28a874 (gdb) disassemble Dump of assembler code for function c1hhA_info: 0x02137024 <+0>: sub $0x3510,%esp 0x0213702a <+6>: mov 0x8(%ebp),%eax 0x0213702d <+9>: mov 0x4(%ebp),%ecx 0x02137030 <+12>: mov %esi,%edx => 0x02137032 <+14>: mov %eax,0x184(%esp) 0x02137039 <+21>: mov -0x1(%edx),%eax 0x0213703c <+24>: movzwl -0x2(%eax),%eax 0x02137040 <+28>: cmp $0x1e,%eax 0x02137043 <+31>: ja 0x214916f 0x02137049 <+37>: mov %eax,0x190(%esp) 0x02137050 <+44>: mov 0x1c(%ebp),%eax 0x02137053 <+47>: mov %eax,0xa0(%esp) 0x0213705a <+54>: mov 0x190(%esp),%eax 0x02137061 <+61>: jmp *0x2b86708(,%eax,4) 0x02137068 <+68>: inc %edx 0x02137069 <+69>: add %al,(%eax) 0x0213706b <+71>: add %ah,(%eax) 0x0213706d <+73>: add %al,(%eax) 0x0213706f <+75>: add %al,0x3510ec(%ecx) End of assembler dump. (gdb) (gdb) info registers eax 0x6b3b05d 112439389 ecx 0x6b49524 112497956 edx 0x67a40a9 108675241 ebx 0x2bc3470 45888624 esp 0x28a874 0x28a874 ebp 0x4697cc8 0x4697cc8 esi 0x67a40a9 108675241 edi 0x6b4ac20 112503840 eip 0x2137032 0x2137032 eflags 0x10202 [ IF RF ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x53 83 gs 0x2b 43 (gdb) p8 $ebp 0x4697ce4: 0x6b488d9 0x4697ce0: 0x6b4ac18 0x4697cdc: 0x6300ef1e 0x4697cd8: 0x6b4954d 0x4697cd4: 0x67a40a9 0x4697cd0: 0x6b3b05d 0x4697ccc: 0x6b49524 0x4697cc8: 0x2137024 (gdb) pinfo &c1hhA_info $1 = {layout = {payload = {ptrs = 903, nptrs = 0}, bitmap = 903, large_bitmap_offset = 903, selector_offset = 903}, type = 32, srt_bitmap = 7, code = 0x2137024 "\201\354\020\065"} (gdb) prinfo &c1hhA_info $2 = {srt_offset = 8706840, i = {layout = {payload = {ptrs = 903, nptrs = 0}, bitmap = 903, large_bitmap_offset = 903, selector_offset = 903}, type = 32, srt_bitmap = 7, code = 0x2137024 "\201\354\020\065"}} }}} The fault is in `c1hhA_info`. Finding that symbol: {{{ $ find compiler/stage2 -type f | xargs grep c1hhA_info Binary file compiler/stage2/build/libHSghc-7.9.20140329.a matches Binary file compiler/stage2/build/X86/CodeGen.o matches }}} It's in `./nativeGen/X86/CodeGen.hs` - check the `-ddump-opt-cmm` out to get corresponding optimized code, finding the closure for the info table: {{{ ==================== Optimised Cmm ==================== a292_rFAj_entry() // [] { [(c18OH, block_c18OH_info: const u1hJf_srtd-block_c18OH_info; const 1; const 4294901792;), (c18OQ, block_c18OQ_info: const u1hJg_srtd-block_c18OQ_info; const 3; const 4294901792;), ... ... ... (c1hhA, block_c1hhA_info: const SUys_srt-block_c1hhA_info+2332; const 903; const 458784;), ... ... ... c1hyQ: I32[Hp - 8] = $w$j_sSgL_info; I32[Hp - 4] = I32[Sp + 24]; I32[Hp] = I32[Sp + 20]; I32[Sp] = block_c1hhA_info; R1 = P32[Sp + 12]; P32[Sp + 24] = Hp - 8; if (R1 & 3 != 0) goto c1hhA; else goto c1hhB; c1hhB: call (I32[R1])(R1) returns to c1hhA, args: 4, res: 4, upd: 4; c1hhA: _sSgE::P32 = P32[Sp + 8]; _sSgI::P32 = P32[Sp + 4]; _sSmu::P32 = R1; _c1hub::I32 = %MO_UU_Conv_W16_W32(I16[I32[_sSmu::P32 - 1] - 2]); if (_c1hub::I32 > 30) goto c1hug; else goto c1hue; ... ... }}} We can see this matches pretty closely with the assembly generated around the offending code (`-ddump-asm`): {{{ _c1hyQ: movl $$w$j_sSgL_info,-8(%edi) movl 24(%ebp),%eax movl %eax,-4(%edi) movl 20(%ebp),%eax movl %eax,(%edi) movl $block_c1hhA_info,(%ebp) movl 12(%ebp),%esi leal -8(%edi),%eax movl %eax,24(%ebp) testl $3,%esi jne _n1kED ... .text .align 4,0x90 .long SUys_srt-(block_c1hhA_info)+2332 .long 903 .long 458784 block_c1hhA_info: _c1hhA: subl $13584,%esp _n1kED: movl 8(%ebp),%eax movl 4(%ebp),%ecx movl %esi,%edx movl %eax,388(%esp) movl -1(%edx),%eax movzwl -2(%eax),%eax cmpl $30,%eax ja _c1hug }}} Next, looking at the STG output, `a292_rFAj` looks like: {{{ a292_rFAj :: forall e_a94q x_a94r. CmmNode.CmmNode e_a94q x_a94r -> NCGMonad.NatM_State -> (X86.CodeGen.InstrBlock, NCGMonad.NatM_State) ... }}} If you search for calls to this, there is one call to it from `a290_rFAh`, which looks like: {{{ a290_rFAh :: CmmMachOp.CallishMachOp -> Data.Maybe.Maybe CmmNode.CmmFormal -> [CmmNode.CmmActual] -> NCGMonad.NatM_State -> (X86.CodeGen.InstrBlock, NCGMonad.NatM_State) ... let { sat_sMWp [Occ=Once] :: CmmNode.CmmNode Compiler.Hoopl.Block.O Compiler.Hoopl.Block.O [LclId, Str=DmdType] = NO_CCS CmmNode.CmmUnsafeForeignCall! [GHC.Prim.coercionToken# GHC.Prim.coercionToken# sat_sMWb sat_sMWd sat_sMWo]; } in a292_rFAj sat_sMWp st'_sMWa; }}} The only thing that has a type of `CallishMachOp -> ...` is `outOfLineCmmOp`, which does indeed call `stmtToInstrs (CmmUnsafeForeignCall ...)` like in the above snippet. The type of `stmtToInstrs` also matches the (desugared) type of `a292_rFAj`. So this is certainly where the fault is occurring. Unfortunately `stmtToInstrs` becomes incredibly large it seems, so pinning it down further is proving challening. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/8834#comment:79 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler