profiling broken on RELENG_7/i386

Peter Jeremy peterjeremy at optushome.com.au
Sun Jul 13 10:55:59 UTC 2008 

On 2008-Jul-04 13:01:11 +0400, Dmitry Morozovsky <marck at rinet.ru> wrote:
>It seems we step on a bug in gcc in RELENG_7/i386
>
>It is triggered at least by profiling program which uses getopt(3):

I think it's actually in the profiling initialisation code.  If
you try to run sample code under gdb, you can see that .mcount()
is not preserving %ecx, though main() assumes it does.

(gdb) disas $eip
Dump of assembler code for function main:
0x080481d0 <main+0>:    lea    0x4(%esp),%ecx
0x080481d4 <main+4>:    and    $0xfffffff0,%esp
0x080481d7 <main+7>:    pushl  0xfffffffc(%ecx)
0x080481da <main+10>:   push   %ebp
0x080481db <main+11>:   mov    %esp,%ebp
0x080481dd <main+13>:   push   %ecx
0x080481de <main+14>:   sub    $0x14,%esp
0x080481e1 <main+17>:   call   0x8051b50 <.mcount>
0x080481e6 <main+22>:   mov    0x4(%ecx),%eax
0x080481e9 <main+25>:   mov    (%eax),%eax
0x080481eb <main+27>:   mov    %eax,0x8(%esp)
0x080481ef <main+31>:   mov    (%ecx),%eax
0x080481f1 <main+33>:   mov    %eax,0x4(%esp)
0x080481f5 <main+37>:   movl   $0x8066b0a,(%esp)
0x080481fc <main+44>:   call   0x8051b00 <printf>
0x08048201 <main+49>:   mov    $0x0,%eax
0x08048206 <main+54>:   add    $0x14,%esp
0x08048209 <main+57>:   pop    %ecx
0x0804820a <main+58>:   pop    %ebp
0x0804820b <main+59>:   lea    0xfffffffc(%ecx),%esp
0x0804820e <main+62>:   ret    
End of assembler dump.
(gdb)  x/10x $esp
0xbfbfeadc:     0x0804815f      0x00000001      0xbfbfeb08      0xbfbfeb10
0xbfbfeaec:     0x00000000      0x00000000      0x00000000      0x00000000
0xbfbfeafc:     0x00000000      0x00000000
(gdb) info regi
eax            0xbfbfeb08       -1077941496
ecx            0x1e968  125288
edx            0x8051d1a        134552858
ebx            0x1      1
esp            0xbfbfeadc       0xbfbfeadc
ebp            0xbfbfeb00       0xbfbfeb00
esi            0xbfbfeb10       -1077941488
edi            0x0      0
eip            0x80481d0        0x80481d0
eflags         0x282    642
cs             0x33     51
ss             0x3b     59
ds             0x3b     59
es             0x3b     59
fs             0x3b     59
gs             0x1b     27
...
[step through .mcount]
...
(gdb) stepi
main (argc=Error accessing memory address 0x1b: Bad address.
) at x.c:4
4           printf("Hello %d %s\n", argc, argv[0]);
(gdb) info regi
eax            0x1      1
ecx            0x1b     27
edx            0x804815f        134512991
ebx            0x1      1
esp            0xbfbfeab0       0xbfbfeab0
ebp            0xbfbfeac8       0xbfbfeac8
esi            0xbfbfeb10       -1077941488
edi            0x0      0
eip            0x80481e6        0x80481e6
eflags         0x246    582
cs             0x33     51
ss             0x3b     59
ds             0x3b     59
es             0x3b     59
fs             0x3b     59
gs             0x1b     27

-- 
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20080713/c9a940af/attachment.pgp

More information about the freebsd-hackers mailing list