Context Navigation

← Previous Change
Ticket History
Next Change →

Changes between Initial Version and Version 1 of Ticket #2618

Timestamp:: Nov 14, 2008 4:54:13 PM (15 years ago)
Author:: Frank Mehnert
Comment:: Please use {{{ and }}} next time you quote code.

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #2618 – Description

-              initial
+              v1
 Dump of Registers:
+{{{
 (gdb) info registers
+eax            0x0      0[[BR]]
+ecx            0xbff5237c       -1074453636[[BR]]
+edx            0x4      4[[BR]]
+ebx            0xbff5237c       -1074453636[[BR]]
+esp            0xbff52320       0xbff52320[[BR]]
+ebp            0xbff52320       0xbff52320[[BR]]
+esi            0x0      0[[BR]]
+edi            0x4      4[[BR]]
+eip            0x848397 0x848397       /*** Fault instruction right here !!!! ***/[[BR]]
+eflags         0x246    582[[BR]]
+cs             0x73     115[[BR]]
+ss             0x7b     123[[BR]]
+ds             0x7b     123[[BR]]
+es             0x7b     123[[BR]]
+fs             0x0      0[[BR]]
+gs             0x33     51[[BR]]
+eax            0x0      0
+ecx            0xbff5237c       -1074453636
+edx            0x4      4
+ebx            0xbff5237c       -1074453636
+esp            0xbff52320       0xbff52320
+ebp            0xbff52320       0xbff52320
+esi            0x0      0
+edi            0x4      4
+eip            0x848397 0x848397       /*** Fault instruction right here !!!! ***/
+eflags         0x246    582
+cs             0x73     115
+ss             0x7b     123
+ds             0x7b     123
+es             0x7b     123
+fs             0x0      0
+gs             0x33     51
+}}}
 Here is the stack trace ...
+(gdb) disassemble 0xcc2397[[BR]]
+Dump of assembler code for function __pthread_disable_asynccancel:[[BR]]
+x00cc2390 <__pthread_disable_asynccancel+0>: push %ebp[[BR]]
+x00cc2391 <__pthread_disable_asynccancel+1>: test $0x2,%al[[BR]]
+x00cc2393 <__pthread_disable_asynccancel+3>: mov %esp,%ebp[[BR]]
+x00cc2395 <__pthread_disable_asynccancel+5>: jne 0xcc23b6[[BR]]
+<__pthread_disable_asynccancel+38>[[BR]]
+x00cc2397 <__pthread_disable_asynccancel+7>: mov %gs:0x58,%edx /*** Same fault instruction ***/[[BR]]
+x00cc239e <__pthread_disable_asynccancel+14>: mov %edx,%ecx[[BR]]
+x00cc23a0 <__pthread_disable_asynccancel+16>: and $0xfffffffd,%ecx[[BR]]
+x00cc23a3 <__pthread_disable_asynccancel+19>: cmp %edx,%ecx[[BR]]
+x00cc23a5 <__pthread_disable_asynccancel+21>: je 0xcc23b6
+<__pthread_disable_asynccancel+38>[[BR]]
+x00cc23a7 <__pthread_disable_asynccancel+23>: mov %edx,%eax[[BR]]
+x00cc23a9 <__pthread_disable_asynccancel+25>: lock cmpxchg[[BR]]
+{{{
+(gdb) disassemble 0xcc2397
+Dump of assembler code for function __pthread_disable_asynccancel:
+x00cc2390 <__pthread_disable_asynccancel+0>: push %ebp
+x00cc2391 <__pthread_disable_asynccancel+1>: test $0x2,%al
+x00cc2393 <__pthread_disable_asynccancel+3>: mov %esp,%ebp
+x00cc2395 <__pthread_disable_asynccancel+5>: jne 0xcc23b6 <__pthread_disable_asynccancel+38>
+x00cc2397 <__pthread_disable_asynccancel+7>: mov %gs:0x58,%edx /*** Same fault instruction ***/
+x00cc239e <__pthread_disable_asynccancel+14>: mov %edx,%ecx
+x00cc23a0 <__pthread_disable_asynccancel+16>: and $0xfffffffd,%ecx
+x00cc23a3 <__pthread_disable_asynccancel+19>: cmp %edx,%ecx
+x00cc23a5 <__pthread_disable_asynccancel+21>: je 0xcc23b6 <__pthread_disable_asynccancel+38>
+x00cc23a7 <__pthread_disable_asynccancel+23>: mov %edx,%eax
+x00cc23a9 <__pthread_disable_asynccancel+25>: lock cmpxchg
+}}}
 Here is the source of the code that caused the crash. It's the THREAD_GETMEM macro which is
 part of the libpthreads implementation under linux ...
+{{{
+/* Read member of the thread descriptor directly. */
+/* Read member of the thread descriptor directly. */[[BR]]
+# define THREAD_GETMEM(descr, member) \[[BR]]
+({ __typeof (descr->member) __value; \[[BR]]
+if (sizeof (__value) == 1) \[[BR]]
+asm volatile ("movb %%gs:%P2,%b0" \[[BR]]
+# define THREAD_GETMEM(descr, member) \
+({ __typeof (descr->member) __value; \
+if (sizeof (__value) == 1) \
+asm volatile ("movb %%gs:%P2,%b0" \
 : "=q" (__value) \
 : "0" (0), "i" (offsetof (struct pthread, member))); \[[BR]]
+else if (sizeof (__value) == 4) \[[BR]]
+asm volatile ("movl %%gs:%P1,%0" \[[BR]]
+else if (sizeof (__value) == 4) \
+asm volatile ("movl %%gs:%P1,%0" \
 : "=r" (__value) \
+: "i" (offsetof (struct pthread, member))); \[[BR]]
+else \[[BR]]
+: "i" (offsetof (struct pthread, member))); \
+else \
 { \
+if (sizeof (__value) != Cool \[[BR]]
+/* There should not be any value with a size other than 1, \[[BR]]
+or 8. */ \[[BR]]
+if (sizeof (__value) != Cool \
+/* There should not be any value with a size other than 1, \
+or 8. */ \
 abort (); \
+\
+asm volatile ("movl %%gs:%P1,%%eax\n    " \[[BR]]
+"movl %%gs:%P2,%%edx" \ /*** instruction that causes fault *****/[[BR]]
+: "=A" (__value) \[[BR]]
+: "i" (offsetof (struct pthread, member)), \[[BR]]
+"i" (offsetof (struct pthread, member) + 4)); \[[BR]]
+} \[[BR]]
+__value; })[[BR]]
+asm volatile ("movl %%gs:%P1,%%eax\n    " \
+"movl %%gs:%P2,%%edx" \ /*** instruction that causes fault *****/
+: "=A" (__value) \
+: "i" (offsetof (struct pthread, member)), \
+"i" (offsetof (struct pthread, member) + 4)); \
+} \
+__value; })
+}}}
 I'm taking a guess at this, but could the lock instruction emulation cause this?