Re: Strange gp corruption problem

Linux MIPS Architecture development
 help / color / mirror / Atom feed

From: Mike Crowe <mac@mcrowe.com>
To: Thiemo Seufer <ths@networkno.de>
Cc: linux-mips@linux-mips.org
Subject: Re: Strange gp corruption problem
Date: Thu, 12 Jul 2007 20:10:15 +0100	[thread overview]
Message-ID: <20070712191015.GA5167@mcrowe.com> (raw)
In-Reply-To: <20070712172152.GC30622@networkno.de>

I wrote:
>> We have a function that does some string manipulation (not
>> particularly dangerous manipulation and I've been through it
>> carefully) and then calls atol. As expected the prologue of this
>> function calculates the value of the gp register by applying an offset
>> to the t9 register which contains the address of the start of the
>> function like this:
>> 
>>  47995c:       3c1c0fba        lui     gp,0xfba

On Thu, Jul 12, 2007 at 06:21:52PM +0100, Thiemo Seufer wrote:
> Looks weird as an entry point. Normally entries are 8 byte aligned.

Many of the entry points in the image are only four byte aligned. :(

>> The only user-space reason I can come up with for this happening is if
>> the caller jumped into this function one instruction late. This seems
>> unlikely because t9 contains the correct value and the stack looks
>> fine.
> 
> Check the value of $ra (e.g. with a gdb breakpoint) after entering the
> function.

I should have mentioned that this problem doesn't occur every time the
function is called. The reproduction case I have calls the function
over and over again from a higher level (in fact the loop is in a
scripting language). I believe that it usually fails on the second
invocation but if I make unrelated changes to the code it can
sometimes happen after ten or twenty invocations. As soon as I try and
put breakpoints into the function it doesn't happen (although if I
disable the breakpoint and continue it does tend to strike). It looks
like something asynchronous but it's difficult to work out why it
likes to strike only this function.

At the point of the segfault $ra = 0x479fe8 which is the value I would
expect.

  479fcc:       8fc20048        lw      v0,72(s8)
  479fd0:       8c420000        lw      v0,0(v0)
  479fd4:       8fc40040        lw      a0,64(s8)
  479fd8:       00402821        move    a1,v0
  479fdc:       8f999750        lw      t9,-26800(gp)
  479fe0:       0320f809        jalr    t9
  479fe4:       00000000        nop
  479fe8:       8fdc0010        lw      gp,16(s8)
  479fec:       afc20018        sw      v0,24(s8)

I also failed to mention that we're using binutils-2.16.1.

Thanks for your response.

Mike.

     prev parent reply	other threads:[~2007-07-12 19:10 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-12 17:06 Strange gp corruption problem Mike Crowe
2007-07-12 17:21 ` Thiemo Seufer
2007-07-12 19:10   ` Mike Crowe [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070712191015.GA5167@mcrowe.com \
    --to=mac@mcrowe.com \
    --cc=linux-mips@linux-mips.org \
    --cc=ths@networkno.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox