From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:54614)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ktietz70@googlemail.com>) id 1RFw6Y-00038o-Fu
	for qemu-devel@nongnu.org; Mon, 17 Oct 2011 18:56:23 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ktietz70@googlemail.com>) id 1RFw6W-00038F-W5
	for qemu-devel@nongnu.org; Mon, 17 Oct 2011 18:56:22 -0400
Received: from mail-vw0-f45.google.com ([209.85.212.45]:38007)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ktietz70@googlemail.com>) id 1RFw6W-00036V-OB
	for qemu-devel@nongnu.org; Mon, 17 Oct 2011 18:56:20 -0400
Received: by vws17 with SMTP id 17so2828220vws.4
	for <qemu-devel@nongnu.org>; Mon, 17 Oct 2011 15:56:20 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <4E9CAACE.4070804@mc.net>
References: <4E9BB180.6080506@mc.net> <4E9C0497.2000605@siriusit.co.uk>
	<4E9C3703.3040109@mc.net> <4E9C645A.5060200@twiddle.net>
	<4E9C9C08.20001@mc.net>
	<CAEwic4Yw0nc9yij+SGMdXMy2R11FyXVWQ4TChczQsNGuVFqkAQ@mail.gmail.com>
	<4E9CAACE.4070804@mc.net>
Date: Tue, 18 Oct 2011 00:56:19 +0200
Message-ID: <CAEwic4aADQUtZOmjAYVVrS1cBU=uRNjwAV49f+GtPtro664JDw@mail.gmail.com>
From: Kai Tietz <ktietz70@googlemail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] gcc auto-omit-frame-pointer vs msvc longjmp
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Bob Breuer <breuerr@mc.net>
Cc: "gcc@gcc.gnu.org" <gcc@gcc.gnu.org>, Richard Henderson <rth@twiddle.net>, qemu-devel <qemu-devel@nongnu.org>, Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>

2011/10/18 Bob Breuer <breuerr@mc.net>:
> Kai Tietz wrote:
>> 2011/10/17 Bob Breuer <breuerr@mc.net>:
>>> Richard Henderson wrote:
>>>> On 10/17/2011 07:09 AM, Bob Breuer wrote:
>>>>> I don't think this is a free/g_free issue. =A0If I use the following
>>>>> patch, then I at least get the openbios messages:
>>>>>
>>>>> diff --git a/cpu-exec.c b/cpu-exec.c
>>>>> index a9fa608..dfbd6ea 100644
>>>>> --- a/cpu-exec.c
>>>>> +++ b/cpu-exec.c
>>>>> @@ -180,6 +180,7 @@ static void cpu_handle_debug_exception(CPUState
>>>>> =A0/* main execution loop */
>>>>>
>>>>> =A0volatile sig_atomic_t exit_request;
>>>>> +register void *ebp asm("ebp");
>>>>>
>>>>> =A0int cpu_exec(CPUState *env)
>>>>> =A0{
>>>>> @@ -233,6 +234,8 @@ int cpu_exec(CPUState *env)
>>>>>
>>>>> =A0 =A0 =A0/* prepare setjmp context for exception handling */
>>>>> =A0 =A0 =A0for(;;) {
>>>>> + =A0 =A0 =A0 =A0int dummy =3D 0;
>>>>> + =A0 =A0 =A0 =A0ebp =3D &dummy;
>>>> See if
>>>>
>>>> =A0 asm("" : : : "ebp");
>>>>
>>>> also solves the problem.
>>> No, that doesn't fix it.
>>>
>>>>> Google finds a mention of longjmp failing with -fomit-frame-pointer:
>>>>> http://lua-users.org/lists/lua-l/2005-02/msg00158.html
>>>>>
>>>>> Looks like gcc 4.6 turns on -fomit-frame-pointer by default.
>>>> Hmm. =A0This is the first I've heard of a longjmp implementation
>>>> failing without a frame pointer. =A0Presumably this is with the
>>>> mingw i.e. msvc libc?
>>> Yeah, mingw from www.mingw.org which I believe uses msvcrt.dll, package
>>> gcc-core-4.6.1-2-mingw32-bin.
>>>
>>>> This is something that could be worked around in gcc, I suppose.
>>>> We recognize longjmp for some things, we could force the use of
>>>> a frame pointer for msvc targets too.
>>>>
>>>> For now it might be best to simply force -fno-omit-frame-pointer
>>>> for mingw host in the configure script.
>>> Here's a testcase that crashes on the longjmp:
>>>
>>> #include <stdio.h>
>>> #include <setjmp.h>
>>>
>>> jmp_buf env;
>>>
>>> int test(void)
>>> {
>>> =A0int i;
>>>
>>> =A0asm("xor %%ebp,%%ebp" ::: "ebp");
>>>
>>> =A0i =3D setjmp(env);
>>> =A0printf("i =3D %d\n", i);
>>>
>>> =A0if (i =3D=3D 0)
>>> =A0 =A0longjmp(env, 2);
>>>
>>> =A0return i;
>>> }
>>>
>>> int main(void)
>>> {
>>> =A0return test();
>>> }
>>>
>>> Remove the asm statement to make it not crash. =A0Obviously with
>>> omit-frame-pointer, gcc can shove anything into ebp.
>>>
>>> Bob
>>
>> This crash isn'r related to ebp existing, or not. The issue is the
>> hidden argument of setjmp, which is missing. =A0If you can try the
>> following at top of file after include section.
>>
>> #define setjmp(BUF) _setjmpex((BUF), NULL)
>> int __cdecl __attribute__ ((__nothrow__,__returns_twice__))
>> _setjmp3(jmp_buf _Buf, void *_Ctx);
>> ...
>
> Did you mean _setjmp3 instead of _setjmpex? =A0With _setjmp3, it works
> without the asm, but still crashes if I zero out ebp before the setjmp.
> =A0Aren't the function arguments on the stack anyway?

Yes, I mean _setjmp3 (pasto from headers and missed the second line
prototyping _setjmp3).
I repeat myself here.  setjmp() has an hidden arguement, which is
passed on x86 on stack.  By not passing this required argument, setjmp
will take a random-value from stack.  In your case 'i'.  btw if you
would pre-initialize 'i' with zero, I would assume you won't see a
crash, but anyway this is just by chance.
For this I suggest to use here _setjmp3 instead, as here
second-argument is documented as being present.

Btw I tested your code with i686-pc-mingw32 version 4.6.x and 4.7.x
gcc version.  With my suggested pattern, I don't see a crash for your
provide test-code with, or without zero-ing ebp.

Kai