Re: [pcre-dev] [PCRE 8.20-RC1] Failures on PPC

Page principale
Supprimer ce message
Auteur: Petr Pisar
Date:  
À: Herczeg Zoltán
CC: pcre-dev
Sujet: Re: [pcre-dev] [PCRE 8.20-RC1] Failures on PPC
On Mon, Sep 12, 2011 at 06:55:13PM +0200, Herczeg Zoltán wrote:
>
> I have never tried the MIPS impmentation on a MIPS64 system. Would be
> interesting to see what is happening.
>

I did tests on Linux 2.6.39.1 mips64 with n32 user space and I get similar
segfault. Configured as --enable-jit CFLAGS=-g -O0 for MIPS3. It passes a lot
of testinput1 expressions but segfaults on:

/word (?:[a-zA-Z0-9]+ ){0,300}otherword/
word cat dog elephant mussel cow horse canary baboon snake shark the quick brown fox and the lazy dog and several other words getting close to thirty by now I hope

I minimized the test case to:

/(a){0,290}/
foo

The backtrace:

#0  0x22cf79b8 in ?? ()
No symbol table info available.
#1  0x2ab2ea80 in jit_machine_stack_exec (arguments=0x7fff1498, 
    function=0x10045ff8) at pcre_jit_compile.c:6305
        convert_executable_func = {executable_func = 0x2ace4008, 
          call_executable_func = 0x2ace4008}
        local_area = "\255\206\003\020\000\000\000\000\001\000\000\000\254\206\003\020\254\206\003\020", '\000' <repeats 12 times>"\230, \351\260*\000\000\000\000\b\255\004\020\025\000\000\000\000\033\000\000\002\000\000\000\002\000\000\000\020\000\000\000(\000\000\000\000\000\000\000\b\255\004\020\002\000\000\000\000\360\264*\000\000\000\000X\274\a\020\000\000\000\000\340\\\261*\000\000\000\000\b\255\004\020\004\000\000\000\020\000\000\000\r\000\000\000\b\255\004\020\025\000\000\000\000\360\264*\000\000\000\000Д\376\177\000\000\000\000\230\351\260*\000\000\000\000X\274\a\020\000\000\000\000\000\360\264*\000\000\000\000\b\255\004\020\360\377\245$\005\000\000\000\000\000\000\000\b\255\004\020\004\000\000\000\000\360\264*\000\000\000\000\020\225\376\177\000\000\000\000@\a\261*", '\000' <repeats 12 times>"\230, \351\260*\000\000\000\000\b\255\004\020\025\000\000\000\000\033\000\000\002\000\000\000"...
        local_stack = {top = 2147390520, base = 2147390520, 
          limit = 2147423288, max_limit = 2147423288}
#2  0x2ab2ecb8 in _pcre_jit_exec (re=0x10044c38, executable_func=0x10045ff8, 
    subject=0x100386ad "foo", length=3, start_offset=0, options=0, 
    match_limit=10000000, offsets=0x10044a10, offsetcount=4)
   at pcre_jit_compile.c:6352
        function = 0x10045ff8
        convert_executable_func = {executable_func = 0x2, 
          call_executable_func = 0x2}
        arguments = {stack = 0x7fff1438, str = 0x100386ad "foo", 
          begin = 0x100386ad "foo", end = 0x100386b0 "", offsets = 0x10044a10, 
          ptr = 0x0, offsetcount = 4, calllimit = 10000000, notbol = 0 '\000', 
          noteol = 0 '\000', notempty = 0 '\000', notempty_atstart = 0 '\000'}
        maxoffsetcount = 4
        retval = 717055616
#3  0x2ab0a758 in pcre_exec (argument_re=0x10044c38, extra_data=0x10045fa8, 
    subject=0x100386ad "foo", length=3, start_offset=0, options=0, 
    offsets=0x10044a10, offsetcount=45) at pcre_exec.c:5847
        rc = 268438191
        ocount = 0
        arg_offset_max = 0
        first_byte = -1
        req_byte = -1
        req_byte2 = -1
        newline = 0
        using_temporary_offsets = 0
        anchored = 715950912
        startline = 10
       firstline = 1
        first_byte_caseless = 0
        req_byte_caseless = 0
        utf8 = 0
        match_block = {match_call_count = 268919992, match_limit = 0, 
          match_limit_recursion = 0, offset_vector = 0x0, offset_end = 0, 
          offset_max = 268919968, nltype = 269048576, nllen = 0, 
          name_count = 1, name_entry_size = 715948032, 
          name_table = 0x1 <Address 0x1 out of bounds>, nl = "\214\202\254*", 
          lcc = 0x0, ctypes = 0x0, offset_overflow = 0, notbol = 0, 
          noteol = 268717112, utf8 = 0, jscript_compat = 718100896, 
          use_ucp = 0, endonly = 718085568, notempty = 0, 
          notempty_atstart = 718066960, hitend = 0, bsr_anycrlf = 718066960, 
          start_code = 0x0, start_subject = 0x41 <Address 0x41 out of bounds>, 
          end_subject = 0x0, start_match_ptr = 0x1001f310 "\340\341\253*", 
          end_match_ptr = 0x0, 
          start_used_ptr = 0x12 <Address 0x12 out of bounds>, partial = 0, 
          end_offset_top = 9, capture_last = 0, start_offset = 269421368, 
          match_function_type = 0, eptrchain = 0x100f23c8, eptrn = 0, 
          recursive = 0x100f2328, callout_data = 0x0, 
          mark = 0x63 <Address 0x63 out of bounds>, once_target = 0x0}
        md = 0x7fff1580
        tables = 0x0
        start_bits = 0x0
        start_match = 0x100386ad "foo"
        end_subject = 0x1 <Address 0x1 out of bounds>
        start_partial = 0x0
        req_byte_ptr = 0x100386ac ""
        internal_study = {size = 716042240, flags = 0, 
          start_bits = "\320\026\377\177\000\000\000\000\310\344\253*\000\000\000\000XƮ*\000\000\000\000\005\000\000\000\000\000\000", minlength = 718085568}
        study = 0x0
        internal_re = {magic_number = 0, size = 0, options = 0, flags = 0, 
          dummy1 = 0, top_bracket = 8864, top_backref = 4111, first_byte = 0, 
          req_byte = 0, name_table_offset = 61440, name_entry_size = 10925, 
          name_count = 0, ref_count = 0, tables = 0x2aabe23c "H", 
          nullpad = 0x0}
        external_re = 0x10044c38
        re = 0x10044c38
#4  0x10009ca0 in main (argc=2, argv=0x7fff3294) at pcretest.c:2779
[...]


The top address 0x22cf79b8 is not mapped, so the JIT-compiled function jumped
to nowhere obviously.

Stepping the code again shows it happens in JIT-compiled code:

Starting program: /home/petr/pcre-8.20-RC1/.libs/pcretest -q -s+ testinput
/(a){0,290}/
foo

Breakpoint 2, jit_machine_stack_exec (arguments=0x7fff1498, 
    function=0x10045ff8) at pcre_jit_compile.c:6299
6299    local_stack.top = (sljit_w)&local_area;
(gdb) n
6300    local_stack.base = local_stack.top;
(gdb) 
6301    local_stack.limit = local_stack.base + LOCAL_SPACE_SIZE;
(gdb) 
6302    local_stack.max_limit = local_stack.limit;
(gdb) 
6303    arguments->stack = &local_stack;
(gdb) 
6304    convert_executable_func.executable_func = function->executable_func;
(gdb) 
6305    return convert_executable_func.call_executable_func(arguments);
(gdb) 
warning: GDB can't find the start of the function at 0x2ace4008.


    GDB is unable to find the start of the function at 0x2ace4008
and thus can't determine the size of that function's stack frame.
This means that GDB may be unable to access that stack frame, or
the frames below it.
    This problem is most likely caused by an invalid program counter or
stack pointer.
    However, if you think GDB should simply search farther back
from 0x2ace4008 for code which looks like the beginning of a
function, you can increase the range of the search using the `set
heuristic-fence-post' command.
0x2ace4008 in ?? ()
(gdb) c
Continuing.


Program received signal SIGSEGV, Segmentation fault.
0x22cf79b8 in ?? ()

(gdb) info registers 
                  zero               at               v0               v1
 R0   0000000000000000 ffffffffcfffffff 0000000000000000 000000007fff9430 
                    a0               a1               a2               a3
 R4   000000007fff1498 000000007ffe944c 00000000100386ac 0000000000000003 
                    a4               a5               a6               a7
 R8   0000000000000001 0000000000000000 0000000000989680 0000000010044a10 
                    t0               t1               t2               t3
 R12  ffffffffffffffff fffffffff0000000 000000002aac47c0 000000007fff1440 
                    s0               s1               s2               s3
 R16  000000007ffe93d0 00000000100386ad 00000000100386b0 000000007fff1438 
                    s4               s5               s6               s7
 R20  000000007fff1498 0000000000000001 00000000100f2328 0000000000000063 
                    t8               t9               k0               k1
 R24  000000002aab8c40 000000002ace4008 000000000000000a 0000000000000000 
                    gp               sp               s8               ra
 R28  000000002ab4f000 000000007ffe93c0 000000007ffe9430 000000002ab2ea80 
                status               lo               hi         badvaddr
      00000000040044f3 0000000000000090 0000000000000000 0000000022cf79b8 
                 cause               pc
      0000000010008008 0000000022cf79b8 
                  fcsr              fir          restart
              00000000         00000501 0000000000000000 


I suspected stack size, but it does not depend on in (checked with `unlimited'
stack size).


I guess it does not help much. If you advised how to locate the JIT-compiled
code I could send its dissasebled code back.

-- Petr