Crash under sparc/rtems-4.11 when compiling with FPU
Athanasios.Tsiodras at esa.int
Athanasios.Tsiodras at esa.int
Fri Feb 5 17:51:17 UTC 2016
Hello everyone.
Executive summary of this (caveat: long!) bug report: I have built a
sparc/rtems-4.11 toolchain and used it to successfully create and execute
applications on the board... but ONLY with "-msoft-float" - using
"-mhard-float" leads to a NULL pointer access during startup, and a
segfault.
How to reproduce:
1. Use the RSB to build the toolchain:
$ git clone git://git.rtems.org/rtems-source-builder.git
$ cd rtems-source-builder
$ git checkout 4.11
$ sudo apt-get build-dep binutils gcc g++ gdb unzip git python2.7-dev
...
$ ./source-builder/sb-check
RTEMS Source Builder - Check, 4.11 (436ec884a86c)
Environment is ok
$ cd rtems
$ ../source-builder/sb-set-builder --log=sparc.log
--prefix=/opt/rtems-4.11-latest/ 4.11/rtems-sparc
The build completes fine.
2. Add new toolchain to path and verify it's there:
$ export PATH=/opt/rtems-4.11-latest/bin:$PATH
$ sparc-rtems4.11-gcc -v
Using built-in specs.
COLLECT_GCC=sparc-rtems4.11-gcc
COLLECT_LTO_WRAPPER=/opt/rtems-4.11-latest/libexec/gcc/sparc-rtems4.11/4.9.3/lto-wrapper
Target: sparc-rtems4.11
Configured with: ../gcc-4.9.3/configure
--prefix=/opt/rtems-4.11-latest --bindir=/opt/rtems-4.11-latest/bin
--exec_prefix=/opt/rtems-4.11-latest
--includedir=/opt/rtems-4.11-latest/include
--libdir=/opt/rtems-4.11-latest/lib
--libexecdir=/opt/rtems-4.11-latest/libexec
--mandir=/opt/rtems-4.11-latest/share/man
--infodir=/opt/rtems-4.11-latest/share/info
--datadir=/opt/rtems-4.11-latest/share --build=i686-linux-gnu
--host=i686-linux-gnu --target=sparc-rtems4.11 --disable-libstdcxx-pch
--with-gnu-as --with-gnu-ld --verbose --with-newlib --with-system-zlib
--disable-nls --without-included-gettext --disable-win32-registry
--enable-version-specific-runtime-libs --disable-lto
--enable-newlib-io-c99-formats --enable-newlib-iconv
--enable-newlib-iconv-encodings=big5,cp775,cp850,cp852,cp855,cp866,euc_jp,euc_kr,euc_tw,iso_8859_1,iso_8859_10,iso_8859_11,iso_8859_13,iso_8859_14,iso_8859_15,iso_8859_2,iso_8859_3,iso_8859_4,iso_8859_5,iso_8859_6,iso_8859_7,iso_8859_8,iso_8859_9,iso_ir_111,koi8_r,koi8_ru,koi8_u,koi8_uni,ucs_2,ucs_2_internal,ucs_2be,ucs_2le,ucs_4,ucs_4_internal,ucs_4be,ucs_4le,us_ascii,utf_16,utf_16be,utf_16le,utf_8,win_1250,win_1251,win_1252,win_1253,win_1254,win_1255,win_1256,win_1257,win_1258
--enable-threads --disable-plugin --enable-libgomp
--enable-languages=c,c++
Thread model: rtems
gcc version 4.9.3 20150626 (RTEMS 4.11, RSB
436ec884a86c32166a538e5190e13ae088169533-modified, Newlib 2.2.0.20150423)
(GCC)
3. Compile latest RTEMS 4.11 sources
$ cd ..
$ git clone https://github.com/RTEMS/rtems.git
$ cd rtems
$ git checkout 4.11
$ cd ../
$ mkdir build
$ cd build
$ ../rtems-git/configure --target=sparc-rtems4.11 --disable-networking
--enable-rtemsbsp="leon3" --prefix=/opt/rtems-4.11-latest --enable-tests
$ make all
$ make install
This build also completes fine
4. Test the samples, which have been compiled with -msoft-float - they
execute perfectly on board:
$ cd sparc-rtems4.11/c/leon3/testsuites/samples/hello
$ sparc-rtems-gdb ./hello.exe
(gdb) tar extended-remote ....:1234 (connect to grmon)
(gdb) c
Continuing.
*** BEGIN OF TEST HELLO WORLD ***
Hello World
*** END OF TEST HELLO WORLD ***
5. Now compile hello world again, but changing "-msoft-float" to
"-mhard-float":
$ make clean
$ cat Makefile | sed 's/soft-float/hard-float/' > a && mv a Makefile
$ grep float Makefile
CFLAGS = -mcpu=cypress -mhard-float -O2 -g -ffunction-sections
-fdata-sections -Wall -Wmissing-prototypes -Wimplicit-function-declaration
-Wstrict-prototypes -Wnested-externs
CXXFLAGS = -mcpu=cypress -mhard-float -O2 -g -ffunction-sections
-fdata-sections -Wall -Wmissing-prototypes -Wimplicit-function-declaration
-Wstrict-prototypes -Wnested-externs
$ make
$ sparc-rtems-gdb ./hello.exe
(gdb) tar extended-remote ....:1234 (connect to grmon)
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x40003634 in newlib_create_hook (current_task=0x400204d0,
creating_task=0x40020a48)
at
../../../../../../rtems-git/c/src/../../cpukit/libcsupport/src/newlibc_reent.c:47
47 _REENT_INIT_PTR((creating_task->libc_reent)); /* GCC
extension: structure constants */
(gdb) where
#0 0x40003634 in newlib_create_hook (current_task=0x400204d0,
creating_task=0x40020a48)
at
../../../../../../rtems-git/c/src/../../cpukit/libcsupport/src/newlibc_reent.c:47
#1 0x4000c7ec in _User_extensions_Thread_create_visitor
(executing=0x400204d0, arg=0x407ffd70,
callouts=0x4001b164 <Configuration_Initial_Extensions>)
at
../../../../../../rtems-git/c/src/../../cpukit/score/src/userextiterate.c:43
#2 0x4000c93c in _User_extensions_Iterate (arg=arg at entry=0x407ffd70,
visitor=0x4000c7b4 <_User_extensions_Thread_create_visitor>)
at
../../../../../../rtems-git/c/src/../../cpukit/score/src/userextiterate.c:155
#3 0x4000b954 in _User_extensions_Thread_create (created=0x40020a48)
at
../../cpukit/../../../leon3/lib/include/rtems/score/userextimpl.h:174
#4 _Thread_Initialize (information=0x4001db04
<_RTEMS_tasks_Information>, the_thread=the_thread at entry=0x40020a48,
scheduler=0x4001b1d8 <_Scheduler_Table>,
stack_area=stack_area at entry=0x0, stack_size=stack_size at entry=4096,
is_fp=is_fp at entry=false, priority=priority at entry=1,
is_preemptible=is_preemptible at entry=false,
budget_algorithm=budget_algorithm at entry=THREAD_CPU_BUDGET_ALGORITHM_NONE,
budget_callout=budget_callout at entry=0x0,
isr_level=isr_level at entry=0, name=...)
at
../../../../../../rtems-git/c/src/../../cpukit/score/src/threadinitialize.c:251
#5 0x40007c6c in rtems_task_create (name=1430860064,
initial_priority=1, stack_size=4096, initial_modes=256,
attribute_set=0, id=id at entry=0x407ffe5c) at
../../../../../../rtems-git/c/src/../../cpukit/rtems/src/taskcreate.c:141
#6 0x40007dc8 in _RTEMS_tasks_Initialize_user_tasks_body ()
at
../../../../../../rtems-git/c/src/../../cpukit/rtems/src/taskinitusers.c:72
#7 0x4000e72c in _RTEMS_tasks_Initialize_user_tasks ()
at
../../../../../../rtems-git/c/src/../../cpukit/rtems/src/tasks.c:247
#8 0x400084e0 in _API_extensions_Run_postdriver () at
../../../../../../rtems-git/c/src/../../cpukit/score/src/apiext.c:73
#9 0x40001318 in boot_card (cmdline=0x0)
at
../../../../../../../../rtems-git/c/src/lib/libbsp/sparc/leon3/../../shared/bootcard.c:140
#10 0x400010c8 in zerobss ()
at
../../../../../../../../rtems-git/c/src/lib/libbsp/sparc/leon3/../../sparc/shared/start/start.S:404
Note that this process is using official sources for everything - nothing
is customized in any way.
Which means the hello world sample is as-is, and doesn't use any floating
point code - the crash happens in initialization of a thread that is
created without FPU support (is_fp=false).
So I change the hello world sample to this:
$ git diff
diff --git a/testsuites/samples/hello/init.c
b/testsuites/samples/hello/init.c
index d8fe450..0e6f34d 100644
--- a/testsuites/samples/hello/init.c
+++ b/testsuites/samples/hello/init.c
@@ -46,4 +46,5 @@ rtems_task Init(
#define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION
#define CONFIGURE_INIT
+#define CONFIGURE_INIT_TASK_ATTRIBUTES RTEMS_FLOATING_POINT
#include <rtems/confdefs.h>
...and rebuild. I get the same crash, even though "is_fp" is set to true
this time.
In case it helps, the top-most frame on the stack accesses
"creating_task->libc_reent" - here's the relevant data from the debugger:
(gdb) p creating_task
$1 = (rtems_tcb *) 0x40020a48
(gdb) p *creating_task
$2 = {Object = {Node = {next = 0x4001db28
<_RTEMS_tasks_Information+36>,
previous = 0x4001db24 <_RTEMS_tasks_Information+32>}, id =
167837697, name = {
name_p = 0x55493120 "DI6\210\rA.]\301\017\240w_\243\217\336\065
\306\031\071\224\027\217\231\r\306\022\033\207\307`\"\022#aN\250\323)\177\372k0,\311\323!\005\263P\306\025\325M\020\323\071:\244\225\262\256\065\362\312<\200\346\227Z\t\331\034T\376\033\321\211\066#\345",
name_u32 = 1430860064}}, current_state = 1, current_priority = 1,
real_priority = 1,
priority_generation = 0, priority_restore_hint = 196, resource_count
= 0, Wait = {Node = {Chain = {next = 0x80a0a000,
previous = 0x280011d}, RBTree = {parent = 0x80a0a000, child =
{0x280011d, 0xb626c003},
color = (unknown: 3322396332)}}, id = 2248204289, count =
3324493484, return_argument = 0x88100002,
return_argument_second = {mutable_object = 0x0, immutable_object =
0x0}, option = 2158026879, return_code = 0,
timeout_code = 0, queue = 0x0, flags = 0, operations = 0x4001b7e8
<_Thread_queue_Operations_default>}, Timer = {
Node = {next = 0x0, previous = 0xc227be6c}, state =
WATCHDOG_INACTIVE, initial = 3020947468,
delta_interval = 3054501901, start_time = 1073749935, stop_time =
3523722900, routine = 0xc207be6c, id = 17,
user_data = 0x40020bc8}, is_preemptible = 133, is_fp = true,
Scheduler = {node = 0x40020bd8}, cpu_time_budget = 0,
budget_algorithm = 2156454143, budget_callout = 0x0, cpu_time_used =
{sec = 0, frac = 0}, Start = {entry_point = 0x0,
prototype = (unknown: 1073862712), pointer_argument = 0x27beac,
numeric_argument = 0, is_preemptible = false,
budget_algorithm = THREAD_CPU_BUDGET_ALGORITHM_NONE,
budget_callout = 0x0, isr_level = 0, initial_priority = 1,
core_allocated_stack = true, Initial_stack = {size = 4096, area =
0x400221c8}, stack = 0x400221c8, tls_area = 0x0},
Post_switch_actions = {Chain = {Head = {Node = {next = 0x40020b34,
previous = 0x0}, fill = 0x40020b30}, Tail = {
fill = 0x40020b34, Node = {next = 0x0, previous =
0x40020b30}}}}, Registers = {g5 = 3324485712, g7 = 3355950796,
l0_and_l1 = 5.2719010775364644e-228, l2 = 2248302600, l3 =
2416426792, l4 = 2484084744, l5 = 3324485712,
l6 = 2147475822, l7 = 3995582060, i0 = 3355950888, i1 =
3288842028, i2 = 3358047904, i3 = 3290939036, i4 = 0,
i5 = 3255287404, i6_fp = 1073885520, i7 = 1073804840, o6_sp =
4081066214, o7 = 0, psr = 1073876192,
isr_dispatch_disable = 1073875928}, libc_reent = 0x40020c04,
API_Extensions = {0x40020cf0, 0x40020be8},
task_variables = 0x40020c14, Key_Chain = {Head = {Node = {next =
0x40020bac, previous = 0x0}, fill = 0x40020ba8},
Tail = {fill = 0x40020bac, Node = {next = 0x0, previous =
0x40020ba8}}}, Life = {Action = {Node = {next = 0x0,
previous = 0x0}, handler = 0x4000c248
<_Thread_Life_action_handler>}, state = THREAD_LIFE_NORMAL,
terminator = 0x0}, Capture = {flags = 0, control = 0x0},
extensions = 0x40020bd0}
(gdb) p creating_task->libc_reent
$3 = (struct _reent *) 0x40020c04
(gdb) p *creating_task->libc_reent
$4 = {_errno = 0, _stdin = 0x0, _stdout = 0x0, _stderr = 0x0, _inc =
0, _emergency = '\000' <repeats 24 times>,
_current_category = 0, _current_locale = 0x0, __sdidinit = 0,
__cleanup = 0x0, _result = 0x0, _result_k = 0, _p5s = 0x0,
_freelist = 0x0, _cvtlen = 0, _cvtbuf = 0x0, _new = {_reent =
{_unused_rand = 0, _strtok_last = 0x0,
_asctime_buf = '\000' <repeats 25 times>, _localtime_buf =
{__tm_sec = 0, __tm_min = 0, __tm_hour = 0,
__tm_mday = 0, __tm_mon = 0, __tm_year = 0, __tm_wday = 0,
__tm_yday = 0, __tm_isdst = 0}, _gamma_signgam = 0,
_rand_next = 0, _r48 = {_seed = {0, 0, 0}, _mult = {0, 0, 0},
_add = 0}, _mblen_state = {__count = 0, __value = {
__wch = 0, __wchb = "\000\000\000"}}, _mbtowc_state =
{__count = 0, __value = {__wch = 0,
__wchb = "\000\000\000"}}, _wctomb_state = {__count = 0,
__value = {__wch = 0, __wchb = "\000\000\000"}},
_l64a_buf = "\000\000\000\000\000\000\000", _signal_buf = '\000'
<repeats 23 times>, _getdate_err = 0,
_mbrlen_state = {__count = 0, __value = {__wch = 0, __wchb =
"\000\000\000"}}, _mbrtowc_state = {__count = 0,
__value = {__wch = 0, __wchb = "\000\000\000"}},
_mbsrtowcs_state = {__count = 0, __value = {__wch = 0,
__wchb = "\000\000\000"}}, _wcrtomb_state = {__count = 0,
__value = {__wch = 0, __wchb = "\000\000\000"}},
_wcsrtombs_state = {__count = 0, __value = {__wch = 0, __wchb =
"\000\000\000"}}, _h_errno = 0}, _unused = {
_nextf = {0x0 <repeats 30 times>}, _nmalloc = {0 <repeats 30
times>}}}, _sig_func = 0x0, __sglue = {_next = 0x0,
_niobs = 0, _iobs = 0x0}, __sf = {{_p = 0x0, _r = 0, _w = 0,
_flags = 0, _file = 0, _bf = {_base = 0x0, _size = 0},
_lbfsize = 0, _cookie = 0x0, _read = 0x0, _write = 0x0, _seek =
0x0, _close = 0x0, _ub = {_base = 0x0, _size = 0},
_up = 0x0, _ur = 0, _ubuf = "\000\000", _nbuf = "", _lb = {_base
= 0x0, _size = 0}, _blksize = 0, _offset = 0,
_data = 0x0, _lock = 0, _mbstate = {__count = 0, __value =
{__wch = 0, __wchb = "\000\000\000"}}, _flags2 = 0}, {
_p = 0x0, _r = 0, _w = 0, _flags = 0, _file = 0, _bf = {_base =
0x0, _size = 0}, _lbfsize = 0, _cookie = 0x0,
_read = 0x0, _write = 0x0, _seek = 0x0, _close = 0x0, _ub =
{_base = 0x0, _size = 0}, _up = 0x0, _ur = 0,
_ubuf = "\000\000", _nbuf = "", _lb = {_base = 0x0, _size = 0},
_blksize = 0, _offset = 0, _data = 0x0, _lock = 0,
_mbstate = {__count = 0, __value = {__wch = 0, __wchb =
"\000\000\000"}}, _flags2 = 0}, {_p = 0x0, _r = 0, _w = 0,
_flags = 0, _file = 0, _bf = {_base = 0x0, _size = 0}, _lbfsize
= 0, _cookie = 0x0, _read = 0x0, _write = 0x0,
_seek = 0x0, _close = 0x0, _ub = {_base = 0x0, _size = 0}, _up =
0x0, _ur = 0, _ubuf = "\000\000", _nbuf = "",
_lb = {_base = 0x0, _size = 0}, _blksize = 0, _offset = 0, _data
= 0x0, _lock = 0, _mbstate = {__count = 0,
__value = {__wch = 0, __wchb = "\000\000\000"}}, _flags2 =
0}}}
Any help would be most appreciated!
Kind regards,
Thanassis.
European Space Agency (via HE Space)
Thanassis Tsiodras
Real-time Embedded Software Engineer
System, Software and Technology Department
ESTEC
Keplerlaan 1, PO Box 299
NL-2200 AG Noordwijk, The Netherlands
Athanasios.Tsiodras at esa.int | www.esa.int
T +31 71 565 5332
This message and any attachments are intended for the use of the addressee or addressees only.
The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its
content is not permitted.
If you received this message in error, please notify the sender and delete it from your system.
Emails can be altered and their integrity cannot be guaranteed by the sender.
Please consider the environment before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/users/attachments/20160205/403887bd/attachment-0001.html>
More information about the users
mailing list