This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug translator/4915] New: Incorrect code for accessing function argument


On RHEL4 machines the a number of the tests from
testsuite/systemtap.syscall/syscall.exp fail on i686 machine when
running the nightly test runs based on a checkout from cvs and using a
elfutils 0.127. Looking through the tests results a number of the
syscall functions seem to be getting bogus arguments producing
"<unknown>" as one of the systemcall arguments. The same tests failed
regardless using the linux-2.6.9-55.0.2.ELsmp or the 2.6.23-rc2
kernels. On the RHEL4 system the following systemcalls had bogus
arguments:

access
chdir
chmod
chown
lchown
open
pwrite
readlink
statfs
swapoff
swapon


It was noted that the failure did not occur on the RHEL5 i386
machine. Thus, the 2.6.23-rc2 kernel was built on both RHEL4 and RHEL5
i386 machines and a stripped down script, open.stp, were used to
compare the differences between working RHEL5 and problem RHEL4.  One
possible cause of the problem is the compiler generating bogus
debugging information. The machines have the following compilers:

rhel4: gcc version 3.4.6 20060404 (Red Hat 3.4.6-8)
rhel5: gcc version 4.1.1 20070105 (Red Hat 4.1.1-52)

The code for the sys_open function being instrumented looks to be identical.
The place that probes are places on the code are marked below.


RHEL4
c017384f <sys_open>:
c017384f:	51                   	push   %ecx		<--retprobe
c0173850:	8b 44 24 10          	mov    0x10(%esp),%eax <---entry probe
c0173854:	8b 54 24 08          	mov    0x8(%esp),%edx
c0173858:	8b 4c 24 0c          	mov    0xc(%esp),%ecx
c017385c:	89 04 24             	mov    %eax,(%esp)
c017385f:	b8 9c ff ff ff       	mov    $0xffffff9c,%eax
c0173864:	e8 26 ff ff ff       	call   c017378f <do_sys_open>
c0173869:	5a                   	pop    %edx
c017386a:	c3                   	ret    

RHEL5
c046ca3b <sys_open>:
c046ca3b:	83 ec 04             	sub    $0x4,%esp <---both probes here
c046ca3e:	8b 44 24 10          	mov    0x10(%esp),%eax
c046ca42:	8b 54 24 08          	mov    0x8(%esp),%edx
c046ca46:	8b 4c 24 0c          	mov    0xc(%esp),%ecx
c046ca4a:	89 04 24             	mov    %eax,(%esp)
c046ca4d:	b8 9c ff ff ff       	mov    $0xffffff9c,%eax
c046ca52:	e8 07 ff ff ff       	call   c046c95e <do_sys_open>
c046ca57:	5a                   	pop    %edx
c046ca58:	c3                   	ret    


Below are the functions for obtaining file name generated on the RHEL4
and RHEL5 machines. The one for the RHEL4 machine doe not look
correct. The argument is still on the stack. It isn't in a register
yet.

RHEL4 code for getting the filename:

void function__dwarf_tvar_get_filename_3 (struct context* __restrict__ c) {
  struct function__dwarf_tvar_get_filename_3_locals *  __restrict__ l =
    & c->locals[c->nesting].function__dwarf_tvar_get_filename_3;
  (void) l;
  #define CONTEXT c
  #define THIS l
  if (0) goto out;
  l->__retvalue = 0;
  {
    {
  {
    uint32_t addr;
    { // DWARF expression: 0x52
    { uint32_t value = fetch_register (2);addr = value; }
    }
    THIS->__retvalue = addr;
  }
  goto out;
if (0) goto deref_fault;
deref_fault:
  c->last_error = "pointer dereference fault";
  goto out;
}
/* pure */
  }
out:
  ;
  #undef CONTEXT
  #undef THIS
}


RHEL5 code for getting filename:

void function__dwarf_tvar_get_filename_3 (struct context* __restrict__ c) {
  struct function__dwarf_tvar_get_filename_3_locals *  __restrict__ l =
    & c->locals[c->nesting].function__dwarf_tvar_get_filename_3;
  (void) l;
  #define CONTEXT c
  #define THIS l
  if (0) goto out;
  l->__retvalue = 0;
  {
    {
  {
    intptr_t addr;
  intptr_t frame_base;
  { // DWARF expression: 0x74(4)
    {
      intptr_t s0;
        s0 = fetch_register (4) + 4L;
      frame_base = s0;
    }
  }
    { // DWARF expression: 0x91
      {
        intptr_t s0;
        s0 = frame_base + 0L;
        addr = s0;
      }
    }
    { // synthesized
    { uint32_t value = deref (4, addr);addr = value; }
    }
    THIS->__retvalue = addr;
  }
  goto out;
if (0) goto deref_fault;
deref_fault:
  c->last_error = "pointer dereference fault";
  goto out;
}
/* pure */
  }
out:
  ;
  #undef CONTEXT
  #undef THIS
}

-- 
           Summary: Incorrect code for accessing function argument
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
        AssignedTo: systemtap at sources dot redhat dot com
        ReportedBy: wcohen at redhat dot com
  GCC host triplet: i386


http://sourceware.org/bugzilla/show_bug.cgi?id=4915

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]