Memmove causing program crashes, giving SIGTRAP in GDB(?)
KENNON J CONRAD
kennonconrad@comcast.net
Mon Mar 2 18:30:13 GMT 2026
Hi Jakob,
The OS is Windows 8, which is getting pretty old these days.
The CPU is i7-4790K, which is Haswell architecture.
I don't know much about how the flags are supposed to be preserved other than what I
have read on the web recently. What I do know is that:
1. The program occasionally crashes when it uses memmove instead of code that should do exactly the
same thing but avoids the memmove call. When using memmove, there are approximately 3 million
backward memmove calls on average per crash. The released code (GLZA v0.1 - GLZA v0.11.8) that
does not use memmove in this thread has been reliably doing the backward move for many years.
2. When running under GDB, GDB occasionally (at approximately the same frequency as the crash) detects
a SIGTRAP at the REP MOVSQ instruction in the memmove.
3. The assembly code in memmove at the point of the SIGTRAP is:
0x00007ff96ba812a8 <+136>: std
=> 0x00007ff96ba812a9 <+137>: rep movsq %ds:(%rsi),%es:(%rdi)
0x00007ff96ba812ac <+140>: cld
4. When the frame is set to the one that corresponds to the memmove function and registers are printed
immediately following the SIGTRAP, GDB shows:
eflags 0x246 [ PF ZF IF ]
This appears to indicate DF is no longer set.
5. The program itself does not use any low level thread functions or use OS calls. The only thread
functions that are used are pthread_create() and pthread_join(). None of the program threads that
are running when this happens deallocate anything or protect any address ranges.
6. There are no indications of address corruption and the data in the array that is being modified is
consistent with the addresses that are shown in GDB at the point where the SIGTRAP occurs.
What I am not sure about:
1. Whether GDB accurately prints eflags.
2. What causes GDB to issue the SIGTRAP while the REP MOVSQ is running.
It is not clear to me what you are calling "patent disinformation". I am reporting what GDB shows and
what my experience with this crash has been. If you could add some specific critiques, that would help
clarify what you are trying to say.
I would be happy to investigate further if I knew how to get additional information about the SIGTRAP.
Best Regards,
Kennon
> On 03/02/2026 5:32 AM PST Jakob Bohm via Cygwin <cygwin@cygwin.com> wrote:
>
>
> Hi,
>
> This is patent disinformation. On any decent x86 operating system, the
> CPU scheduler that switches between threads preserves all registers and
> flags in a per thread context structure somewhere in the OS kernel. The
> only thing another thread can do to interfere with a running REP MOVS is
> to deallocate / protect the address ranges accessed, and or use low
> level thread functions to change the saved registers of a non-running
> thread using OS calls such as (on Win32) SetThreadContext(),
> TerminateThread() and/or DebugActiveProcess() .
>
> Also, a famous feature of x86 CPUs is that they will happily access
> unaligned memory using the basic integer instruction set, which includes
> REP MOVSQ, but not some of the wide MMX/SSE instructions that can be
> used for optimal memcpy/memmove implementations according to AMD and Intel.
>
> Then there is of cause the ever-present spectre of a buggy CPU not doing
> what the code tells it to do. Somewhere else in this thread, someone
> mentioned a specific such bug but stated the affected CPU models only in
> terms of code names.
>
> On 26/02/2026 22:42, Dimitry Andric via Cygwin wrote:
> > If such a crash occurs, can you do a "thread apply all bt" in gdb? This will show what all the other threads are doing. I'm betting some other thread is calling memcpy or some other function that is messing with the direction flag.
> >
> > -Dimitry
> >
> >> On 26 Feb 2026, at 21:47, KENNON J CONRAD<kennonconrad@comcast.net> wrote:
> >>
> >> Yes, lots. 7 threads were running at the point of the crash 87% load on my i7-4790k. I did a little research since the last post. The memmove code where the crash occurs is:
> >>
> >> 0x00007ff96ba812a8 <+136>: std
> >> => 0x00007ff96ba812a9 <+137>: rep movsq %ds:(%rsi),%es:(%rdi)
> >> 0x00007ff96ba812ac <+140>: cld
> >>
> >> This sets the direction flag immediately before the rep movsq and clears the direction flag immediately after the rep movsq. Yet when gdb breaks it shows the direction flag is not set:
> >>
> >> eflags 0x246 [ PF ZF IF ]
> >>
> >> Would a forward move on overlapping data cause the SIGTRAP? Could the code have moved to a different core? Or could it have been interrupted by some other task that corrupts the flag? As I mentioned earlier, the rep movsq is only failing once per several million times memmove is called so it seems likely to be something along those lines.
> >>
> >> -Kennon
> >>
> >>
> >>> On 02/26/2026 12:20 PM PST Dimitry Andric<dimitry@unified-streaming.com> wrote:
> >>>
> >>>
> >>> Is there some concurrency going on? Maybe some other part of the program is flipping the direction flag?
> >>>
> >>> -Dimitry
> >>>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
>
> --
> Problem reports: https://cygwin.com/problems.html
> FAQ: https://cygwin.com/faq/
> Documentation: https://cygwin.com/docs.html
> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list