3.8.2 testsuite segfault on armv6

ncopa commented 2 years ago

when updating bison package on alpine linux to 3.8.2 we run into a segfault on armv6.

Here is a backtrace:

(gdb) run
Starting program: /home/ncopa/aports/main/bison/src/bison-3.8.2/src/bison -o y.tab.c --defines -Werror -Wall,dangling-alias --report=all --no-lines /home/ncopa/aports/main/bison/src/bison-3.8.2/examples/c/calc/calc.y

Program received signal SIGSEGV, Segmentation fault.
0x00448544 in abitset_small_list (src=src@entry=0xf7f44ef0, list=list@entry=0xfffeea8c, num=num@entry=1024, next=next@entry=0xfffeea88) at lib/bitset/array.c:69
69            list[count++] = bitno + pos;
(gdb) bt
#0  0x00448544 in abitset_small_list (src=src@entry=0xf7f44ef0, list=list@entry=0xfffeea8c, num=num@entry=1024, next=next@entry=0xfffeea88) at lib/bitset/array.c:69
#1  0x00447b2c in bitset_count_ (src=0xf7f44ef0) at lib/bitset.c:356
#2  0xfffffffe in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

ncopa commented 2 years ago

some printf debugging:

diff --git a/lib/bitset/array.c b/lib/bitset/array.c
index 43d4c1e..69d5ecf 100644
--- a/lib/bitset/array.c
+++ b/lib/bitset/array.c
@@ -65,8 +65,10 @@ abitset_small_list (bitset src, bitset_bindex *list,
   bitset_bindex count = 0;
   /* Is there enough room to avoid checking in each iteration? */
   if (num >= BITSET_WORD_BITS) {
-    BITSET_FOR_EACH_BIT (pos, word)
+    BITSET_FOR_EACH_BIT (pos, word) {
+      fprintf(stderr, "DEBUG: num=%d, BITSET_WORD_BITS=%d, count=%d, sizeof(count)=%d, pos=%d, word=%d\n", num, BITSET_WORD_BITS, count, sizeof(count), pos, word);
       list[count++] = bitno + pos;
+    }
   } else
     BITSET_FOR_EACH_BIT (pos, word)

Gives:

DEBUG: num=1024, BITSET_WORD_BITS=32, count=0, sizeof(count)=4, pos=0, word=16383
DEBUG: num=1024, BITSET_WORD_BITS=32, count=1, sizeof(count)=4, pos=1, word=16382
DEBUG: num=1024, BITSET_WORD_BITS=32, count=2, sizeof(count)=4, pos=2, word=16380
DEBUG: num=1024, BITSET_WORD_BITS=32, count=3, sizeof(count)=4, pos=3, word=16376
DEBUG: num=1024, BITSET_WORD_BITS=32, count=4, sizeof(count)=4, pos=4, word=16368
DEBUG: num=1024, BITSET_WORD_BITS=32, count=5, sizeof(count)=4, pos=5, word=16352
DEBUG: num=1024, BITSET_WORD_BITS=32, count=6, sizeof(count)=4, pos=6, word=16320
DEBUG: num=1024, BITSET_WORD_BITS=32, count=7, sizeof(count)=4, pos=7, word=16256
DEBUG: num=1024, BITSET_WORD_BITS=32, count=8, sizeof(count)=4, pos=8, word=16128
DEBUG: num=1024, BITSET_WORD_BITS=32, count=9, sizeof(count)=4, pos=9, word=15872
DEBUG: num=1024, BITSET_WORD_BITS=32, count=10, sizeof(count)=4, pos=10, word=15360
DEBUG: num=1024, BITSET_WORD_BITS=32, count=11, sizeof(count)=4, pos=11, word=14336
DEBUG: num=1024, BITSET_WORD_BITS=32, count=12, sizeof(count)=4, pos=12, word=12288
DEBUG: num=1024, BITSET_WORD_BITS=32, count=13, sizeof(count)=4, pos=13, word=8192
DEBUG: num=1024, BITSET_WORD_BITS=32, count=14, sizeof(count)=4, pos=-1, word=0
DEBUG: num=1024, BITSET_WORD_BITS=32, count=15, sizeof(count)=4, pos=-1, word=0
DEBUG: num=1024, BITSET_WORD_BITS=32, count=16, sizeof(count)=4, pos=-1, word=0
...
DEBUG: num=1024, BITSET_WORD_BITS=32, count=2089, sizeof(count)=4, pos=-1, word=0
DEBUG: num=1024, BITSET_WORD_BITS=32, count=2090, sizeof(count)=4, pos=-1, word=0
DEBUG: num=1024, BITSET_WORD_BITS=32, count=2091, sizeof(count)=4, pos=-1, word=0
DEBUG: num=1024, BITSET_WORD_BITS=32, count=2092, sizeof(count)=4, pos=-1, word=0
DEBUG: num=1024, BITSET_WORD_BITS=32, count=2093, sizeof(count)=4, pos=-1, word=0

I guess pos is not supposed to become -1?

ncopa commented 2 years ago

ok this seems to be a bug in gcc. It fails with -Os but apparently it passes with -O2.

akimd commented 2 years ago

Hi, Sorry for not being very reactive on this. Did you study this any further? Of course this might be a genuine bug, but OTOH, ASAN did not find any problem with the current version of Bison, so I would be really surprised if there were real problems.

Cheers!

akimd / bison

3.8.2 testsuite segfault on armv6 #87