search

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
14.83k stars 4.62k forks source link

[OSX] PAL_printf_arg_remover clobbering upper 32-bits #3915

Closed kangaroo closed 4 years ago

kangaroo commented 9 years ago

Its friday night and I'm tired, so I'm going to file this to document it.

k-nucleotide.cs from the language shootout is currently causing a fault on OSX. The stack trace is as follows:

* thread dotnet/coreclr#2: tid = 0x3d8532, 0x00007fff8caaac30 libsystem_c.dylib`__vfprintf + 69, stop reason = EXC_BAD_ACCESS (code=1, address=0x111b77c130)
  * frame #0: 0x00007fff8caaac30 libsystem_c.dylib`__vfprintf + 69
    frame dotnet/coreclr#1: 0x00007fff8cad49af libsystem_c.dylib`__v2printf + 679
    frame dotnet/coreclr#2: 0x00007fff8cab9155 libsystem_c.dylib`_vsnprintf + 596
    frame dotnet/coreclr#3: 0x00007fff8cab920a libsystem_c.dylib`vsnprintf + 80
    frame dotnet/coreclr#4: 0x00000001019cb1f8 libcoreclr.dylib`NativeVsnprintf(pthrCurrent=0x000000010085d600, Buffer=0x000000010284565b, Count=1073741824, Format=0x000000011b77baf0, ap=0x000000111b77c120) + 88 at printfcpp.cpp:1089
    frame dotnet/coreclr#5: 0x00000001019c5041 libcoreclr.dylib`CoreVsnprintf(pthrCurrent=0x000000010085d600, Buffer=0x0000000102845620, Count=2147483647, Format=0x0000000101c08920, ap=0x000000111b77c120) + 5393 at printfcpp.cpp:1708
    frame dotnet/coreclr#6: 0x00000001019c3b03 libcoreclr.dylib`PAL__vsnprintf(Buffer=0x0000000102845620, Count=2147483647, Format=0x0000000101c08920, ap=0x000000011b77c120) + 67 at printfcpp.cpp:1012
    frame dotnet/coreclr#7: 0x00000001019c0395 libcoreclr.dylib`PAL_sprintf(buffer=0x0000000102845620, format=0x0000000101c08920) + 581 at printf.cpp:1507
    frame dotnet/coreclr#8: 0x0000000101820985 libcoreclr.dylib`Compiler::impCanInlineNative(this=0x000000010283fbe0, callsiteNativeEstimate=55, calleeNativeSizeEstimate=526, inlineHints=0, pInlineInfo=0x000000011b77d048) + 2069 at importer.cpp:15394
    frame dotnet/coreclr#9: 0x000000010178dadb libcoreclr.dylib`Compiler::fgFindJumpTargets(this=0x000000010283fbe0, codeAddr=0x000000011b30b1e9, codeSize=25, jumpTarget=0x0000000102845600) + 6907 at flowgraph.cpp:4967
    frame dotnet/coreclr#10: 0x000000010178fd48 libcoreclr.dylib`Compiler::fgFindBasicBlocks(this=0x000000010283fbe0) + 184 at flowgraph.cpp:5683
    frame dotnet/coreclr#11: 0x000000010176749b libcoreclr.dylib`Compiler::compCompileHelper(this=0x000000010283fbe0, classPtr=0x00000001000d5020, compHnd=0x000000011b77ee18, methodInfo=0x0000000102845228, methodCodePtr=0x000000011b77d048, methodCodeSize=0x0000000000000000, compileFlags=1060352, instVerInfo=INSTVER_GENERIC_PASSED_VERIFICATION) + 1931 at compiler.cpp:4259
    frame dotnet/coreclr#12: 0x0000000101766410 libcoreclr.dylib`Compiler::compCompile(__pvHandlerData=0x000000011b77c888)::__Body::Run(void*) + 112 at compiler.cpp:3752
    frame dotnet/coreclr#13: 0x00000001019dc974 libcoreclr.dylib`PAL_TryExcept(pfnBody=0x00000001017663a0, pfnFilter=0x0000000101766420, pvParam=0x000000011b77c888, pfExecuteHandler=0x000000011b77c884) + 52 at seh-unwind.cpp:772
    frame dotnet/coreclr#14: 0x000000010176621f libcoreclr.dylib`Compiler::compCompile(this=0x000000010283fbe0, methodHnd=0x000000011b282bb0, classPtr=0x00000001000d5020, compHnd=0x000000011b77ee18, methodInfo=0x0000000102845228, methodCodePtr=0x000000011b77d048, methodCodeSize=0x0000000000000000, compileFlags=1060352) + 2207 at compiler.cpp:3760
    frame dotnet/coreclr#15: 0x000000010176a9f7 libcoreclr.dylib`jitNativeCode(__pvHandlerData=0x000000011b77ca80)::__Body::Run(void*)::__Body::Run(void*) + 439 at compiler.cpp:4963
    frame dotnet/coreclr#16: 0x00000001019dc974 libcoreclr.dylib`PAL_TryExcept(pfnBody=0x000000010176a840, pfnFilter=0x000000010176aa10, pvParam=0x000000011b77ca80, pfExecuteHandler=0x000000011b77ca7c) + 52 at seh-unwind.cpp:772
    frame dotnet/coreclr#17: 0x0000000101768c54 libcoreclr.dylib`jitNativeCode(__pvHandlerData=0x000000011b77cb90)::__Body::Run(void*) + 116 at compiler.cpp:4971
    frame dotnet/coreclr#18: 0x00000001019dc974 libcoreclr.dylib`PAL_TryExcept(pfnBody=0x0000000101768be0, pfnFilter=0x0000000101768dc0, pvParam=0x000000011b77cb90, pfExecuteHandler=0x000000011b77cb8c) + 52 at seh-unwind.cpp:772
    frame dotnet/coreclr#19: 0x00000001017689e9 libcoreclr.dylib`jitNativeCode(methodHnd=0x000000011b282bb0, classPtr=0x00000001000d5020, compHnd=0x000000011b77ee18, methodInfo=0x0000000102845228, methodCodePtr=0x000000011b77d048, methodCodeSize=0x0000000000000000, compileFlags=1060352, inlineInfoPtr=0x000000011b77d048) + 505 at compiler.cpp:5001
    frame dotnet/coreclr#20: 0x00000001017aaa96 libcoreclr.dylib`Compiler::fgInvokeInlineeCompiler(__pvHandlerData=0x000000011b77cfb0)::__Body::Run(void*) + 646 at flowgraph.cpp:21725
    frame dotnet/coreclr#21: 0x00000001019dc974 libcoreclr.dylib`PAL_TryExcept(pfnBody=0x00000001017aa810, pfnFilter=0x00000001017aab20, pvParam=0x000000011b77cfb0, pfExecuteHandler=0x000000011b77cfac) + 52 at seh-unwind.cpp:772
    frame dotnet/coreclr#22: 0x00000001017aa202 libcoreclr.dylib`Compiler::fgInvokeInlineeCompiler(this=0x0000000102839a40, call=0x0000000102845118) + 1170 at flowgraph.cpp:21743
    frame dotnet/coreclr#23: 0x0000000101858ba3 libcoreclr.dylib`Compiler::fgMorphCallInline(this=0x0000000102839a40, node=0x0000000102845118) + 435 at morph.cpp:4975
    frame dotnet/coreclr#24: 0x00000001017a99c3 libcoreclr.dylib`Compiler::fgInline(this=0x0000000102839a40) + 275 at flowgraph.cpp:21311
    frame dotnet/runtime#3858: 0x0000000101863009 libcoreclr.dylib`Compiler::fgMorph(this=0x0000000102839a40) + 745 at morph.cpp:13546
    frame dotnet/runtime#3859: 0x0000000101764df3 libcoreclr.dylib`Compiler::compCompile(this=0x0000000102839a40, methodCodePtr=0x000000011b77e708, methodCodeSize=0x000000011b77ebbc, compileFlags=1060368) + 739 at compiler.cpp:3098
    frame dotnet/coreclr#27: 0x00000001017678a7 libcoreclr.dylib`Compiler::compCompileHelper(this=0x0000000102839a40, classPtr=0x00000001000d5020, compHnd=0x000000011b77ee18, methodInfo=0x000000011b77ec88, methodCodePtr=0x000000011b77e708, methodCodeSize=0x000000011b77ebbc, compileFlags=1060368, instVerInfo=INSTVER_GENERIC_PASSED_VERIFICATION) + 2967 at compiler.cpp:4358
    frame dotnet/runtime#3860: 0x0000000101766410 libcoreclr.dylib`Compiler::compCompile(__pvHandlerData=0x000000011b77e248)::__Body::Run(void*) + 112 at compiler.cpp:3752
    frame dotnet/runtime#3861: 0x00000001019dc974 libcoreclr.dylib`PAL_TryExcept(pfnBody=0x00000001017663a0, pfnFilter=0x0000000101766420, pvParam=0x000000011b77e248, pfExecuteHandler=0x000000011b77e244) + 52 at seh-unwind.cpp:772
    frame dotnet/runtime#3862: 0x000000010176621f libcoreclr.dylib`Compiler::compCompile(this=0x0000000102839a40, methodHnd=0x000000011b280af8, classPtr=0x00000001000d5020, compHnd=0x000000011b77ee18, methodInfo=0x000000011b77ec88, methodCodePtr=0x000000011b77e708, methodCodeSize=0x000000011b77ebbc, compileFlags=1060368) + 2207 at compiler.cpp:3760
    frame dotnet/runtime#3863: 0x000000010176a9f7 libcoreclr.dylib`jitNativeCode(__pvHandlerData=0x000000011b77e440)::__Body::Run(void*)::__Body::Run(void*) + 439 at compiler.cpp:4963
    frame dotnet/coreclr#32: 0x00000001019dc974 libcoreclr.dylib`PAL_TryExcept(pfnBody=0x000000010176a840, pfnFilter=0x000000010176aa10, pvParam=0x000000011b77e440, pfExecuteHandler=0x000000011b77e43c) + 52 at seh-unwind.cpp:772
    frame dotnet/runtime#3864: 0x0000000101768c54 libcoreclr.dylib`jitNativeCode(__pvHandlerData=0x000000011b77e550)::__Body::Run(void*) + 116 at compiler.cpp:4971
    frame dotnet/runtime#3865: 0x00000001019dc974 libcoreclr.dylib`PAL_TryExcept(pfnBody=0x0000000101768be0, pfnFilter=0x0000000101768dc0, pvParam=0x000000011b77e550, pfExecuteHandler=0x000000011b77e54c) + 52 at seh-unwind.cpp:772
    frame dotnet/coreclr#35: 0x00000001017689e9 libcoreclr.dylib`jitNativeCode(methodHnd=0x000000011b280af8, classPtr=0x00000001000d5020, compHnd=0x000000011b77ee18, methodInfo=0x000000011b77ec88, methodCodePtr=0x000000011b77e708, methodCodeSize=0x000000011b77ebbc, compileFlags=1060368, inlineInfoPtr=0x0000000000000000) + 505 at compiler.cpp:5001
    frame dotnet/coreclr#36: 0x00000001017729bd libcoreclr.dylib`CILJit::compileMethod(this=0x0000000101ccd218, compHnd=0x000000011b77ee18, methodInfo=0x000000011b77ec88, flags=1060368, entryAddress=0x000000011b77ebc0, nativeSizeOfCode=0x000000011b77ebbc) + 253 at ee_il_dll.cpp:155
    frame dotnet/runtime#3866: 0x00000001013844f1 libcoreclr.dylib`invokeCompileMethodHelper(jitMgr=0x0000000100113b58, comp=0x000000011b77ee18, info=0x000000011b77ec88, flags=1060368, flags2=0, nativeEntry=0x000000011b77ebc0, nativeSizeOfCode=0x000000011b77ebbc) + 273 at jitinterface.cpp:11901
    frame dotnet/coreclr#38: 0x00000001013845c9 libcoreclr.dylib`invokeCompileMethod(jitMgr=0x0000000100113b58, comp=0x000000011b77ee18, info=0x000000011b77ec88, flags=1060368, flags2=0, nativeEntry=0x000000011b77ebc0, nativeSizeOfCode=0x000000011b77ebbc) + 89 at jitinterface.cpp:11954
    frame dotnet/runtime#3867: 0x0000000101384946 libcoreclr.dylib`CallCompileMethodWithSEHWrapper(__pvHandlerData=0x000000011b77e918)::__Body::Run(void*) + 86 at jitinterface.cpp:12016
    frame dotnet/runtime#3868: 0x00000001019dc974 libcoreclr.dylib`PAL_TryExcept(pfnBody=0x00000001013848f0, pfnFilter=0x0000000101384960, pvParam=0x000000011b77e918, pfExecuteHandler=0x000000011b77e914) + 52 at seh-unwind.cpp:772
    frame dotnet/coreclr#41: 0x0000000101384758 libcoreclr.dylib`CallCompileMethodWithSEHWrapper(jitMgr=0x0000000100113b58, comp=0x000000011b77ee18, info=0x000000011b77ec88, flags=1060368, flags2=0, nativeEntry=0x000000011b77ebc0, nativeSizeOfCode=0x000000011b77ebbc, ftn=0x000000011b280af8) + 216 at jitinterface.cpp:12024
    frame dotnet/coreclr#42: 0x00000001013865fc libcoreclr.dylib`UnsafeJitFunction(ftn=0x000000011b280af8, ILHeader=0x0000000100216ba8, flags=1060368, flags2=0) + 4108 at jitinterface.cpp:12713
    frame dotnet/runtime#3869: 0x00000001013e3f39 libcoreclr.dylib`MethodDesc::MakeJitWorker(this=0x000000011b280af8, ILHeader=0x0000000100216ba8, flags=0, flags2=0) + 1433 at prestub.cpp:457
    frame dotnet/runtime#3870: 0x00000001013e6c44 libcoreclr.dylib`MethodDesc::DoPrestub(this=0x000000011b280af8, pDispatchingMT=0x0000000000000000) + 2676 at prestub.cpp:1403
    frame dotnet/runtime#3871: 0x00000001013e5fcf libcoreclr.dylib`PreStubWorker(pTransitionBlock=0x000000011b780228, pMD=0x000000011b280af8) + 1055 at prestub.cpp:1001
    frame dotnet/coreclr#46: 0x0000000101662744 libcoreclr.dylib`SinglecastDelegateInvokeStub_End + 89 at unixasmhelpers.S:835

The reason is in CoreVsnprintf the call to PAL_printf_arg_remover is clobbering the upper 32-bits of ap. Commenting out line 151 works around the issue, but obviously isn't a proper fix.

PAL_printf_arg_remover is:

libcoreclr.dylib`PAL_printf_arg_remover at printf.cpp:142:
   0x1019b9590:  pushq  %rbp
   0x1019b9591:  movq   %rsp, %rbp
   0x1019b9594:  subq   $0xb0, %rsp
   0x1019b959b:  movl   $0xfffffffe, %eax
   0x1019b95a0:  movq   0x2aca81(%rip), %r8       ; (void *)0x00007fff7c964070: __stack_chk_guard
   0x1019b95a7:  movq   (%r8), %r8
   0x1019b95aa:  movq   %r8, -0x8(%rbp)
   0x1019b95ae:  movq   %rdi, -0x10(%rbp)
   0x1019b95b2:  movl   %esi, -0x14(%rbp)
   0x1019b95b5:  movl   %edx, -0x18(%rbp)
   0x1019b95b8:  movl   %ecx, -0x1c(%rbp)
   0x1019b95bb:  cmpl   -0x14(%rbp), %eax
   0x1019b95be:  je     0x1019b95d2               ; PAL_printf_arg_remover + 66 at printf.cpp:147
   0x1019b95c4:  movl   $0xfffffffc, %eax
   0x1019b95c9:  cmpl   -0x14(%rbp), %eax
   0x1019b95cc:  jne    0x1019b962f               ; PAL_printf_arg_remover + 159 at printf.cpp:149
   0x1019b95d2:  movq   -0x10(%rbp), %rax
   0x1019b95d6:  movl   (%rax), %ecx
   0x1019b95d8:  cmpl   $0x28, %ecx
   0x1019b95de:  movq   %rax, -0x28(%rbp)
   0x1019b95e2:  movl   %ecx, -0x2c(%rbp)
   0x1019b95e5:  ja     0x1019b960d               ; PAL_printf_arg_remover + 125 at printf.cpp:147
   0x1019b95eb:  movq   -0x28(%rbp), %rax
   0x1019b95ef:  movq   0x10(%rax), %rcx
   0x1019b95f3:  movl   -0x2c(%rbp), %edx
   0x1019b95f6:  movslq %edx, %rsi
   0x1019b95f9:  addq   %rsi, %rcx
   0x1019b95fc:  addl   $0x8, %edx
   0x1019b9602:  movl   %edx, (%rax)
   0x1019b9604:  movq   %rcx, -0x38(%rbp)
   0x1019b9608:  jmp    0x1019b9627               ; PAL_printf_arg_remover + 151 at printf.cpp:147
   0x1019b960d:  movq   -0x28(%rbp), %rax
   0x1019b9611:  movq   0x8(%rax), %rcx
   0x1019b9615:  movq   %rcx, %rdx
   0x1019b9618:  addq   $0x8, %rcx
   0x1019b961f:  movq   %rcx, 0x8(%rax)
   0x1019b9623:  movq   %rdx, -0x38(%rbp)
   0x1019b9627:  movq   -0x38(%rbp), %rax
   0x1019b962b:  movq   %rax, -0x40(%rbp)
   0x1019b962f:  cmpl   $0x7, -0x18(%rbp)
   0x1019b9636:  jne    0x1019b96b1               ; PAL_printf_arg_remover + 289 at printf.cpp:153
   0x1019b963c:  movq   -0x10(%rbp), %rax
   0x1019b9640:  movq   %rax, %rcx
   0x1019b9643:  addq   $0x4, %rcx
   0x1019b964a:  movl   0x4(%rax), %edx
   0x1019b964d:  cmpl   $0xa0, %edx
   0x1019b9653:  movq   %rax, -0x48(%rbp)
   0x1019b9657:  movq   %rcx, -0x50(%rbp)
   0x1019b965b:  movl   %edx, -0x54(%rbp)
   0x1019b965e:  ja     0x1019b968a               ; PAL_printf_arg_remover + 250 at printf.cpp:151
   0x1019b9664:  movq   -0x48(%rbp), %rax
   0x1019b9668:  movq   0x10(%rax), %rcx
   0x1019b966c:  movl   -0x54(%rbp), %edx
   0x1019b966f:  movslq %edx, %rsi
   0x1019b9672:  addq   %rsi, %rcx
   0x1019b9675:  addl   $0x10, %edx
   0x1019b967b:  movq   -0x50(%rbp), %rsi
   0x1019b967f:  movl   %edx, (%rsi)
   0x1019b9681:  movq   %rcx, -0x60(%rbp)
   0x1019b9685:  jmp    0x1019b96a4               ; PAL_printf_arg_remover + 276 at printf.cpp:151
   0x1019b968a:  movq   -0x48(%rbp), %rax
   0x1019b968e:  movq   0x8(%rax), %rcx
   0x1019b9692:  movq   %rcx, %rdx
   0x1019b9695:  addq   $0x8, %rcx
   0x1019b969c:  movq   %rcx, 0x8(%rax)
   0x1019b96a0:  movq   %rdx, -0x60(%rbp)
   0x1019b96a4:  movq   -0x60(%rbp), %rax
   0x1019b96a8:  movq   %rax, -0x68(%rbp)
   0x1019b96ac:  jmp    0x1019b97ad               ; PAL_printf_arg_remover + 541 at printf.cpp:159
   0x1019b96b1:  cmpl   $0x4, -0x18(%rbp)
   0x1019b96b8:  jne    0x1019b9730               ; PAL_printf_arg_remover + 416 at printf.cpp:159
   0x1019b96be:  cmpl   $0x3, -0x1c(%rbp)
   0x1019b96c5:  jne    0x1019b9730               ; PAL_printf_arg_remover + 416 at printf.cpp:159
   0x1019b96cb:  movq   -0x10(%rbp), %rax
   0x1019b96cf:  movl   (%rax), %ecx
   0x1019b96d1:  cmpl   $0x28, %ecx
   0x1019b96d7:  movq   %rax, -0x70(%rbp)
   0x1019b96db:  movl   %ecx, -0x74(%rbp)
   0x1019b96de:  ja     0x1019b9706               ; PAL_printf_arg_remover + 374 at printf.cpp:155
   0x1019b96e4:  movq   -0x70(%rbp), %rax
   0x1019b96e8:  movq   0x10(%rax), %rcx
   0x1019b96ec:  movl   -0x74(%rbp), %edx
   0x1019b96ef:  movslq %edx, %rsi
   0x1019b96f2:  addq   %rsi, %rcx
   0x1019b96f5:  addl   $0x8, %edx
   0x1019b96fb:  movl   %edx, (%rax)
   0x1019b96fd:  movq   %rcx, -0x80(%rbp)
   0x1019b9701:  jmp    0x1019b9720               ; PAL_printf_arg_remover + 400 at printf.cpp:155
   0x1019b9706:  movq   -0x70(%rbp), %rax
   0x1019b970a:  movq   0x8(%rax), %rcx
   0x1019b970e:  movq   %rcx, %rdx
   0x1019b9711:  addq   $0x8, %rcx
   0x1019b9718:  movq   %rcx, 0x8(%rax)
   0x1019b971c:  movq   %rdx, -0x80(%rbp)
   0x1019b9720:  movq   -0x80(%rbp), %rax
   0x1019b9724:  movq   %rax, -0x88(%rbp)
   0x1019b972b:  jmp    0x1019b97a8               ; PAL_printf_arg_remover + 536 at printf.cpp:159
   0x1019b9730:  movq   -0x10(%rbp), %rax
   0x1019b9734:  movl   (%rax), %ecx
   0x1019b9736:  cmpl   $0x28, %ecx
   0x1019b973c:  movq   %rax, -0x90(%rbp)
   0x1019b9743:  movl   %ecx, -0x94(%rbp)
   0x1019b9749:  ja     0x1019b977a               ; PAL_printf_arg_remover + 490 at printf.cpp:159
   0x1019b974f:  movq   -0x90(%rbp), %rax
   0x1019b9756:  movq   0x10(%rax), %rcx
   0x1019b975a:  movl   -0x94(%rbp), %edx
   0x1019b9760:  movslq %edx, %rsi
   0x1019b9763:  addq   %rsi, %rcx
   0x1019b9766:  addl   $0x8, %edx
   0x1019b976c:  movl   %edx, (%rax)
   0x1019b976e:  movq   %rcx, -0xa0(%rbp)
   0x1019b9775:  jmp    0x1019b979a               ; PAL_printf_arg_remover + 522 at printf.cpp:159
   0x1019b977a:  movq   -0x90(%rbp), %rax
   0x1019b9781:  movq   0x8(%rax), %rcx
   0x1019b9785:  movq   %rcx, %rdx
   0x1019b9788:  addq   $0x8, %rcx
   0x1019b978f:  movq   %rcx, 0x8(%rax)
   0x1019b9793:  movq   %rdx, -0xa0(%rbp)
   0x1019b979a:  movq   -0xa0(%rbp), %rax
   0x1019b97a1:  movq   %rax, -0xa8(%rbp)
   0x1019b97a8:  jmp    0x1019b97ad               ; PAL_printf_arg_remover + 541 at printf.cpp:159
   0x1019b97ad:  movq   0x2ac874(%rip), %rax      ; (void *)0x00007fff7c964070: __stack_chk_guard
   0x1019b97b4:  movq   (%rax), %rax
   0x1019b97b7:  cmpq   -0x8(%rbp), %rax
   0x1019b97bb:  jne    0x1019b97ca               ; PAL_printf_arg_remover + 570 at printf.cpp:161
   0x1019b97c1:  addq   $0xb0, %rsp
   0x1019b97c8:  popq   %rbp
   0x1019b97c9:  retq   
   0x1019b97ca:  callq  0x101b09e82               ; symbol stub for: __stack_chk_fail

More direct context:

(lldb) c
Process 57639 resuming
Process 57639 stopped
* thread dotnet/coreclr#6: tid = 0x3e01aa, 0x00000001019b9681 libcoreclr.dylib`PAL_printf_arg_remover(ap=0x000000011befeac0, Precision=-1, Type=7, Prefix=-1) + 241 at printf.cpp:151, stop reason = watchpoint 2
    frame #0: 0x00000001019b9681 libcoreclr.dylib`PAL_printf_arg_remover(ap=0x000000011befeac0, Precision=-1, Type=7, Prefix=-1) + 241 at printf.cpp:151
   148      }
   149      if (Type == PFF_TYPE_FLOAT)
   150      {
-> 151          (void)va_arg(*ap, float);
   152      }
   153      else if (Type == PFF_TYPE_INT && Prefix == PFF_PREFIX_LONGLONG)
   154      {  

Watchpoint 2 hit:
old value: 0x000000011beff120
new value: 0x000000111beff120
(lldb) disas
   0x1019b965e:  ja     0x1019b968a               ; PAL_printf_arg_remover + 250 at printf.cpp:151
   0x1019b9664:  movq   -0x48(%rbp), %rax
   0x1019b9668:  movq   0x10(%rax), %rcx
   0x1019b966c:  movl   -0x54(%rbp), %edx
   0x1019b966f:  movslq %edx, %rsi
   0x1019b9672:  addq   %rsi, %rcx
   0x1019b9675:  addl   $0x10, %edx
   0x1019b967b:  movq   -0x50(%rbp), %rsi
   0x1019b967f:  movl   %edx, (%rsi)
-> 0x1019b9681:  movq   %rcx, -0x60(%rbp)
   0x1019b9685:  jmp    0x1019b96a4               ; PAL_printf_arg_remover + 276 at printf.cpp:151
   0x1019b968a:  movq   -0x48(%rbp), %rax
   0x1019b968e:  movq   0x8(%rax), %rcx
   0x1019b9692:  movq   %rcx, %rdx
   0x1019b9695:  addq   $0x8, %rcx
   0x1019b969c:  movq   %rcx, 0x8(%rax)
   0x1019b96a0:  movq   %rdx, -0x60(%rbp)
   0x1019b96a4:  movq   -0x60(%rbp), %rax
kangaroo commented 9 years ago

Some more information about the store for my memory:

https://gist.github.com/kangaroo/3e794734726bd65a942f

kangaroo commented 9 years ago

Fixed by https://gist.github.com/kangaroo/bd1f95684518b0f70ad5

I need to double check the ABI docs in the morning to ensure this is the correct behavior.

cnblogs-dudu commented 9 years ago

Maybe long double or long long Following links maybe help:

kangaroo commented 9 years ago

cc @sergiy-k I havn't dug more, but this might be a sub-cause of https://github.com/dotnet/coreclr/issues/161 so I'm going to tag you and shelve this until you submit a PR for https://github.com/dotnet/coreclr/issues/161

sergiy-k commented 9 years ago

@kangaroo I have assigned this issue to myself. I thought you have already closed https://github.com/dotnet/coreclr/issues/161 since you have tested my change and the corresponding PR (https://github.com/dotnet/coreclr/pull/258) has been already merged.

sergiy-k commented 9 years ago

By the way, on Mac (release build only) 14 fwprintf tests fail. But I have not checked whether these failures are related to the problem in PAL_printf_arg_remover.

c_runtime/fwprintf/test10/paltest_fwprintf_test10. Exit code: 1 c_runtime/fwprintf/test11/paltest_fwprintf_test11. Exit code: 1 c_runtime/fwprintf/test12/paltest_fwprintf_test12. Exit code: 1 c_runtime/fwprintf/test13/paltest_fwprintf_test13. Exit code: 1 c_runtime/fwprintf/test14/paltest_fwprintf_test14. Exit code: 1 c_runtime/fwprintf/test15/paltest_fwprintf_test15. Exit code: 1 c_runtime/fwprintf/test16/paltest_fwprintf_test16. Exit code: 1 c_runtime/fwprintf/test17/paltest_fwprintf_test17. Exit code: 1 c_runtime/fwprintf/test18/paltest_fwprintf_test18. Exit code: 1 c_runtime/fwprintf/test3/paltest_fwprintf_test3. Exit code: 1 c_runtime/fwprintf/test4/paltest_fwprintf_test4. Exit code: 1 c_runtime/fwprintf/test6/paltest_fwprintf_test6. Exit code: 1 c_runtime/fwprintf/test8/paltest_fwprintf_test8. Exit code: 1 c_runtime/fwprintf/test9/paltest_fwprintf_test9. Exit code: 1

kangaroo commented 9 years ago

@sergiy-k dotnet/coreclr#161 is closed but I haven't re-tested this yet. It wasn't exposed by a PAL test, but by the k-nucleotide managed executable. I'll see if I have some time this weekend to confirm this one, and look at the fwprintf ones.

kangaroo commented 9 years ago

Its more mis-use of va_lists all around. I'm cleaning it up.

kangaroo commented 9 years ago

@sergiy-k Fixed in https://github.com/dotnet/coreclr/pull/271

kangaroo commented 9 years ago

This is fixed. Can someone close it out please?