From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#18438: 24.4.50; assertion failed in bidi.c Date: Sat, 11 Oct 2014 10:11:18 +0300 Message-ID: <831tqf9j3d.fsf@gnu.org> References: <4745242cd3e424a6c4d5db0e8d3e33d0@amuri.net> <83h9zrlzc8.fsf@gnu.org> <54297FDB.6090606@cornell.edu> <837g0mmkf3.fsf@gnu.org> <6b19fab333f3d362ae61b30b299d7206@amuri.net> <83iok5ku74.fsf@gnu.org> <88ccbe34bf58322ae4b2a5657390c041@amuri.net> <83ppe1itu9.fsf@gnu.org> <837g08bdcy.fsf@gnu.org> <5437E50A.20108@cornell.edu> <83tx3c9cwf.fsf@gnu.org> <54388E84.7020403@cornell.edu> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1413011544 26257 80.91.229.3 (11 Oct 2014 07:12:24 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 11 Oct 2014 07:12:24 +0000 (UTC) Cc: 18438@debbugs.gnu.org, aidalgol@amuri.net To: Ken Brown Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Oct 11 09:12:17 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xcqqe-0004cb-SE for geb-bug-gnu-emacs@m.gmane.org; Sat, 11 Oct 2014 09:12:17 +0200 Original-Received: from localhost ([::1]:53176 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xcqqe-0005xR-B7 for geb-bug-gnu-emacs@m.gmane.org; Sat, 11 Oct 2014 03:12:16 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34077) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XcqqW-0005xK-03 for bug-gnu-emacs@gnu.org; Sat, 11 Oct 2014 03:12:12 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XcqqR-0001tK-2J for bug-gnu-emacs@gnu.org; Sat, 11 Oct 2014 03:12:07 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:49150) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XcqqQ-0001tG-VB for bug-gnu-emacs@gnu.org; Sat, 11 Oct 2014 03:12:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1XcqqQ-00010I-7i for bug-gnu-emacs@gnu.org; Sat, 11 Oct 2014 03:12:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 11 Oct 2014 07:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 18438 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: moreinfo Original-Received: via spool by 18438-submit@debbugs.gnu.org id=B18438.14130114953824 (code B ref 18438); Sat, 11 Oct 2014 07:12:02 +0000 Original-Received: (at 18438) by debbugs.gnu.org; 11 Oct 2014 07:11:35 +0000 Original-Received: from localhost ([127.0.0.1]:40714 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xcqpy-0000zc-PV for submit@debbugs.gnu.org; Sat, 11 Oct 2014 03:11:35 -0400 Original-Received: from mtaout25.012.net.il ([80.179.55.181]:48897) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xcqpw-0000zQ-68 for 18438@debbugs.gnu.org; Sat, 11 Oct 2014 03:11:33 -0400 Original-Received: from conversion-daemon.mtaout25.012.net.il by mtaout25.012.net.il (HyperSendmail v2007.08) id <0ND900E00QBAS700@mtaout25.012.net.il> for 18438@debbugs.gnu.org; Sat, 11 Oct 2014 10:06:44 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by mtaout25.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0ND9008JLQF8MK50@mtaout25.012.net.il>; Sat, 11 Oct 2014 10:06:44 +0300 (IDT) In-reply-to: <54388E84.7020403@cornell.edu> X-012-Sender: halo1@inter.net.il X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:94404 > Date: Fri, 10 Oct 2014 21:57:24 -0400 > From: Ken Brown > CC: aidalgol@amuri.net, 18438@debbugs.gnu.org > > On 10/10/2014 11:12 AM, Eli Zaretskii wrote: > > Something vague about the upper 32 bits of the 64-bit registers. > > (Yes, I'm desperate.) > > I'm desperate too. Here's another thought: Suppose this really is a > thread-safety issue in some way that we don't understand. Then maybe > the problem is that the test 'type <= 23' is not atomic in the > compilation that Aidan and I have been doing. First 'type' is copied > from ECX to RBP+0x10, then the latter is tested. That's true; but note that the value at RBP+0x10 is the one passed to fprintf (by pushing it on the stack via EDX), and it printed correctly. > We could make it > atomic by forcing GCC to directly test ECX <= 23. We can do this by > compiling with -Og instead of -O0. (Aidan and I have both been using -O0.) > > The resulting disassembly (based on your earlier patch, in > http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18438#103) is > > Dump of assembler code for function bidi_check_type: > 0x00000001004ee9db <+0>: push %rbx > 0x00000001004ee9dc <+1>: sub $0x40,%rsp > 0x00000001004ee9e0 <+5>: mov %ecx,%ebx > 0x00000001004ee9e2 <+7>: mov 0x543027(%rip),%rax # > 0x100a31a10 <.refptr.suppress_checking> > 0x00000001004ee9e9 <+14>: cmpb $0x0,(%rax) > 0x00000001004ee9ec <+17>: jne 0x1004eea2f > 0x00000001004ee9ee <+19>: cmp $0x17,%ecx > 0x00000001004ee9f1 <+22>: jbe 0x1004eea2f > 0x00000001004ee9f3 <+24>: callq 0x10069fd40 <__getreent> > 0x00000001004ee9f8 <+29>: mov 0x18(%rax),%rcx > 0x00000001004ee9fc <+33>: movl $0x17,0x30(%rsp) > 0x00000001004eea04 <+41>: movl $0x0,0x28(%rsp) > 0x00000001004eea0c <+49>: mov %ebx,0x20(%rsp) > 0x00000001004eea10 <+53>: mov $0x14c,%r9d > 0x00000001004eea16 <+59>: lea 0x51e713(%rip),%r8 # > 0x100a0d130 > 0x00000001004eea1d <+66>: lea 0x51e814(%rip),%rdx # > 0x100a0d238 > 0x00000001004eea24 <+73>: callq 0x1006a0040 > 0x00000001004eea29 <+78>: callq 0x10065227d > 0x00000001004eea2e <+83>: nop > 0x00000001004eea2f <+84>: add $0x40,%rsp > 0x00000001004eea33 <+88>: pop %rbx > 0x00000001004eea34 <+89>: retq > End of assembler dump. > > Do you think this is worth trying (perhaps after Aidan tries your other > suggestion, involving 64-bit registers)? Holding a value in a register AFAIU actually makes the probability of a clobber by another thread higher than keeping it on the stack. But I think any idea is worth trying at this time, certainly including yours. Thanks. Btw, note that the above version copies the argument into EBX, which is then pushed onto the stack (10 instructions later) before calling fprintf. This is somewhat different from the original code, which held the value in a temporary variable on the stack instead of in EBX. Not sure this matters, just mentioning it for the record.