bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c

[Pip Cet]

On Sat, Mar 13, 2021 at 3:27 PM Eli Zaretskii <eliz@gnu.org> wrote:
> > > It's nowhere in the C backtrace, only its caller
> >
> > But it was in one of the previous backtraces?
>
> Too many moons ago.  The ABI was bumped since then, and so did the
> *.eln files.

The code you pasted matches c-beginning-of-statement-1, and so does
the Lisp backtrace, so I would suggest we go with it...

> > > > Can you disassemble the function around 0x09c32285 (or, in another
> > > > dump, whatever calls Flss), particularly the 256 bytes or so before
> > > > that EIP?
> > >
> > > Below.  The updated address for the caller of Flss is 0x09d82285,
> > > which is not in any function whose name is known to GDB.
> >
> > That's normal, assuming you didn't compile with comp-debug > 0.
>
> If that's normal, why did Andrea say that he didn't see such "??" in
> his backtraces?  And if that's because Andrea builds with comp-debug
> above the default zero, then I think either the doc string or the set
> of values (or both) need to be updated:
>
>   (defcustom comp-debug 0
>     "Debug level for native compilation, a number between 0 and 3.
>   This is intended for debugging the compiler itself.
>     0 no debugging output.
>       This is the recommended value unless you are debugging the compiler 
> itself.
>     1 emit debug symbols and dump pseudo C code.
>     2 dump gcc passes and libgccjit log file.
>     3 dump libgccjit reproducers."
>
> The first line is somewhat deceptive, as it doesn't say portions of
> the backtrace will be anonymous; the backtrace is useful even if not
> "debugging the compiler itself".  And the description of level 1 says
> it will also "dump pseudo C code", which I don't think is needed for
> most of the debugging.  Maybe we need an intermediate level that just
> leaves the symbols without dumping the pseudo code?

I think that's an excellent idea.

> > >    0x09d82268:  mov    %edi,0x4(%esp)
> > >    0x09d8226c:  mov    %eax,-0xe8(%ebp)
> > >    0x09d82272:  mov    %edx,-0xe4(%ebp)
> > >    0x09d82278:  movl   $0x2,(%esp)
> > >    0x09d8227f:  call   *0x1318(%ebx)
> > >    0x09d82285:  mov    %edx,-0xec(%ebp)  <<<<<<<<<<<<<<<<<<<<
> >
> > So EDI is bunk at this point. Can you go back a bit further to where
> > it's initialized?
>
> Sorry, I don't understand: I gave you the disassembly of 512 bytes
> before, isn't that enough to see where EDI is assigned the value?  Or
> what do you mean by "go back"?

It's not enough, no. we're looking for an insn of the form mov XXX,
%edi or lea XXX, %edi, or anything like that.

I'm suspicious because EDI is a register variable that is clobbered
somehow right after a setjmp returned. Which setjmp implementation are
you using? Is it possible that you're on Windows, but unlike other
Windows setjmps, it's unsafe to call your setjmp through a function
pointer?

Pip