This got caught by MALLOC_OPTIONS=S in OpenBSD. The B compiler filled
the buffer while compiling hilo.b. Then realloc moved the buffer and
unmapped the old buffer. The compiler tried to read the old buffer
and segfaulted.
With this change, I built and ran ack on a big-endian PowerPC Linux
machine. I used gcc 4.9.4 to build ack, and I only built the linuxppc
back end.
Before this change, wr_ranlib() corrupted a value by changing it from
0x66 to 0x66000066. This value was too big, so led made a fatal
error, "bad ranlib string offset".
Add more page numbers from PowerPC version 2.01. Remove "xnop" not in
2.01, add "mtcr" from 2.01. Add "lwarx" and the other instructions
from Book II. I did not try all the newly added instructions, but
these seem to work: dcbt, dcbtst, icibi, isync, lwarx, stwcx., mftb,
mftbu
In man/powerpc_as.6 (not installed), add a summary of the registers
and addressing modes (like in i386_as.6), describe short forms, update
description of hi16/ha16, add CAVEATS about instructions that some
processors can't run.
Enable this in CS for PowerPC; disable it for all other machines.
PowerPC has no remainder instruction; the back end uses division to
compute remainder. If CS finds both a / b and a % b, then CS now
rewrites a % b as a - b * (a / b) and computes a / b only once. This
removes an extra division in the PowerPC code, so it saves both time
and space.
I have not considered whether to enable this optimization for other
machines. It might be less useful in machines with a remainder
instruction. Also, if a % b occurs before a / b, the EM code gets a
DUP. PowerPC ncg handles this DUP well; other back ends might not.
In ego, the CS phase may convert a LAR/SAR to AAR LOI/STI so it can
optimize multiple occurrences of AAR of the same array element. This
conversion should not happen if it would LOI/STI a large or unknown
size.
cs_profit.c okay_lines() checked the size of each occurrence of AAR
except the first. If the first AAR was the implicit AAR in a LAR/SAR,
then the conversion happened without checking the size. For unknown
size, this made a bad LOI -1 or STI -1. Fix by checking the size
earlier: if a LAR/SAR has a bad size, then don't enter it as an AAR.
This Modula-2 code showed the bug. Given M.def:
DEFINITION MODULE M;
TYPE S = SET OF [0..95];
PROCEDURE F(a: ARRAY OF S; i, j: INTEGER);
END M.
and M.mod:
(*$R-*) IMPLEMENTATION MODULE M;
FROM SYSTEM IMPORT ADDRESS, ADR;
PROCEDURE G(s: S; p, q: ADDRESS; t: S); BEGIN
s := s; p := p; q := q; t := t;
END G;
PROCEDURE F(a: ARRAY OF S; i, j: INTEGER); BEGIN
G(a[i + j], ADR(a[i + j]), ADR(a[i + j]), a[i + j])
END F;
END M.
then the bug caused an error:
$ ack -mlinuxppc -O3 -c.e M.mod
/tmp/Ack_b357d.g, line 57: Argument range error
The bug had put LOI -1 in the code, then em_decode got an error
because -1 is out of range for LOI.
Procedure F has 4 occurrences of `a[i + j]`. The size of `a[i + j]`
is 96 bits, or 12 bytes, but the EM code hides the size in an array
descriptor, so the size is unknown to CS. The pragma `(*$R-*)`
disables a range check on `i + j` so CS can work. EM uses AAR for the
2 `ADR(a[i + j])` and LAR for the other 2 `a[i + j]`. EM pushes the
arguments to G in reverse order, so the last `a[i + j]` in Modula-2 is
the first LAR in EM.
CS found 4 occurrences of AAR. The first AAR was an implicit AAR in
LAR. Because of the bug, CS converted this LAR 4 to AAR 4 LOI -1.
- In share/debug.c, undo my mistake in commit 9037d13 by changing
vfprintf back to fprintf in OUTTRACE.
- In ud/ud.c, move the trace output from stdout to stderr, because
stdout has ego's output file, which becomes opt2's input file. If
trace output goes to stdout, it gets prepended to the output file,
and opt2 errors with "wrong input file".
I also edit both build.lua files so ego depends on its header files;
this part isn't needed for -DTRACE.
One can now use -DTRACE by adding it to the cflags in both build.lua
files.
Using '-' might fail on platforms like FreeBSD. Commit 50a7031
stopped using '-' in the B compiler and ego. I now stop using '-' in
mcg, because I can now check that mcg still works.
If X < 0, then lowering the addi might cause the code to use the stack
space before allocating it. This is a bug because an asynchronous
signal handler can overwrite the unallocated stack space.
Tests pass if one edits the top build.lua to uncomment "qemuppc" from
both vars.plats and vars.plats_with_tests, and one leaves mcg in
plat/qemuppc/descr.
Add or correct some EM instructions in treebuilder.c:
- "lof", "stf": handle negative offsets in load() and store().
- "cuu": add using IR_FROMUI.
- "lim", "sim": keep an entire word in ".ignmask", to be compatible
with mach/powerpc/libem/trp.s and ncg. We also keep a word in
".ignmask" in ncg for both i386 and m68020.
- "trp": pass trap number in register. See comment in
helper_function_with_arg().
- "sig": push the old value of .trppc on the stack.
- "and ?", "ior ?", "xor ?", "com ?", "cms ?", "set ?", "inn ?":
connect to helper functions in libem.
- "blm", "bls": drop call to memmove() and use new helper ".bls4",
because tests/plat/structcopy_e.c can't call memmove().
- "xor s", "cms s": if s is large, fall back on helper function.
- "rol", "ror": add by decomposing each rotate into 4 IR ops.
- "rck s", "bls s": make fatal unless s is word size.
- "loi": push multiple loads in the correct order.
- "dup s", "exg s": if s is large, fall back on helper.
- "dus": add using new helper ".dus4".
- "lxl", "lxa": follow the static chain, not the dynamic chain.
- "lor 1": materialise the stack before pushing the stack pointer.
- "lor 2", "str 2": make fatal.
- "los", "sts": drop calls to memcpy() and use helpers ".los4" and
and ".sts4", so lang/m2/libm2/LtoUset.e starts working.
- "gto": correctly read descriptor.
Change mach/powerpc/mcg/table:
- ANY.L: add for "asp -8".
- LOAD.L: work around register corruption.
- COMPAREUL.I: add for "cms 8".
- Don't reverse bitfields; do use ego (41f3bf7).
- Use MACHOPT_F=-m2 (3dae9e4).
- Remove old trap.s (26de4c1).
At this commit, one can build qemuppc with mcg by editing the root
build.lua to uncomment "qemuppc" in "vars.plats". If one also
uncomments "qemuppc" from "vars.plats_with_tests", then mcg fails to
build the tests. If one uses ncg (by editing plat/qemuppc/descr to
change "mcg" to "ncg"), then the tests pass.
You may need to delete and recompile some .o files! This changes the
alignment of 8-byte values in C structs to match what Apple's gcc
does. See Apple's "32-bit PowerPC Function Calling Conventions" at
https://developer.apple.com
/library/content/documentation/DeveloperTools/Conceptual/LowLevelABI
/100-32-bit_PowerPC_Function_Calling_Conventions/32bitPowerPC.html
In the instruction list, put /* kills xer */ for sraw, srawi, subfic;
and correct the (now unused) "addi." and "lfdu".
Change MACHOPT_F from -m3 to -m2. This changes the code for 15 * i
from
slwi r3,r4,4
subfic r5,r4,0
add r3,r3,r5
to
mulli r3,r4,15
If the sequence "slwi subfic addi" takes 3 cycles and 12 bytes, and
mulli takes 3 cycles and 4 bytes, then mulli is better.
Copy and adapt code from mach/{i386,m68020}/ncg/mach.c to pass the
debugging stabs from EM to assembly. The next tools (as, led, cv)
already know how to put the stabs in the Mach-o executable.
Modify the function prolog/prologue so gdb uses fp, not sp, for N_LSYM
and N_PSYM stabs. Simplify prolog() by reducing differences between
stabs and no stabs, and zero and nonzero framesize. For files without
stabs, the new prolog has the same number of instructions and memory
accesses as the old prolog, and to run at about the same speed on my
PowerPC Mac.
This is enough to see some info for global and local variables in gdb
for Mac OS X. I still can't get a backtrace; gdb gets confused
because EM and ncg don't link 0(sp) to the previous stack frame.
I don't expect `ack -mlinuxppc -g` to work with gdb for Linux, because
we prepend underscores to the symbol table, which is correct for
Mach-o but wrong for ELF.
This simplifies parts of the PowerPC table and causes ncg to better
decide whether to push sp or fp to the real stack, or coerce it to
REG3, or coerce it to REG-REG3, or move it to a regvar. These better
decisions remove extra _mr_ instructions.
The idea comes from mach/powerpc/arm/table, where SP has a property
STACKPOINTER and LB has LOCALBASE. I don't need two properties, so I
make one property SPFP for both registers.
When I wrote fef 8, I forgot to test denormalized numbers. Oops. Now
fix two of my mistakes:
- When checking for zero, `extrwi r6, r3, 22, 12` needs to be
`extrwi r6, r3, 20, 12`. There are only 20 bits to extract.
- After the multiplication by 2**64, I forgot to put the fraction in
[0.5, 1) or (-1, 0.5] by setting IEEE exponent = 1022.
Teach fif 8 about signed zero and NaN.
In ncg/table, change cmf so NaN is not equal to any value, and comment
why ordered comparisons don't work with NaN. Also add cost for
fctwiz, remove extra `uses REG`.
Edit comment in cfu8.s because the conditional branch might be before
or after fctwiz.
A signal handler might call sigaction(). We must block all signals,
not only our signal, to prevent a race between us and the next signal
handler.
Use /* comments */ because cpp might expand macros in ! comments
though such expansion is probably harmless.
The bridge is now shorter by 2 instructions.
Rename plat/linux/libsys/errno.s to plat/linux386/libsys/trapno.s and
stop building it for linux68k and linuxppc. It defines symbols for
mach/i386/libem.
In syscalls.h, the numbers after 165 are only for i386, so hide them
from 68k, ppc. These numbers are unused, because the system calls now
in libsys use the lower numbers.
Also teach the build system that libsys depends on the internal
headers in plat/linux/libsys/*.h
With my PowerBook G4, a program that converts values from 1.0 to
4000000.0 runs in about 0.32s with the old .cfu8 and 0.29s with this
shrunken .cfu8
Leave a comment about other ways to implement .cfu8
This reduces code size, because ncg emits too many "addi sp, sp, X"
instructions when unstacking things. Now top lowers "addi sp, sp, X"
by lifting other instructions. This sometimes creates chances to
merge or delete _addi_ instructions. If no such chance is found, the
_addi_ remains uselessly lowered.
Edit ncg/table to remove something that top now does.
Edit ncg/mach.c to remove some spaces after commas. This removes a
whitespace difference between *.s and *.so files, because top removes
the space.
_lim_ must use _loe_ (load word external), not _lde_ (load double-word
external).
The new patterns for _lxl_, _lxa_, _lor_, _str_ emit shorter code in
some cases. The change from GPR_EXPR to REG_EXPR allows moving
LXFRAME to a register variable.
Add more "reusing" clauses. We have enough registers that ncg almost
never reuses a register, but sometimes it can reuse r3.
In mach.c, emit one fewer instruction in procedures with no locals.
Fix PowerPC ncg so setjmp() returns the correct value. I got unlucky
when ncg picked r3 for "uses REG"; this destroyed the return value in
r3 and caused the new test to fail.
The new test rck_e.e segfaults on PowerPC unless I make some changes.
The inline code for _rck_ was wrong because it didn't allow the trap
handler to return. _sig_ forgot to push the old trap handler.
Move plat/linuxppc/libsys/trap.s to mach/powerpc/libem/trp.s and
rewrite it with simplified/extended mnemonics. Remove .trap alias for
.trp procedure. Add a missing `mtspr lr, r0` so we can return from
the trap handler. Call write() and _exit() so trp.s works with both
linuxppc and osxppc. Before, Mac OS X was wrongly using the trap.s
for Linux.
In powerpc/libem, simplify .aar4; teach .csa and .csb to raise the
trap if the default target is zero.
C programs don't need these changes. You may relink your C programs
with the changed .csa and .csb, but C code doesn't raise the trap.
Modula-2 code can raise traps, so you may want to relink your Modula-2
programs with the changed libem, but you might keep your old .o files
from Modula-2. You may need to recompile your Pascal programs (delete
old .o files from Pascal) because the Pascal compiler might use _rck_.
I understand `loi 4` more easily than `loi INT32`, because `loi 4`
appears in .e files. So remove INT8, INT16, INT32, INT64.
Add a comment to explain r3 during unconditional jumps.
When storing to a local, stop killing the tokens of other locals,
unless they might overlap with the stored local. This helps some
procedures that juggle locals when the locals aren't in registers.
Also use FRAME_V tokens for locals in statically enclosing procedures.
Rewrite _lxa_ as _lxl_, to skip the `addi ?,?,8` if we can add 8 to
the next constant. The PowerPC code from _lxl_ is now sometimes
better, sometimes worse than before.
The i386 table provided the idea to use %size to find overlapping
locals.
This would become necessary if something failed on a platform with
16-bit int (EM_WSIZE == 2).
Remove unreachable `ret 0`. If reached, it wouldn't work to return
from _m_a_i_n.
Don't output '\0' in "@@FINISHED\0".
Cast code to unsigned int. This helps platforms with 16-bit int, by
doing only the low 16 bits of the bitwise-and. It also removes the
"(warning) conversion of long to pointer loses accuracy".
ncgg has parsed the optional conditional expression (optexpr) of each
splitting coercion since commit 72b83cc in 1985; but for almost 33
years, ncg has ignored the expression in c2_expr.
Few tables had conditional coercions (I only found them in arm and
m68020), and no tables had conditional splitting coercions, so this
only becomes a problem now as I try to add a conditional splitting
coercion to powerpc.