[LLVMdev] dyld: lazy symbol binding failed: fast lazy bind offset out of range

Jack Howarth howarth at bromo.med.uc.edu
Tue Oct 23 18:04:00 PDT 2012 

On Tue, Oct 23, 2012 at 05:10:02PM -0700, Nick Kledzik wrote:
> 

I get...

% gdb /sw/lib/gcc4.7/libexec/gcc/x86_64-apple-darwin12.2.0/4.7.2/cc1
GNU gdb 6.3.50-20050815 (Apple version gdb-1822) (Sun Aug  5 03:00:42 UTC 2012)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared libraries ..
warning: Could not find object file "/sw/src/fink.build/libiconv-1.12-5/libiconv-1.12/lib/.libs/iconv.o" - no debug information available for "iconv.c".


warning: Could not find object file "/sw/src/fink.build/libiconv-1.12-5/libiconv-1.12/lib/.libs/localcharset.o" - no debug information available for "localcharset.c".


warning: Could not find object file "/sw/src/fink.build/libiconv-1.12-5/libiconv-1.12/lib/.libs/relocatable.o" - no debug information available for "relocatable.c".

...... done

(gdb) break *0x100ebb5b0
Breakpoint 1 at 0x100ebb5b0
(gdb) r -quiet -v -iplugindir=/sw/lib/gcc4.7/lib/gcc/x86_64-apple-darwin12.2.0/4.7.2/plugin -D__DYNAMIC__ himenoBMTxpa.c -iplugindir=/sw/lib/gcc4.7/lib/gcc/x86_64-apple-darwin12.2.0/4.7.2/plugin -fPIC -quiet -dumpbase himenoBMTxpa.c -mmacosx-version-min=10.8.2 -mtune=core2 -auxbase himenoBMTxpa -O3 -version -fplugin=/sw/src/fink.build/dragonegg-gcc47-3.2-0/dragonegg-3.2/dragonegg.so -fplugin-arg-dragonegg-llvm-option=-load:/sw/src/fink.build/llvm32-3.2-0/llvm-3.2/build/lib/LLVMPolly.so -fplugin-arg-dragonegg-llvm-option=-polly -o /var/folders/1l/n78sywl52lz6kkys6nv7mnph0000gp/T//ccFoHtO9.s
Starting program: /sw/lib/gcc4.7/libexec/gcc/x86_64-apple-darwin12.2.0/4.7.2/cc1 -quiet -v -iplugindir=/sw/lib/gcc4.7/lib/gcc/x86_64-apple-darwin12.2.0/4.7.2/plugin -D__DYNAMIC__ himenoBMTxpa.c -iplugindir=/sw/lib/gcc4.7/lib/gcc/x86_64-apple-darwin12.2.0/4.7.2/plugin -fPIC -quiet -dumpbase himenoBMTxpa.c -mmacosx-version-min=10.8.2 -mtune=core2 -auxbase himenoBMTxpa -O3 -version -fplugin=/sw/src/fink.build/dragonegg-gcc47-3.2-0/dragonegg-3.2/dragonegg.so -fplugin-arg-dragonegg-llvm-option=-load:/sw/src/fink.build/llvm32-3.2-0/llvm-3.2/build/lib/LLVMPolly.so -fplugin-arg-dragonegg-llvm-option=-polly -o /var/folders/1l/n78sywl52lz6kkys6nv7mnph0000gp/T//ccFoHtO9.s
Reading symbols for shared libraries +++++++................................. done
Reading symbols for shared libraries . done
GNU C (GCC) version 4.7.2 (x86_64-apple-darwin12.2.0)
	compiled by GNU C version 4.7.2, GMP version 5.0.5, MPFR version 3.1.1, MPC version 1.0.1
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Versions of loaded plugins:
 dragonegg: 3.2svn
ignoring nonexistent directory "/usr/local/include"
ignoring nonexistent directory "/sw/lib/gcc4.7/lib/gcc/x86_64-apple-darwin12.2.0/4.7.2/../../../../x86_64-apple-darwin12.2.0/include"
#include "..." search starts here:
#include <...> search starts here:
 /sw/lib/gcc4.7/lib/gcc/x86_64-apple-darwin12.2.0/4.7.2/include
 /sw/lib/gcc4.7/include
 /sw/lib/gcc4.7/lib/gcc/x86_64-apple-darwin12.2.0/4.7.2/include-fixed
 /usr/include
 /System/Library/Frameworks
 /Library/Frameworks
End of search list.
GNU C (GCC) version 4.7.2 (x86_64-apple-darwin12.2.0)
	compiled by GNU C version 4.7.2, GMP version 5.0.5, MPFR version 3.1.1, MPC version 1.0.1
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Versions of loaded plugins:
 dragonegg: 3.2svn
Compiler executable checksum: 8e74eeb00f08b286a112e27009c3d775
himenoBMTxpa.c: In function ‘main’:
himenoBMTxpa.c:79:5: warning: incompatible implicit declaration of built-in function ‘strcpy’ [enabled by default]
himenoBMTxpa.c: In function ‘set_param’:
himenoBMTxpa.c:226:5: warning: incompatible implicit declaration of built-in function ‘exit’ [enabled by default]
himenoBMTxpa.c: In function ‘newMat’:
himenoBMTxpa.c:239:5: warning: incompatible implicit declaration of built-in function ‘malloc’ [enabled by default]
himenoBMTxpa.c: In function ‘clearMat’:
himenoBMTxpa.c:248:5: warning: incompatible implicit declaration of built-in function ‘free’ [enabled by default]
Reading symbols for shared libraries ... done

Breakpoint 1, 0x0000000100ebb5b0 in pch_address_space ()
(gdb) display/i $pc
1: x/i $pc  0x100ebb5b0 <_ZL17pch_address_space+2581936>:	push   %rbp
(gdb) si
0x0000000100ebb5b1 in pch_address_space ()
1: x/i $pc  0x100ebb5b1 <_ZL17pch_address_space+2581937>:	mov    %rsp,%rbp
(gdb) 
0x0000000100ebb5b4 in pch_address_space ()
1: x/i $pc  0x100ebb5b4 <_ZL17pch_address_space+2581940>:	callq  0x100ebb590 <_ZL17pch_address_space+2581904>
(gdb) 
0x0000000100ebb590 in pch_address_space ()
1: x/i $pc  0x100ebb590 <_ZL17pch_address_space+2581904>:	push   %rbp
(gdb) 
0x0000000100ebb591 in pch_address_space ()
1: x/i $pc  0x100ebb591 <_ZL17pch_address_space+2581905>:	mov    %rsp,%rbp
(gdb) 
0x0000000100ebb594 in pch_address_space ()
1: x/i $pc  0x100ebb594 <_ZL17pch_address_space+2581908>:	lea    0xf9635(%rip),%rdi        # 0x100fb4bd0 <_ZN12_GLOBAL__N_121PollyForcePassLinkingE>
(gdb) 
0x0000000100ebb59b in pch_address_space ()
1: x/i $pc  0x100ebb59b <_ZL17pch_address_space+2581915>:	callq  0x100ebad50 <_ZL17pch_address_space+2579792>
(gdb) 
0x0000000100ebad50 in pch_address_space ()
1: x/i $pc  0x100ebad50 <_ZL17pch_address_space+2579792>:	push   %rbp
(gdb) 
0x0000000100ebad51 in pch_address_space ()
1: x/i $pc  0x100ebad51 <_ZL17pch_address_space+2579793>:	mov    %rsp,%rbp
(gdb) 
0x0000000100ebad54 in pch_address_space ()
1: x/i $pc  0x100ebad54 <_ZL17pch_address_space+2579796>:	sub    $0x10,%rsp
(gdb) 
0x0000000100ebad58 in pch_address_space ()
1: x/i $pc  0x100ebad58 <_ZL17pch_address_space+2579800>:	mov    %rdi,-0x8(%rbp)
(gdb) 
0x0000000100ebad5c in pch_address_space ()
1: x/i $pc  0x100ebad5c <_ZL17pch_address_space+2579804>:	mov    -0x8(%rbp),%rdi
(gdb) 
0x0000000100ebad60 in pch_address_space ()
1: x/i $pc  0x100ebad60 <_ZL17pch_address_space+2579808>:	callq  0x100ebb480 <_ZL17pch_address_space+2581632>
(gdb) 
0x0000000100ebb480 in pch_address_space ()
1: x/i $pc  0x100ebb480 <_ZL17pch_address_space+2581632>:	push   %rbp
(gdb) 
0x0000000100ebb481 in pch_address_space ()
1: x/i $pc  0x100ebb481 <_ZL17pch_address_space+2581633>:	mov    %rsp,%rbp
(gdb) 
0x0000000100ebb484 in pch_address_space ()
1: x/i $pc  0x100ebb484 <_ZL17pch_address_space+2581636>:	sub    $0xb0,%rsp
(gdb) 
0x0000000100ebb48b in pch_address_space ()
1: x/i $pc  0x100ebb48b <_ZL17pch_address_space+2581643>:	lea    0xa7655(%rip),%rax        # 0x100f62ae7 <dyld_stub___cxa_guard_release+12149>
(gdb) 
0x0000000100ebb492 in pch_address_space ()
1: x/i $pc  0x100ebb492 <_ZL17pch_address_space+2581650>:	mov    %rdi,-0x8(%rbp)
(gdb) 
0x0000000100ebb496 in pch_address_space ()
1: x/i $pc  0x100ebb496 <_ZL17pch_address_space+2581654>:	mov    %rax,%rdi
(gdb) 
0x0000000100ebb499 in pch_address_space ()
1: x/i $pc  0x100ebb499 <_ZL17pch_address_space+2581657>:	callq  0x100f5f96e <_ZL17pch_address_space+3254638>
(gdb) 
0x0000000100f5f96e in pch_address_space ()
1: x/i $pc  0x100f5f96e <_ZL17pch_address_space+3254638>:	jmpq   *0x5352c(%rip)        # 0x100fb2ea0
(gdb) 
0x0000000100f62356 in dyld_stub___cxa_guard_release ()
1: x/i $pc  0x100f62356 <dyld_stub___cxa_guard_release+10212>:	pushq  $0xd0bd
(gdb) 
0x0000000100f6235b in dyld_stub___cxa_guard_release ()
1: x/i $pc  0x100f6235b <dyld_stub___cxa_guard_release+10217>:	jmpq   0x100f607d0 <dyld_stub___cxa_guard_release+3166>
(gdb) 
0x0000000100f607d0 in dyld_stub___cxa_guard_release ()
1: x/i $pc  0x100f607d0 <dyld_stub___cxa_guard_release+3166>:	lea    0x4ec09(%rip),%r11        # 0x100faf3e0
(gdb) 
0x0000000100f607d7 in dyld_stub___cxa_guard_release ()
1: x/i $pc  0x100f607d7 <dyld_stub___cxa_guard_release+3173>:	push   %r11
(gdb) 
0x0000000100f607d9 in dyld_stub___cxa_guard_release ()
1: x/i $pc  0x100f607d9 <dyld_stub___cxa_guard_release+3175>:	jmpq   *0x4ebf9(%rip)        # 0x100faf3d8
(gdb) 
0x00007fff8bd80878 in dyld_stub_binder ()
1: x/i $pc  0x7fff8bd80878 <dyld_stub_binder>:	push   %rbp
(gdb)

> 
> To double check what image is 0x0000000100ebb499 and 0x0000000100f5f96e in ?  LLVMPolly.so?  

Sorry to be dim, but I am unclear on how I can get at the information in LLVMPolly.so for those images.
I tried 'set env DYLD_PRINT_SEGMENTS 1' but that didn't seem to provide numbers that match those above.

> 
> It looks like it is trying to call __cxa_guard_release (at least gdb thinks that).  That is odd for the start of an initializer.  There should have been a previous call to __cxa_guard_acquire.  
> 
> For reference, here is stepping through hello-world:
> 
> (gdb) disassemble main
> Dump of assembler code for function main:
> 0x0000000100000f00 <main+0>:	push   %rbp
> 0x0000000100000f01 <main+1>:	mov    %rsp,%rbp
> 0x0000000100000f04 <main+4>:	sub    $0x10,%rsp
> 0x0000000100000f08 <main+8>:	lea    0x51(%rip),%rdi        # 0x100000f60
> 0x0000000100000f0f <main+15>:	movl   $0x0,-0x4(%rbp)
> 0x0000000100000f16 <main+22>:	mov    $0x0,%al
> 0x0000000100000f18 <main+24>:	callq  0x100000f34 <dyld_stub_printf>
> 0x0000000100000f1d <main+29>:	mov    $0x0,%ecx
> 0x0000000100000f22 <main+34>:	mov    %eax,-0x8(%rbp)
> 0x0000000100000f25 <main+37>:	mov    %ecx,%eax
> 0x0000000100000f27 <main+39>:	add    $0x10,%rsp
> 0x0000000100000f2b <main+43>:	pop    %rbp
> 0x0000000100000f2c <main+44>:	retq   
> End of assembler dump.
> (gdb) display/i $pc
> 1: x/i $pc  0x100000f08 <main+8>:	lea    0x51(%rip),%rdi        # 0x100000f60
> (gdb) si
> 0x0000000100000f0f in main ()
> 1: x/i $pc  0x100000f0f <main+15>:	movl   $0x0,-0x4(%rbp)
> (gdb) 
> 0x0000000100000f16 in main ()
> 1: x/i $pc  0x100000f16 <main+22>:	mov    $0x0,%al
> (gdb) 
> 0x0000000100000f18 in main ()
> 1: x/i $pc  0x100000f18 <main+24>:	callq  0x100000f34 <dyld_stub_printf>
> (gdb) 
> 0x0000000100000f34 in dyld_stub_printf ()
> 1: x/i $pc  0x100000f34 <dyld_stub_printf>:	jmpq   *0x106(%rip)        # 0x100001040
> (gdb) 
> 0x0000000100000f56 in dyld_stub_printf ()
> 1: x/i $pc  0x100000f56:	pushq  $0xc
> (gdb) 
> 0x0000000100000f5b in dyld_stub_printf ()
> 1: x/i $pc  0x100000f5b:	jmpq   0x100000f3c
> (gdb) 
> 0x0000000100000f3c in dyld_stub_printf ()
> 1: x/i $pc  0x100000f3c:	lea    0xed(%rip),%r11        # 0x100001030
> (gdb) 
> 0x0000000100000f43 in dyld_stub_printf ()
> 1: x/i $pc  0x100000f43:	push   %r11
> (gdb) 
> 0x0000000100000f45 in dyld_stub_printf ()
> 1: x/i $pc  0x100000f45:	jmpq   *0xdd(%rip)        # 0x100001028
> (gdb) 
> 0x00007fff8e2576a0 in dyld_stub_binder ()
> 1: x/i $pc  0x7fff8e2576a0 <dyld_stub_binder>:	push   %rbp
> (gdb) 
> 
> The stub (PLT entry) is just a single instruction jump through a pointer ("jmpq   *0x106(%rip)").  The first time used, it points to a helper the push extra parameters and jumps into dyld.  In this example,  the "pushq  $0xc" instruction tells dyld which lazy pointer to bind.  In your crashing case, the 114808 seems to have been pushed, but that is too big.  
> 
> -Nick
> 
>

More information about the llvm-dev mailing list