[cfe-dev] Static linking a program
Wink Saville via cfe-dev
cfe-dev at lists.llvm.org
Wed Jul 4 15:20:13 PDT 2018
Executive summary: In _dl_get_origin lld is linking a call to mempcpy which
I'd call "thunking code" as it returns in rax the address of the code
that should be called instead of the address of the next available
address of the
destination buffer. And specifically, since rax is pointing at code, when a zero
is stored to try to terminate the string we seg fault.
I'd be glad to file a bug if you like.
Below is the steps I went through to show that starting with showing
if you link with gold all is well:
$ PATH=/home/wink/prgs/llvm/dist/bin:$PATH clang++ -fuse-ld=gold -o
main-fuse-ld.gold -v -static -pthread main.cpp
clang version 7.0.0 (git at github.com:llvm-mirror/clang.git
833ad29a88de7d88bd69234b5069bbfaea0235d1)
(git at github.com:llvm-mirror/llvm
c55ef4741ac75872f0e692c87eac70745b3ce167)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/wink/prgs/llvm/dist/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-pc-linux-gnu/8.1.1
Found candidate GCC installation: /usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1
Selected GCC installation: /usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Selected multilib: .;@m64
"/home/wink/prgs/llvm/dist/bin/clang-7" -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj -mrelax-all -disable-free
-disable-llvm-verifier -discard-value-names -main-file-name main.cpp
-static-define -mrelocation-model static -mthread-model posix
-mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases
-munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info
-debugger-tuning=gdb -v -resource-dir
/home/wink/prgs/llvm/dist/lib/clang/7.0.0 -internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1
-internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1/x86_64-pc-linux-gnu
-internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1/backward
-internal-isystem /usr/local/include -internal-isystem
/home/wink/prgs/llvm/dist/lib/clang/7.0.0/include
-internal-externc-isystem /include -internal-externc-isystem
/usr/include -fdeprecated-macro -fdebug-compilation-dir
/home/wink/prgs/explore-cpp-static-linking -ferror-limit 19
-fmessage-length 114 -pthread -fobjc-runtime=gcc -fcxx-exceptions
-fexceptions -fdiagnostics-show-option -fcolor-diagnostics -o
/tmp/main-30c2dc.o -x c++ main.cpp
clang -cc1 version 7.0.0 based upon LLVM 7.0.0svn default target
x86_64-unknown-linux-gnu
ignoring nonexistent directory "/include"
#include "..." search starts here:
#include <...> search starts here:
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1/x86_64-pc-linux-gnu
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1/backward
/usr/local/include
/home/wink/prgs/llvm/dist/lib/clang/7.0.0/include
/usr/include
End of search list.
"/usr/bin/ld.gold" --eh-frame-hdr -m elf_x86_64 -static -o
main-fuse-ld.gold
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../lib64/crt1.o
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../lib64/crti.o
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/crtbeginT.o
-L/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1
-L/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../lib64
-L/lib/../lib64 -L/usr/lib/../lib64
-L/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../..
-L/home/wink/prgs/llvm/dist/bin/../lib -L/lib -L/usr/lib
/tmp/main-30c2dc.o -lstdc++ -lm --start-group -lgcc -lgcc_eh -lpthread
-lc --end-group /usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/crtend.o
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../lib64/crtn.o
$ ./main-fuse-ld.gold 4 5 6
argv[0]: ./main-fuse-ld.gold
argv[1]: 4
argv[2]: 5
argv[3]: 6
Here is using ld.lld we see the failure:
$ PATH=/home/wink/prgs/llvm/dist/bin:$PATH clang++ -fuse-ld=lld -o
main-fuse-ld.lld -v -static -pthread main.cpp
clang version 7.0.0 (git at github.com:llvm-mirror/clang.git
833ad29a88de7d88bd69234b5069bbfaea0235d1)
(git at github.com:llvm-mirror/llvm
c55ef4741ac75872f0e692c87eac70745b3ce167)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/wink/prgs/llvm/dist/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-pc-linux-gnu/8.1.1
Found candidate GCC installation: /usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1
Selected GCC installation: /usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Selected multilib: .;@m64
"/home/wink/prgs/llvm/dist/bin/clang-7" -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj -mrelax-all -disable-free
-disable-llvm-verifier -discard-value-names -main-file-name main.cpp
-static-define -mrelocation-model static -mthread-model posix
-mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases
-munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info
-debugger-tuning=gdb -v -resource-dir
/home/wink/prgs/llvm/dist/lib/clang/7.0.0 -internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1
-internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1/x86_64-pc-linux-gnu
-internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1/backward
-internal-isystem /usr/local/include -internal-isystem
/home/wink/prgs/llvm/dist/lib/clang/7.0.0/include
-internal-externc-isystem /include -internal-externc-isystem
/usr/include -fdeprecated-macro -fdebug-compilation-dir
/home/wink/prgs/explore-cpp-static-linking -ferror-limit 19
-fmessage-length 114 -pthread -fobjc-runtime=gcc -fcxx-exceptions
-fexceptions -fdiagnostics-show-option -fcolor-diagnostics -o
/tmp/main-91a03f.o -x c++ main.cpp
clang -cc1 version 7.0.0 based upon LLVM 7.0.0svn default target
x86_64-unknown-linux-gnu
ignoring nonexistent directory "/include"
#include "..." search starts here:
#include <...> search starts here:
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1/x86_64-pc-linux-gnu
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../include/c++/8.1.1/backward
/usr/local/include
/home/wink/prgs/llvm/dist/lib/clang/7.0.0/include
/usr/include
End of search list.
"/home/wink/prgs/llvm/dist/bin/ld.lld" --eh-frame-hdr -m elf_x86_64
-static -o main-fuse-ld.lld
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../lib64/crt1.o
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../lib64/crti.o
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/crtbeginT.o
-L/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1
-L/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../lib64
-L/lib/../lib64 -L/usr/lib/../lib64
-L/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../..
-L/home/wink/prgs/llvm/dist/bin/../lib -L/lib -L/usr/lib
/tmp/main-91a03f.o -lstdc++ -lm --start-group -lgcc -lgcc_eh -lpthread
-lc --end-group /usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/crtend.o
/usr/lib64/gcc/x86_64-pc-linux-gnu/8.1.1/../../../../lib64/crtn.o
$ ./main-fuse-ld.lld 7 8 9
Segmentation fault (core dumped)
$ coredumpctl gdb
PID: 17791 (main-fuse-ld.ll)
UID: 1000 (wink)
GID: 100 (users)
Signal: 11 (SEGV)
Timestamp: Wed 2018-07-04 15:09:12 PDT (9s ago)
Command Line: ./main-fuse-ld.lld 7 8 9
Executable: /home/wink/prgs/explore-cpp-static-linking/main-fuse-ld.lld
Control Group: /user.slice/user-1000.slice/session-c2.scope
Unit: session-c2.scope
Slice: user-1000.slice
Session: c2
Owner UID: 1000 (wink)
Boot ID: a39916a44af64ce3836e760848efaaac
Machine ID: 8f80fd742eae4659baed812cd07a9439
Hostname: wink-desktop
Storage:
/var/lib/systemd/coredump/core.main-fuse-ld\x2ell.1000.a39916a44af64ce3836e760848efaaac.17791.1530742152000000.lz4
Message: Process 17791 (main-fuse-ld.ll) of user 1000 dumped core.
Stack trace of thread 17791:
#0 0x000000000038c266 n/a
(/home/wink/prgs/explore-cpp-static-linking/main-fuse-ld.lld)
GNU gdb (GDB) 8.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from
/home/wink/prgs/explore-cpp-static-linking/main-fuse-ld.lld...done.
warning: core file may not match specified executable file.
[New LWP 17791]
Core was generated by `./main-fuse-ld.lld 7 8 9'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000038c266 in _dl_get_origin ()
(gdb) bt
#0 0x000000000038c266 in _dl_get_origin ()
#1 0x000000000038b8cf in _dl_non_dynamic_init ()
#2 0x00000000002f7151 in __libc_init_first ()
#3 0x00000000002f6e47 in __libc_start_main ()
#4 0x000000000025b02a in _start ()
Since we're seg faulting in _dl_get_origin I cloned glibc and
found the code in glibc/sysdeps/unix/sysv/linux/dl-origin.c. Here
is the routine from that file. Stepping through the code I've determined
that the code is faulting after returning from the first __mempcpy which
I've marked with "<<<< Faulting storing the 0" below:
const char *
_dl_get_origin (void)
{
char linkval[PATH_MAX];
char *result;
int len;
INTERNAL_SYSCALL_DECL (err);
len = INTERNAL_SYSCALL (readlink, err, 3, "/proc/self/exe", linkval,
sizeof (linkval));
if (! INTERNAL_SYSCALL_ERROR_P (len, err) && len > 0 && linkval[0] != '[')
{
/* We can use this value. */
assert (linkval[0] == '/');
while (len > 1 && linkval[len - 1] != '/')
--len;
result = (char *) malloc (len + 1);
if (result == NULL)
result = (char *) -1;
else if (len == 1)
memcpy (result, "/", 2);
else
*((char *) __mempcpy (result, linkval, len - 1)) = '\0';
<<<< Faulting storing the 0
}
else
{
result = (char *) -1;
/* We use the environment variable LD_ORIGIN_PATH. If it is set make
a copy and strip out trailing slashes. */
if (GLRO(dl_origin_path) != NULL)
{
size_t len = strlen (GLRO(dl_origin_path));
result = (char *) malloc (len + 1);
if (result == NULL)
result = (char *) -1;
else
{
char *cp = __mempcpy (result, GLRO(dl_origin_path), len);
while (cp > result + 1 && cp[-1] == '/')
--cp;
*cp = '\0';
}
}
}
return result;
}
Here is the objdump disassembly of _dl_get_origin and at 38c266 is the
store after
the call __mempcpy which is failing:
38c266: c6 00 00 mov BYTE PTR [rax],0x0 <<<<
Faulting storing the 0
000000000038c110 <_dl_get_origin>:
38c110: 41 54 push r12
38c112: ba 00 10 00 00 mov edx,0x1000
38c117: b8 59 00 00 00 mov eax,0x59
38c11c: 48 8d 3d e3 47 e7 ff lea rdi,[rip+0xffffffffffe747e3]
# 200906 <__PRETTY_FUNCTION__.13205+0xa0>
38c123: 55 push rbp
38c124: 53 push rbx
38c125: 48 81 ec 00 10 00 00 sub rsp,0x1000
38c12c: 48 89 e3 mov rbx,rsp
38c12f: 48 89 de mov rsi,rbx
38c132: 0f 05 syscall
38c134: 3d 00 f0 ff ff cmp eax,0xfffff000
38c139: 77 75 ja 38c1b0 <_dl_get_origin+0xa0>
38c13b: 85 c0 test eax,eax
38c13d: 7e 71 jle 38c1b0 <_dl_get_origin+0xa0>
38c13f: 0f b6 14 24 movzx edx,BYTE PTR [rsp]
38c143: 80 fa 5b cmp dl,0x5b
38c146: 74 68 je 38c1b0 <_dl_get_origin+0xa0>
38c148: 80 fa 2f cmp dl,0x2f
38c14b: 0f 85 27 01 00 00 jne 38c278 <_dl_get_origin+0x168>
38c151: 83 f8 01 cmp eax,0x1
38c154: 74 2f je 38c185 <_dl_get_origin+0x75>
38c156: 89 c5 mov ebp,eax
38c158: 83 e8 01 sub eax,0x1
38c15b: 48 98 cdqe
38c15d: 80 3c 04 2f cmp BYTE PTR [rsp+rax*1],0x2f
38c161: 75 1b jne 38c17e <_dl_get_origin+0x6e>
38c163: e9 d8 00 00 00 jmp 38c240 <_dl_get_origin+0x130>
38c168: 0f 1f 84 00 00 00 00 nop DWORD PTR [rax+rax*1+0x0]
38c16f: 00
38c170: 48 83 e8 01 sub rax,0x1
38c174: 80 3c 03 2f cmp BYTE PTR [rbx+rax*1],0x2f
38c178: 0f 84 c2 00 00 00 je 38c240 <_dl_get_origin+0x130>
38c17e: 89 c5 mov ebp,eax
38c180: 83 f8 01 cmp eax,0x1
38c183: 75 eb jne 38c170 <_dl_get_origin+0x60>
38c185: bf 02 00 00 00 mov edi,0x2
38c18a: 67 e8 90 a3 fa ff addr32 call 336520 <__malloc>
38c190: 49 89 c4 mov r12,rax
38c193: 48 85 c0 test rax,rax
38c196: 0f 84 84 00 00 00 je 38c220 <_dl_get_origin+0x110>
38c19c: b8 2f 00 00 00 mov eax,0x2f
38c1a1: 66 41 89 04 24 mov WORD PTR [r12],ax
38c1a6: eb 7f jmp 38c227 <_dl_get_origin+0x117>
38c1a8: 0f 1f 84 00 00 00 00 nop DWORD PTR [rax+rax*1+0x0]
38c1af: 00
38c1b0: 48 8b 1d f1 04 02 00 mov rbx,QWORD PTR [rip+0x204f1]
# 3ac6a8 <_dl_origin_path>
38c1b7: 48 85 db test rbx,rbx
38c1ba: 74 64 je 38c220 <_dl_get_origin+0x110>
38c1bc: 48 89 df mov rdi,rbx
38c1bf: e8 4c 1e 01 00 call 39e010 <arena_thread_freeres+0x140>
38c1c4: 48 89 c5 mov rbp,rax
38c1c7: 48 8d 78 01 lea rdi,[rax+0x1]
38c1cb: 67 e8 4f a3 fa ff addr32 call 336520 <__malloc>
38c1d1: 49 89 c4 mov r12,rax
38c1d4: 48 85 c0 test rax,rax
38c1d7: 74 47 je 38c220 <_dl_get_origin+0x110>
38c1d9: 48 89 ea mov rdx,rbp
38c1dc: 48 89 de mov rsi,rbx
38c1df: 48 89 c7 mov rdi,rax
38c1e2: ff 15 c0 f2 01 00 call QWORD PTR [rip+0x1f2c0] #
3ab4a8 <__libc_enable_secure+0x184>
38c1e8: 49 8d 54 24 01 lea rdx,[r12+0x1]
38c1ed: 48 39 c2 cmp rdx,rax
38c1f0: 72 0f jb 38c201 <_dl_get_origin+0xf1>
38c1f2: eb 13 jmp 38c207 <_dl_get_origin+0xf7>
38c1f4: 0f 1f 40 00 nop DWORD PTR [rax+0x0]
38c1f8: 48 83 e8 01 sub rax,0x1
38c1fc: 48 39 c2 cmp rdx,rax
38c1ff: 74 06 je 38c207 <_dl_get_origin+0xf7>
38c201: 80 78 ff 2f cmp BYTE PTR [rax-0x1],0x2f
38c205: 74 f1 je 38c1f8 <_dl_get_origin+0xe8>
38c207: c6 00 00 mov BYTE PTR [rax],0x0
38c20a: 48 81 c4 00 10 00 00 add rsp,0x1000
38c211: 4c 89 e0 mov rax,r12
38c214: 5b pop rbx
38c215: 5d pop rbp
38c216: 41 5c pop r12
38c218: c3 ret
38c219: 0f 1f 80 00 00 00 00 nop DWORD PTR [rax+0x0]
38c220: 49 c7 c4 ff ff ff ff mov r12,0xffffffffffffffff
38c227: 48 81 c4 00 10 00 00 add rsp,0x1000
38c22e: 4c 89 e0 mov rax,r12
38c231: 5b pop rbx
38c232: 5d pop rbp
38c233: 41 5c pop r12
38c235: c3 ret
38c236: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
38c23d: 00 00 00
38c240: 8d 7d 01 lea edi,[rbp+0x1]
38c243: 48 63 ff movsxd rdi,edi
38c246: 67 e8 d4 a2 fa ff addr32 call 336520 <__malloc>
38c24c: 49 89 c4 mov r12,rax
38c24f: 48 85 c0 test rax,rax
38c252: 74 cc je 38c220 <_dl_get_origin+0x110>
38c254: 8d 55 ff lea edx,[rbp-0x1]
38c257: 48 89 de mov rsi,rbx
38c25a: 4c 89 e7 mov rdi,r12
38c25d: 48 63 d2 movsxd rdx,edx
38c260: ff 15 42 f2 01 00 call QWORD PTR [rip+0x1f242] #
3ab4a8 <__libc_enable_secure+0x184>
38c266: c6 00 00 mov BYTE PTR [rax],0x0 <<<<
Faulting storing the 0
38c269: 48 81 c4 00 10 00 00 add rsp,0x1000
38c270: 4c 89 e0 mov rax,r12
38c273: 5b pop rbx
38c274: 5d pop rbp
38c275: 41 5c pop r12
38c277: c3 ret
38c278: 48 8d 0d d9 7f e7 ff lea rcx,[rip+0xffffffffffe77fd9]
# 204258 <__PRETTY_FUNCTION__.10083>
38c27f: ba 2f 00 00 00 mov edx,0x2f
38c284: 48 8d 35 e5 80 e7 ff lea rsi,[rip+0xffffffffffe780e5]
# 204370 <__PRETTY_FUNCTION__.9073+0x10>
38c28b: 48 8d 3d 7c 67 e7 ff lea rdi,[rip+0xffffffffffe7677c]
# 202a0e <null+0x461>
38c292: e8 59 68 f7 ff call 302af0 <__assert_fail>
38c297: cc int3
38c298: cc int3
38c299: cc int3
38c29a: cc int3
38c29b: cc int3
38c29c: cc int3
38c29d: cc int3
38c29e: cc int3
38c29f: cc int3
Now I'll go through executing main-fuse-ld.lld using gdb. I've added comments
below introduced with ">>>":
$ gdb --args ./main-fuse-ld.lld
GNU gdb (GDB) 8.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./main-fuse-ld.lld...done.
>>> Set a break point at the call to "__mempcpy" at 0x38c260, the run and
>>> and display the instruction where we stopped:
(gdb) break *0x38c260
Breakpoint 1 at 0x38c260
(gdb) r
Starting program: /home/wink/prgs/explore-cpp-static-linking/main-fuse-ld.lld
Breakpoint 1, 0x000000000038c260 in _dl_get_origin ()
(gdb) display/i $pc
2: x/i $pc
=> 0x38c260 <_dl_get_origin+336>: call QWORD PTR [rip+0x1f242]
# 0x3ab4a8
>>> Display the registers. rsi is the source, rdi is the destination
>>> and rdx is the count
(gdb) i r
rax 0x3b6460 3892320
rbx 0x7fffffffcd70 140737488342384
rcx 0x3b6460 3892320
rdx 0x2a 42
rsi 0x7fffffffcd70 140737488342384
rdi 0x3b6460 3892320
rbp 0x2b 0x2b
rsp 0x7fffffffcd70 0x7fffffffcd70
r8 0x3 3
r9 0x0 0
r10 0xfffffffffffff000 -4096
r11 0x0 0
r12 0x3b6460 3892320
r13 0x0 0
r14 0x3a1510 3806480
r15 0x0 0
rip 0x38c260 0x38c260 <_dl_get_origin+336>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
>>> Dump the source string
(gdb) x/s $rsi
0x7fffffffcd70: "/home/wink/prgs/explore-cpp-static-linking/main-fuse-ld.lld"
>>> Dump 43 bytes of the destination
(gdb) x/43x $rdi
0x3b6460: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x3b6468: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x3b6470: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x3b6478: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x3b6480: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x3b6488: 0x00 0x00 0x00
>>> Display the target of the "=> 0x38c260 <_dl_get_origin+336>: call QWORD PTR [rip+0x1f242] # 0x3ab4a8".
>>> Very oddly the first thing it does is wipeout edx, which is the length:
(gdb) x/20i *0x3ab4a8
0x339130 <mempcpy>: mov edx,DWORD PTR [rip+0x7b316] #
0x3b444c <_dl_x86_cpu_features+76>
0x339136 <mempcpy+6>: lea rax,[rip+0x337d3] # 0x36c910
<__mempcpy_erms>
0x33913d <mempcpy+13>: test edx,0x80000
0x339143 <mempcpy+19>: jne 0x33919e <mempcpy+110>
0x339145 <mempcpy+21>: mov eax,edx
0x339147 <mempcpy+23>: and eax,0x101000
0x33914c <mempcpy+28>: cmp eax,0x1000
0x339151 <mempcpy+33>: je 0x3391a0 <mempcpy+112>
0x339153 <mempcpy+35>: test dh,0x8
0x339156 <mempcpy+38>: je 0x339178 <mempcpy+72>
0x339158 <mempcpy+40>: test BYTE PTR [rip+0x7b2be],0x2 #
0x3b441d <_dl_x86_cpu_features+29>
0x33915f <mempcpy+47>: lea rdx,[rip+0x33b0a] # 0x36cc70
<__mempcpy_avx_unaligned>
0x339166 <mempcpy+54>: lea rax,[rip+0x33b43] # 0x36ccb0
<__mempcpy_avx_unaligned_erms>
0x33916d <mempcpy+61>: cmove rax,rdx
0x339171 <mempcpy+65>: ret
0x339172 <mempcpy+66>: nop WORD PTR [rax+rax*1+0x0]
0x339178 <mempcpy+72>: test BYTE PTR [rip+0x7b292],0x2 #
0x3b4411 <_dl_x86_cpu_features+17>
0x33917f <mempcpy+79>: je 0x3391d0 <mempcpy+160>
0x339181 <mempcpy+81>: test edx,0x40000
0x339187 <mempcpy+87>: jne 0x3391d0 <mempcpy+160>
>>> Now step through mempcpy
(gdb) si
0x0000000000339130 in mempcpy ()
2: x/i $pc
=> 0x339130 <mempcpy>: mov edx,DWORD PTR [rip+0x7b316] #
0x3b444c <_dl_x86_cpu_features+76>
(gdb)
0x0000000000339136 in mempcpy ()
2: x/i $pc
=> 0x339136 <mempcpy+6>: lea rax,[rip+0x337d3] # 0x36c910
<__mempcpy_erms>
(gdb)
0x000000000033913d in mempcpy ()
2: x/i $pc
=> 0x33913d <mempcpy+13>: test edx,0x80000
(gdb)
0x0000000000339143 in mempcpy ()
2: x/i $pc
=> 0x339143 <mempcpy+19>: jne 0x33919e <mempcpy+110>
(gdb)
0x0000000000339145 in mempcpy ()
2: x/i $pc
=> 0x339145 <mempcpy+21>: mov eax,edx
(gdb)
0x0000000000339147 in mempcpy ()
2: x/i $pc
=> 0x339147 <mempcpy+23>: and eax,0x101000
(gdb)
0x000000000033914c in mempcpy ()
2: x/i $pc
=> 0x33914c <mempcpy+28>: cmp eax,0x1000
(gdb)
0x0000000000339151 in mempcpy ()
2: x/i $pc
=> 0x339151 <mempcpy+33>: je 0x3391a0 <mempcpy+112>
(gdb)
0x0000000000339153 in mempcpy ()
2: x/i $pc
=> 0x339153 <mempcpy+35>: test dh,0x8
(gdb)
0x0000000000339156 in mempcpy ()
2: x/i $pc
=> 0x339156 <mempcpy+38>: je 0x339178 <mempcpy+72>
(gdb)
0x0000000000339158 in mempcpy ()
2: x/i $pc
=> 0x339158 <mempcpy+40>: test BYTE PTR [rip+0x7b2be],0x2 #
0x3b441d <_dl_x86_cpu_features+29>
(gdb)
0x000000000033915f in mempcpy ()
2: x/i $pc
=> 0x33915f <mempcpy+47>: lea rdx,[rip+0x33b0a] # 0x36cc70
<__mempcpy_avx_unaligned>
(gdb)
0x0000000000339166 in mempcpy ()
2: x/i $pc
=> 0x339166 <mempcpy+54>: lea rax,[rip+0x33b43] # 0x36ccb0
<__mempcpy_avx_unaligned_erms>
(gdb)
0x000000000033916d in mempcpy ()
2: x/i $pc
=> 0x33916d <mempcpy+61>: cmove rax,rdx
(gdb)
0x0000000000339171 in mempcpy ()
2: x/i $pc
=> 0x339171 <mempcpy+65>: ret
(gdb)
0x000000000038c266 in _dl_get_origin ()
2: x/i $pc
=> 0x38c266 <_dl_get_origin+342>: mov BYTE PTR [rax],0x0
>>> Now we've returned to _dl_get_origin so display the registers
>>> and we see a "bad" address in rax:
(gdb) i r
rax 0x36ccb0 3591344
rbx 0x7fffffffcd70 140737488342384
rcx 0x3b6460 3892320
rdx 0x36cc70 3591280
rsi 0x7fffffffcd70 140737488342384
rdi 0x3b6460 3892320
rbp 0x2b 0x2b
rsp 0x7fffffffcd70 0x7fffffffcd70
r8 0x3 3
r9 0x0 0
r10 0xfffffffffffff000 -4096
r11 0x0 0
r12 0x3b6460 3892320
r13 0x0 0
r14 0x3a1510 3806480
r15 0x0 0
rip 0x38c266 0x38c266 <_dl_get_origin+342>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
>>> "step instruction" and we seg fault
(gdb) si
Program received signal SIGSEGV, Segmentation fault.
0x000000000038c266 in _dl_get_origin ()
2: x/i $pc
=> 0x38c266 <_dl_get_origin+342>: mov BYTE PTR [rax],0x0
>>> So where is rax pointing? As it turns out its actually pointing
>>> code, __mempcpy_avx_unaligned_erms, not data! This is
>>> actually the code that is called when you link with gold. So
>>> lld has not correctly linked up the code.
(gdb) x/i $rax
0x36ccb0 <__mempcpy_avx_unaligned_erms>: mov rax,rdi
(gdb) disassemble __mempcpy_avx_unaligned_erms
Dump of assembler code for function __mempcpy_avx_unaligned_erms:
0x000000000036ccb0 <+0>: mov rax,rdi
0x000000000036ccb3 <+3>: add rax,rdx
0x000000000036ccb6 <+6>: jmp 0x36ccc3 <__memmove_avx_unaligned_erms+3>
End of assembler dump.
(gdb) disassemble 0x36ccc3
Dump of assembler code for function __memmove_avx_unaligned_erms:
0x000000000036ccc0 <+0>: mov rax,rdi
0x000000000036ccc3 <+3>: cmp rdx,0x20
0x000000000036ccc7 <+7>: jb 0x36cd12 <__memmove_avx_unaligned_erms+82>
0x000000000036ccc9 <+9>: cmp rdx,0x40
0x000000000036cccd <+13>: ja 0x36cd72 <__memmove_avx_unaligned_erms+178>
0x000000000036ccd3 <+19>: vmovdqu ymm0,YMMWORD PTR [rsi]
0x000000000036ccd7 <+23>: vmovdqu ymm1,YMMWORD PTR [rsi+rdx*1-0x20]
0x000000000036ccdd <+29>: vmovdqu YMMWORD PTR [rdi],ymm0
0x000000000036cce1 <+33>: vmovdqu YMMWORD PTR [rdi+rdx*1-0x20],ymm1
0x000000000036cce7 <+39>: vzeroupper
0x000000000036ccea <+42>: ret
0x000000000036cceb <+43>: cmp rdx,QWORD PTR [rip+0x3f896]
# 0x3ac588 <__x86_shared_non_temporal_threshold>
0x000000000036ccf2 <+50>: jae 0x36ce1d <__memmove_avx_unaligned_erms+349>
0x000000000036ccf8 <+56>: cmp rdi,rsi
0x000000000036ccfb <+59>: jb 0x36cd0c <__memmove_avx_unaligned_erms+76>
0x000000000036ccfd <+61>: je 0x36cd11 <__memmove_avx_unaligned_erms+81>
0x000000000036ccff <+63>: lea r9,[rsi+rdx*1]
0x000000000036cd03 <+67>: cmp rdi,r9
0x000000000036cd06 <+70>: jb 0x36ced1 <__memmove_avx_unaligned_erms+529>
0x000000000036cd0c <+76>: mov rcx,rdx
0x000000000036cd0f <+79>: rep movs BYTE PTR es:[rdi],BYTE PTR ds:[rsi]
0x000000000036cd11 <+81>: ret
0x000000000036cd12 <+82>: cmp dl,0x10
0x000000000036cd15 <+85>: jae 0x36cd2e <__memmove_avx_unaligned_erms+110>
0x000000000036cd17 <+87>: cmp dl,0x8
0x000000000036cd1a <+90>: jae 0x36cd43 <__memmove_avx_unaligned_erms+131>
0x000000000036cd1c <+92>: cmp dl,0x4
0x000000000036cd1f <+95>: jae 0x36cd54 <__memmove_avx_unaligned_erms+148>
0x000000000036cd21 <+97>: cmp dl,0x1
0x000000000036cd24 <+100>: ja 0x36cd61 <__memmove_avx_unaligned_erms+161>
0x000000000036cd26 <+102>: jb 0x36cd2d <__memmove_avx_unaligned_erms+109>
0x000000000036cd28 <+104>: movzx ecx,BYTE PTR [rsi]
0x000000000036cd2b <+107>: mov BYTE PTR [rdi],cl
0x000000000036cd2d <+109>: ret
0x000000000036cd2e <+110>: vmovdqu xmm0,XMMWORD PTR [rsi]
0x000000000036cd32 <+114>: vmovdqu xmm1,XMMWORD PTR [rsi+rdx*1-0x10]
0x000000000036cd38 <+120>: vmovdqu XMMWORD PTR [rdi],xmm0
0x000000000036cd3c <+124>: vmovdqu XMMWORD PTR [rdi+rdx*1-0x10],xmm1
0x000000000036cd42 <+130>: ret
0x000000000036cd43 <+131>: mov rcx,QWORD PTR [rsi+rdx*1-0x8]
0x000000000036cd48 <+136>: mov rsi,QWORD PTR [rsi]
0x000000000036cd4b <+139>: mov QWORD PTR [rdi+rdx*1-0x8],rcx
0x000000000036cd50 <+144>: mov QWORD PTR [rdi],rsi
0x000000000036cd53 <+147>: ret
0x000000000036cd54 <+148>: mov ecx,DWORD PTR [rsi+rdx*1-0x4]
0x000000000036cd58 <+152>: mov esi,DWORD PTR [rsi]
0x000000000036cd5a <+154>: mov DWORD PTR [rdi+rdx*1-0x4],ecx
0x000000000036cd5e <+158>: mov DWORD PTR [rdi],esi
0x000000000036cd60 <+160>: ret
0x000000000036cd61 <+161>: movzx ecx,WORD PTR [rsi+rdx*1-0x2]
0x000000000036cd66 <+166>: movzx esi,WORD PTR [rsi]
0x000000000036cd69 <+169>: mov WORD PTR [rdi+rdx*1-0x2],cx
0x000000000036cd6e <+174>: mov WORD PTR [rdi],si
0x000000000036cd71 <+177>: ret
0x000000000036cd72 <+178>: cmp rdx,0x1000
0x000000000036cd79 <+185>: ja 0x36cceb <__memmove_avx_unaligned_erms+43>
0x000000000036cd7f <+191>: cmp rdx,0x100
0x000000000036cd86 <+198>: ja 0x36ce1d <__memmove_avx_unaligned_erms+349>
0x000000000036cd8c <+204>: cmp rdx,0x80
0x000000000036cd93 <+211>: jb 0x36cdef <__memmove_avx_unaligned_erms+303>
0x000000000036cd95 <+213>: vmovdqu ymm0,YMMWORD PTR [rsi]
0x000000000036cd99 <+217>: vmovdqu ymm1,YMMWORD PTR [rsi+0x20]
0x000000000036cd9e <+222>: vmovdqu ymm2,YMMWORD PTR [rsi+0x40]
0x000000000036cda3 <+227>: vmovdqu ymm3,YMMWORD PTR [rsi+0x60]
0x000000000036cda8 <+232>: vmovdqu ymm4,YMMWORD PTR [rsi+rdx*1-0x20]
0x000000000036cdae <+238>: vmovdqu ymm5,YMMWORD PTR [rsi+rdx*1-0x40]
0x000000000036cdb4 <+244>: vmovdqu ymm6,YMMWORD PTR [rsi+rdx*1-0x60]
0x000000000036cdba <+250>: vmovdqu ymm7,YMMWORD PTR [rsi+rdx*1-0x80]
0x000000000036cdc0 <+256>: vmovdqu YMMWORD PTR [rdi],ymm0
0x000000000036cdc4 <+260>: vmovdqu YMMWORD PTR [rdi+0x20],ymm1
0x000000000036cdc9 <+265>: vmovdqu YMMWORD PTR [rdi+0x40],ymm2
0x000000000036cdce <+270>: vmovdqu YMMWORD PTR [rdi+0x60],ymm3
0x000000000036cdd3 <+275>: vmovdqu YMMWORD PTR [rdi+rdx*1-0x20],ymm4
0x000000000036cdd9 <+281>: vmovdqu YMMWORD PTR [rdi+rdx*1-0x40],ymm5
0x000000000036cddf <+287>: vmovdqu YMMWORD PTR [rdi+rdx*1-0x60],ymm6
0x000000000036cde5 <+293>: vmovdqu YMMWORD PTR [rdi+rdx*1-0x80],ymm7
0x000000000036cdeb <+299>: vzeroupper
0x000000000036cdee <+302>: ret
0x000000000036cdef <+303>: vmovdqu ymm0,YMMWORD PTR [rsi]
0x000000000036cdf3 <+307>: vmovdqu ymm1,YMMWORD PTR [rsi+0x20]
0x000000000036cdf8 <+312>: vmovdqu ymm2,YMMWORD PTR [rsi+rdx*1-0x20]
0x000000000036cdfe <+318>: vmovdqu ymm3,YMMWORD PTR [rsi+rdx*1-0x40]
0x000000000036ce04 <+324>: vmovdqu YMMWORD PTR [rdi],ymm0
0x000000000036ce08 <+328>: vmovdqu YMMWORD PTR [rdi+0x20],ymm1
0x000000000036ce0d <+333>: vmovdqu YMMWORD PTR [rdi+rdx*1-0x20],ymm2
0x000000000036ce13 <+339>: vmovdqu YMMWORD PTR [rdi+rdx*1-0x40],ymm3
0x000000000036ce19 <+345>: vzeroupper
0x000000000036ce1c <+348>: ret
0x000000000036ce1d <+349>: cmp rdi,rsi
0x000000000036ce20 <+352>: ja 0x36ced1 <__memmove_avx_unaligned_erms+529>
0x000000000036ce26 <+358>: je 0x36cd11 <__memmove_avx_unaligned_erms+81>
0x000000000036ce2c <+364>: vmovdqu ymm4,YMMWORD PTR [rsi]
0x000000000036ce30 <+368>: vmovdqu ymm5,YMMWORD PTR [rsi+rdx*1-0x20]
0x000000000036ce36 <+374>: vmovdqu ymm6,YMMWORD PTR [rsi+rdx*1-0x40]
0x000000000036ce3c <+380>: vmovdqu ymm7,YMMWORD PTR [rsi+rdx*1-0x60]
0x000000000036ce42 <+386>: vmovdqu ymm8,YMMWORD PTR [rsi+rdx*1-0x80]
0x000000000036ce48 <+392>: mov r11,rdi
0x000000000036ce4b <+395>: lea rcx,[rdi+rdx*1-0x20]
0x000000000036ce50 <+400>: mov r8,rdi
0x000000000036ce53 <+403>: and r8,0x1f
0x000000000036ce57 <+407>: sub r8,0x20
0x000000000036ce5b <+411>: sub rsi,r8
0x000000000036ce5e <+414>: sub rdi,r8
0x000000000036ce61 <+417>: add rdx,r8
0x000000000036ce64 <+420>: cmp rdx,QWORD PTR [rip+0x3f71d]
# 0x3ac588 <__x86_shared_non_temporal_threshold>
0x000000000036ce6b <+427>: ja 0x36cf78 <__memmove_avx_unaligned_erms+696>
0x000000000036ce71 <+433>: vmovdqu ymm0,YMMWORD PTR [rsi]
0x000000000036ce75 <+437>: vmovdqu ymm1,YMMWORD PTR [rsi+0x20]
0x000000000036ce7a <+442>: vmovdqu ymm2,YMMWORD PTR [rsi+0x40]
0x000000000036ce7f <+447>: vmovdqu ymm3,YMMWORD PTR [rsi+0x60]
0x000000000036ce84 <+452>: add rsi,0x80
0x000000000036ce8b <+459>: sub rdx,0x80
0x000000000036ce92 <+466>: vmovdqa YMMWORD PTR [rdi],ymm0
0x000000000036ce96 <+470>: vmovdqa YMMWORD PTR [rdi+0x20],ymm1
0x000000000036ce9b <+475>: vmovdqa YMMWORD PTR [rdi+0x40],ymm2
0x000000000036cea0 <+480>: vmovdqa YMMWORD PTR [rdi+0x60],ymm3
0x000000000036cea5 <+485>: add rdi,0x80
0x000000000036ceac <+492>: cmp rdx,0x80
0x000000000036ceb3 <+499>: ja 0x36ce71 <__memmove_avx_unaligned_erms+433>
0x000000000036ceb5 <+501>: vmovdqu YMMWORD PTR [rcx],ymm5
0x000000000036ceb9 <+505>: vmovdqu YMMWORD PTR [rcx-0x20],ymm6
0x000000000036cebe <+510>: vmovdqu YMMWORD PTR [rcx-0x40],ymm7
0x000000000036cec3 <+515>: vmovdqu YMMWORD PTR [rcx-0x60],ymm8
0x000000000036cec8 <+520>: vmovdqu YMMWORD PTR [r11],ymm4
0x000000000036cecd <+525>: vzeroupper
0x000000000036ced0 <+528>: ret
0x000000000036ced1 <+529>: vmovdqu ymm4,YMMWORD PTR [rsi]
0x000000000036ced5 <+533>: vmovdqu ymm5,YMMWORD PTR [rsi+0x20]
0x000000000036ceda <+538>: vmovdqu ymm6,YMMWORD PTR [rsi+0x40]
0x000000000036cedf <+543>: vmovdqu ymm7,YMMWORD PTR [rsi+0x60]
0x000000000036cee4 <+548>: vmovdqu ymm8,YMMWORD PTR [rsi+rdx*1-0x20]
0x000000000036ceea <+554>: lea r11,[rdi+rdx*1-0x20]
0x000000000036ceef <+559>: lea rcx,[rsi+rdx*1-0x20]
0x000000000036cef4 <+564>: mov r9,r11
0x000000000036cef7 <+567>: mov r8,r11
0x000000000036cefa <+570>: and r8,0x1f
0x000000000036cefe <+574>: sub rcx,r8
0x000000000036cf01 <+577>: sub r9,r8
0x000000000036cf04 <+580>: sub rdx,r8
0x000000000036cf07 <+583>: cmp rdx,QWORD PTR [rip+0x3f67a]
# 0x3ac588 <__x86_shared_non_temporal_threshold>
0x000000000036cf0e <+590>: ja 0x36d004 <__memmove_avx_unaligned_erms+836>
0x000000000036cf14 <+596>: vmovdqu ymm0,YMMWORD PTR [rcx]
0x000000000036cf18 <+600>: vmovdqu ymm1,YMMWORD PTR [rcx-0x20]
0x000000000036cf1d <+605>: vmovdqu ymm2,YMMWORD PTR [rcx-0x40]
0x000000000036cf22 <+610>: vmovdqu ymm3,YMMWORD PTR [rcx-0x60]
0x000000000036cf27 <+615>: sub rcx,0x80
0x000000000036cf2e <+622>: sub rdx,0x80
0x000000000036cf35 <+629>: vmovdqa YMMWORD PTR [r9],ymm0
0x000000000036cf3a <+634>: vmovdqa YMMWORD PTR [r9-0x20],ymm1
0x000000000036cf40 <+640>: vmovdqa YMMWORD PTR [r9-0x40],ymm2
0x000000000036cf46 <+646>: vmovdqa YMMWORD PTR [r9-0x60],ymm3
0x000000000036cf4c <+652>: sub r9,0x80
0x000000000036cf53 <+659>: cmp rdx,0x80
0x000000000036cf5a <+666>: ja 0x36cf14 <__memmove_avx_unaligned_erms+596>
0x000000000036cf5c <+668>: vmovdqu YMMWORD PTR [rdi],ymm4
0x000000000036cf60 <+672>: vmovdqu YMMWORD PTR [rdi+0x20],ymm5
0x000000000036cf65 <+677>: vmovdqu YMMWORD PTR [rdi+0x40],ymm6
0x000000000036cf6a <+682>: vmovdqu YMMWORD PTR [rdi+0x60],ymm7
0x000000000036cf6f <+687>: vmovdqu YMMWORD PTR [r11],ymm8
0x000000000036cf74 <+692>: vzeroupper
0x000000000036cf77 <+695>: ret
0x000000000036cf78 <+696>: lea r10,[rdi+rdx*1]
0x000000000036cf7c <+700>: cmp rsi,r10
0x000000000036cf7f <+703>: jb 0x36ce71 <__memmove_avx_unaligned_erms+433>
0x000000000036cf85 <+709>: prefetcht0 BYTE PTR [rsi+0x100]
0x000000000036cf8c <+716>: prefetcht0 BYTE PTR [rsi+0x140]
0x000000000036cf93 <+723>: prefetcht0 BYTE PTR [rsi+0x180]
0x000000000036cf9a <+730>: prefetcht0 BYTE PTR [rsi+0x1c0]
0x000000000036cfa1 <+737>: vmovdqu ymm0,YMMWORD PTR [rsi]
0x000000000036cfa5 <+741>: vmovdqu ymm1,YMMWORD PTR [rsi+0x20]
0x000000000036cfaa <+746>: vmovdqu ymm2,YMMWORD PTR [rsi+0x40]
0x000000000036cfaf <+751>: vmovdqu ymm3,YMMWORD PTR [rsi+0x60]
0x000000000036cfb4 <+756>: add rsi,0x80
0x000000000036cfbb <+763>: sub rdx,0x80
0x000000000036cfc2 <+770>: vmovntdq YMMWORD PTR [rdi],ymm0
0x000000000036cfc6 <+774>: vmovntdq YMMWORD PTR [rdi+0x20],ymm1
0x000000000036cfcb <+779>: vmovntdq YMMWORD PTR [rdi+0x40],ymm2
0x000000000036cfd0 <+784>: vmovntdq YMMWORD PTR [rdi+0x60],ymm3
0x000000000036cfd5 <+789>: add rdi,0x80
0x000000000036cfdc <+796>: cmp rdx,0x80
0x000000000036cfe3 <+803>: ja 0x36cf85 <__memmove_avx_unaligned_erms+709>
0x000000000036cfe5 <+805>: sfence
0x000000000036cfe8 <+808>: vmovdqu YMMWORD PTR [rcx],ymm5
0x000000000036cfec <+812>: vmovdqu YMMWORD PTR [rcx-0x20],ymm6
0x000000000036cff1 <+817>: vmovdqu YMMWORD PTR [rcx-0x40],ymm7
0x000000000036cff6 <+822>: vmovdqu YMMWORD PTR [rcx-0x60],ymm8
0x000000000036cffb <+827>: vmovdqu YMMWORD PTR [r11],ymm4
0x000000000036d000 <+832>: vzeroupper
0x000000000036d003 <+835>: ret
0x000000000036d004 <+836>: lea r10,[rcx+rdx*1]
0x000000000036d008 <+840>: cmp r9,r10
0x000000000036d00b <+843>: jb 0x36cf14 <__memmove_avx_unaligned_erms+596>
0x000000000036d011 <+849>: prefetcht0 BYTE PTR [rcx-0x100]
0x000000000036d018 <+856>: prefetcht0 BYTE PTR [rcx-0x140]
0x000000000036d01f <+863>: prefetcht0 BYTE PTR [rcx-0x180]
0x000000000036d026 <+870>: prefetcht0 BYTE PTR [rcx-0x1c0]
0x000000000036d02d <+877>: vmovdqu ymm0,YMMWORD PTR [rcx]
0x000000000036d031 <+881>: vmovdqu ymm1,YMMWORD PTR [rcx-0x20]
0x000000000036d036 <+886>: vmovdqu ymm2,YMMWORD PTR [rcx-0x40]
0x000000000036d03b <+891>: vmovdqu ymm3,YMMWORD PTR [rcx-0x60]
0x000000000036d040 <+896>: sub rcx,0x80
0x000000000036d047 <+903>: sub rdx,0x80
0x000000000036d04e <+910>: vmovntdq YMMWORD PTR [r9],ymm0
0x000000000036d053 <+915>: vmovntdq YMMWORD PTR [r9-0x20],ymm1
0x000000000036d059 <+921>: vmovntdq YMMWORD PTR [r9-0x40],ymm2
0x000000000036d05f <+927>: vmovntdq YMMWORD PTR [r9-0x60],ymm3
0x000000000036d065 <+933>: sub r9,0x80
0x000000000036d06c <+940>: cmp rdx,0x80
0x000000000036d073 <+947>: ja 0x36d011 <__memmove_avx_unaligned_erms+849>
0x000000000036d075 <+949>: sfence
0x000000000036d078 <+952>: vmovdqu YMMWORD PTR [rdi],ymm4
0x000000000036d07c <+956>: vmovdqu YMMWORD PTR [rdi+0x20],ymm5
0x000000000036d081 <+961>: vmovdqu YMMWORD PTR [rdi+0x40],ymm6
0x000000000036d086 <+966>: vmovdqu YMMWORD PTR [rdi+0x60],ymm7
0x000000000036d08b <+971>: vmovdqu YMMWORD PTR [r11],ymm8
0x000000000036d090 <+976>: vzeroupper
0x000000000036d093 <+979>: ret
End of assembler dump.
(gdb)
More information about the cfe-dev
mailing list