public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib)
@ 2023-01-31 15:55 simon.chopin at canonical dot com
2023-01-31 18:20 ` [Bug string/30065] " goldstein.w.n at gmail dot com
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: simon.chopin at canonical dot com @ 2023-01-31 15:55 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
Bug ID: 30065
Summary: Segfault in AVX-2 strncat implementation (gnulib)
Product: glibc
Version: 2.37
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: string
Assignee: unassigned at sourceware dot org
Reporter: simon.chopin at canonical dot com
Target Milestone: ---
I did some tests on master (2f39e44a84) for the upcoming 2.37 release, and I
found a regression in libunistring test suite on amd64 with AVX-2 instructions,
more specifically on gnulib's test-strncat. It can be reproduced using these
instructions:
https://sourceware.org/glibc/wiki/Testing/Gnulib
I bisected the issue to
commit 642933158e7cf072d873231b1a9bb03291f2b989
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date: Tue Nov 8 17:38:39 2022 -0800
x86: Optimize and shrink st{r|p}{n}{cat|cpy}-avx2 functions
Optimizations are:
1. Use more overlapping stores to avoid branches.
2. Reduce how unrolled the aligning copies are (this is more of a
code-size save, its a negative for some sizes in terms of
perf).
3. For st{r|p}n{cat|cpy} re-order the branches to minimize the
number that are taken.
I get the following backtrace:
#0 __strncat_avx2 () at ../sysdeps/x86_64/multiarch/strncat-avx2.S:76
#1 0x00005555555555d7 in strncat (__len=0, __src=0x7ffff7de4000 "",
__dest=0x55555555c2a1 "") at /tmp/glibc-dev/include/bits/string_fortified.h:138
#2 check_single (input=input@entry=0x7ffff7de4000 "", n=n@entry=0, length=90)
at unistr/test-strncat.h:41
#3 0x0000555555555352 in check (input=0x555555559100 <input> "Grüß Gott.
Здравствуйте! x=(-b±sqrt(b²-4ac))/(2a) 日本語,中文,한글", input_length=91)
at unistr/test-strncat.h:86
#4 main () at test-strncat.c:58
I'm out of my depth in the assembler code.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
@ 2023-01-31 18:20 ` goldstein.w.n at gmail dot com
2023-01-31 19:41 ` goldstein.w.n at gmail dot com
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: goldstein.w.n at gmail dot com @ 2023-01-31 18:20 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
Noah Goldstein <goldstein.w.n at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |goldstein.w.n at gmail dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
2023-01-31 18:20 ` [Bug string/30065] " goldstein.w.n at gmail dot com
@ 2023-01-31 19:41 ` goldstein.w.n at gmail dot com
2023-01-31 20:09 ` goldstein.w.n at gmail dot com
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: goldstein.w.n at gmail dot com @ 2023-01-31 19:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
--- Comment #1 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
(In reply to Simon Chopin from comment #0)
> I did some tests on master (2f39e44a84) for the upcoming 2.37 release, and I
> found a regression in libunistring test suite on amd64 with AVX-2
> instructions, more specifically on gnulib's test-strncat. It can be
> reproduced using these instructions:
>
> https://sourceware.org/glibc/wiki/Testing/Gnulib
Those directions seem a bit outdated, any chance you can share your build
steps?
>
>
> I bisected the issue to
> commit 642933158e7cf072d873231b1a9bb03291f2b989
> Author: Noah Goldstein <goldstein.w.n@gmail.com>
> Date: Tue Nov 8 17:38:39 2022 -0800
>
> x86: Optimize and shrink st{r|p}{n}{cat|cpy}-avx2 functions
>
> Optimizations are:
> 1. Use more overlapping stores to avoid branches.
> 2. Reduce how unrolled the aligning copies are (this is more of a
> code-size save, its a negative for some sizes in terms of
> perf).
> 3. For st{r|p}n{cat|cpy} re-order the branches to minimize the
> number that are taken.
>
> I get the following backtrace:
>
> #0 __strncat_avx2 () at ../sysdeps/x86_64/multiarch/strncat-avx2.S:76
> #1 0x00005555555555d7 in strncat (__len=0, __src=0x7ffff7de4000 "",
> __dest=0x55555555c2a1 "") at
> /tmp/glibc-dev/include/bits/string_fortified.h:138
> #2 check_single (input=input@entry=0x7ffff7de4000 "", n=n@entry=0,
> length=90) at unistr/test-strncat.h:41
> #3 0x0000555555555352 in check (input=0x555555559100 <input> "Grüß Gott.
> Здравствуйте! x=(-b±sqrt(b²-4ac))/(2a) 日本語,中文,한글", input_length=91)
> at unistr/test-strncat.h:86
> #4 main () at test-strncat.c:58
>
> I'm out of my depth in the assembler code.
So far unable to reproduce, haven't been able to build gnulib against installed
GLIBC, but pulled out the u8/u32 strncat and tested them both.
As well have done exhaustive strncat/wcsncpy at the end of page (exhaustive for
len {0..128} with all alignments {4096-128...4095} for s1/s2. So far unable to
reproduce. Maybe the issue is uninitialized register.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
2023-01-31 18:20 ` [Bug string/30065] " goldstein.w.n at gmail dot com
2023-01-31 19:41 ` goldstein.w.n at gmail dot com
@ 2023-01-31 20:09 ` goldstein.w.n at gmail dot com
2023-01-31 20:41 ` goldstein.w.n at gmail dot com
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: goldstein.w.n at gmail dot com @ 2023-01-31 20:09 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
--- Comment #2 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
(In reply to Simon Chopin from comment #0)
> I did some tests on master (2f39e44a84) for the upcoming 2.37 release, and I
> found a regression in libunistring test suite on amd64 with AVX-2
> instructions, more specifically on gnulib's test-strncat. It can be
> reproduced using these instructions:
>
> https://sourceware.org/glibc/wiki/Testing/Gnulib
>
>
> I bisected the issue to
> commit 642933158e7cf072d873231b1a9bb03291f2b989
> Author: Noah Goldstein <goldstein.w.n@gmail.com>
> Date: Tue Nov 8 17:38:39 2022 -0800
>
> x86: Optimize and shrink st{r|p}{n}{cat|cpy}-avx2 functions
>
> Optimizations are:
> 1. Use more overlapping stores to avoid branches.
> 2. Reduce how unrolled the aligning copies are (this is more of a
> code-size save, its a negative for some sizes in terms of
> perf).
> 3. For st{r|p}n{cat|cpy} re-order the branches to minimize the
> number that are taken.
>
> I get the following backtrace:
>
> #0 __strncat_avx2 () at ../sysdeps/x86_64/multiarch/strncat-avx2.S:76
Do you know what instruction its segfaulting at?
> #1 0x00005555555555d7 in strncat (__len=0, __src=0x7ffff7de4000 "",
> __dest=0x55555555c2a1 "") at
> /tmp/glibc-dev/include/bits/string_fortified.h:138
> #2 check_single (input=input@entry=0x7ffff7de4000 "", n=n@entry=0,
> length=90) at unistr/test-strncat.h:41
> #3 0x0000555555555352 in check (input=0x555555559100 <input> "Grüß Gott.
> Здравствуйте! x=(-b±sqrt(b²-4ac))/(2a) 日本語,中文,한글", input_length=91)
> at unistr/test-strncat.h:86
> #4 main () at test-strncat.c:58
>
> I'm out of my depth in the assembler code.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
` (2 preceding siblings ...)
2023-01-31 20:09 ` goldstein.w.n at gmail dot com
@ 2023-01-31 20:41 ` goldstein.w.n at gmail dot com
2023-01-31 20:42 ` goldstein.w.n at gmail dot com
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: goldstein.w.n at gmail dot com @ 2023-01-31 20:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
--- Comment #3 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
(In reply to Noah Goldstein from comment #2)
> (In reply to Simon Chopin from comment #0)
> > I did some tests on master (2f39e44a84) for the upcoming 2.37 release, and I
> > found a regression in libunistring test suite on amd64 with AVX-2
> > instructions, more specifically on gnulib's test-strncat. It can be
> > reproduced using these instructions:
> >
> > https://sourceware.org/glibc/wiki/Testing/Gnulib
> >
> >
> > I bisected the issue to
> > commit 642933158e7cf072d873231b1a9bb03291f2b989
> > Author: Noah Goldstein <goldstein.w.n@gmail.com>
> > Date: Tue Nov 8 17:38:39 2022 -0800
> >
> > x86: Optimize and shrink st{r|p}{n}{cat|cpy}-avx2 functions
> >
> > Optimizations are:
> > 1. Use more overlapping stores to avoid branches.
> > 2. Reduce how unrolled the aligning copies are (this is more of a
> > code-size save, its a negative for some sizes in terms of
> > perf).
> > 3. For st{r|p}n{cat|cpy} re-order the branches to minimize the
> > number that are taken.
> >
> > I get the following backtrace:
> >
> > #0 __strncat_avx2 () at ../sysdeps/x86_64/multiarch/strncat-avx2.S:76
>
> Do you know what instruction its segfaulting at?
> > #1 0x00005555555555d7 in strncat (__len=0, __src=0x7ffff7de4000 "",
> > __dest=0x55555555c2a1 "") at
> > /tmp/glibc-dev/include/bits/string_fortified.h:138
> > #2 check_single (input=input@entry=0x7ffff7de4000 "", n=n@entry=0,
> > length=90) at unistr/test-strncat.h:41
> > #3 0x0000555555555352 in check (input=0x555555559100 <input> "Grüß Gott.
> > Здравствуйте! x=(-b±sqrt(b²-4ac))/(2a) 日本語,中文,한글", input_length=91)
> > at unistr/test-strncat.h:86
> > #4 main () at test-strncat.c:58
> >
> > I'm out of my depth in the assembler code.
Reproduced. Changed the `malloc` to mmap and put it at the end of the code.
Issue is:
```
test %rdx, %rdx
jl L(zero_len)
```
Needs to be `jle` (was `decq` at some point, when changed didn't update flag).
I think the test is actually UB b.c `dst` is not a valid null-terminated string
(even though zero length), but will fix.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
` (3 preceding siblings ...)
2023-01-31 20:41 ` goldstein.w.n at gmail dot com
@ 2023-01-31 20:42 ` goldstein.w.n at gmail dot com
2023-01-31 20:50 ` hjl.tools at gmail dot com
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: goldstein.w.n at gmail dot com @ 2023-01-31 20:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
--- Comment #4 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
(In reply to Noah Goldstein from comment #3)
> (In reply to Noah Goldstein from comment #2)
> > (In reply to Simon Chopin from comment #0)
> > > I did some tests on master (2f39e44a84) for the upcoming 2.37 release, and I
> > > found a regression in libunistring test suite on amd64 with AVX-2
> > > instructions, more specifically on gnulib's test-strncat. It can be
> > > reproduced using these instructions:
> > >
> > > https://sourceware.org/glibc/wiki/Testing/Gnulib
> > >
> > >
> > > I bisected the issue to
> > > commit 642933158e7cf072d873231b1a9bb03291f2b989
> > > Author: Noah Goldstein <goldstein.w.n@gmail.com>
> > > Date: Tue Nov 8 17:38:39 2022 -0800
> > >
> > > x86: Optimize and shrink st{r|p}{n}{cat|cpy}-avx2 functions
> > >
> > > Optimizations are:
> > > 1. Use more overlapping stores to avoid branches.
> > > 2. Reduce how unrolled the aligning copies are (this is more of a
> > > code-size save, its a negative for some sizes in terms of
> > > perf).
> > > 3. For st{r|p}n{cat|cpy} re-order the branches to minimize the
> > > number that are taken.
> > >
> > > I get the following backtrace:
> > >
> > > #0 __strncat_avx2 () at ../sysdeps/x86_64/multiarch/strncat-avx2.S:76
> >
> > Do you know what instruction its segfaulting at?
> > > #1 0x00005555555555d7 in strncat (__len=0, __src=0x7ffff7de4000 "",
> > > __dest=0x55555555c2a1 "") at
> > > /tmp/glibc-dev/include/bits/string_fortified.h:138
> > > #2 check_single (input=input@entry=0x7ffff7de4000 "", n=n@entry=0,
> > > length=90) at unistr/test-strncat.h:41
> > > #3 0x0000555555555352 in check (input=0x555555559100 <input> "Grüß Gott.
> > > Здравствуйте! x=(-b±sqrt(b²-4ac))/(2a) 日本語,中文,한글", input_length=91)
> > > at unistr/test-strncat.h:86
> > > #4 main () at test-strncat.c:58
> > >
> > > I'm out of my depth in the assembler code.
>
> Reproduced. Changed the `malloc` to mmap and put it at the end of the code.
>
> Issue is:
> ```
> test %rdx, %rdx
> jl L(zero_len)
> ```
>
> Needs to be `jle` (was `decq` at some point, when changed didn't update
> flag).
> I think the test is actually UB b.c `dst` is not a valid null-terminated
> string (even though zero length), but will fix.
`src` is not a valid null-terminated string*
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
` (4 preceding siblings ...)
2023-01-31 20:42 ` goldstein.w.n at gmail dot com
@ 2023-01-31 20:50 ` hjl.tools at gmail dot com
2023-01-31 21:27 ` schwab@linux-m68k.org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: hjl.tools at gmail dot com @ 2023-01-31 20:50 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hjl.tools at gmail dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
` (5 preceding siblings ...)
2023-01-31 20:50 ` hjl.tools at gmail dot com
@ 2023-01-31 21:27 ` schwab@linux-m68k.org
2023-01-31 21:29 ` goldstein.w.n at gmail dot com
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: schwab@linux-m68k.org @ 2023-01-31 21:27 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
--- Comment #5 from Andreas Schwab <schwab@linux-m68k.org> ---
The second argument of strncat is not required to be a string, and the function
shall not access more bytes than indicated by the third argument.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
` (6 preceding siblings ...)
2023-01-31 21:27 ` schwab@linux-m68k.org
@ 2023-01-31 21:29 ` goldstein.w.n at gmail dot com
2023-01-31 21:37 ` goldstein.w.n at gmail dot com
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: goldstein.w.n at gmail dot com @ 2023-01-31 21:29 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
--- Comment #6 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
(In reply to Andreas Schwab from comment #5)
> The second argument of strncat is not required to be a string, and the
> function shall not access more bytes than indicated by the third argument.
You're right, re-read man page. Have fix coming up shortly + test.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
` (7 preceding siblings ...)
2023-01-31 21:29 ` goldstein.w.n at gmail dot com
@ 2023-01-31 21:37 ` goldstein.w.n at gmail dot com
2023-02-01 1:14 ` goldstein.w.n at gmail dot com
2023-02-01 2:52 ` carlos at redhat dot com
10 siblings, 0 replies; 12+ messages in thread
From: goldstein.w.n at gmail dot com @ 2023-01-31 21:37 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
--- Comment #7 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
Bugfix patch posted.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
` (8 preceding siblings ...)
2023-01-31 21:37 ` goldstein.w.n at gmail dot com
@ 2023-02-01 1:14 ` goldstein.w.n at gmail dot com
2023-02-01 2:52 ` carlos at redhat dot com
10 siblings, 0 replies; 12+ messages in thread
From: goldstein.w.n at gmail dot com @ 2023-02-01 1:14 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
--- Comment #8 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
Fix pushed:
https://sourceware.org/git/?p=glibc.git;a=commit;h=b2c474f8de4c92bfe7435853a96805ec32d68dfa
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
` (9 preceding siblings ...)
2023-02-01 1:14 ` goldstein.w.n at gmail dot com
@ 2023-02-01 2:52 ` carlos at redhat dot com
10 siblings, 0 replies; 12+ messages in thread
From: carlos at redhat dot com @ 2023-02-01 2:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30065
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carlos at redhat dot com
Resolution|--- |FIXED
Target Milestone|--- |2.37
Status|UNCONFIRMED |RESOLVED
--- Comment #9 from Carlos O'Donell <carlos at redhat dot com> ---
Marking this as fixed for 2.37.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-02-01 2:52 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-31 15:55 [Bug string/30065] New: Segfault in AVX-2 strncat implementation (gnulib) simon.chopin at canonical dot com
2023-01-31 18:20 ` [Bug string/30065] " goldstein.w.n at gmail dot com
2023-01-31 19:41 ` goldstein.w.n at gmail dot com
2023-01-31 20:09 ` goldstein.w.n at gmail dot com
2023-01-31 20:41 ` goldstein.w.n at gmail dot com
2023-01-31 20:42 ` goldstein.w.n at gmail dot com
2023-01-31 20:50 ` hjl.tools at gmail dot com
2023-01-31 21:27 ` schwab@linux-m68k.org
2023-01-31 21:29 ` goldstein.w.n at gmail dot com
2023-01-31 21:37 ` goldstein.w.n at gmail dot com
2023-02-01 1:14 ` goldstein.w.n at gmail dot com
2023-02-01 2:52 ` carlos at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).