* [Bug runtime/31742] New: The sdt_types.stp tests for floating point numbers failing
@ 2024-05-15 20:52 wcohen at redhat dot com
2024-05-28 21:29 ` [Bug runtime/31742] " wcohen at redhat dot com
2024-05-29 20:56 ` wcohen at redhat dot com
0 siblings, 2 replies; 3+ messages in thread
From: wcohen at redhat dot com @ 2024-05-15 20:52 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=31742
Bug ID: 31742
Summary: The sdt_types.stp tests for floating point numbers
failing
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: runtime
Assignee: systemtap at sourceware dot org
Reporter: wcohen at redhat dot com
Target Milestone: ---
When running the systemtap testsuite on newer kernels with UBSAN enabled (such
as F40 and recent rawhide kernels) there were a number of "UBSAN:
shift-out-of-bounds in ..." messages in the testsuite output. This can be
observed in the systemtap.dmesg data committed in the bunsendb git repository:
https://sourceware.org/git/?p=bunsendb.git;a=blob;f=testsuite/systemtap.dmesg;h=dd04da95bf484e40304ec0dd0cb202adee47e723;hb=a90520c0dd00b9aa8a0fb377fa241c33ed31a4b6
583 [ +42.406203] stap_c04cd951dd7435242aed4b8cb09ecdb_170304 (sdt_types.stp):
systemtap: 5.1/0.191, base: ffffffffc16da000, memory:
236data/220text/42ctx/32870net/153alloc kb, probes: 54
584 [ +0.013513] ------------[ cut here ]------------
585 [ +0.001294] UBSAN: shift-out-of-bounds in
/opt/stap-buildbot-worker/stap-fedora40-x86_64/stap-build/INST/share/systemtap/runtime/softfloat.c:667:22
586 [ +0.003211] shift exponent 1075 is too large for 64-bit type 'long long
unsigned int'
587 [ +0.001930] CPU: 0 PID: 170306 Comm: sdt_types.x Tainted: G W OE
6.8.9-300.fc40.x86_64 #1
588 [ +0.002230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-2.fc40 04/01/2014
589 [ +0.002064] Call Trace:
590 [ +0.000634] <TASK>
591 [ +0.000545] dump_stack_lvl+0x6a/0x90
592 [ +0.000926] __ubsan_handle_shift_out_of_bounds+0x166/0x320
593 [ +0.001358] f64_to_str.cold+0x4c/0x51
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
594 [ +0.001916] function___global_fp_to_string__overload_0+0x72/0xc0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
595 [ +0.002457] function___global_check_float__overload_0+0x3bb/0xa30
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
596 [ +0.002478] probe_6578+0x341/0x5e0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
597 [ +0.001846] stapiu_probe_prehandler+0x1b4/0x3b0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
598 [ +0.002096] uprobe_notify_resume+0x2c8/0xd40
599 [ +0.001088] ? count_memcg_events.constprop.0+0x1a/0x30
600 [ +0.001280] ? arch_uprobe_exception_notify+0x45/0x50
601 [ +0.001238] ? notifier_call_chain+0x5a/0xd0
602 [ +0.001063] ? notify_die+0x56/0x80
603 [ +0.000784] irqentry_exit_to_user_mode+0x1d8/0x220
604 [ +0.001064] asm_exc_int3+0x39/0x40
605 [ +0.000777] RIP: 0033:0x4015a1
606 [ +0.000668] Code: 00 48 89 ac 24 60 02 00 00 48 8b 84 24 58 02 00 00 48
8b 94 24 60 02 00 00 cc f3 0f 10 4c 24 3c f3 0f 11 4c 24 58 8b 44 24 58 <cc> f2
0f 11 84 24 68 02 00 00 48 8b 84 24 68 02 00 00 cc 48 8b 84
607 [ +0.003546] RSP: 002b:00007fff15deefb0 EFLAGS: 00000206
608 [ +0.001016] RAX: 0000000040490fd0 RBX: 00007fff15def080 RCX:
00007fff15deefe8
609 [ +0.001430] RDX: 00007fff15def068 RSI: 0000000040490fd0 RDI:
00000000ffff8001
610 [ +0.001295] RBP: 00007fff15def068 R08: 00000000ffff8001 R09:
0000000000000001
611 [ +0.001272] R10: 0000000000c90fd0 R11: 00007fff15dee630 R12:
00007fff15deefe0
612 [ +0.001260] R13: 00007fff15deefca R14: 00007fff15deefbd R15:
0000000000403df0
613 [ +0.001272] </TASK>
614 [ +0.000454] ---[ end trace ]---
615 [ +0.000599] ------------[ cut here ]------------
616 [ +0.000845] UBSAN: shift-out-of-bounds in
/opt/stap-buildbot-worker/stap-fedora40-x86_64/stap-build/INST/share/systemtap/runtime/softfloat.c:670:33
617 [ +0.002342] shift exponent 1075 is too large for 64-bit type 'long long
unsigned int'
618 [ +0.001417] CPU: 0 PID: 170306 Comm: sdt_types.x Tainted: G W OE
6.8.9-300.fc40.x86_64 #1
619 [ +0.001645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-2.fc40 04/01/2014
620 [ +0.001503] Call Trace:
621 [ +0.000451] <TASK>
622 [ +0.000407] dump_stack_lvl+0x6a/0x90
623 [ +0.000675] __ubsan_handle_shift_out_of_bounds+0x166/0x320
624 [ +0.001008] f64_to_str.cold+0x18/0x51
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
625 [ +0.001396] function___global_fp_to_string__overload_0+0x72/0xc0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
626 [ +0.001806] function___global_check_float__overload_0+0x3bb/0xa30
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
627 [ +0.001817] probe_6578+0x341/0x5e0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
628 [ +0.001351] stapiu_probe_prehandler+0x1b4/0x3b0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
629 [ +0.001402] uprobe_notify_resume+0x2c8/0xd40
630 [ +0.000705] ? count_memcg_events.constprop.0+0x1a/0x30
631 [ +0.000857] ? arch_uprobe_exception_notify+0x45/0x50
632 [ +0.000821] ? notifier_call_chain+0x5a/0xd0
633 [ +0.000694] ? notify_die+0x56/0x80
634 [ +0.000585] irqentry_exit_to_user_mode+0x1d8/0x220
635 [ +0.000802] asm_exc_int3+0x39/0x40
636 [ +0.000531] RIP: 0033:0x4015a1
637 [ +0.000482] Code: 00 48 89 ac 24 60 02 00 00 48 8b 84 24 58 02 00 00 48
8b 94 24 60 02 00 00 cc f3 0f 10 4c 24 3c f3 0f 11 4c 24 58 8b 44 24 58 <cc> f2
0f 11 84 24 68 02 00 00 48 8b 84 24 68 02 00 00 cc 48 8b 84
638 [ +0.002716] RSP: 002b:00007fff15deefb0 EFLAGS: 00000206
639 [ +0.000778] RAX: 0000000040490fd0 RBX: 00007fff15def080 RCX:
00007fff15deefe8
640 [ +0.001041] RDX: 00007fff15def068 RSI: 0000000040490fd0 RDI:
00000000ffff8001
641 [ +0.000981] RBP: 00007fff15def068 R08: 00000000ffff8001 R09:
0000000000000001
642 [ +0.000952] R10: 0000000000c90fd0 R11: 00007fff15dee630 R12:
00007fff15deefe0
643 [ +0.000910] R13: 00007fff15deefca R14: 00007fff15deefbd R15:
0000000000403df0
644 [ +0.000913] </TASK>
645 [ +0.000317] ---[ end trace ]---
646 [ +0.000424] ------------[ cut here ]------------
647 [ +0.000613] UBSAN: shift-out-of-bounds in
/opt/stap-buildbot-worker/stap-fedora40-x86_64/stap-build/INST/share/systemtap/runtime/softfloat.c:671:24
648 [ +0.001622] shift exponent 1075 is too large for 64-bit type 'long long
unsigned int'
649 [ +0.000953] CPU: 0 PID: 170306 Comm: sdt_types.x Tainted: G W OE
6.8.9-300.fc40.x86_64 #1
650 [ +0.001114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-2.fc40 04/01/2014
651 [ +0.001013] Call Trace:
652 [ +0.000291] <TASK>
653 [ +0.000258] dump_stack_lvl+0x6a/0x90
654 [ +0.000427] __ubsan_handle_shift_out_of_bounds+0x166/0x320
655 [ +0.000641] f64_to_str.cold+0x2c/0x51
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
656 [ +0.000899] function___global_fp_to_string__overload_0+0x72/0xc0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
657 [ +0.001166] function___global_check_float__overload_0+0x3bb/0xa30
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
658 [ +0.001095] probe_6578+0x341/0x5e0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
659 [ +0.000819] stapiu_probe_prehandler+0x1b4/0x3b0
[stap_c04cd951dd7435242aed4b8cb09ecdb_170304]
660 [ +0.000936] uprobe_notify_resume+0x2c8/0xd40
661 [ +0.000483] ? count_memcg_events.constprop.0+0x1a/0x30
662 [ +0.000533] ? arch_uprobe_exception_notify+0x45/0x50
663 [ +0.000511] ? notifier_call_chain+0x5a/0xd0
664 [ +0.000453] ? notify_die+0x56/0x80
665 [ +0.000372] irqentry_exit_to_user_mode+0x1d8/0x220
666 [ +0.000514] asm_exc_int3+0x39/0x40
667 [ +0.000371] RIP: 0033:0x4015a1
668 [ +0.000327] Code: 00 48 89 ac 24 60 02 00 00 48 8b 84 24 58 02 00 00 48
8b 94 24 60 02 00 00 cc f3 0f 10 4c 24 3c f3 0f 11 4c 24 58 8b 44 24 58 <cc> f2
0f 11 84 24 68 02 00 00 48 8b 84 24 68 02 00 00 cc 48 8b 84
669 [ +0.001823] RSP: 002b:00007fff15deefb0 EFLAGS: 00000206
670 [ +0.000508] RAX: 0000000040490fd0 RBX: 00007fff15def080 RCX:
00007fff15deefe8
671 [ +0.000681] RDX: 00007fff15def068 RSI: 0000000040490fd0 RDI:
00000000ffff8001
672 [ +0.000698] RBP: 00007fff15def068 R08: 00000000ffff8001 R09:
0000000000000001
673 [ +0.000658] R10: 0000000000c90fd0 R11: 00007fff15dee630 R12:
00007fff15deefe0
674 [ +0.000653] R13: 00007fff15deefca R14: 00007fff15deefbd R15:
0000000000403df0
675 [ +0.000659] </TASK>
676 [ +0.000223] ---[ end trace ]---
The f64_to_str function in runtime/softfloat.c makes the assumption that the fp
number is printable without an exponent value. However, the sdt_type.c code
that is being instrumented has numbers that should be in a range that does not
require exponents. In the systemtap.log output see messages like:
sdt_types FAIL: float_var (0.00000000 != 3.141589910)
sdt_types FAIL: float_var (26388279066624.00000000 != 3.141589910)
It appears the the floating point value is getting corrupted somewhere.
As a secondary note it would be good to have runtime fp_to_str function be able
to convert values that require exponents in the string result.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug runtime/31742] The sdt_types.stp tests for floating point numbers failing
2024-05-15 20:52 [Bug runtime/31742] New: The sdt_types.stp tests for floating point numbers failing wcohen at redhat dot com
@ 2024-05-28 21:29 ` wcohen at redhat dot com
2024-05-29 20:56 ` wcohen at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: wcohen at redhat dot com @ 2024-05-28 21:29 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=31742
--- Comment #1 from William Cohen <wcohen at redhat dot com> ---
Created attachment 15544
--> https://sourceware.org/bugzilla/attachment.cgi?id=15544&action=edit
Patch to allow fp64 0.0 values to be printed without UBSAN messages on newer
kernels
This is a minimal patch to avoid having UBSAN messages when printing out fp64
0.0 values. There are still a number of situations not addressed in the
fp64_to_str function:
-printing special fp values: nan, -inf, and +inf
-printing large values that would need to be represented by x.xxxExx
-printing small values that would need to be printed as x.xxxE-xx
Another concern discovered when reviewing the code is that itoa() function in
runtime/softfloat.c uses a single static buffer in the function which makes
this code non-thread safe. If systemtap probes fire on different processors at
the same time and are printing fp numbers with fp64_to_str, the results could
be garbled by the interactions of the functions.
The "sdt_types FAIL: float_var (0.00000000 != 3.141589910)" looks to be that
the fp value is already a fp64 value. With diagnostic prints to print out the
value before the conversion and the value after the conversion see that the
float_var and double_var have the same hex representation:
old_value = 400921fa00000000, value = 0
sdt_types FAIL: float_var (0.00000000 != 3.141589910)
old_value = 400921fa00000000, value = 400921fa00000000
sdt_types PASS: double_var
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug runtime/31742] The sdt_types.stp tests for floating point numbers failing
2024-05-15 20:52 [Bug runtime/31742] New: The sdt_types.stp tests for floating point numbers failing wcohen at redhat dot com
2024-05-28 21:29 ` [Bug runtime/31742] " wcohen at redhat dot com
@ 2024-05-29 20:56 ` wcohen at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: wcohen at redhat dot com @ 2024-05-29 20:56 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=31742
--- Comment #2 from William Cohen <wcohen at redhat dot com> ---
Found the code in git commit e57668debf54851925588a6564a46445bf2d2dc3 does the
automatic conversion of fp32->fp66:
Author: Alice Zhang <alizhang@redhat.com> 2021-03-17 14:28:39
Committer: Alice Zhang <alizhang@redhat.com> 2021-03-17 14:28:39
Parent: 83d39af6c05fc3280682860841e4fb300a81075b (rhbz1938312: temp disable bpf
on recent kernels)
Child: e414a6e443d6d6a21f23302ff55edb650916be80 (bpf-translate.cxx refactor:
move visit{_try,}_block to a more logical place)
Branches: master, remotes/origin/master and many more (44)
Follows: release-4.4
Precedes: release-4.5
PR13838: support fp32_to_fp64 conversion automatically at functioncall
synthesize level.
- tapsets.cxx: modified synthetic_embedded_deref_call, so a 4 byte
floating point will be convert to 8 byte double if detected.
- testsuite/buildok/floatingpoint.stp: updated corresponding fp32
examples.
In theory turning off the explicit type conversion in the check_float calls in
sdt_types.stp would address that. However, then the V3_uprobes start failing
in the tests:
FAIL: sdt_misc types float_var V3_uprobe c89
FAIL: sdt_misc types float_var V3_uprobe c89 -pedantic
FAIL: sdt_misc types float_var V3_uprobe c99
FAIL: sdt_misc types float_var V3_uprobe c99 -pedantic
FAIL: sdt_misc types float_var V3_uprobe gnu99
FAIL: sdt_misc types float_var V3_uprobe gnu99 -pedantic
FAIL: sdt_misc types float_var V3_uprobe c++98
FAIL: sdt_misc types float_var V3_uprobe c++98 -pedantic
FAIL: sdt_misc types float_var V3_uprobe gnu++98
FAIL: sdt_misc types float_var V3_uprobe gnu++98 -pedantic
FAIL: sdt_misc types float_var V3_uprobe c++0x
FAIL: sdt_misc types float_var V3_uprobe c++0x -pedantic
FAIL: sdt_misc types float_var V3_uprobe gnu++0x
FAIL: sdt_misc types float_var V3_uprobe gnu++0x -pedantic
Appears the implicit fp->dp conversion is not working for the V3_uprobe.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-05-29 20:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-15 20:52 [Bug runtime/31742] New: The sdt_types.stp tests for floating point numbers failing wcohen at redhat dot com
2024-05-28 21:29 ` [Bug runtime/31742] " wcohen at redhat dot com
2024-05-29 20:56 ` wcohen at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).