Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stage2 miscompiles vector element acces via slice of vectors #11856

Closed
Tracked by #11899
, #89
...
Vexu opened this issue Jun 13, 2022 · 3 comments · Fixed by #11974
Closed
Tracked by #11899
, #89
...

Stage2 miscompiles vector element acces via slice of vectors #11856

Vexu opened this issue Jun 13, 2022 · 3 comments · Fixed by #11974
Assignees
@andrewrk
Labels
backend-llvm The LLVM backend outputs an LLVM IR Module. bug Observed behavior contradicts documented or intended behavior frontend Tokenization, parsing, AstGen, Sema, and Liveness. miscompilation The compiler reports success but produces semantically incorrect code.
Milestone
0.10.0

Comments

@Vexu
Copy link
Member

Vexu commented Jun 13, 2022 

// pub export fn entry() void {
test {
    @setRuntimeSafety(false);
    var small_bases = [2]@Vector(2, u8){
        @Vector(2, u8){ 0, 1 },
        @Vector(2, u8){ 2, 3 },
    };
    var a: []const @Vector(2, u8) = &small_bases;
    var a4 = a[1][1];
    _ = a4;
}
Test [1/1] test_0... error: the following test command crashed:
@Vexu Vexu added bug Observed behavior contradicts documented or intended behavior frontend Tokenization, parsing, AstGen, Sema, and Liveness. miscompilation The compiler reports success but produces semantically incorrect code. backend-llvm The LLVM backend outputs an LLVM IR Module. labels Jun 13, 2022
@Vexu Vexu added this to the 0.10.0 milestone Jun 13, 2022
@nektro
Copy link
Contributor

nektro commented Jun 13, 2022

also ensure expect(a4 == 3);

@xxxbxxx xxxbxxx mentioned this issue Jun 19, 2022
Closed
@Vexu Vexu mentioned this issue Jun 20, 2022
Merged
7 tasks
@andrewrk andrewrk mentioned this issue Jun 28, 2022
Closed
49 tasks
@andrewrk andrewrk self-assigned this Jun 30, 2022
@andrewrk
Copy link
Member

andrewrk commented Jul 1, 2022 

Program received signal SIGSEGV, Segmentation fault.
0x000000000020b831 in test3.test_0 () at ./test3.zig:11
11	    var a4 = a[1][1];
(gdb) disas /s
Dump of assembler code for function test3.test_0:
./test3.zig:
4	test {
   0x000000000020b810 <+0>:	push   rbp
   0x000000000020b811 <+1>:	mov    rbp,rsp

5	    @setRuntimeSafety(false);
6	    var small_bases = [2]@Vector(2, u8){
   0x000000000020b814 <+4>:	mov    eax,DWORD PTR [rip+0xffffffffffffe726]        # 0x209f40
   0x000000000020b81a <+10>:	mov    DWORD PTR [rbp-0x20],eax
   0x000000000020b81d <+13>:	lea    rax,[rbp-0x20]

7	        @Vector(2, u8){ 0, 1 },
8	        @Vector(2, u8){ 2, 3 },
9	    };
10	    var a: []const @Vector(2, u8) = &small_bases;
   0x000000000020b821 <+17>:	mov    QWORD PTR [rbp-0x18],rax
   0x000000000020b825 <+21>:	mov    QWORD PTR [rbp-0x10],0x2

11	    var a4 = a[1][1];
   0x000000000020b82d <+29>:	mov    rax,QWORD PTR [rbp-0x18]
=> 0x000000000020b831 <+33>:	vmovdqa xmm0,XMMWORD PTR [rax+0x2]
   0x000000000020b836 <+38>:	vpextrb eax,xmm0,0x1
   0x000000000020b83c <+44>:	mov    BYTE PTR [rbp-0x1],al

12	    _ = a4;
   0x000000000020b83f <+47>:	xor    eax,eax
   0x000000000020b841 <+49>:	pop    rbp
   0x000000000020b842 <+50>:	ret    
End of assembler dump.
(gdb) x $rax
0x7fffffffa1c0:	0x03020100
(gdb) x $rax+0x2
0x7fffffffa1c2:	0x7fff0302

Here we can see the segfault happens on vmovdqa which requires an address aligned to 16 bytes. But $rax + 0x2 is 0x7fffffffa1c2, which is aligned to only 2 bytes. Looking back at the LLVM IR, it looks fine except for the alignment attribute on the corresponding load:

  %11 = load <2 x i8>, <2 x i8>* %10, align 16, !dbg !66

Here we have told LLVM that the pointer to the second vector inside this slice is 16 bytes aligned, however that is clearly incorrect, which means undefined behavior (in our case thankfully manifesting as a segfault). Solution is to fix the LLVM IR to have a correct alignment annotation.

@andrewrk
Copy link
Member

andrewrk commented Jul 1, 2022
edited
Loading

One key difference between stage1 and stage2 on this right now is the result of @alignOf(@Vector(2, u8)):

  • stage1: 2
  • stage2: 16
ff2ec0dc5a src/type.zig             (Andrew Kelley           2021-04-24 17:31:52 -0700 2909)             // TODO audit this - is there any more complicated logic to determine
ff2ec0dc5a src/type.zig             (Andrew Kelley           2021-04-24 17:31:52 -0700 2910)             // ABI alignment of vectors?
af844931b2 src/type.zig             (Andrew Kelley           2022-03-26 00:33:14 -0700 2911)             .vector => return AbiAlignmentAdvanced{ .scalar = 16 },

😅

andrewrk added a commit that referenced this issue Jul 1, 2022
@andrewrk
stage2: implement alignment calculation of vectors
08d9cc4 
closes #11856
@andrewrk andrewrk mentioned this issue Jul 1, 2022
Merged
andrewrk added a commit that referenced this issue Jul 1, 2022
@andrewrk
stage2: implement alignment calculation of vectors
095e24e 
closes #11856
andrewrk added a commit that referenced this issue Jul 19, 2022
@andrewrk
stage2: implement alignment calculation of vectors
a7c67f0 
closes #11856
wooster0 pushed a commit to wooster0/zig that referenced this issue Jul 24, 2022
@andrewrk @wooster0
stage2: implement alignment calculation of vectors
d15fbc2 
closes ziglang#11856
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewrk andrewrk

Labels
backend-llvm The LLVM backend outputs an LLVM IR Module. bug Observed behavior contradicts documented or intended behavior frontend Tokenization, parsing, AstGen, Sema, and Liveness. miscompilation The compiler reports success but produces semantically incorrect code.
Projects
None yet
Milestone
0.10.0
Development

Successfully merging a pull request may close this issue.

stage2 fixes ziglang/zig
3 participants
@andrewrk @nektro @Vexu