[Bug string/30065] Segfault in AVX-2 strncat implementation (gnulib)

[goldstein.w.n at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30065

--- Comment #1 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
(In reply to Simon Chopin from comment #0)
> I did some tests on master (2f39e44a84) for the upcoming 2.37 release, and I
> found a regression in libunistring test suite on amd64 with AVX-2
> instructions, more specifically on gnulib's test-strncat. It can be
> reproduced using these instructions:
> 
> https://sourceware.org/glibc/wiki/Testing/Gnulib

Those directions seem a bit outdated, any chance you can share your build
steps?

> 
> 
> I bisected the issue to
> commit 642933158e7cf072d873231b1a9bb03291f2b989
> Author: Noah Goldstein <goldstein.w.n@gmail.com>
> Date:   Tue Nov 8 17:38:39 2022 -0800
> 
>     x86: Optimize and shrink st{r|p}{n}{cat|cpy}-avx2 functions
>     
>     Optimizations are:
>         1. Use more overlapping stores to avoid branches.
>         2. Reduce how unrolled the aligning copies are (this is more of a
>            code-size save, its a negative for some sizes in terms of
>            perf).
>         3. For st{r|p}n{cat|cpy} re-order the branches to minimize the
>            number that are taken.
> 
> I get the following backtrace:
> 
> #0  __strncat_avx2 () at ../sysdeps/x86_64/multiarch/strncat-avx2.S:76
> #1  0x00005555555555d7 in strncat (__len=0, __src=0x7ffff7de4000 "",
> __dest=0x55555555c2a1 "") at
> /tmp/glibc-dev/include/bits/string_fortified.h:138
> #2  check_single (input=input@entry=0x7ffff7de4000 "", n=n@entry=0,
> length=90) at unistr/test-strncat.h:41
> #3  0x0000555555555352 in check (input=0x555555559100 <input> "Grüß Gott.
> Здравствуйте! x=(-b±sqrt(b²-4ac))/(2a)  日本語,中文,한글", input_length=91)
>     at unistr/test-strncat.h:86
> #4  main () at test-strncat.c:58
> 
> I'm out of my depth in the assembler code.

So far unable to reproduce, haven't been able to build gnulib against installed
GLIBC, but pulled out the u8/u32 strncat and tested them both.

As well have done exhaustive strncat/wcsncpy at the end of page (exhaustive for
len {0..128} with all alignments {4096-128...4095} for s1/s2. So far unable to
reproduce. Maybe the issue is uninitialized register.

-- 
You are receiving this mail because:
You are on the CC list for the bug.