SEGFAULT in matrix-matrix assignment due to unaligned SIMD instruction operand under specific conditions

Comments (12)

1. 

   Mikhail Katliar reporter

   NOT reproducible with g++ 7.4.0 (g++-7 (Ubuntu 7.4.0-8ubuntu1) 7.4.0)

   • 2019-09-12T20:05:20+00:00
2. 

   Klaus Iglberger

   • changed status to wontfix

   Hi Misha!

   First of all thanks a lot for providing so much valuable feedback about Blaze. The provided info (minimum working example, stack trace, etc.) is exemplary!

   In this particular case the problem is caused by using new for an overaligned data structure. When using std::make_unique, the underlying new (usually) allocates 16 byte aligned memory. However, since you explicitly compile for the Skylake architecture, AVX is enabled, which requires 32 byte aligned memory. This memory requirement is used by StaticMatrix (see line 544 in <blaze/math/dense/StaticMatrix.h>), which unfortunately can cause problems since the underlying dynamic memory might be misaligned (16 byte instead of 32 byte). Hopefully this explains the problem well enough. Hopefully this also explains why the problem is so difficult to reproduce, since in every run you might get different memory.

   Still, thanks again for the valuable feedback, this is very much appreciated.

   Best regards,

   Klaus!

   • 2019-09-12T23:49:09+00:00
3. 

   Mikhail Katliar reporter

   Hello Klaus,

   the alignment does not seem to be the problem. Please look at the following code, which is a modification of the previous example:

   #include <blaze/Math.h>
   
   #include <iostream>
   
   
   using Real = double;
   blaze::size_t constexpr NX = 8;
   blaze::size_t constexpr NU = 1;
   
   using HType = blaze::SymmetricMatrix<blaze::StaticMatrix<Real, NU + NX, NU + NX, blaze::columnMajor>>;
   using LLType = blaze::StaticMatrix<Real, NX + NU, NX + NU, blaze::columnMajor>;
   
   
   void f(HType& H, LLType& LL)
   {
       randomize(H);
   
       auto Q = blaze::submatrix<NU, NU, NX, NX>(H);
       auto Lcal = blaze::submatrix<NU, NU, NX, NX>(LL);
   
       decltype(Q)::Iterator Q_begin(Q.begin(0));
       std::cout << "Q_begin.isAligned() = " << Q_begin.isAligned() << std::endl;
   
       Lcal = Q;
   }
   
   
   template <typename MT, bool SO>
   void printInfo(std::ostream& os, std::string const& name, blaze::Matrix<MT, SO> const& m)
   {
       std::cout << name << ": size=" << sizeof(~m) << ", addr=" << &(~m) << ", data=" << (~m).data() << std::endl;
   }
   
   
   int main(int, char **)
   {
       std::cout << "SIMDSIZE=" << blaze::SIMDTrait<Real>::size << std::endl;
   
       HType H_stack;
       LLType LL_stack;
       auto H_heap = std::make_unique<HType>();
       auto LL_heap = std::make_unique<LLType>();
   
       printInfo(std::cout, "H_stack", H_stack);
       printInfo(std::cout, "LL_stack", LL_stack);
       printInfo(std::cout, "H_heap", *H_heap);
       printInfo(std::cout, "LL_heap", *LL_heap);
   
       std::cout << "Using stack" << std::endl;
       f(H_stack, LL_stack);
       std::cout << "Ok!" << std::endl;
   
       std::cout << "Using heap" << std::endl;
       f(*H_heap, *LL_heap);
       std::cout << "Ok!" << std::endl;
   
       return 0;
   }
   

   Program output:

   SIMDSIZE=4
   H_stack: size=864, addr=0x7ffc12450f00, data=0x7ffc12450f00
   LL_stack: size=864, addr=0x7ffc12451260, data=0x7ffc12451260
   H_heap: size=864, addr=0x55809f4c1280, data=0x55809f4c1280
   LL_heap: size=864, addr=0x55809f4c1660, data=0x55809f4c1660
   Using stack
   Q_begin.isAligned() = 0
   Segmentation fault (core dumped)
   

   You see that both stack- and heap-allocated matrices are aligned on 0x20 boundary. Furthermore, the SEGFAULT now happens with the stack-allocated matrix.

   • 2019-09-13T00:32:45+00:00
4. 

   Mikhail Katliar reporter

   • changed status to new

   The matrices are aligned on 0x20 boundary. Furthermore, the issue is reproducible with stack-allocated matrices.

   • 2019-09-13T00:36:10+00:00
5. 

   Klaus Iglberger

   Hi Misha!

   I have continued to analyse the issue, but unfortunately so far haven’t been able to reproduce the segmentation fault despite the attempt to provide exactly the same settings:

   • I used exactly the same compiler(s) as you (g++-mp-8 (MacPorts gcc8 8.3.0_4) 8.3.0);
   • I used exactly the same compiler flags as you (g++ -std=c++17 -O2 -g -DNDEBUG -march=skylake ...);
   • I used both of your code examples.

   I have (re-)analyzed all functions that are involved in the matrix assignment and additionally added output statements to the loada() function for double precision values (see <blaze/math/simd/Loada.h>, line 432) to prove that no aligned load is explicitly triggered which could cause the problematic vmovapd instruction. So far I have not found anything that could cause the problem, everything seems to work as expected.

   In summary, either the problem is very well hidden and only surfaces under very specific conditions, or it is indeed a compiler issue. Since there is no way for me to prove that the error is not in Blaze I hope that you have the time to dig a little deeper yourself. Since you have already some experience with Blaze code it should be possible for you to modify some functions to see if there is any effect. For instance, you could explicitly disable aligned loads in the submatrix iterators by setting the isAligned flag to false (see <blaze/math/views/submatrix/Dense.h>, line 3509). Alternatively you can simplify the load() and store() functions in the same nested class (see line 3621 and line 3670) to directly call loadu() and storeu(), respectively (this is the functions that are called from the assignment kernel in line 5907).

   Thanks a lot for your help, I hope you find something.

   Best regards,

   Klaus!

   • 2019-09-13T12:11:28+00:00
6. 

   Mikhail Katliar reporter

   • attached issue-290.zip

   The source, the Makefile and the output files

   • 2019-09-14T08:07:04+00:00
7. 

   Mikhail Katliar reporter

   Hello Klaus,

   It seems that the reason why the issue is not reproduced on your system is that despite the -march=skylake option your compiler tunes the instruction scheduling not for Skylake, but for the CPU architecture it runs on: https://lemire.me/blog/2018/07/25/it-is-more-complicated-than-i-thought-mtune-march-in-gcc/. This can be controlled with the -mtune option. I found out that if I add -mtune=generic, then the issue is not reproduced. So it seems necessary to add-mtune=skylake to reproduce it on a machine with different CPU. Could you please try it?

   I have provided the archive with the source, the Makefile and the output files from my system. Could you also please check what is the output of g++-8 -march=native -Q --help=target | grep -- '-march=' | cut -f3?

   • 2019-09-14T08:18:23+00:00
8. 

   Mikhail Katliar reporter

   -mtune option value	reproduced
   generic	NO
   sandybridge	NO
   ivybridge	NO
   haswell	YES
   broadwell	YES
   skylake	YES
   cannonlake	YES

   ‌

   • 2019-09-14T08:30:53+00:00
9. 

   Mikhail Katliar reporter

   • attached gdb-haswell.s
   • attached gdb-ivybridge.s
   • attached gdb-generic.s

   Disassembly of the generated code for different -march options

   • 2019-09-14T08:58:18+00:00
10. 

    Mikhail Katliar reporter

    The code generated for ivybridge is quite close to the one for generic, whereas the difference between haswell and generic is quite big (see above).

    • 2019-09-14T08:59:59+00:00
11. 

    Klaus Iglberger

    • changed status to wontfix

    Hi Misha!

    Thanks a lot for providing a completely runable example. With this I was indeed able to reproduce the segmentation fault and could start to properly analyze it on my side. Despite several hours of investigation, I did not find any bug in Blaze. On the other hand, I did find several indications that this is indeed a compiler bug:

    • The segfault only occurs in GCC, but not in Clang;
    • The error only appears with a special "optimization" flag, but not with the usual flags to enable AVX or SSE;
    • The Blaze function that would trigger an aligned load of a double value is never called, i.e. there is no explanation for the movapd instruction;
    • Commenting out branches that are not taken can make the segfault disappear;
    • Slightly rewriting the apparently failing load()/store() functions without changing the meaning make the segfault disappear:

    left.store( right.load() );  // Segfault
    

    auto xmm( right.load() );
    std::cout << "Output";
    left.store( xmm );  // No segfault
    

    Of course I don't have any proof that this is a compiler error, but since I could not detect anything wrong in Blaze and since the Blazetest has not detected any bug in years, even with random submatrix assignments, I am bound to believe that this is not an issue in Blaze itself.

    Still, many thanks to you for being persistent and for investing so much time to provide the information.

    Best regards,

    Klaus!

    • 2019-09-15T13:45:51+00:00
12. 

    Mikhail Katliar reporter

    Hello Klaus,

    thank you for looking into this issue one again. I also have the opinion that it is a compiler bug.

    • 2019-09-18T08:35:32+00:00
13. Log in to comment