GithubHelp home page GithubHelp logo

Comments (5)

karineek avatar karineek commented on June 28, 2024

I also found another example atof instead of atoi:

#include <stdio.h>
#include <stdlib.h>
#include <float.h>

int main(int argc, char *argv[]) {
    if (argc != 2) {
        printf("Usage: %s <value>\n", argv[0]);
        return 1;
    }

    long double x = atof(argv[1]);
    long double result = 2 * x - 2;

    printf("Result: %Lf\n", result);

    return 0;
}

where the bug disappeared when changing -2 to -1, in long double result = 2 * x - 2;.

from gem5.

andysan avatar andysan commented on June 28, 2024

If memory serves me right, long double is treated as an 80-bit float on x86. My suspicion is that this bug is related to gem5's x87 implementation which has never been reliable (I wasted a great deal of time fixing some of the most glaring issues many years ago when I was a PhD student). As far as I know, it still implements 80-bit floating point arithmetic in x87 using 64-bit double precision and then expanding that to the 80-bit format when written to memory.

It would be helpful if you could provide the disassembly if the main function in the bug report, that would let whoever picks this up narrow it down to specific instructions.

from gem5.

karineek avatar karineek commented on June 28, 2024

Thanks!

If I build it with -O0 then the simulation runs correctly; however, with -O1 (and -O2, -O3...) the bug appears also with -g. Here are the two versions:

O0:

0000000000001169 <main>:
    1169:	f3 0f 1e fa          	endbr64 
    116d:	55                   	push   rbp
    116e:	48 89 e5             	mov    rbp,rsp
    1171:	48 83 ec 40          	sub    rsp,0x40
    1175:	89 7d cc             	mov    DWORD PTR [rbp-0x34],edi
    1178:	48 89 75 c0          	mov    QWORD PTR [rbp-0x40],rsi
    117c:	83 7d cc 02          	cmp    DWORD PTR [rbp-0x34],0x2
    1180:	74 25                	je     11a7 <main+0x3e>
    1182:	48 8b 45 c0          	mov    rax,QWORD PTR [rbp-0x40]
    1186:	48 8b 00             	mov    rax,QWORD PTR [rax]
    1189:	48 89 c6             	mov    rsi,rax
    118c:	48 8d 05 7d 0e 00 00 	lea    rax,[rip+0xe7d]        # 2010 <_IO_stdin_used+0x10>
    1193:	48 89 c7             	mov    rdi,rax
    1196:	b8 00 00 00 00       	mov    eax,0x0
    119b:	e8 c0 fe ff ff       	call   1060 <printf@plt>
    11a0:	b8 01 00 00 00       	mov    eax,0x1
    11a5:	eb 6f                	jmp    1216 <main+0xad>
    11a7:	48 8b 45 c0          	mov    rax,QWORD PTR [rbp-0x40]
    11ab:	48 83 c0 08          	add    rax,0x8
    11af:	48 8b 00             	mov    rax,QWORD PTR [rax]
    11b2:	48 89 c7             	mov    rdi,rax
    11b5:	e8 b6 fe ff ff       	call   1070 <atoi@plt>
    11ba:	89 45 dc             	mov    DWORD PTR [rbp-0x24],eax
    11bd:	db 45 dc             	fild   DWORD PTR [rbp-0x24]
    11c0:	db 2d 9a 0e 00 00    	fld    TBYTE PTR [rip+0xe9a]        # 2060 <_IO_stdin_used+0x60>
    11c6:	de e9                	fsubp  st(1),st
    11c8:	db 7d e0             	fstp   TBYTE PTR [rbp-0x20]
    11cb:	db 45 dc             	fild   DWORD PTR [rbp-0x24]
    11ce:	d9 e8                	fld1   
    11d0:	de e9                	fsubp  st(1),st
    11d2:	db 7d f0             	fstp   TBYTE PTR [rbp-0x10]
    11d5:	ff 75 e8             	push   QWORD PTR [rbp-0x18]
    11d8:	ff 75 e0             	push   QWORD PTR [rbp-0x20]
    11db:	48 8d 05 41 0e 00 00 	lea    rax,[rip+0xe41]        # 2023 <_IO_stdin_used+0x23>
    11e2:	48 89 c7             	mov    rdi,rax
    11e5:	b8 00 00 00 00       	mov    eax,0x0
    11ea:	e8 71 fe ff ff       	call   1060 <printf@plt>
    11ef:	48 83 c4 10          	add    rsp,0x10
    11f3:	ff 75 f8             	push   QWORD PTR [rbp-0x8]
    11f6:	ff 75 f0             	push   QWORD PTR [rbp-0x10]
    11f9:	48 8d 05 3d 0e 00 00 	lea    rax,[rip+0xe3d]        # 203d <_IO_stdin_used+0x3d>
    1200:	48 89 c7             	mov    rdi,rax
    1203:	b8 00 00 00 00       	mov    eax,0x0
    1208:	e8 53 fe ff ff       	call   1060 <printf@plt>
    120d:	48 83 c4 10          	add    rsp,0x10
    1211:	b8 00 00 00 00       	mov    eax,0x0
    1216:	c9                   	leave  
    1217:	c3                   	ret    
    1218:	0f 1f 84 00 00 00 00 	nop    DWORD PTR [rax+rax*1+0x0]
    121f:	00

and O1:

0000000000001169 <main>:
    1169:	f3 0f 1e fa          	endbr64 
    116d:	48 83 ec 18          	sub    rsp,0x18
    1171:	83 ff 02             	cmp    edi,0x2
    1174:	74 23                	je     1199 <main+0x30>
    1176:	48 8b 16             	mov    rdx,QWORD PTR [rsi]
    1179:	48 8d 35 84 0e 00 00 	lea    rsi,[rip+0xe84]        # 2004 <_IO_stdin_used+0x4>
    1180:	bf 01 00 00 00       	mov    edi,0x1
    1185:	b8 00 00 00 00       	mov    eax,0x0
    118a:	e8 e1 fe ff ff       	call   1070 <__printf_chk@plt>
    118f:	b8 01 00 00 00       	mov    eax,0x1
    1194:	48 83 c4 18          	add    rsp,0x18
    1198:	c3                   	ret    
    1199:	48 8b 7e 08          	mov    rdi,QWORD PTR [rsi+0x8]
    119d:	ba 0a 00 00 00       	mov    edx,0xa
    11a2:	be 00 00 00 00       	mov    esi,0x0
    11a7:	e8 b4 fe ff ff       	call   1060 <strtol@plt>
    11ac:	89 04 24             	mov    DWORD PTR [rsp],eax
    11af:	db 04 24             	fild   DWORD PTR [rsp]
    11b2:	d9 c0                	fld    st(0)
    11b4:	db 3c 24             	fstp   TBYTE PTR [rsp]
    11b7:	d8 25 8f 0e 00 00    	fsub   DWORD PTR [rip+0xe8f]        # 204c <_IO_stdin_used+0x4c>
    11bd:	48 8d 64 24 f0       	lea    rsp,[rsp-0x10]
    11c2:	db 3c 24             	fstp   TBYTE PTR [rsp]
    11c5:	48 8d 35 4b 0e 00 00 	lea    rsi,[rip+0xe4b]        # 2017 <_IO_stdin_used+0x17>
    11cc:	bf 01 00 00 00       	mov    edi,0x1
    11d1:	b8 00 00 00 00       	mov    eax,0x0
    11d6:	e8 95 fe ff ff       	call   1070 <__printf_chk@plt>
    11db:	d9 e8                	fld1   
    11dd:	db 6c 24 10          	fld    TBYTE PTR [rsp+0x10]
    11e1:	de e1                	fsubrp st(1),st
    11e3:	48 8d 64 24 f0       	lea    rsp,[rsp-0x10]
    11e8:	db 3c 24             	fstp   TBYTE PTR [rsp]
    11eb:	48 8d 35 3f 0e 00 00 	lea    rsi,[rip+0xe3f]        # 2031 <_IO_stdin_used+0x31>
    11f2:	bf 01 00 00 00       	mov    edi,0x1
    11f7:	b8 00 00 00 00       	mov    eax,0x0
    11fc:	e8 6f fe ff ff       	call   1070 <__printf_chk@plt>
    1201:	48 83 c4 20          	add    rsp,0x20
    1205:	b8 00 00 00 00       	mov    eax,0x0
    120a:	eb 88                	jmp    1194 <main+0x2b>
    120c:	0f 1f 40 00          	nop    DWORD PTR [rax+0x0]

From the first 3 lines, it seems like an address that is treated differently with the sub command.

from gem5.

andysan avatar andysan commented on June 28, 2024

I'm nor an expert in x86 assembly, but I think the main difference is that the fsub in the O0 example operates on the x87 stack (confusingly, these are actually registers) only while the O1 example seems to use one operand from the stack and one from memory. I wouldn't be surprised if that's where it goes wrong. This seems plausible since gem5 internally represents floating point registers as 64b doubles but it supports 80b floats in-memory. I wouldn't be surprised if you have a similar bug in any instruction that takes one 80b operand from a register (x87 stack) and the other one from memory.

from gem5.

erin-le avatar erin-le commented on June 28, 2024

I was able to reproduce this error as follows:

  1. Build gem5 on version 23.1.0.0.
  2. Download the provided config script from https://github.com/karineek/SearchGEM5/blob/main/hello-custom-binary-Ex.py.
  3. Save the provided code (under "3. Run" in the original message) as the file test_missim_01.c and compile it with the provided command, gcc-11 -O3 test_missim_01.c -o test_missim_01.c.o.
  4. Save the input text file as test_missim_01.txt, changing the first line to be the filepath to test_missim_01.c.
  5. Run gem5 with the provided command, changing the filepaths where necessary.
    The output:
>> Result: x - 2 = -0.00
>> Result: x - 1 = -1.00

from gem5.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.