Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Illegal instruction that may be due to mis-compilation #21250

Closed
timholy opened this issue Apr 1, 2017 · 3 comments
Closed

Illegal instruction that may be due to mis-compilation #21250

timholy opened this issue Apr 1, 2017 · 3 comments
Labels
bug Indicates an unexpected problem or unintended behavior compiler:inference Type inference
Milestone

Comments

@timholy
Copy link
Member

timholy commented Apr 1, 2017

This is a reliable segfaultfailure that depends on a fairly bizarre combination of factors. It was noticed in JuliaImages/ImageFeatures.jl#32, and I've managed to boil it down to a reasonably simple test case that doesn't require any packages:

using Base.Test

struct Gray{T}
    val::T
end
Base.convert{T}(::Type{Gray{T}}, x) = Gray(convert(T, x))

abstract type Normed end
struct N0f8 <: Normed
    val::Int
end
Base.convert(::Type{N0f8}, x::Int) = N0f8(x)

# This version shouldn't be called, but if we get rid of it, it doesn't crash
function imresize{T,N}(original::AbstractArray{T,N}, short_size::NTuple)
    len_short = length(short_size)
    new_size = ntuple(i -> (i > len_short ? size(original,i) : short_size[i]), N)
    imresize(original, new_size)
end

function imresize{T,N}(original::AbstractArray{T,N}, new_size::NTuple{N})
    copy!(similar(original), original)
end

# The type constraints here might seem optional, but it doesn't crash without them.
# Even getting rid of the Gray, changing it to
#     create_descriptor{T<:Normed}(img::AbstractArray{T, 2}
# (and correspondingly modifying the array creation below) fails to trigger the crash.
function create_descriptor{T<:Normed}(img::AbstractArray{Gray{T}, 2}, yblocks::Integer, xblocks)
    h, w = size(img)
    y_padded = ceil(Int, h / (yblocks)) * yblocks
    x_padded = ceil(Int, w / (xblocks)) * xblocks
    @show (y_padded, x_padded)

    # We have `x_padded == y_padded = 10`, but if you replace the
    # variables with (10, 10) then it doesn't crash
    img_padded = imresize(img, (y_padded, x_padded))
end

# This seems spurious, but it doesn't crash without it
img = [  0x4c  0x19  0xac  0x2e  0x8c  0xcc  0x96  0x4c  0xdb  0x4f
         0x01  0x75  0x65  0x57  0x59  0x24  0xe9  0x8e  0x1f  0xd3
         0xb3  0x92  0xdd  0xdb  0x2e  0xf2  0xcc  0xc1  0xac  0x97
         0xc8  0x75  0xa8  0x38  0x6d  0x77  0xc3  0xf4  0x63  0x15
         0x7c  0xdf  0x54  0x11  0x0f  0x03  0xea  0x01  0x5e  0xe6
         0xa5  0x87  0x40  0x22  0xeb  0x71  0xf7  0xba  0xb2  0x6f
         0x9d  0xa7  0x58  0x7e  0xf8  0x0f  0x91  0xd0  0x8e  0x04
         0x58  0xd3  0x8b  0x5d  0x6f  0x8b  0xaa  0x77  0x53  0x46
         0x9a  0x74  0xd8  0x2f  0x38  0x4e  0x4b  0x18  0x4a  0xc7
         0x1a  0xe0  0x52  0x5a  0x6a  0x03  0xe8  0xcb  0x95  0xfc
      ]

# If you comment out the `@testset` and `end` lines, the crash doesn't happen
@testset "Descriptor" begin
    img = Gray{N0f8}[   0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0
                        0 1 1 0 1 1 0 1 1 0 ]

    descriptor = create_descriptor(img, 1, 1)
end

The output is

$ julia-0.6 crash_repro.jl
(y_padded, x_padded) = (10, 10)

signal (4): Illegal instruction
while loading /home/tim/.julia/v0.6/ImageFeatures/test/crash_repro.jl, in expression starting on line 54
macro expansion at /home/tim/.julia/v0.6/ImageFeatures/test/crash_repro.jl:66 [inlined]
macro expansion at ./test.jl:853 [inlined]
anonymous at ./<missing> (unknown line)
jl_call_fptr_internal at /home/tim/src/julia-0.6/src/julia_internal.h:326 [inlined]
jl_call_method_internal at /home/tim/src/julia-0.6/src/julia_internal.h:345 [inlined]
jl_toplevel_eval_flex at /home/tim/src/julia-0.6/src/toplevel.c:589
jl_parse_eval_all at /home/tim/src/julia-0.6/src/ast.c:873
jl_load at /home/tim/src/julia-0.6/src/toplevel.c:616
include_from_node1 at ./loading.jl:539
unknown function (ip: 0x7fcdb1bd16db)
jl_call_fptr_internal at /home/tim/src/julia-0.6/src/julia_internal.h:326 [inlined]
jl_call_method_internal at /home/tim/src/julia-0.6/src/julia_internal.h:345 [inlined]
jl_apply_generic at /home/tim/src/julia-0.6/src/gf.c:2234
include at ./sysimg.jl:14
unknown function (ip: 0x7fcdb1a74feb)
jl_call_fptr_internal at /home/tim/src/julia-0.6/src/julia_internal.h:326 [inlined]
jl_call_method_internal at /home/tim/src/julia-0.6/src/julia_internal.h:345 [inlined]
jl_apply_generic at /home/tim/src/julia-0.6/src/gf.c:2234
process_options at ./client.jl:305
_start at ./client.jl:371
unknown function (ip: 0x7fcdb1bfec08)
jl_call_fptr_internal at /home/tim/src/julia-0.6/src/julia_internal.h:326 [inlined]
jl_call_method_internal at /home/tim/src/julia-0.6/src/julia_internal.h:345 [inlined]
jl_apply_generic at /home/tim/src/julia-0.6/src/gf.c:2234
jl_apply at /home/tim/src/julia-0.6/ui/../src/julia.h:1416 [inlined]
true_main at /home/tim/src/julia-0.6/ui/repl.c:127
main at /home/tim/src/julia-0.6/ui/repl.c:264
__libc_start_main at /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291
unknown function (ip: 0x401668)
Allocations: 1562748 (Pool: 1561339; Big: 1409); GC: 0

Note that it gets as far as executing the @show statement.

julia> versioninfo()
Julia Version 0.6.0-pre.beta.0
Commit bd84fa1 (2017-03-31 12:58 UTC)
Platform Info:
  OS: Linux (x86_64-linux-gnu)
  CPU: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
  WORD_SIZE: 64
  BLAS: libopenblas (USE64BITINT DYNAMIC_ARCH NO_AFFINITY Haswell)
  LAPACK: libopenblas64_
  LIBM: libopenlibm
  LLVM: libLLVM-3.9.1 (ORCJIT, broadwell)
@yuyichao yuyichao changed the title Runtime segfault that may be due to mis-compilation Illegal instruction that may be due to mis-compilation Apr 1, 2017
@yuyichao
Copy link
Contributor

yuyichao commented Apr 1, 2017

Likely dup of #21243. Note that this is not a segfault......................................

@yuyichao yuyichao added the compiler:inference Type inference label Apr 1, 2017
@timholy
Copy link
Member Author

timholy commented Apr 1, 2017

Duh, right. Amazing how a confusion learned 20 years (and nominally unlearned 18 years ago) ago keeps slipping through occasionally.

@JeffBezanson JeffBezanson added the bug Indicates an unexpected problem or unintended behavior label Apr 3, 2017
@JeffBezanson JeffBezanson modified the milestones: 0.6.x, 0.6.0 Apr 4, 2017
@JeffBezanson
Copy link
Member

Looks like this has the same root cause as #21243.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Indicates an unexpected problem or unintended behavior compiler:inference Type inference
Projects
None yet
Development

No branches or pull requests

3 participants