Solaris - BUS error with optimize mode

revolta25 · May 8, 2015, 1:33pm

Hi,

I'm facing BUS (invalid address alignment) issue.

Application works correctly with binaries compiled without optimization.
When "-O3" (or -O2, O1) is in use, application abort with - BUS (invalid address alignment).

The problem appears in following situation:

struct _a
{
	int _a1;
	uint64_t _a2;
}

int f2(uint64_t *obj)
{
	printf("%llu", *obj); <--- BUS ERROR
	
	return 0;
}

void f1()
{
	...
	_a* obj_a = malloc();
	
	printf("%llu", obj_a->_a2); <--- OK
	f2(&obj_a->_a2);
}

Solaris Sparc
GCC 4.2.1

Thanks

Corona688 · May 8, 2015, 1:44pm

Is that really the entire code? Does it still cause that crash when minimized like that?

revolta25 · May 8, 2015, 1:55pm

Thanks form the reply.
No, it's just an example. It's a big system so it's hard to present problem detailed.

For some reason, when object from struct is passed by reference to function and we want to manipulate by pointer on this object it cause BUS error.

With test function with param "struct _a *obj" (so pointer to struct is passed) works correctly.

int f3(struct _a *obj)
{	
printf("%llu", obj->_a2); <--- OK	
return 0;
}

Like I wrote, without optimization works correctly.

Corona688 · May 8, 2015, 2:15pm

Optimization often causes subtle bugs from anything which uses undefined values -- things like pointing to a stack variable which went out of scope, overrunning the end of an array, etc. The crash can happen quite a distance from whatever caused it -- the corruption could've happened long ago. Code which happens to "just work" unoptimized may run far differently when the compiler starts removing in-between steps and squeezes out the empty spaces, letting things start bumping into each other.

So I'd start by logging the values fed into that function. They're probably getting corrupted somewhere. Then follow it backwards from there until you find out where the corruption is happening.

achenle · May 8, 2015, 8:49pm

Change

struct _a
{
    int _a1;
    uint64_t _a2;
}

to

struct _a
{
    uint64_t _a2;
    int _a1;
}

Note that I swapped the order of the fields in the structure.

By defining the structure with the smaller elements first, if the structure is packed tightly, as it likely is under optimization, you're likely violating an address restriction on the value when you pass it like that.

Corona688 · May 12, 2015, 2:15pm

It's unlikely that the compiler would build itself a data structure it cannot use...

achenle · May 12, 2015, 4:30pm

GCC on SPARC?

Given that Sun's own compilers did it with an OS base utility - Solaris 10 mkfs - you'd better believe it's quite likely that GCC on SPARC will do it, too.

Corona688 · May 20, 2015, 11:57am

That forces alignment with a #pragma, otherwise, that'd be extremely difficult.

He didn't mention that about his code, but you're right, it could be something to look for.

fpmurphy · May 20, 2015, 10:22pm

The code is badly written:

struct _a
{
	int _a1;
	uint64_t _a2;
}


int f2(uint64_t *obj)
{
        // obj is of type uint64_t. Not an unsigned long long!
        // this could be any value, including NULL! 
        // no wonder a BUS ERROR in certain circumstances  
	printf("%llu", *obj); <--- BUS ERROR
	
	return 0;
}

void f1()
{
	...
        // how is malloc() expected to know what size space to allocate
        // no test for NULL!
	_a* obj_a = malloc();
	
        // a random value will be returned.  Should zeroize structure
        // why the use of %llu. _a2 is a uint64_t  
	printf("%llu", obj_a->_a2); <--- OK
        // you should use an appropriate cast here
	f2(&obj_a->_a2);
}

achenle · May 21, 2015, 6:46am

The point was that even Sun messed up alignment in operating system basic tools such as mkfs on SPARC. SPARC has some very strict alignment restrictions, and the OPs code is one of the archetypes of ways to violate those restrictions: a malloc'd block that's used by a structure that has a small member with no alignment restrictions declared before a larger member that can have much stricter alignment restrictions.

As far as I can tell, GCC on SPARC has no equivalent of the "-xmemalign" argument the Solaris Studio compilers have:

Man Page cc.1

-xmemalign=ab
(SPARC) Use the -xmemalign option to control the
assumptions the compiler makes about the alignment of
data. By controlling the code generated for potentially
misaligned memory accesses and by controlling program
behavior in the event of a misaligned access, you can
more easily port your code to SPARC.

  Specify the maximum assumed memory alignment and
  behavior of misaligned data accesses.	There must be a
  value	for both a \(alignment\) and b \(behavior\). a speci-
  fies the maximum assumed memory alignment and	b speci-
  fies the behavior for	misaligned memory accesses.
  For memory accesses where the	alignment is determinable
  at compile time, the compiler	generates the appropriate
  load/store instruction sequence for that alignment of
  data.

  For memory accesses where the	alignment cannot be
  determined at	compile	time, the compiler must	assume an
  alignment to generate	the needed load/store sequence.

  For memory accesses where the	alignment is determinable
  at compile time, the compiler	generates the appropriate
  load/store instruction sequence for that alignment of
  data.

  For memory accesses where the	alignment cannot be
  determined at	compile	time, the compiler must	assume an
  alignment to generate	the needed load/store sequence.

  If actual data alignment at runtime is less than the
  specified alignment, the misaligned access attempt \(a
  memory read or write\)	generates a trap. The two possi-
  ble responses	to the trap are	as follows:

  o The	OS converts the	trap to	a SIGBUS signal. If the
  program does not catch the signal, the program aborts.
  Even if the program catches the signal, the misaligned
  access attempt will not have succeeded.

  o The	OS handles the trap by interpreting the
  misaligned access and	returning control to the program
  as if	the access had succeeded normally.

  Values

  Accepted values for a	are:

       1    Assume at most 1 byte alignment.

       2    Assume at most 2 byte alignment.

       4    Assume at most 4 byte alignment.

       8    Assume at most 8 byte alignment.

       16   Assume at most 16 byte alignment.

  Accepted values for b	are:

       i    Interpret access and continue execution.

       s    Raise signal SIGBUS.

       f    For	variants of -xarch=v9 only. Raise signal
	    SIGBUS for alignments less than or equal to
	    4, otherwise interpret access and continue
	    execution. For all other -xarch values, the	f
	    flag is equivalent to i.

  You must also	specify	-xmemalign whenever you	want to
  link to an object file that was compiled with	the value
  of b set to either i or f. For a complete list of com-
  piler	options	that must be specified at both compile
  time and at link time, see the C User's Guide.

  Defaults

  The default for all SPARC v9 architectures is
  -xmemalign=8s. Specifying -xmemalign is equivalent to
  specifying -xmemalign=1i.

jim_mcnamara · May 21, 2015, 8:30am

Solaris supports memalign() - a malloc variant that allows specification of alignments on a per object basis. We have had to take that approach with some code.

achenle · May 21, 2015, 2:25pm

memalign() isn't going to help in this case - malloc() itself has to return "memory suitably aligned for any use". The problem comes from using a structure in such a way that a member that has a strict alignment is offset from the beginning of the structure by an amount that causes the alignment to be wrong. Per the "-xmemalign" documentation from the Solaris Studio "cc" man page:

And that's why the OPs code that accesses the structure via malloc()'d memory causes a bus error.

It's pretty much the archetype of how to get a SIGBUS error on SPARC.

fpmurphy · May 22, 2015, 4:07am

struct _a
{
	int _a1;
	uint64_t _a2;
}

Please explain how you come to the conclusion that the 2nd member of the structure require strict alignment. I do not see that requirement.

achenle · May 22, 2015, 8:34am

fpmurphy:

struct _a
{
   int _a1;
   uint64_t _a2;
}
Please explain how you come to the conclusion that the 2nd member of the structure require strict alignment. I do not see that requirement.

There are three ways to get SIGBUS on SPARC:

Writing to memory that was created with mmap using the MAP_NORESERVE flag and an initial write to a virtual page requires that page to actually be created, but no swap space is available for a backing store.
Hardware error.
Misaligned memory access.

This isn't 1 or 2.

jim_mcnamara · May 22, 2015, 11:07am

Oracle sun docs - these are super short paragraphs - basically a 64 bit integer has to align on a 64 bit boundary, 32 on 32 bit boundary, 16 on 16.

http://docs.oracle.com/cd/E19253-01/816-4854/hwovr-2/index.html

http://docs.oracle.com/cd/E19253-01/816-4854/hwovr-3/index.html

Corona688 · May 22, 2015, 11:31am

x86 is one of the only common architectures which does not have these limitations, and accessing memory in that manner still comes at a performance cost.