QEMU

floating-point operation bugs in qemu-alpha

Bug #1701835 reported by Bruno Haible
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Richard Henderson

Bug Description

When running the gnulib testsuite, I'm seeing test failures in the tests for libm functions
  cbrt
  cbrtf
  ceil
  ceilf
  coshf
  exp2
  exp2f
  floor
  floorf
  fma
  fmaf
  fmal
  frexp
  frexpf
  hypot
  hypotf
  hypotl
  ilogb
  ilogbf
  isfinite
  isinf
  isnan
  isnand
  isnanf
  ldexp
  ldexpf
  ldexpl
  log1p
  log1pf
  log2
  log2f
  logb
  logbf
  logbl
  rint
  rintf
  rintl
  signbit
  sqrt
  sqrtf
  strtod
that I don't see when running the same (statically linked) executables in a VM, through qemu-system-alpha.

How to reproduce:
- Using gnulib, run ./gnulib-tool --create-testdir --dir=../testdir-math --single-configure cbrt cbrtf ceil ceilf coshf exp2 exp2f float floor floorf fma fmaf fmal frexp frexpf hypot hypotf hypotl ilogb ilogbf isfinite isinf isnan isnand isnanf ldexp ldexpf ldexpl log1p log1pf log2 log2f logb logbf logbl math printf-frexp rint rintf rintl round roundf signbit sqrt sqrtf strtod trunc truncf
- Copy the resulting directory to a VM running Linux 2.6.26 with qemu-system-alpha.
- There, configure and build the package:
  mkdir build-native-static; cd build-native-static; ../configure CPPFLAGS="-Wall" LDFLAGS="-static"; make; make check
  Only 4 tests fail.
- Copy the resulting binaries back to the original x86_64 machine.
- Set environment variables for using qemu-alpha.
- Here, 50 tests fail that did not fail originally:

$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-cbrt
../../gltests/test-cbrt.h:39: assertion 'err > - L_(4.0) * L_(16.0) / TWO_MANT_DIG && err < L_(4.0) * L_(16.0) / TWO_MANT_DIG' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ceil1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ceil2
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ceilf1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ceilf2
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-coshf
../../gltests/test-coshf.c:37: assertion 'y >= 1.1854652f && y <= 1.1854653f' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-float
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-floor1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-floor2
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-floorf1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-floorf2
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fma1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fma2
../../gltests/test-fma2.h:116: assertion 'result == expected' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fmaf1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fmaf2
../../gltests/test-fma2.h:116: assertion 'result == expected' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fmal2
../../gltests/test-fma2.h:116: assertion 'result == expected' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-frexp
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-frexpf
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-hypot
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-hypotf
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-hypotl
../../gltests/test-hypot.h:41: assertion 'z == HUGEVAL' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ilogb
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ilogbf
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isfinite
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isinf
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnan
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnand-nolibm
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnand
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnanf-nolibm
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnanf
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ldexp
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ldexpf
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ldexpl
../../gltests/test-ldexp.h:99: assertion 'y == expected' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-log1p
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-log1pf
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-log2
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-log2f
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-logb
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-logbf
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-math
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-printf-frexp
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-rint
../../gltests/test-rint.c:63: assertion 'rint (0.7) == 1.0' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-rintf
../../gltests/test-rintf.c:63: assertion 'rintf (0.7f) == 1.0f' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-rintl
../../gltests/test-rintl.c:68: assertion 'rintl (0.7L) == 1.0L' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-round1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-roundf1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-signbit
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-sqrt
../../gltests/test-sqrt.h:40: assertion 'err > - L_(16.0) / TWO_MANT_DIG && err < L_(16.0) / TWO_MANT_DIG' failed
Aborted (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-trunc1
Floating point exception (core dumped)
$ ~/inst-qemu/2.9.0/bin/qemu-alpha test-truncf1
Floating point exception (core dumped)

Revision history for this message
Bruno Haible (bruno-clisp) wrote :
Revision history for this message
Bruno Haible (bruno-clisp) wrote :

The behaviour in qemu-2.11 is the same as in qemu-2.9.

Revision history for this message
Stefan Ring (stefanrin) wrote :

This is likely expected/correct behavior. You should try building with -mieee.

Revision history for this message
Bruno Haible (bruno-clisp) wrote :

> You should try building with -mieee.

When I build with
../configure CFLAGS="-mieee -O2 -g" CPPFLAGS=-Wall LDFLAGS="-static -lieee"
I observe the exact same behaviour: Only 4 tests fail in a VM executed with qemu-system-alpha, whereas the same test failures (from test-cbrt to test-truncf1) are seen with qemu-alpha.

Revision history for this message
Stefan Ring (stefanrin) wrote :

Most likely some bits are initialized differently in the FPCR.

Revision history for this message
Stefan Ring (stefanrin) wrote :

Run this:

#include <stdio.h>
#include <string.h>

double get_fpcr()
{
    double x;
    asm ("mf_fpcr %0": "=f" (x));
    return x;
}

int main()
{
    double fpcr = get_fpcr();
    unsigned long l;
    memcpy(&l, &fpcr, 8);
    printf("%016lx\n", l);
    return 0;
}

Under qemu-system-alpha I get 680e800000000000.

Revision history for this message
Bruno Haible (bruno-clisp) wrote :

Under qemu-system-alpha I get 680e800000000000 as well.

Under qemu-alpha (versions 2.8.1, 2.9.0, 2.10.0, 2.11.0, 2.12.0, 3.1.0) I get 600e800000000000, i.e. bit 59 is unset.

Revision history for this message
Stefan Ring (stefanrin) wrote :

https://download.majix.org/dec/alpha_arch_ref.pdf

The bits are defined in 4.7.8 Floating-Point Control Register (FPCR). 59/58 zero is chopped rounding. This does not seem like a good default.

Revision history for this message
Bruno Haible (bruno-clisp) wrote :

The fpcr value seen in a process running in a VM comes from the Linux kernel, file linux/arch/alpha/kernel/process.c, function flush_thread():

        /* Arrange for each exec'ed process to start off with a clean slate
           with respect to the FPU. This is all exceptions disabled. */
        current_thread_info()->ieee_state = 0;
        wrfpcr(FPCR_DYN_NORMAL | ieee_swcr_to_fpcr(0));

where FPCR_DYN_NORMAL is 0x2UL << 58 /* towards nearest */

Where do we go from here? As far as I understand, qemu-alpha ought to initialize the DYN bits to FPCR_DYN_NORMAL. Where in the code should this be done? I see code in target/alpha/cpu.c, function alpha_cpu_initfn, that initializes the DYN bits to FPCR_DYN_NORMAL. Is this at the wrong place? Is it insufficient for another reason?

Revision history for this message
Richard Henderson (rth) wrote :

Should be fixed by:

http://lists.nongnu.org/archive/html/qemu-devel/2019-01/msg00726.html

Revision history for this message
Bruno Haible (bruno-clisp) wrote :

No, it is not fixed: even with this patch the program that fetches the fpcr still prints 600e800000000000, and the various program crashes still occur.

Revision history for this message
Thomas Huth (th-huth) wrote :

Commit https://git.qemu.org/?p=qemu.git;a=commitdiff;h=29eb528078683 claims that this has been fixed. Is the problem still reproducible with QEMU 4.0?

Revision history for this message
Bruno Haible (bruno-clisp) wrote :

The problem is still reproducible with QEMU 4.0.0:
- The test programs test-cbrt ... test-truncf1 crash or abort as described.
- The test program from comment #6, run with qemu-alpha, prints 600e800000000000, i.e. bit 59 is unset.

Revision history for this message
Stefan Ring (stefanrin) wrote :

There seems to be more confusion of the sort. This fixes it for me:

--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -10226,7 +10226,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
                     return -TARGET_EFAULT;
                 }
                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
- fpcr = orig_fpcr & FPCR_DYN_MASK;
+ fpcr = orig_fpcr & ((uint64_t) FPCR_DYN_MASK << 32);

                 /* Copied from linux ieee_swcr_to_fpcr. */
                 fpcr |= (swcr & SWCR_STATUS_MASK) << 35;

But I would consider this a workaround at best. Having a right-shifted mask in the first place seems rather unhelpful to me.

Revision history for this message
Richard Henderson (rth) wrote :

There is quite a bit missing for proper user-level emulation.
Please try

https://patchwork.ozlabs.org/patch/1091847/

Changed in qemu:
assignee: nobody → Richard Henderson (rth)
status: New → In Progress
Revision history for this message
Bruno Haible (bruno-clisp) wrote :

The patch mentioned in #15 fixes the issue:
- The test programs test-cbrt ... test-truncf1 now all succeed.
- The test program from comment #6, run with qemu-alpha, prints 680e800000000000, i.e. bit 59 is set.

Thanks Richard!!

Revision history for this message
Richard Henderson (rth) wrote :

Patch now merged to master and will be in QEMU 4.1.

Changed in qemu:
status: In Progress → Fix Committed
Revision history for this message
Thomas Huth (th-huth) wrote :

https://git.qemu.org/?p=qemu.git;a=commitdiff;h=21ba856499f9c0ccdc

Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.