SBCL

Typechecking failure allows too small arrays to be packed into simd

Bug #2012010 reported by Patrick Poitras
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SBCL
Fix Released
Undecided
Unassigned

Bug Description

Hi peeps!

I come to you with a reproducible example of a typechecking problem we had.

```
(defun sad-function ()
  (let* ((a (make-array 8 :element-type '(signed-byte 8) :initial-element -128))
         (b (make-array 8 :element-type '(signed-byte 8) :initial-element 3)))
           (print-row-major-arefs a b)))

(defun print-row-major-arefs (v1 v2)
  (let ((a (sb-simd-avx2:s8.32-row-major-aref v1 0))
        (b (sb-simd-avx2:s8.32-row-major-aref v2 0)))
    (format t "~A ~A" a b)))

(sad-function)
```

This will print out whatever is in the registers at the time of the call. I think some information about the length of arrays passed into the second function is lost by passing it into a function, because if you inline the second function

```
(declaim (inline print-row-major-arefs))
(defun sad-function ()
  (let* ((a (make-array 8 :element-type '(signed-byte 8) :initial-element -128))
         (b (make-array 8 :element-type '(signed-byte 8) :initial-element 3)))
           (print-row-major-arefs a b)))

(defun print-row-major-arefs (v1 v2)
  (let ((a (sb-simd-avx2:s8.32-row-major-aref v1 0))
        (b (sb-simd-avx2:s8.32-row-major-aref v2 0)))
    (format t "~A ~A" a b)))

(sad-function)
```

you get

```
Value of (- (ARRAY-TOTAL-SIZE ARRAY) 31) in
(SB-KERNEL:CHECK-BOUND ARRAY (- (ARRAY-TOTAL-SIZE ARRAY) 31)
                       SB-SIMD-INTERNALS::INDEX)

is
  -23,
not a
  (MOD 4611686018427387901).
   [Condition of type SIMPLE-TYPE-ERROR]
```

Which is a bit confusing of an error message, but it is crashing due to the size of the array being 24 elements too small. The uninlined call does not error out, and will in fact print out whatever values were in the registers.

I'm not sure if the typecheck is intentional. It may be an unintentional typecheck error as a response to undefined behavior, that just happens to be helpful. Either way, I figured a minimally reproducible example might be helpful to y'all.

SBCL version is 2.3.2. Running on Ubuntu 18, with AVX2 instructions.

uname -a
```
Linux <name> 5.15.1-1.el7.elrepo.x86_64 #1 SMP Thu Nov 4 19:11:12 EDT 2021 x86_64 x86_64 x86_64 GNU/Linux
```

*features*
```
(:CLPM-CLIENT :ASDF3.3 :ASDF3.2 :ASDF3.1 :ASDF3 :ASDF2 :ASDF :OS-UNIX
 :NON-BASE-CHARS-EXIST-P :ASDF-UNICODE :ARENA-ALLOCATOR :X86-64 :GENCGC :64-BIT
 :ANSI-CL :COMMON-LISP :ELF :IEEE-FLOATING-POINT :LINUX :LITTLE-ENDIAN
 :PACKAGE-LOCAL-NICKNAMES :SB-LDB :SB-PACKAGE-LOCKS :SB-THREAD :SB-UNICODE
 :SBCL :UNIX)
```

Cheers!

See original description
Patrick Poitras (pfpoitras)
description: updated
Patrick Poitras (pfpoitras)
description: updated
Stas Boukarev (stassats)
Changed in sbcl:
status: New → Fix Committed
Christophe Rhodes (csr21-cantab)
Changed in sbcl:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.