Reproducible segfault on Apple Silicon #43285

tlbtlbtlb · 2021-12-01T16:37:38Z

I can reproduce it reliably, and have tracked it down to what seems like an ARM code generation bug.

julia> versioninfo()
Julia Version 1.7.0
Commit 3bf9d17731 (2021-11-30 12:12 UTC)
Platform Info:
  OS: macOS (arm64-apple-darwin21.1.0)
  CPU: Apple M1 Max
  WORD_SIZE: 64
  LIBM: libopenlibm
  LLVM: libLLVM-12.0.1 (ORCJIT, cyclone)

julia> using WGLMakie

julia> fig=Figure()

julia> ax1 = Axis(fig[1, 1])

signal (11): Segmentation fault: 11
in expression starting at REPL[3]:1
^ at ./math.jl:0 [inlined]
bounding_order_of_magnitude at /Users/tlb/.julia/packages/PlotUtils/VgXdq/src/ticks.jl:14
optimize_ticks_typed at /Users/tlb/.julia/packages/PlotUtils/VgXdq/src/ticks.jl:161
#optimize_ticks#42 at /Users/tlb/.julia/packages/PlotUtils/VgXdq/src/ticks.jl:139 [inlined]
optimize_ticks##kw at /Users/tlb/.julia/packages/PlotUtils/VgXdq/src/ticks.jl:138 [inlined]
get_tickvalues at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/ticklocators/wilkinson.jl:21 [inlined]
get_tickvalues at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/ticklocators/wilkinson.jl:17 [inlined]
get_tickvalues at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/lineaxis.jl:459
get_ticks at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/lineaxis.jl:453
unknown function (ip: 0x12e27c4cb)
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
#191 at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/lineaxis.jl:187
unknown function (ip: 0x12e26d457)
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
do_apply at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
#lift#61 at /Users/tlb/.julia/packages/Makie/gQOQF/src/interaction/nodes.jl:13
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
do_apply at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
lift at /Users/tlb/.julia/packages/Makie/gQOQF/src/interaction/nodes.jl:10
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
#LineAxis#181 at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/lineaxis.jl:185
Type##kw at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/lineaxis.jl:3
unknown function (ip: 0x12e1e945b)
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
#layoutable#251 at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/layoutables/axis.jl:211
layoutable at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/layoutables/axis.jl:10 [inlined]
#_layoutable#11 at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/layoutables.jl:69 [inlined]
_layoutable at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/layoutables.jl:69 [inlined]
#_layoutable#10 at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/layoutables.jl:64
_layoutable at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/layoutables.jl:60 [inlined]
#_#9 at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/layoutables.jl:49 [inlined]
Layoutable at /Users/tlb/.julia/packages/Makie/gQOQF/src/makielayout/layoutables.jl:49
unknown function (ip: 0x12e1492d7)
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
do_call at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
eval_body at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
jl_interpret_toplevel_thunk at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
jl_toplevel_eval_flex at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
jl_toplevel_eval_flex at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
jl_toplevel_eval_in at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
eval at ./boot.jl:373 [inlined]
eval_user_input at /Users/administrator/src/julia/usr/share/julia/stdlib/v1.7/REPL/src/REPL.jl:150
repl_backend_loop at /Users/administrator/src/julia/usr/share/julia/stdlib/v1.7/REPL/src/REPL.jl:244
start_repl_backend at /Users/administrator/src/julia/usr/share/julia/stdlib/v1.7/REPL/src/REPL.jl:229
#run_repl#47 at /Users/administrator/src/julia/usr/share/julia/stdlib/v1.7/REPL/src/REPL.jl:362
run_repl at /Users/administrator/src/julia/usr/share/julia/stdlib/v1.7/REPL/src/REPL.jl:349
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
#930 at ./client.jl:394
jfptr_YY.930_43775 at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/sys.dylib (unknown line)
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
jl_f__call_latest at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
#invokelatest#2 at ./essentials.jl:716 [inlined]
invokelatest at ./essentials.jl:714 [inlined]
run_main_repl at ./client.jl:379
exec_options at ./client.jl:309
_start at ./client.jl:495
jl_sysimg_fvars_base at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/sys.dylib (unknown line)
jl_apply_generic at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
true_main at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
jl_repl_entrypoint at /Applications/Julia-1.7arm.app/Contents/Resources/julia/lib/julia/libjulia-internal.1.7.dylib (unknown line)
Allocations: 163411336 (Pool: 163378481; Big: 32855); GC: 91

The line where it's crashing is:

    while xspan < base^a * one_dt

Looking with lldb, it's segfaulting on an ldrb instruction (marked with a -> below). The base address in x19 derives from an adrp instruction, so it's some kind of immediate data relative to the PC.

Segfault is error: memory read failed for 0xee4e2400.

    0x10fc9f878: stp    d13, d12, [sp, #-0x70]!
    0x10fc9f87c: stp    d11, d10, [sp, #0x10]
    0x10fc9f880: stp    d9, d8, [sp, #0x20]
    0x10fc9f884: stp    x24, x23, [sp, #0x30]
    0x10fc9f888: stp    x22, x21, [sp, #0x40]
    0x10fc9f88c: stp    x20, x19, [sp, #0x50]
    0x10fc9f890: stp    x29, x30, [sp, #0x60]
    0x10fc9f894: mov.16b v8, v1
    0x10fc9f898: mov.16b v9, v0
    0x10fc9f89c: fmul   d10, d1, d1
    0x10fc9f8a0: fmul   d11, d10, d1
    0x10fc9f8a4: fmov   d0, #1.00000000
    0x10fc9f8a8: mov    w8, #0x3
    0x10fc9f8ac: adrp   x20, 0
    0x10fc9f8b0: ldr    x20, [x20, #0xa80]
    0x10fc9f8b4: adrp   x19, -137149
    0x10fc9f8b8: add    x19, x19, #0x410          ; =0x410
    0x10fc9f8bc: fdiv   d12, d0, d1
    0x10fc9f8c0: b      0x10fc9f8d4
    0x10fc9f8c4: mov.16b v0, v8
    0x10fc9f8c8: fcmp   d0, d9
    0x10fc9f8cc: mov    x8, x22
    0x10fc9f8d0: b.le   0x10fc9f920
    0x10fc9f8d4: sub    x22, x8, #0x1             ; =0x1
    0x10fc9f8d8: cmp    x22, #0x4                 ; =0x4
    0x10fc9f8dc: b.hi   0x10fc9f8fc
    0x10fc9f8e0: adr    x8, #-0x1c
->  0x10fc9f8e4: ldrb   w9, [x19, x22]
    0x10fc9f8e8: add    x8, x8, x9, lsl #2
    0x10fc9f8ec: fmov   d0, #1.00000000
    0x10fc9f8f0: br     x8
    0x10fc9f8f4: mov.16b v0, v12
    0x10fc9f8f8: b      0x10fc9f8c8
    0x10fc9f8fc: sub    x8, x8, #0x2              ; =0x2
    0x10fc9f900: scvtf  d1, x8
    0x10fc9f904: mov.16b v0, v8
    0x10fc9f908: blr    x20
    0x10fc9f90c: b      0x10fc9f8c8
    0x10fc9f910: mov.16b v0, v10
    0x10fc9f914: b      0x10fc9f8c8
    0x10fc9f918: mov.16b v0, v11
    0x10fc9f91c: b      0x10fc9f8c8
    0x10fc9f920: mov    x19, #0x0
    0x10fc9f924: sub    x21, x22, #0x1            ; =0x1

I can see the calculation of x19 seems to be as instructed (the -137149 below is the argument to the adrp instruction). The adrp instruction masks the bottom 11 bits of the PC and adds its operand shifted left 12 bits.

(lldb) reg read x19
     x19 = 0x00000000ee4e2410
(lldb) p/x (0x000000010fc9f8e4 & ~0xfff) + 0x1000*(-137149) + 0x410
(long) $9 = 0x00000000ee4e2410

And x22 is 2. But -137149 * 4096 seems like a strangely large offset! It's well outside the current code segment:

(lldb) reg read pc
      pc = 0x000000010fc9f8e4
(lldb) mem region 0x000000010fc9f8e4
[0x000000010f99c000-0x000000010fd9c000) r-x

Thus, I suspect an error in ARM code generation for fetching PC-relative data.

The text was updated successfully, but these errors were encountered:

giordano · 2021-12-01T17:45:27Z

Duplicate of #41440

tlbtlbtlb · 2021-12-01T19:33:12Z

Duplicate of #41440

Yes, also very close to #42295, especially the disassembly at #42295 (comment)

giordano · 2021-12-01T19:35:33Z

Yes, it was noted already that #41440 and #42295 are basically the same issue 😉

…ll code model This fixes JuliaLang#41440, JuliaLang#43285 and similar issues, which stem from CodeModel::Large not being correctly implemented on MachO/ARM64. Requires LLVM 13.x or Git main (tested: 1dd5e6fed5db with patches from the JuliaLang/llvm-project julia-release/13.x branch, available at https://github.com/dnadlinger/llvm-project/commits/julia-main). Requires an LLVM patch to pass through __eh_frame unwind information, without which backtraces silently won't work: llvm/llvm-project#52921 ``` diff --git a/llvm/lib/ExecutionEngine/JITLink/MachO_arm64.cpp b/llvm/lib/ExecutionEngine/JITLink/MachO_arm64.cpp index f2a029d35cd5..4d958b302ff9 100644 --- a/llvm/lib/ExecutionEngine/JITLink/MachO_arm64.cpp +++ b/llvm/lib/ExecutionEngine/JITLink/MachO_arm64.cpp @@ -705,6 +705,10 @@ void link_MachO_arm64(std::unique_ptr<LinkGraph> G, Config.PrePrunePasses.push_back( CompactUnwindSplitter("__LD,__compact_unwind")); + Config.PrePrunePasses.push_back(EHFrameSplitter("__TEXT,__eh_frame")); + Config.PrePrunePasses.push_back(EHFrameEdgeFixer("__TEXT,__eh_frame", + 8, Delta64, Delta32, NegDelta32)); + // Add an in-place GOT/Stubs pass. Config.PostPrunePasses.push_back( PerGraphGOTAndPLTStubsBuilder_MachO_arm64::asPass); ```

…ll code model This fixes JuliaLang#41440, JuliaLang#43285 and similar issues, which stem from CodeModel::Large not being correctly implemented on MachO/ARM64. Requires LLVM 13.x or Git main (tested: 1dd5e6fed5db with patches from the JuliaLang/llvm-project julia-release/13.x branch, available at https://github.com/dnadlinger/llvm-project/commits/julia-main). Requires an LLVM patch to pass through __eh_frame unwind information, without which backtraces silently won't work (already applied on JuliaLang/llvm-project@julia-release/13.x): llvm/llvm-project#52921

Keno · 2022-01-20T01:09:43Z

Fixed by #43664

…ll code model This fixes JuliaLang#41440, JuliaLang#43285 and similar issues, which stem from CodeModel::Large not being correctly implemented on MachO/ARM64. Requires LLVM 13.x or Git main (tested: 1dd5e6fed5db with patches from the JuliaLang/llvm-project julia-release/13.x branch, available at https://github.com/dnadlinger/llvm-project/commits/julia-main). Requires an LLVM patch to pass through __eh_frame unwind information, without which backtraces silently won't work (already applied on JuliaLang/llvm-project@julia-release/13.x): llvm/llvm-project#52921

ViralBShah added the system:apple silicon Affects Apple Silicon only (Darwin/ARM64) - e.g. M1 and other M-series chips label Dec 2, 2021

dnadlinger mentioned this issue Jan 5, 2022

Switch aarch64-darwin codegen to JITLink (ObjectLinkingLayer) and small code model #43664

Merged

giordano mentioned this issue Jan 20, 2022

Random segmentation fault associated with usage of Plots.jl on macOS arm64 #43866

Closed

Keno closed this as completed Jan 20, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reproducible segfault on Apple Silicon #43285

Reproducible segfault on Apple Silicon #43285

tlbtlbtlb commented Dec 1, 2021

giordano commented Dec 1, 2021

tlbtlbtlb commented Dec 1, 2021

giordano commented Dec 1, 2021

Keno commented Jan 20, 2022

Reproducible segfault on Apple Silicon #43285

Reproducible segfault on Apple Silicon #43285

Comments

tlbtlbtlb commented Dec 1, 2021

giordano commented Dec 1, 2021

tlbtlbtlb commented Dec 1, 2021

giordano commented Dec 1, 2021

Keno commented Jan 20, 2022