From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14434
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Rich Felker <dalias@libc.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: qsort() issue on ARM
Date: Tue, 23 Jul 2019 10:24:39 -0400
Message-ID: <20190723142439.GA23142@brightrain.aerifal.cx>
References: <5d371501.1c69fb81.faf79.0578@mx.google.com>
Reply-To: musl@lists.openwall.com
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="37070"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: musl@lists.openwall.com
To: "piotr.krzysztof.gawel" <piotr.krzysztof.gawel@gmail.com>
Original-X-From: musl-return-14450-gllmg-musl=m.gmane.org@lists.openwall.com Tue Jul 23 16:24:57 2019
Return-path: <musl-return-14450-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <musl-return-14450-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1hpviq-0009X5-55
	for gllmg-musl@m.gmane.org; Tue, 23 Jul 2019 16:24:56 +0200
Original-Received: (qmail 28149 invoked by uid 550); 23 Jul 2019 14:24:52 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 28118 invoked from network); 23 Jul 2019 14:24:52 -0000
Content-Disposition: inline
In-Reply-To: <5d371501.1c69fb81.faf79.0578@mx.google.com>
Original-Sender: Rich Felker <dalias@aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:14434
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/14434>

On Tue, Jul 23, 2019 at 04:09:04PM +0200, piotr.krzysztof.gawel wrote:
> Hi MUSL developers,
>  
> I encountered an issue when running LTP tests on my ARM A15 machine. Tests executed with tst_timer_test where dumping cores. Further analysis of tst_timer_test.c file led me to qsort() function which they call. Their
>  code relies on sorted array.
> I wrote a sample application which you may find in attachment. Here is the output from that tool on my machine:
> # /media/qsort
> Before sorting:
> 00: 100126
> 01: 100193
> 02: 100143
> 03: 100131
> 04: 100129
> 05: 100129
> 06: 100128
> 07: 100128
> 08: 100125
> 09: 100125
>  
> Samples number: 10, width: 8
>    cmp: comparing 100143 with 100126 (0)
>    ...
>    cmp: comparing 100143 with 100131 (0)
>    cmp: comparing 100126 with 100193 (1)
>  
>  
> After sorting:
> 00: 100193
> 01: 100126
> 02: 100143
> 03: 100131
> 04: 100129
> 05: 100129
> 06: 100128
> 07: 100128
> 08: 100125
> 09: 100125
> Before sorting:
> 00: 100126
> 01: 100193
> 02: 100143
> 03: 100131
> 04: 100129
> 05: 100129
> 06: 100128
> 07: 100128
> 08: 100125
> 09: 100125
>  
> Samples number: 10, width: 8
>    cmp: comparing 100143 with 100126 (0)
> ...
>    cmp: comparing 100126 with 100193 (1)
>  
>  
> After sorting:
> 00: 100193
> 01: 100126
> 02: 100143
> 03: 100131
> 04: 100129
> 05: 100129
> 06: 100128
> 07: 100128
> 08: 100125
> 09: 100125
>  
> Observations from that output:
> 
> comparison function works as expectedarray is sorted from max to min
> value as expected except second item (index 01) which looks like a
> bugarray on heap and stack presents exactly the same problem
>  
> In case of LTP, the issue was more random – it was not always second
> item in wrong position, items were more disordered.
> When I compiled the testing app for my PC (x86_64) with GNU libc
> (Ubuntu), array was sorted correctly.
>  
> I use gcc toolchain from Yocto. Whole image, including toolchain,
> LTP and musl are built with Yocto.
>  
> Thanks for any help or suggestion in advance! I’m looking forward to
> hear from you if this is machine/architecture related issue, or if
> you can see it also in your system. Please also add me to replies if
> possible since I am not subscribed to mailing list.

Their code just has undefined behavior by violating the contract of
qsort with the cmp function they submit to it:

https://github.com/linux-test-project/ltp/blob/4053a2551b926d372dd47485f7381ec3fa19772a/lib/tst_timer_test.c#L170

qsort requires that the comparison return a negative, zero, or
positive value depending on whether the relationship is less-than,
equal, or greater-than. In particular, if cmp(a,b) is positive,
cmp(b,a) must be negative, and vice versa. In one direction,
cmp(100126,100193) is reporting them unequal, while in the other
direction, cmp(100193,100126) is reporting them equal.

FYI, LTP (and the OPTS code lots of it is derived from) has *lots* of
UB/invalid-tests...

Rich