http://bugzilla.novell.com/show_bug.cgi?id=1092877
http://bugzilla.novell.com/show_bug.cgi?id=1092877#c11
--- Comment #11 from Michael Matz ---
It's definitely the memcpy/memmove involved there. From some gdb session:
Breakpoint 6, 0x00007ffff7b79b90 in __mempcpy_avx512_no_vzeroupper () from
/lib64/libc.so.6
(gdb) p/x $rdi
$91 = 0x7ffff7f95fad
(gdb) p/x $rsi
$92 = 0x7ffff7fc7fad
(gdb) p $rdx
$93 = 97699
(gdb) p/x $rsi-102301
$94 = 0x7ffff7faf010
(gdb) p/x $rdi-102301
$95 = 0x7ffff7f7d010
(gdb) p ((char*)$94)[0]@200000
$97 = 'x'
(gdb) p ((char*)$95)[0]@200000
$98 = 'x' ...
So, this is the last block copying involved. Parts of the final destination
string are already constructed (the first 102300 bytes). The full source
string
(at $rsi-102301) correctly consists of 200000 'x'. The destination string
already has 102301 'x'. The copy destination ($rdi) points to dest+102301,
i.e. exactly after all the 'x' that are already there. This copy operation
hence should copy a further 97699 bytes from source+102301, which are all 'x'.
So, finishing this copy operation, and looking at the destination string again:
(gdb) finish
Run till exit from #0 0x00007ffff7b79b90 in __mempcpy_avx512_no_vzeroupper ()
from /lib64/libc.so.6
0x00007ffff7a9753c in __GI__IO_default_xsputn () from /lib64/libc.so.6
(gdb) p ((char*)$95)[0]@200000
$99 = 'x' ...
(gdb) p ((char*)$95)[102301]@200000
$100 = '\000' , 'x' ...
So, there are zeros where there should be 'x'. And what's more, after the 83
zeros (that shouldn't be there), there are 97744 'x' characters. Which is
actually more than the amount that should have been copied (the above 97699
from the memcpy call). So, not only did it insert zeros, it also wrote
more 'x'. The number of 'x' is too large by 45, plus the number of zeros (83),
so that's overall 128 bytes too large, which is a nice round power of two, and
the width of two avx512 registers.
Probably, given the above numbers one can construct a memcpy testcase that
breaks similarly. It probably would require using the same mis-alignment
of the input pointers and same size (or misalignment of that size), to trigger
the same code paths.
--
You are receiving this mail because:
You are on the CC list for the bug.