[ubuntu-mono] [Bug 798315] [NEW] Unsafe type-punning causes alignment faults on armel

Dave Martin dave.martin at linaro.org
Thu Jun 16 16:36:45 UTC 2011 

Public bug reported:

Binary package hint: gtk-sharp2

An attempted string comparison optimisation in the generated glue code
in gtk-sharp2 casts strings to 64-bit integer pointers and tries to
dereference them, violating the alignment requirements for type-casts
specified by ISO C.

The affected code is the HAS_PREFIX() macro generated from
generator/GenerationInfo.cs

On armel, 64-bit integer types must be 64-bit aligned, and the compiler
is allowed to assume this when generating code which dereferences 64-bit
pointers.  The resulting alignment faults are trapped by the kernel and
the affected instructions are silently emulated, but this may cost
thousands of cycles per affected instruction in userspace.

Possible fixes include:
 * Implement HAS_PREFIX() in a safe, ISO-compliant way using memcmp() (tested; this works)
 * Implement HAS_PREFIX() using pointers to a packed structure type containing a 64-bit integer instead of pointers to a bare 64-bit integer type
 * Write inline assembler for ARM which uses LDR instructions to load the data to be compared.  These can natively do unaligned access, whereas the 64-bit LDRD instructions the compiler currently generates cannot.
 * Arrange for the strings compared always to have the appropriate alignment (may be difficult?)

To reproduce:

Enable logging of alignment faults:
# echo 3 >/proc/cpu/alignment

$ banshee &
[...]

$ dmesg
[...]
[  150.543599] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x00636319 FSR 0x001
[  150.543636] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x006362ee FSR 0x001
[  150.544446] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x00834177 FSR 0x001
[  150.544472] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x00834081 FSR 0x001
[  150.544495] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x00833faa FSR 0x001


Version info:

The bug was observed in natty, but it is believed to affect other
versions too.

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 11.04
Release:	11.04
Codename:	natty
$ apt-cache policy libgtk2.0-cil
 w3m http://releaseslibgtk2.0-cil:
  Installed: 2.12.10-1ubuntu1
  Candidate: 2.12.10-1ubuntu1
  Version table:
 *** 2.12.10-1ubuntu1 0
        990 http://ports.ubuntu.com/ubuntu-ports/ natty/main armel Packages
        100 /var/lib/dpkg/status
     2.12.10-1 0
        500 http://ports.ubuntu.com/ubuntu-ports/ maverick/main armel Packages

$ apt-cache policy banshee
banshee:
  Installed: 2.0.0-2ubuntu1
  Candidate: 2.0.0-2ubuntu1
  Version table:
 *** 2.0.0-2ubuntu1 0
        990 http://ports.ubuntu.com/ubuntu-ports/ natty/main armel Packages
        100 /var/lib/dpkg/status
     1.8.1-0ubuntu1 0
        500 http://ports.ubuntu.com/ubuntu-ports/ maverick-updates/universe armel Packages
     1.7.6-0ubuntu1 0
        500 http://ports.ubuntu.com/ubuntu-ports/ maverick/universe armel Packages

** Affects: gtk-sharp2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: armel

-- 
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is subscribed to gtk-sharp2 in Ubuntu.
https://bugs.launchpad.net/bugs/798315

Title:
  Unsafe type-punning causes alignment faults on armel

Status in “gtk-sharp2” package in Ubuntu:
  New

Bug description:
  Binary package hint: gtk-sharp2

  An attempted string comparison optimisation in the generated glue code
  in gtk-sharp2 casts strings to 64-bit integer pointers and tries to
  dereference them, violating the alignment requirements for type-casts
  specified by ISO C.

  The affected code is the HAS_PREFIX() macro generated from
  generator/GenerationInfo.cs

  On armel, 64-bit integer types must be 64-bit aligned, and the
  compiler is allowed to assume this when generating code which
  dereferences 64-bit pointers.  The resulting alignment faults are
  trapped by the kernel and the affected instructions are silently
  emulated, but this may cost thousands of cycles per affected
  instruction in userspace.

  Possible fixes include:
   * Implement HAS_PREFIX() in a safe, ISO-compliant way using memcmp() (tested; this works)
   * Implement HAS_PREFIX() using pointers to a packed structure type containing a 64-bit integer instead of pointers to a bare 64-bit integer type
   * Write inline assembler for ARM which uses LDR instructions to load the data to be compared.  These can natively do unaligned access, whereas the 64-bit LDRD instructions the compiler currently generates cannot.
   * Arrange for the strings compared always to have the appropriate alignment (may be difficult?)

  To reproduce:

  Enable logging of alignment faults:
  # echo 3 >/proc/cpu/alignment

  $ banshee &
  [...]

  $ dmesg
  [...]
  [  150.543599] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
  ress=0x00636319 FSR 0x001
  [  150.543636] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
  ress=0x006362ee FSR 0x001
  [  150.544446] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
  ress=0x00834177 FSR 0x001
  [  150.544472] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
  ress=0x00834081 FSR 0x001
  [  150.544495] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
  ress=0x00833faa FSR 0x001

  
  Version info:

  The bug was observed in natty, but it is believed to affect other
  versions too.

  $ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Ubuntu
  Description:	Ubuntu 11.04
  Release:	11.04
  Codename:	natty
  $ apt-cache policy libgtk2.0-cil
   w3m http://releaseslibgtk2.0-cil:
    Installed: 2.12.10-1ubuntu1
    Candidate: 2.12.10-1ubuntu1
    Version table:
   *** 2.12.10-1ubuntu1 0
          990 http://ports.ubuntu.com/ubuntu-ports/ natty/main armel Packages
          100 /var/lib/dpkg/status
       2.12.10-1 0
          500 http://ports.ubuntu.com/ubuntu-ports/ maverick/main armel Packages

  $ apt-cache policy banshee
  banshee:
    Installed: 2.0.0-2ubuntu1
    Candidate: 2.0.0-2ubuntu1
    Version table:
   *** 2.0.0-2ubuntu1 0
          990 http://ports.ubuntu.com/ubuntu-ports/ natty/main armel Packages
          100 /var/lib/dpkg/status
       1.8.1-0ubuntu1 0
          500 http://ports.ubuntu.com/ubuntu-ports/ maverick-updates/universe armel Packages
       1.7.6-0ubuntu1 0
          500 http://ports.ubuntu.com/ubuntu-ports/ maverick/universe armel Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk-sharp2/+bug/798315/+subscriptions

More information about the Ubuntu-mono mailing list