Big band playing

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Big band playing

Kostis Sagonas-2
We have been playing with CutEr (https://github.com/aggelgian/cuter), a
Concolic unit testing tool for Erlang, and discovered the following bug
in the implementation of bitwise and (band/2) operator:

Erlang/OTP 21 [erts-10.2] [source-2bf2b70] [64-bit] [smp:8:8]
[ds:8:8:10] [async-threads:1] [hipe] [sharing-preserving]

Eshell V10.2  (abort with ^G)
1> (-1299341865233935136534120785510400) band (-1).
-1299341865233953583278194495062016


which is the wrong result, of course.

Most likely, it has existed forever.

Kostis
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Big band playing

Mikael Pettersson-5
On Fri, Dec 14, 2018 at 4:32 PM Kostis Sagonas <[hidden email]> wrote:

>
> We have been playing with CutEr (https://github.com/aggelgian/cuter), a
> Concolic unit testing tool for Erlang, and discovered the following bug
> in the implementation of bitwise and (band/2) operator:
>
> Erlang/OTP 21 [erts-10.2] [source-2bf2b70] [64-bit] [smp:8:8]
> [ds:8:8:10] [async-threads:1] [hipe] [sharing-preserving]
>
> Eshell V10.2  (abort with ^G)
> 1> (-1299341865233935136534120785510400) band (-1).
> -1299341865233953583278194495062016
>
>
> which is the wrong result, of course.
>
> Most likely, it has existed forever.

Looks like an old bug, I was able to reproduce it with every release
back to R16B03 (R15B03 wouldn't build due to perl errors).

It's a single-bit error where the least significant bit of the most
significant word (in the bignum representation) gets set.  The call
chain in big.c is big_band() -> I_band() -> I_btrail() -> D_add(),
that D_add() gets 1 as initial carry, and that's what's setting the
bit incorrectly.

I might look a little further, but this needs the eyes of someone more
familiar with the bignum code.

/Mikael
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Big band playing

Kostis Sagonas-2
On 12/15/18 7:30 PM, Mikael Pettersson wrote:

> On Fri, Dec 14, 2018 at 4:32 PM Kostis Sagonas<[hidden email]>  wrote:
>> We have been playing with CutEr (https://github.com/aggelgian/cuter), a
>> Concolic unit testing tool for Erlang, and discovered the following bug
>> in the implementation of bitwise and (band/2) operator:
>>
>> Erlang/OTP 21 [erts-10.2] [source-2bf2b70] [64-bit] [smp:8:8]
>> [ds:8:8:10] [async-threads:1] [hipe] [sharing-preserving]
>>
>> Eshell V10.2  (abort with ^G)
>> 1> (-1299341865233935136534120785510400) band (-1).
>> -1299341865233953583278194495062016
>>
>>
>> which is the wrong result, of course.
>>
>> Most likely, it has existed forever.
> Looks like an old bug, I was able to reproduce it with every release
> back to R16B03 (R15B03 wouldn't build due to perl errors).

I was able to reproduce this on an old R12 version that I still have around:

Erlang (BEAM) emulator version 5.6.5 [source] [64-bit] [smp:64]
[async-threads:0] [hipe] [kernel-poll:false]

Eshell V5.6.5  (abort with ^G)
1> (-1299341865233935136534120785510400) band (-1).
-1299341865233953583278194495062016


I would not be surprised if this bug existed even before Erlang/OTP
became open source.

Kostis
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Big band playing

Mikael Pettersson-5
On Sat, Dec 15, 2018 at 8:19 PM Kostis Sagonas <[hidden email]> wrote:

>
> On 12/15/18 7:30 PM, Mikael Pettersson wrote:
> > On Fri, Dec 14, 2018 at 4:32 PM Kostis Sagonas<[hidden email]>  wrote:
> >> We have been playing with CutEr (https://github.com/aggelgian/cuter), a
> >> Concolic unit testing tool for Erlang, and discovered the following bug
> >> in the implementation of bitwise and (band/2) operator:
> >>
> >> Erlang/OTP 21 [erts-10.2] [source-2bf2b70] [64-bit] [smp:8:8]
> >> [ds:8:8:10] [async-threads:1] [hipe] [sharing-preserving]
> >>
> >> Eshell V10.2  (abort with ^G)
> >> 1> (-1299341865233935136534120785510400) band (-1).
> >> -1299341865233953583278194495062016
> >>
> >>
> >> which is the wrong result, of course.
> >>
> >> Most likely, it has existed forever.
> > Looks like an old bug, I was able to reproduce it with every release
> > back to R16B03 (R15B03 wouldn't build due to perl errors).
>
> I was able to reproduce this on an old R12 version that I still have around:
>
> Erlang (BEAM) emulator version 5.6.5 [source] [64-bit] [smp:64]
> [async-threads:0] [hipe] [kernel-poll:false]
>
> Eshell V5.6.5  (abort with ^G)
> 1> (-1299341865233935136534120785510400) band (-1).
> -1299341865233953583278194495062016
>
>
> I would not be surprised if this bug existed even before Erlang/OTP
> became open source.

I did some more debugging, but wasn't able to pin-point the error (I
have two suspects, but the big.c code is non-obvious so it's difficult
to tell).
Anyway, I opened https://bugs.erlang.org/browse/ERL-804 for this
issue, linking back to your original post here.

/Mikael
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Big band playing

Richard Carlsson-3
These days (since version 6, 2014), the GNU Multiple Precision Library (https://gmplib.org/) is available under LGPL v3, which is compatible with the Apache 2.0 license that Erlang is using (since OTP 18, 2015). Perhaps it would be a good idea to start using the heavily optimized GMP code now instead of Erlang's own bignum implementation. At least, to make it a build time option.

        /Richard


Den sön 16 dec. 2018 kl 19:08 skrev Mikael Pettersson <[hidden email]>:
On Sat, Dec 15, 2018 at 8:19 PM Kostis Sagonas <[hidden email]> wrote:
>
> On 12/15/18 7:30 PM, Mikael Pettersson wrote:
> > On Fri, Dec 14, 2018 at 4:32 PM Kostis Sagonas<[hidden email]>  wrote:
> >> We have been playing with CutEr (https://github.com/aggelgian/cuter), a
> >> Concolic unit testing tool for Erlang, and discovered the following bug
> >> in the implementation of bitwise and (band/2) operator:
> >>
> >> Erlang/OTP 21 [erts-10.2] [source-2bf2b70] [64-bit] [smp:8:8]
> >> [ds:8:8:10] [async-threads:1] [hipe] [sharing-preserving]
> >>
> >> Eshell V10.2  (abort with ^G)
> >> 1> (-1299341865233935136534120785510400) band (-1).
> >> -1299341865233953583278194495062016
> >>
> >>
> >> which is the wrong result, of course.
> >>
> >> Most likely, it has existed forever.
> > Looks like an old bug, I was able to reproduce it with every release
> > back to R16B03 (R15B03 wouldn't build due to perl errors).
>
> I was able to reproduce this on an old R12 version that I still have around:
>
> Erlang (BEAM) emulator version 5.6.5 [source] [64-bit] [smp:64]
> [async-threads:0] [hipe] [kernel-poll:false]
>
> Eshell V5.6.5  (abort with ^G)
> 1> (-1299341865233935136534120785510400) band (-1).
> -1299341865233953583278194495062016
>
>
> I would not be surprised if this bug existed even before Erlang/OTP
> became open source.

I did some more debugging, but wasn't able to pin-point the error (I
have two suspects, but the big.c code is non-obvious so it's difficult
to tell).
Anyway, I opened https://bugs.erlang.org/browse/ERL-804 for this
issue, linking back to your original post here.

/Mikael
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Big band playing

Matthias Lang
In reply to this post by Kostis Sagonas-2
On 15. December 2018, Kostis Sagonas wrote:

> I was able to reproduce this on an old R12 version that I still have around:
>
> Erlang (BEAM) emulator version 5.6.5 [source] [64-bit] [smp:64]
> [async-threads:0] [hipe] [kernel-poll:false]
>
> Eshell V5.6.5  (abort with ^G)
> 1> (-1299341865233935136534120785510400) band (-1).
> -1299341865233953583278194495062016
>
> I would not be surprised if this bug existed even before Erlang/OTP became
> open source.

I can't go back that far, but I can get closer.

We have a rack with a reference system for every model we've sold.
The oldest is a big-endian 50 MHz PPC from 2002. Re-flashing that with
the oldest firmware I can easily install:

  Eshell V5.1.2  (abort with ^G)
  1> init:script_id().
  {"OTP  APN 181 01","R8B"}
  2> (-1299341865233935136534120785510400) band (-1).
  -1299341865233935136534120785575936
  % -0x4010000000000000000000010000

On newer (relatively) hardware (a little-endian 32-bit ARM):

  Erlang R14B03 (erts-5.8.4) [source] [rq:1] [async-threads:0] [kernel-poll:false]
  1> (-1299341865233935136534120785510400) band (-1).
  -1299341865233935136534125080477696
  % -0x4010000000000000000100000000

Same Erlang version but on 64-bit Intel hardware:

  Erlang R14B03 (erts-5.8.4) [source] [64-bit] [smp:16:16] [rq:16] [async-threads:0] [hipe] [kernel-poll:false]

  Eshell V5.8.4  (abort with ^G)
  1> (-1299341865233935136534120785510400) band (-1).
  -1299341865233953583278194495062016
  % -0x4010000000010000000000000000

Matthias
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Big band playing

Sverker Eriksson-5
On fre, 2018-12-21 at 00:26 +0100, Matthias Lang wrote:

> On 15. December 2018, Kostis Sagonas wrote:
>
> >
> > I was able to reproduce this on an old R12 version that I still have around:
> >
> > Erlang (BEAM) emulator version 5.6.5 [source] [64-bit] [smp:64]
> > [async-threads:0] [hipe] [kernel-poll:false]
> >
> > Eshell V5.6.5  (abort with ^G)
> > 1> (-1299341865233935136534120785510400) band (-1).
> > -1299341865233953583278194495062016
> >
> > I would not be surprised if this bug existed even before Erlang/OTP became
> > open source.
> I can't go back that far, but I can get closer.
>
> We have a rack with a reference system for every model we've sold.
> The oldest is a big-endian 50 MHz PPC from 2002. Re-flashing that with
> the oldest firmware I can easily install:
>
>   Eshell V5.1.2  (abort with ^G)
>   1> init:script_id().
>   {"OTP  APN 181 01","R8B"}
>   2> (-1299341865233935136534120785510400) band (-1).
>   -1299341865233935136534120785575936
>   % -0x4010000000000000000000010000
>
> On newer (relatively) hardware (a little-endian 32-bit ARM):
>
>   Erlang R14B03 (erts-5.8.4) [source] [rq:1] [async-threads:0] [kernel-
> poll:false]
>   1> (-1299341865233935136534120785510400) band (-1).
>   -1299341865233935136534125080477696
>   % -0x4010000000000000000100000000
>
> Same Erlang version but on 64-bit Intel hardware:
>
>   Erlang R14B03 (erts-5.8.4) [source] [64-bit] [smp:16:16] [rq:16] [async-
> threads:0] [hipe] [kernel-poll:false]
>
>   Eshell V5.8.4  (abort with ^G)
>   1> (-1299341865233935136534120785510400) band (-1).
>   -1299341865233953583278194495062016
>   % -0x4010000000010000000000000000
>

And now the Big Buggy Band finally gone silent in OTP-21.2.1:

Erlang/OTP 21 [erts-10.2.1] [source] [64-bit] [smp:24:24] [ds:24:24:10] [async-
threads:1] [hipe]

Eshell V10.2.1  (abort with ^G)
1> (-1299341865233935136534120785510400) band (-1).
-1299341865233935136534120785510400


/Sverker

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions