search

dart-lang / sdk

The Dart SDK, including the VM, JS and Wasm compilers, analysis, core libraries, and more.
https://dart.dev
BSD 3-Clause "New" or "Revised" License
10.11k stars 1.57k forks source link

DebugSIMARM: error: expected: (result_exp >= 1) && (result_exp <= 252) #39890

Open fizaaluthra opened 4 years ago

fizaaluthra commented 4 years ago 
Isolate (/b/s/w/itd0vUIx/dart_fuzzXTSGDK) FP NO-FFI FLAT : KBC-MIX-O3-DET-DebugIA32 - JIT-MARKSWEEPEVERY-1045-SLOWPATH-DebugSIMARM: !DIVERGENCE! 1.82:2084780151 (0 vs -6)

fail2:
-6
foo0() throws
var57.foo0_Extension0() throws
var40.foo1_Extension0() throws
(var40).foo1_Extension1() throws
fooE2(var96).foo2_Extension0() throws
var96.foo2_Extension1() throws
fooE2(var96).foo2_Extension2() throws
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
Stack Overflow
(var79).foo4_Extension0() throws
(var79).foo4_Extension1() throws
X0() throws
(X0()).foo0_Extension1 throws

../../runtime/vm/constants_arm.cc: 45: error: expected: (result_exp >= 1) && (result_exp <= 252)
version=2.8.0-edge.b92fefdfe9717b42359bc45dab51211927609920 (Fri Dec 20 03:26:29 2019 +0000) on "linux_simarm"
thread=23795, isolate=main(0x485c700)
Stack dump aborted because GetAndValidateThreadStackBounds failed.

-- BEGIN REPRODUCE  --

DART SDK REVISION: 

dartfuzz.dart --fp --no-ffi --flat --seed 2084780151 /b/s/w/itd0vUIx/dart_fuzzXTSGDK/fuzz.dart

-- RUN 1 --

/b/s/w/ir/pkg/vm/tool/gen_kernel --gen-bytecode --platform=/b/s/w/ir/out/DebugIA32/vm_platform_strong.dill -o /b/s/w/itd0vUIx/dart_fuzzXTSGDK/out.dill /b/s/w/itd0vUIx/dart_fuzzXTSGDK/fuzz.dart
/b/s/w/ir/out/DebugIA32/dart --enable-interpreter --optimization_level=3 --deterministic --old_gen_heap_size=128 /b/s/w/itd0vUIx/dart_fuzzXTSGDK/out.dill

-- RUN 2 --

/b/s/w/ir/out/DebugSIMARM/dart --gc_every=1045 --use_compactor=false --use-slow-path --old_gen_heap_size=128 /b/s/w/itd0vUIx/dart_fuzzXTSGDK/fuzz.dart

-- END REPRODUCE  --

Was able to reproduce on commit 43f74824c2f10806c92143b0bb5c2c3bea58c7a0

bkonyi commented 4 years ago

It looks like this is failing in ReciprocalEstimate with an extremely small negative number. I'm guessing this should result in an infinity result, but I can't be sure.

GDB output from ReciprocalEstimate:

(gdb) print result_exp
$1 = 253 // This needs to be in the range [1,252]
(gdb) print a
$2 = -6.58610278e-44
(gdb) print a_bits
$3 = 2147483695
(gdb) print a_bits >> 23
$4 = 256
(gdb) print (a_bits >> 23) & 0xff
$5 = 0

@mraleph can you take a look? We're seeing a lot of these failures from the fuzzer.

bkonyi commented 4 years ago

Reproduction case: fuzz.dart.txt. Should work without any flags: out/DebugSIMARM/dart fuzz.dart

bkonyi commented 4 years ago

Minimal reproduction:

import 'dart:typed_data';

main() {
  Float32x4(1,1,1,1) / Float32x4.fromInt32x4Bits(Int32x4(1, 1, 1, 1));
}
mraleph commented 4 years ago

It is a denormalized number and we expect denormalized numbers to not occur in this context.