Opened 2 hours ago

Last modified 2 hours ago

#11251 new defect

riscv64: SIGILL on hardware without the zbb extension

Reported by: Steven Keuchel Owned by:
Priority: normal Component: avutil
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary:

Compiling ffmpeg for riscv64 and running the testsuite on hardware that does not support the zbb extensions results in a failure of libavutil/tests/integer which crashes with a SIGILL. GDB

Program received signal SIGILL, Illegal instruction.
ff_log2_rv (x=<optimized out>) at ./libavutil/riscv/intmath.h:191
191	   return 31 - ff_clz_rv(x | 1);
(gdb) bt
#0  ff_log2_rv (x=<optimized out>) at ./libavutil/riscv/intmath.h:191
#1  main () at libavutil/tests/integer.c:44
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x2aaaab05e4 to 0x2aaaab0624:
   0x0000002aaaab05e4 <main+114>:	auipc	s6,0x32
   0x0000002aaaab05e8 <main+118>:	addi	s6,s6,-372 # 0x2aaaae2470 <ff_rv_zbb_supported>
   0x0000002aaaab05ec <main+122>:	addi	s8,s8,-1554
   0x0000002aaaab05f0 <main+126>:	addi	s7,s7,637
   0x0000002aaaab05f4 <main+130>:	mv	s9,a2
   0x0000002aaaab05f6 <main+132>:	sd	t3,24(sp)
   0x0000002aaaab05f8 <main+134>:	sd	t1,32(sp)
   0x0000002aaaab05fa <main+136>:	sd	a7,40(sp)
   0x0000002aaaab05fc <main+138>:	sd	a6,48(sp)
   0x0000002aaaab05fe <main+140>:	sd	t6,56(sp)
   0x0000002aaaab0600 <main+142>:	ori	a5,s10,1
=> 0x0000002aaaab0604 <main+146>:	.insn	4, 0x6007971b
   0x0000002aaaab0608 <main+150>:	slli	a5,a5,0x20
   0x0000002aaaab060a <main+152>:	srli	a5,a5,0x20
   0x0000002aaaab060c <main+154>:	sd	a5,0(sp)
   0x0000002aaaab060e <main+156>:	sext.w	a5,a4
   0x0000002aaaab0612 <main+160>:	srai	s3,s10,0x9
   0x0000002aaaab0616 <main+164>:	srai	s4,s10,0x11
   0x0000002aaaab061a <main+168>:	mv	s2,s9
   0x0000002aaaab061c <main+170>:	li	s0,3
   0x0000002aaaab061e <main+172>:	sd	a5,8(sp)
   0x0000002aaaab0620 <main+174>:	sd	s9,16(sp)
   0x0000002aaaab0622 <main+176>:	j	0x2aaaab068c <main+282>
End of assembler dump.
(gdb) i r
ra             0x3ff7df97cc	0x3ff7df97cc <__libc_start_call_main+96>
sp             0x3ffffff080	0x3ffffff080
gp             0x2aaaae2800	0x2aaaae2800 <buffer+896>
tp             0x3ff7dd0780	0x3ff7dd0780
t0             0x2aaaabd82a	183252015146
t1             0x155c34d2	358364370
t2             0xa46	2630
fp             0x3ffffff310	0x3ffffff310
s1             0xe00	3584
a0             0x1	1
a1             0x3ffffff378	274877903736
a2             0x15	21
a3             0x0	0
a4             0x3ff7ffdd08	274743680264
a5             0x7	7
a6             0x9add	39645
a7             0x673e00	6766080
s2             0x1	1
s3             0x0	0
s4             0x2aaaad9388	183252128648
s5             0xe0000	917504
s6             0x2aaaae2470	183252165744
s7             0x100227d	16786045
s8             0x69ee	27118
s9             0x15	21
s10            0x7	7
s11            0x2e582	189826
t3             0x339f	13215
t4             0x0	0
t5             0x3	3
t6             0x10016d1	16783057
pc             0x2aaaab0604	0x2aaaab0604 <main+146>
(gdb) print ff_rv_zbb_supported 
$1 = 0 '\000'

The offending instruction .insn 4, 0x6007971b gdb has trouble decoding is clzw a4,a5 which is part of the zbb extension to the RISC-V ISA. It seems the branching of the runtime check for the availability of the zbb extensions has been compiled away and that instruction is always executed even when not supported by the hardware.

Steps to reproduce (on hardware without zbb):

./configure
make fate-integer

Version:

ffmpeg version N-117612-gc98810ab47 Copyright (c) 2000-2024 the FFmpeg developers
  built with gcc 13 (Ubuntu 13.2.0-23ubuntu4)

Change History (1)

comment:1 by Steven Keuchel, 2 hours ago

Component: undeterminedavutil
Note: See TracTickets for help on using tickets.