all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* HAVE_FAST_UNALIGNED_ACCESS
@ 2023-03-30  9:34 Robert Pluim
  2023-03-30 10:26 ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
                   ` (2 more replies)
  0 siblings, 3 replies; 28+ messages in thread
From: Robert Pluim @ 2023-03-30  9:34 UTC (permalink / raw)
  To: emacs-devel; +Cc: Po Lu


Sending this on behalf of Po Lu, whoʼs still having email problems:

Fstring_lessp has:

/* Check whether the platform allows access to unaligned addresses for
   size_t integers without trapping or undue penalty (a few cycles is OK).

   This whitelist is incomplete but since it is only used to improve
   performance, omitting cases is safe.  */
#if defined __x86_64__|| defined __amd64__	\
    || defined __i386__ || defined __i386	\
    || defined __arm64__ || defined __aarch64__	\
    || defined __powerpc__ || defined __powerpc	\
    || defined __ppc__ || defined __ppc		\
    || defined __s390__ || defined __s390x__
#define HAVE_FAST_UNALIGNED_ACCESS 1
#else
#define HAVE_FAST_UNALIGNED_ACCESS 0
#endif

but even if unaligned access is normally permitted by a machine, it is
still undefined behavior to dereference an unaligned pointer.

Instead, HAVE_FAST_UNALIGNED_ACCESS and UNALIGNED_LOAD_SIZE should be
removed and memcpy used instead:

  word_t a, c;

  memcpy (&a, w1 + b / ws, sizeof a);
  memcpy (&c, w2 + b / ws, sizeof c);

doing so will make the compiler itself generate the right sequence of
instructions for performing unaligned accesses, normally with only a few
cycles penalty.  Some RISCs have explicit ``load unaligned''
instructions, and others (such as MIPS and the Alpha) need special
sequences of instructions to perform such loads, and the compiler will
DTRT.

I would like to install such a change on emacs-29.  Emacs currently
crashes when built with various compilers performing pointer alignment
checks.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-30  9:34 HAVE_FAST_UNALIGNED_ACCESS Robert Pluim
@ 2023-03-30 10:26 ` Eli Zaretskii
  2023-03-30 11:09   ` HAVE_FAST_UNALIGNED_ACCESS Sam James
  2023-03-30 12:18   ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
  2023-03-30 10:28 ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
  2023-03-30 11:38 ` HAVE_FAST_UNALIGNED_ACCESS Vibhav Pant
  2 siblings, 2 replies; 28+ messages in thread
From: Eli Zaretskii @ 2023-03-30 10:26 UTC (permalink / raw)
  To: Robert Pluim; +Cc: emacs-devel, luangruo

> From: Robert Pluim <rpluim@gmail.com>
> Cc: Po Lu <luangruo@yahoo.com>
> Date: Thu, 30 Mar 2023 11:34:42 +0200
> 
> Fstring_lessp has:
> 
> /* Check whether the platform allows access to unaligned addresses for
>    size_t integers without trapping or undue penalty (a few cycles is OK).
> 
>    This whitelist is incomplete but since it is only used to improve
>    performance, omitting cases is safe.  */
> #if defined __x86_64__|| defined __amd64__	\
>     || defined __i386__ || defined __i386	\
>     || defined __arm64__ || defined __aarch64__	\
>     || defined __powerpc__ || defined __powerpc	\
>     || defined __ppc__ || defined __ppc		\
>     || defined __s390__ || defined __s390x__
> #define HAVE_FAST_UNALIGNED_ACCESS 1
> #else
> #define HAVE_FAST_UNALIGNED_ACCESS 0
> #endif
> 
> but even if unaligned access is normally permitted by a machine, it is
> still undefined behavior to dereference an unaligned pointer.

This is incorrect.  There's nothing undefined about x86 unaligned
accesses.  C standards can regard this as UB, but we are using
machine-specific knowledge here (and Emacs cannot be built with a
strict adherence to C standards anyway).

> Instead, HAVE_FAST_UNALIGNED_ACCESS and UNALIGNED_LOAD_SIZE should be
> removed and memcpy used instead:
> 
>   word_t a, c;
> 
>   memcpy (&a, w1 + b / ws, sizeof a);
>   memcpy (&c, w2 + b / ws, sizeof c);
> 
> doing so will make the compiler itself generate the right sequence of
> instructions for performing unaligned accesses, normally with only a few
> cycles penalty.

We don't want that penalty here, that's all.

> I would like to install such a change on emacs-29.

No, please don't.

> Emacs currently crashes when built with various compilers performing
> pointer alignment checks.

Details, please.  Which compilers, on what platforms, for what target
architectures, etc.  Unconditionally removing the fast copy there is a
non-starter.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-30  9:34 HAVE_FAST_UNALIGNED_ACCESS Robert Pluim
  2023-03-30 10:26 ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-03-30 10:28 ` Mattias Engdegård
  2023-03-30 11:38 ` HAVE_FAST_UNALIGNED_ACCESS Vibhav Pant
  2 siblings, 0 replies; 28+ messages in thread
From: Mattias Engdegård @ 2023-03-30 10:28 UTC (permalink / raw)
  To: Robert Pluim; +Cc: emacs-devel, Po Lu

30 mars 2023 kl. 11.34 skrev Robert Pluim <rpluim@gmail.com>:

> but even if unaligned access is normally permitted by a machine, it is
> still undefined behavior to dereference an unaligned pointer.

That's not necessarily a problem; we have plenty of formally undefined behaviour. What's important is whether we can be confident that it works.

> Instead, HAVE_FAST_UNALIGNED_ACCESS and UNALIGNED_LOAD_SIZE should be
> removed and memcpy used instead:

No, this isn't something we should be doing at all unless the platform allows fast unaligned access.

Ideally we shouldn't do any of this nonsense but I haven't worked out how to get the autovectorisers to kick in.

> Emacs currently
> crashes when built with various compilers performing pointer alignment
> checks.

Which compilers, exactly?




^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-30 10:26 ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-03-30 11:09   ` Sam James
  2023-03-30 12:18   ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
  1 sibling, 0 replies; 28+ messages in thread
From: Sam James @ 2023-03-30 11:09 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: Robert Pluim, luangruo, emacs-devel

[-- Attachment #1: Type: text/plain, Size: 2483 bytes --]


Eli Zaretskii <eliz@gnu.org> writes:

>> From: Robert Pluim <rpluim@gmail.com>
>> Cc: Po Lu <luangruo@yahoo.com>
>> Date: Thu, 30 Mar 2023 11:34:42 +0200
>> 
>> Fstring_lessp has:
>> 
>> /* Check whether the platform allows access to unaligned addresses for
>>    size_t integers without trapping or undue penalty (a few cycles is OK).
>> 
>>    This whitelist is incomplete but since it is only used to improve
>>    performance, omitting cases is safe.  */
>> #if defined __x86_64__|| defined __amd64__	\
>>     || defined __i386__ || defined __i386	\
>>     || defined __arm64__ || defined __aarch64__	\
>>     || defined __powerpc__ || defined __powerpc	\
>>     || defined __ppc__ || defined __ppc		\
>>     || defined __s390__ || defined __s390x__
>> #define HAVE_FAST_UNALIGNED_ACCESS 1
>> #else
>> #define HAVE_FAST_UNALIGNED_ACCESS 0
>> #endif
>> 
>> but even if unaligned access is normally permitted by a machine, it is
>> still undefined behavior to dereference an unaligned pointer.
>
> This is incorrect.  There's nothing undefined about x86 unaligned
> accesses.  C standards can regard this as UB, but we are using
> machine-specific knowledge here (and Emacs cannot be built with a
> strict adherence to C standards anyway).

Things can still go wrong on x86, particularly with SIMD:
https://pzemtsov.github.io/2016/11/06/bug-story-alignment-on-x86.html.

>
>> Instead, HAVE_FAST_UNALIGNED_ACCESS and UNALIGNED_LOAD_SIZE should be
>> removed and memcpy used instead:
>> 
>>   word_t a, c;
>> 
>>   memcpy (&a, w1 + b / ws, sizeof a);
>>   memcpy (&c, w2 + b / ws, sizeof c);
>> 
>> doing so will make the compiler itself generate the right sequence of
>> instructions for performing unaligned accesses, normally with only a few
>> cycles penalty.
>
> We don't want that penalty here, that's all.
>
>> I would like to install such a change on emacs-29.
>
> No, please don't.
>
>> Emacs currently crashes when built with various compilers performing
>> pointer alignment checks.
>
> Details, please.  Which compilers, on what platforms, for what target
> architectures, etc.  Unconditionally removing the fast copy there is a
> non-starter.

I imagine they're referring to UBSAN. Emacs may want to add an
annotation where HAVE_FAST_UNALIGNED_ACCESS is used.

But for modern compilers, they will indeed DTRT anyway when they
see memcpy.

See https://github.com/WayneD/rsync/pull/428 for an example.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 377 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-30  9:34 HAVE_FAST_UNALIGNED_ACCESS Robert Pluim
  2023-03-30 10:26 ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  2023-03-30 10:28 ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
@ 2023-03-30 11:38 ` Vibhav Pant
  2023-03-31 16:57   ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
  2 siblings, 1 reply; 28+ messages in thread
From: Vibhav Pant @ 2023-03-30 11:38 UTC (permalink / raw)
  To: Robert Pluim, emacs-devel; +Cc: Po Lu

[-- Attachment #1: Type: text/plain, Size: 1256 bytes --]

On Thu, 2023-03-30 at 11:34 +0200, Robert Pluim wrote:
> Instead, HAVE_FAST_UNALIGNED_ACCESS and UNALIGNED_LOAD_SIZE should be
> removed and memcpy used instead:
> 
>   word_t a, c;
> 
>   memcpy (&a, w1 + b / ws, sizeof a);
>   memcpy (&c, w2 + b / ws, sizeof c);
> 

I had recently made a few modifications to this on master. There,
Fstring_lessp in uses the macro UNALIGNED_LOAD_SIZE instead, which is
defined to __sanitizer_unaligned_loadXX in lisp.h if:

* We're building with AddressSaniziter,
* <sanitizer/common_interface_defs.h> is available, and
* USE_SANITIZER_UNALIGNED_LOAD is defined.

> I would like to install such a change on emacs-29.  Emacs currently
> crashes when built with various compilers performing pointer
> alignment
> checks.

Instead of removing the code entirely, you could try modifying the
macro definition by getting rid of the AddressSanitizer ifdef, and
building with USE_SANITIZER_UNALIGNED_LOAD.  In theory, this should
make the load not crash with other sanitizers as well. If that works, I
imagine that would be a slightly more acceptable change to install into
emacs-29.

Best,
Vibhav
-- 
Vibhav Pant
vibhavp@gmail.com
GPG: 7ED1 D48C 513C A024 BE3A  785F E3FB 28CB 6AB5 9598

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-30 10:26 ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  2023-03-30 11:09   ` HAVE_FAST_UNALIGNED_ACCESS Sam James
@ 2023-03-30 12:18   ` Arsen Arsenović
       [not found]     ` <87v8ihu3t8.fsf@yahoo.com>
  2023-03-31 17:29     ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
  1 sibling, 2 replies; 28+ messages in thread
From: Arsen Arsenović @ 2023-03-30 12:18 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: Robert Pluim, luangruo, emacs-devel, Sam James

[-- Attachment #1: Type: text/plain, Size: 4978 bytes --]

Hi Eli,

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Robert Pluim <rpluim@gmail.com>
>> Cc: Po Lu <luangruo@yahoo.com>
>> Date: Thu, 30 Mar 2023 11:34:42 +0200
>> 
>> Fstring_lessp has:
>> 
>> /* Check whether the platform allows access to unaligned addresses for
>>    size_t integers without trapping or undue penalty (a few cycles is OK).
>> 
>>    This whitelist is incomplete but since it is only used to improve
>>    performance, omitting cases is safe.  */
>> #if defined __x86_64__|| defined __amd64__	\
>>     || defined __i386__ || defined __i386	\
>>     || defined __arm64__ || defined __aarch64__	\
>>     || defined __powerpc__ || defined __powerpc	\
>>     || defined __ppc__ || defined __ppc		\
>>     || defined __s390__ || defined __s390x__
>> #define HAVE_FAST_UNALIGNED_ACCESS 1
>> #else
>> #define HAVE_FAST_UNALIGNED_ACCESS 0
>> #endif
>> 
>> but even if unaligned access is normally permitted by a machine, it is
>> still undefined behavior to dereference an unaligned pointer.
>
> This is incorrect.  There's nothing undefined about x86 unaligned
> accesses.  C standards can regard this as UB, but we are using
> machine-specific knowledge here

You're making a faulty assumption here, there's no guarantee that such
an access happens at all.

You're, of course, right in that an x86 CPU will have no (visible)
qualms about making such a mov, but you're also assuming that the
compiler emits a mov.  This is not guaranteed anywhere, and guaranteeing
so would be terrible for optimization in general.

As an example, the compiler is free to, for instance, vectorize a loop,
emitting instructions that very much have alignment checking even on
x86 (the loop in question is very much parallelizable and vectorizable,
as it feels like a textbook example of such operations).

> (and Emacs cannot be built with a strict adherence to C standards
> anyway).

That is indeed correct; there's, however, a difference in how necessary
it is here (and I argue it is not, with reasoning presented below).

>> Instead, HAVE_FAST_UNALIGNED_ACCESS and UNALIGNED_LOAD_SIZE should be
>> removed and memcpy used instead:
>> 
>>   word_t a, c;
>> 
>>   memcpy (&a, w1 + b / ws, sizeof a);
>>   memcpy (&c, w2 + b / ws, sizeof c);
>> 
>> doing so will make the compiler itself generate the right sequence of
>> instructions for performing unaligned accesses, normally with only a few
>> cycles penalty.
>
> We don't want that penalty here, that's all.

At any optimization level, you don't get one (on x86_64).  I haven't
checked -O0, as it's not worth using (rather, one should use
-O2/-O3/-Og/-Oz).

>> I would like to install such a change on emacs-29.
>
> No, please don't.
>
>> Emacs currently crashes when built with various compilers performing
>> pointer alignment checks.
>
> Details, please.  Which compilers, on what platforms, for what target
> architectures, etc.

Sam presented a decent example (though, sanitizers seem to have been
taken into account in this particular example).

> Unconditionally removing the fast copy there is a non-starter.

You're assuming that alternatives to these "fast" accesses are slow -
they are not.  The following code...

  int
  f_broken (void* x)
  {
      return *((int*)x);
  }
  
  int
  f (void* x)
  {
      int v;
      memcpy (&v, x, sizeof (v));
      return v;
  }

... generates the following code on gcc 12.2.0 with -O1...

  f_broken:
          movl    (%rdi), %eax
          ret
  f:
          movl    (%rdi), %eax
          ret

As a matter of fact, implementing a "skip common prefix" loop with just
chars results in code /shorter/ code on the same compiler (and does not
violate aliasing rules, since the data FAM is a char one).  Some other
portable methods could include Duff's device (using memcpy loads), or
word-size memcmp calls in a loop.

IMO, it is quite a fault in the compiler if Emacs needs to resort to
such hacks (and even if we accept that as something that is our problem,
we should have an abstraction boundary on it).

Note that I did not try hacking Emacs code to benchmark the actual thing
being discussed (as I am not in a position to do so conveniently at the
moment), but I invite you to try that and reconsider removing such code.
Even in the case there is a penalty to this change, I'd argue it is far
better for us to fix that in GCC or implement it a "skip common prefix"
function in Gnulib (so that it's behind a layer of abstraction) rather
than placing this assumption implicitly in this function.

I suspect the least intrusive change possible would emit the same code
as the current implementation, that change being merely using memcpy to
load the words rather than direct dereferences, except in the cases
where the current code is entirely broken, and correct code isn't.

Thanks in advance, have a lovely day.
-- 
Arsen Arsenović

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 251 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
       [not found]     ` <87v8ihu3t8.fsf@yahoo.com>
@ 2023-03-31  7:15       ` Robert Pluim
  2023-03-31  7:45       ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
  1 sibling, 0 replies; 28+ messages in thread
From: Robert Pluim @ 2023-03-31  7:15 UTC (permalink / raw)
  To: Po Lu; +Cc: Arsen Arsenović, Eli Zaretskii, emacs-devel, Sam James

>>>>> On Fri, 31 Mar 2023 09:06:59 +0800, Po Lu <luangruo@yahoo.com> said:

    Po Lu> Robert, Arsen, did you get my earlier replies to Mattias and Eli?
    Po Lu> They included one example of GCC generating code with alignment
    Po Lu> requirements on x86_64.

    Po Lu> This morning I woke up to messages from the mailer saying that they
    Po Lu> could not be delivered to Eli and the list.  So if you got them, would
    Po Lu> you please forward them to their intended recipients?

I got them, but theyʼve not shown up in gmane. Iʼve forwarded them.

Perhaps itʼs time to change email provider.

Robert
-- 



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
       [not found]     ` <87v8ihu3t8.fsf@yahoo.com>
  2023-03-31  7:15       ` HAVE_FAST_UNALIGNED_ACCESS Robert Pluim
@ 2023-03-31  7:45       ` Arsen Arsenović
  1 sibling, 0 replies; 28+ messages in thread
From: Arsen Arsenović @ 2023-03-31  7:45 UTC (permalink / raw)
  To: Po Lu; +Cc: Eli Zaretskii, Robert Pluim, emacs-devel, Sam James

[-- Attachment #1: Type: text/plain, Size: 559 bytes --]

Morning Po,

Po Lu <luangruo@yahoo.com> writes:

> Robert, Arsen, did you get my earlier replies to Mattias and Eli?
> They included one example of GCC generating code with alignment
> requirements on x86_64.
>
> This morning I woke up to messages from the mailer saying that they
> could not be delivered to Eli and the list.  So if you got them, would
> you please forward them to their intended recipients?

I've also not received them at all, and don't see them on GNU archives.
I did receive the forward from Robert.
-- 
Arsen Arsenović

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 381 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-30 11:38 ` HAVE_FAST_UNALIGNED_ACCESS Vibhav Pant
@ 2023-03-31 16:57   ` Mattias Engdegård
  2023-03-31 17:59     ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  0 siblings, 1 reply; 28+ messages in thread
From: Mattias Engdegård @ 2023-03-31 16:57 UTC (permalink / raw)
  To: Vibhav Pant; +Cc: Robert Pluim, Eli Zaretskii, emacs-devel, Po Lu

[-- Attachment #1: Type: text/plain, Size: 829 bytes --]

30 mars 2023 kl. 13.38 skrev Vibhav Pant <vibhavp@gmail.com>:

> I had recently made a few modifications to this on master. There,
> Fstring_lessp in uses the macro UNALIGNED_LOAD_SIZE instead, which is
> defined to __sanitizer_unaligned_loadXX in lisp.h if:
> 
> * We're building with AddressSaniziter,
> * <sanitizer/common_interface_defs.h> is available, and
> * USE_SANITIZER_UNALIGNED_LOAD is defined.

Thank you for making this improvement earlier -- I think using memcpy would subsume __sanitizer_unaligned_loadXX, so I'm going with that in my patch.
Another approach would be to disable this poor man's vectorisation when the sanitiser is enabled but that shouldn't be necessary.

The vectorisation is still only made on specific platforms, of course.

Eli, would this patch be acceptable for emacs-29?


[-- Attachment #2: string-lessp-uni-multi.diff --]
[-- Type: application/octet-stream, Size: 942 bytes --]

diff --git a/src/fns.c b/src/fns.c
index f5f222c39c..292d6fc405 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -514,7 +514,23 @@ DEFUN ("string-lessp", Fstring_lessp, Sstring_lessp, 2, 2, 0,
   else
     {
       /* string1 unibyte, string2 multibyte */
-      ptrdiff_t i1 = 0, i2 = 0, i2_byte = 0;
+
+      ptrdiff_t nb1 = n;
+      ptrdiff_t nb2 = SBYTES (string2);
+      ptrdiff_t nb = min (nb1, nb2);
+
+      /* Skip identical ASCII-only prefixes, a word at a time.  */
+      typedef size_t word_t;
+      int ws = sizeof (word_t);
+      word_t msbits = (word_t)0x8080808080808080;
+      const word_t *w1 = (const word_t *) SDATA (string1);
+      const word_t *w2 = (const word_t *) SDATA (string2);
+      ptrdiff_t b = 0;
+      while (b < nb - ws + 1 && w1[b / ws] == w2[b / ws]
+	     && !(w1[b / ws] & msbits))
+	b += ws;
+
+      ptrdiff_t i1 = b, i2 = b, i2_byte = b;
       while (i1 < n)
 	{
 	  int c1 = SREF (string1, i1++);

^ permalink raw reply related	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-30 12:18   ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
       [not found]     ` <87v8ihu3t8.fsf@yahoo.com>
@ 2023-03-31 17:29     ` Mattias Engdegård
  2023-03-31 20:13       ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
  1 sibling, 1 reply; 28+ messages in thread
From: Mattias Engdegård @ 2023-03-31 17:29 UTC (permalink / raw)
  To: Arsen Arsenović
  Cc: Eli Zaretskii, Robert Pluim, luangruo, emacs-devel, Sam James

30 mars 2023 kl. 14.18 skrev Arsen Arsenović <arsen@aarsen.me>:

> As an example, the compiler is free to, for instance, vectorize a loop,
> emitting instructions that very much have alignment checking even on
> x86 (the loop in question is very much parallelizable and vectorizable,
> as it feels like a textbook example of such operations).

If only. Then we wouldn't have this problem, would we.




^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-31 16:57   ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
@ 2023-03-31 17:59     ` Eli Zaretskii
  2023-03-31 18:03       ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
  0 siblings, 1 reply; 28+ messages in thread
From: Eli Zaretskii @ 2023-03-31 17:59 UTC (permalink / raw)
  To: Mattias Engdegård; +Cc: vibhavp, rpluim, emacs-devel, luangruo

> From: Mattias Engdegård <mattias.engdegard@gmail.com>
> Date: Fri, 31 Mar 2023 18:57:41 +0200
> Cc: Robert Pluim <rpluim@gmail.com>,
>  Eli Zaretskii <eliz@gnu.org>,
>  emacs-devel <emacs-devel@gnu.org>,
>  Po Lu <luangruo@yahoo.com>
> 
> Eli, would this patch be acceptable for emacs-29?

Sorry, no.  It's too late for such adventures on the release branch.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-31 17:59     ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-03-31 18:03       ` Mattias Engdegård
  2023-03-31 18:12         ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  2023-04-01  0:45         ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
  0 siblings, 2 replies; 28+ messages in thread
From: Mattias Engdegård @ 2023-03-31 18:03 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: vibhavp, rpluim, emacs-devel, luangruo

31 mars 2023 kl. 19.59 skrev Eli Zaretskii <eliz@gnu.org>:

>> Eli, would this patch be acceptable for emacs-29?
> 
> Sorry, no.  It's too late for such adventures on the release branch.

That's fine with me; I just got the impression that there was a request for building Emacs with a sanitiser on that branch.
I'll apply it to master.




^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-31 18:03       ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
@ 2023-03-31 18:12         ` Eli Zaretskii
  2023-04-01  0:45         ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
  1 sibling, 0 replies; 28+ messages in thread
From: Eli Zaretskii @ 2023-03-31 18:12 UTC (permalink / raw)
  To: Mattias Engdegård; +Cc: vibhavp, rpluim, emacs-devel, luangruo

> From: Mattias Engdegård <mattias.engdegard@gmail.com>
> Date: Fri, 31 Mar 2023 20:03:52 +0200
> Cc: vibhavp@gmail.com,
>  rpluim@gmail.com,
>  emacs-devel@gnu.org,
>  luangruo@yahoo.com
> 
> 31 mars 2023 kl. 19.59 skrev Eli Zaretskii <eliz@gnu.org>:
> 
> >> Eli, would this patch be acceptable for emacs-29?
> > 
> > Sorry, no.  It's too late for such adventures on the release branch.
> 
> That's fine with me; I just got the impression that there was a request for building Emacs with a sanitiser on that branch.

People who want to do that can always apply the patch locally.  My
main worry is about those who will build the release tarballs, and
those are unlikely to build with sanitizer.

> I'll apply it to master.

Thanks.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-31 17:29     ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
@ 2023-03-31 20:13       ` Arsen Arsenović
  0 siblings, 0 replies; 28+ messages in thread
From: Arsen Arsenović @ 2023-03-31 20:13 UTC (permalink / raw)
  To: Mattias Engdegård
  Cc: Eli Zaretskii, Robert Pluim, luangruo, emacs-devel, Sam James

[-- Attachment #1: Type: text/plain, Size: 684 bytes --]


Mattias Engdegård <mattiase@acm.org> writes:

> 30 mars 2023 kl. 14.18 skrev Arsen Arsenović <arsen@aarsen.me>:
>
>> As an example, the compiler is free to, for instance, vectorize a loop,
>> emitting instructions that very much have alignment checking even on
>> x86 (the loop in question is very much parallelizable and vectorizable,
>> as it feels like a textbook example of such operations).
>
> If only. Then we wouldn't have this problem, would we.

Free to, not required to ;)

Thanks for pushing your patch.  I'm still unsure if the machine specific
knowledge here helps, but this is an improvement nonetheless.

Have a lovely day.
-- 
Arsen Arsenović

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 381 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-03-31 18:03       ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
  2023-03-31 18:12         ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-04-01  0:45         ` Po Lu
  2023-04-01  5:43           ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  1 sibling, 1 reply; 28+ messages in thread
From: Po Lu @ 2023-04-01  0:45 UTC (permalink / raw)
  To: Mattias Engdegård; +Cc: Eli Zaretskii, vibhavp, rpluim, emacs-devel

Mattias Engdegård <mattias.engdegard@gmail.com> writes:

> That's fine with me; I just got the impression that there was a
> request for building Emacs with a sanitiser on that branch.

> I'll apply it to master.

NO!!

My request is for you to avoid such highly problematic undefined
behavior on either branch.  I posted an example of GCC generating
code with alignment requirements on x86_64, and Robert should have sent
it to you as well.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01  0:45         ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
@ 2023-04-01  5:43           ` Eli Zaretskii
  2023-04-01  6:31             ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
  0 siblings, 1 reply; 28+ messages in thread
From: Eli Zaretskii @ 2023-04-01  5:43 UTC (permalink / raw)
  To: Po Lu; +Cc: mattias.engdegard, vibhavp, rpluim, emacs-devel

> From: Po Lu <luangruo@yahoo.com>
> Cc: Eli Zaretskii <eliz@gnu.org>,  vibhavp@gmail.com,  rpluim@gmail.com,
>  emacs-devel@gnu.org
> Date: Sat, 01 Apr 2023 08:45:24 +0800
> 
> Mattias Engdegård <mattias.engdegard@gmail.com> writes:
> 
> > That's fine with me; I just got the impression that there was a
> > request for building Emacs with a sanitiser on that branch.
> 
> > I'll apply it to master.
> 
> NO!!
> 
> My request is for you to avoid such highly problematic undefined
> behavior on either branch.

I've read your request, and decided not to apply this to the release
branch.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01  5:43           ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-04-01  6:31             ` Po Lu
  2023-04-01  6:39               ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  0 siblings, 1 reply; 28+ messages in thread
From: Po Lu @ 2023-04-01  6:31 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: mattias.engdegard, vibhavp, rpluim, emacs-devel

Eli Zaretskii <eliz@gnu.org> writes:

> I've read your request, and decided not to apply this to the release
> branch.

Even if GCC 13 (or GCC 14) generates incorrect code for the function?



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01  6:31             ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
@ 2023-04-01  6:39               ` Eli Zaretskii
  2023-04-01  7:42                 ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
  0 siblings, 1 reply; 28+ messages in thread
From: Eli Zaretskii @ 2023-04-01  6:39 UTC (permalink / raw)
  To: Po Lu; +Cc: mattias.engdegard, vibhavp, rpluim, emacs-devel

> From: Po Lu <luangruo@yahoo.com>
> Cc: mattias.engdegard@gmail.com,  vibhavp@gmail.com,  rpluim@gmail.com,
>   emacs-devel@gnu.org
> Date: Sat, 01 Apr 2023 14:31:06 +0800
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> > I've read your request, and decided not to apply this to the release
> > branch.
> 
> Even if GCC 13 (or GCC 14) generates incorrect code for the function?

I don't want to make changes on the release branch without a positive
evidence that the existing code causes verifiable problems.  And even
then I prefer to make changes only for platforms where those problems
happen.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01  6:39               ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-04-01  7:42                 ` Mattias Engdegård
  2023-04-01  8:19                   ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  0 siblings, 1 reply; 28+ messages in thread
From: Mattias Engdegård @ 2023-04-01  7:42 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: Po Lu, vibhavp, rpluim, emacs-devel

[-- Attachment #1: Type: text/plain, Size: 481 bytes --]

1 apr. 2023 kl. 08.39 skrev Eli Zaretskii <eliz@gnu.org>:

> I don't want to make changes on the release branch without a positive
> evidence that the existing code causes verifiable problems.  And even
> then I prefer to make changes only for platforms where those problems
> happen.

I'm not overly worried about the code, but to put this matter to rest, what about simply dropping the vectorisation altogether, on all platforms, in Emacs 29? That should be very safe.


[-- Attachment #2: drop-string-lessp-vectorisation.diff --]
[-- Type: application/octet-stream, Size: 1818 bytes --]

diff --git a/src/fns.c b/src/fns.c
index ff364c65e26..95c4d2c028c 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -438,22 +438,6 @@ DEFUN ("compare-strings", Fcompare_strings, Scompare_strings, 6, 7, 0,
   return Qt;
 }
 
-/* Check whether the platform allows access to unaligned addresses for
-   size_t integers without trapping or undue penalty (a few cycles is OK).
-
-   This whitelist is incomplete but since it is only used to improve
-   performance, omitting cases is safe.  */
-#if defined __x86_64__|| defined __amd64__	\
-    || defined __i386__ || defined __i386	\
-    || defined __arm64__ || defined __aarch64__	\
-    || defined __powerpc__ || defined __powerpc	\
-    || defined __ppc__ || defined __ppc		\
-    || defined __s390__ || defined __s390x__
-#define HAVE_FAST_UNALIGNED_ACCESS 1
-#else
-#define HAVE_FAST_UNALIGNED_ACCESS 0
-#endif
-
 DEFUN ("string-lessp", Fstring_lessp, Sstring_lessp, 2, 2, 0,
        doc: /* Return non-nil if STRING1 is less than STRING2 in lexicographic order.
 Case is significant.
@@ -491,20 +475,6 @@ DEFUN ("string-lessp", Fstring_lessp, Sstring_lessp, 2, 2, 0,
       ptrdiff_t nb = min (nb1, nb2);
       ptrdiff_t b = 0;
 
-      /* String data is normally allocated with word alignment, but
-	 there are exceptions (notably pure strings) so we restrict the
-	 wordwise skipping to safe architectures.  */
-      if (HAVE_FAST_UNALIGNED_ACCESS)
-	{
-	  /* First compare entire machine words.  */
-	  typedef size_t word_t;
-	  int ws = sizeof (word_t);
-	  const word_t *w1 = (const word_t *) SDATA (string1);
-	  const word_t *w2 = (const word_t *) SDATA (string2);
-	  while (b < nb - ws + 1 && w1[b / ws] == w2[b / ws])
-	    b += ws;
-	}
-
       /* Scan forward to the differing byte.  */
       while (b < nb && SREF (string1, b) == SREF (string2, b))
 	b++;

^ permalink raw reply related	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01  7:42                 ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
@ 2023-04-01  8:19                   ` Eli Zaretskii
  2023-04-01  9:17                     ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
  0 siblings, 1 reply; 28+ messages in thread
From: Eli Zaretskii @ 2023-04-01  8:19 UTC (permalink / raw)
  To: Mattias Engdegård; +Cc: luangruo, vibhavp, rpluim, emacs-devel

> From: Mattias Engdegård <mattias.engdegard@gmail.com>
> Date: Sat, 1 Apr 2023 09:42:53 +0200
> Cc: Po Lu <luangruo@yahoo.com>,
>  vibhavp@gmail.com,
>  rpluim@gmail.com,
>  emacs-devel@gnu.org
> 
> 1 apr. 2023 kl. 08.39 skrev Eli Zaretskii <eliz@gnu.org>:
> 
> > I don't want to make changes on the release branch without a positive
> > evidence that the existing code causes verifiable problems.  And even
> > then I prefer to make changes only for platforms where those problems
> > happen.
> 
> I'm not overly worried about the code, but to put this matter to rest, what about simply dropping the vectorisation altogether, on all platforms, in Emacs 29? That should be very safe.

From my POV, the safest code is the one we have, because that have
lived for many moons and have been used by many people, with no
problems reported so far.  Which is why I said above that I want to
see verifiable problems with the existing code, and understand those
problems well enough, before I will agree to such non-trivial changes
on the release branch

IOW, "best engineering practices" are for master; on the release
branch, using existing code proven by time takes precedence, because
our ability to predict consequences is limited.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01  8:19                   ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-04-01  9:17                     ` Po Lu
  2023-04-01 11:25                       ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  0 siblings, 1 reply; 28+ messages in thread
From: Po Lu @ 2023-04-01  9:17 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: Mattias Engdegård, vibhavp, rpluim, emacs-devel

Eli Zaretskii <eliz@gnu.org> writes:

> IOW, "best engineering practices" are for master; on the release
> branch, using existing code proven by time takes precedence, because
> our ability to predict consequences is limited.

This problem is not about engineering practices, but basic program
correctness.  Look at the GCC bug tracker: every release, a program
that relies on this undefined behavior becomes subtly broken, a bug
is filed against GCC, and is closed by the GCC developers, stating
that this behavior is unsupported.

Emacs 29 has been in development for less than three years... not nearly
long enough to be sure no subtle miscompilations have taken (or will
take) place.

If that's ``proven by time'', then so is this:

null_terminate (buffer, size)
  char *buffer;
{
  buffer[size] = '\0';
}

It might work for a few months, or a year, then suddenly break with a
new compiler release, or perhaps a change to malloc, or something else.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01  9:17                     ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
@ 2023-04-01 11:25                       ` Eli Zaretskii
  2023-04-01 12:59                         ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
  0 siblings, 1 reply; 28+ messages in thread
From: Eli Zaretskii @ 2023-04-01 11:25 UTC (permalink / raw)
  To: Po Lu; +Cc: mattias.engdegard, vibhavp, rpluim, emacs-devel

> From: Po Lu <luangruo@yahoo.com>
> Cc: Mattias Engdegård <mattias.engdegard@gmail.com>,
>   vibhavp@gmail.com,
>   rpluim@gmail.com,  emacs-devel@gnu.org
> Date: Sat, 01 Apr 2023 17:17:07 +0800
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> > IOW, "best engineering practices" are for master; on the release
> > branch, using existing code proven by time takes precedence, because
> > our ability to predict consequences is limited.
> 
> This problem is not about engineering practices, but basic program
> correctness.  Look at the GCC bug tracker: every release, a program
> that relies on this undefined behavior becomes subtly broken, a bug
> is filed against GCC, and is closed by the GCC developers, stating
> that this behavior is unsupported.
> 
> Emacs 29 has been in development for less than three years... not nearly
> long enough to be sure no subtle miscompilations have taken (or will
> take) place.
> 
> If that's ``proven by time'', then so is this:
> 
> null_terminate (buffer, size)
>   char *buffer;
> {
>   buffer[size] = '\0';
> }
> 
> It might work for a few months, or a year, then suddenly break with a
> new compiler release, or perhaps a change to malloc, or something else.

I'm still unconvinced, and I said already what will have a chance of
convincing me: a specific report about a problem this particular code
causes on a specific existing platform we support in Emacs 29 and with
a specific compiler.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01 11:25                       ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-04-01 12:59                         ` Arsen Arsenović
  2023-04-01 13:33                           ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  0 siblings, 1 reply; 28+ messages in thread
From: Arsen Arsenović @ 2023-04-01 12:59 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: Po Lu, mattias.engdegard, vibhavp, rpluim, emacs-devel


[-- Attachment #1.1: Type: text/plain, Size: 733 bytes --]


Eli Zaretskii <eliz@gnu.org> writes:

> I'm still unconvinced, and I said already what will have a chance of
> convincing me: a specific report about a problem this particular code
> causes on a specific existing platform we support in Emacs 29 and with
> a specific compiler.

Similar (but not exactly the same) loops as this one have been shown to
generate incorrect code in this thread.  It's not a large leap for it to
happen to this one, introducing subtle errors for a bit of code that is
completely unnecessary (as demonstrated by it being optional),
especially at higher optimization levels, where the compiler could
easily produce better code than the assumption of a 'mov' would.

Is the following trivial enough for 29?


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: [PATCH] Remove aliasing violation in Fstring_lessp --]
[-- Type: text/x-patch, Size: 1226 bytes --]

From 96d75e78358d6c2643bfb7cc65744b8a6178c9d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <arsen@aarsen.me>
Date: Sat, 1 Apr 2023 14:25:12 +0200
Subject: [PATCH] Remove aliasing violation in Fstring_lessp

* src/fns.c (Fstring_lessp) <HAVE_FAST_UNALIGNED_ACCESS>: Remove
strict aliasing violation.
---
 src/fns.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/fns.c b/src/fns.c
index ff364c6..e3e11e2 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -499,10 +499,16 @@ DEFUN ("string-lessp", Fstring_lessp, Sstring_lessp, 2, 2, 0,
 	  /* First compare entire machine words.  */
 	  typedef size_t word_t;
 	  int ws = sizeof (word_t);
-	  const word_t *w1 = (const word_t *) SDATA (string1);
-	  const word_t *w2 = (const word_t *) SDATA (string2);
-	  while (b < nb - ws + 1 && w1[b / ws] == w2[b / ws])
-	    b += ws;
+	  while (b < nb - ws + 1)
+	    {
+	      word_t w1;
+	      word_t w2;
+	      memcpy (&w1, SDATA (string1) + b, sizeof (w1));
+	      memcpy (&w2, SDATA (string2) + b, sizeof (w2));
+	      if (w1 != w2)
+		break;
+	      b += ws;
+	    }
 	}
 
       /* Scan forward to the differing byte.  */
-- 
2.40.0


[-- Attachment #1.3: Type: text/plain, Size: 492 bytes --]


.. or something similar to it, assuming I made an error, which is likely
given the circumstances.  This does pass the testsuite, anyway.  It
should just expand deferences into explicit memcpys.

No actual memcpy calls are produced, and this is at least functional on
a superset of compilers, and I suspect replacing the whole thing with a
naive-looking while (*(w1++) != *(w2++)); loop would be even better (but
I can settle for that being too experimental).
-- 
Arsen Arsenović

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 251 bytes --]

^ permalink raw reply related	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01 12:59                         ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
@ 2023-04-01 13:33                           ` Eli Zaretskii
  2023-04-01 15:22                             ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
  2023-04-02  0:48                             ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
  0 siblings, 2 replies; 28+ messages in thread
From: Eli Zaretskii @ 2023-04-01 13:33 UTC (permalink / raw)
  To: Arsen Arsenović
  Cc: luangruo, mattias.engdegard, vibhavp, rpluim, emacs-devel

> From: Arsen Arsenović <arsen@aarsen.me>
> Cc: Po Lu <luangruo@yahoo.com>, mattias.engdegard@gmail.com,
>  vibhavp@gmail.com, rpluim@gmail.com, emacs-devel@gnu.org
> Date: Sat, 01 Apr 2023 14:59:53 +0200
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> > I'm still unconvinced, and I said already what will have a chance of
> > convincing me: a specific report about a problem this particular code
> > causes on a specific existing platform we support in Emacs 29 and with
> > a specific compiler.
> 
> Similar (but not exactly the same) loops as this one have been shown to
> generate incorrect code in this thread.  It's not a large leap for it to
> happen to this one, introducing subtle errors for a bit of code that is
> completely unnecessary (as demonstrated by it being optional),
> especially at higher optimization levels, where the compiler could
> easily produce better code than the assumption of a 'mov' would.
> 
> Is the following trivial enough for 29?

You are again trying to push for a change without showing any actual
bug with the existing code.  Please humor me, and please show me an
actual bug due to the existing code before suggesting a solution.  See
above for the description of the details I'd like to know about such
actual bug.

> .. or something similar to it, assuming I made an error, which is likely
> given the circumstances.  This does pass the testsuite, anyway.  It
> should just expand deferences into explicit memcpys.
> 
> No actual memcpy calls are produced, and this is at least functional on
> a superset of compilers, and I suspect replacing the whole thing with a
> naive-looking while (*(w1++) != *(w2++)); loop would be even better (but
> I can settle for that being too experimental).

Sorry, I don't want to risk any errors, and I would like to avoid any
experiments with the release branch.  Which is why I'm asking for hard
evidence.  It isn't that I don't understand what you and others are
saying, or don't believe you.  It's just that we need to see the
problems before we can judge the solutions that must be safe on this
branch.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01 13:33                           ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-04-01 15:22                             ` Arsen Arsenović
  2023-04-01 16:22                               ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  2023-04-02  0:48                             ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
  1 sibling, 1 reply; 28+ messages in thread
From: Arsen Arsenović @ 2023-04-01 15:22 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: luangruo, mattias.engdegard, vibhavp, rpluim, emacs-devel

[-- Attachment #1: Type: text/plain, Size: 2431 bytes --]


Eli Zaretskii <eliz@gnu.org> writes:

> You are again trying to push for a change without showing any actual
> bug with the existing code.  Please humor me, and please show me an
> actual bug due to the existing code before suggesting a solution.  See
> above for the description of the details I'd like to know about such
> actual bug.

For a somewhat contrived example, UBsan flags this code (and, when
running the testsuite, it'd seem that it flags only this code).

  ~/gnu/emacs-29/_build 2 $ gcc --version
  gcc (Gentoo Hardened 13.0.1_pre20230326-r1 p9) 13.0.1 20230326 (experimental)
  Copyright (C) 2023 Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.  There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  
  ~/gnu/emacs-29/_build$ git rev-parse HEAD
  b39c3cd1125590bf4b77880b41ac08b29cdfcff6
  ~/gnu/emacs-29/_build$ gcc -dumpmachine
  x86_64-pc-linux-gnu

I can't speak to Po's example, but IIUC, he ran into a problem somewhere
(maybe the same example?).

>> .. or something similar to it, assuming I made an error, which is likely
>> given the circumstances.  This does pass the testsuite, anyway.  It
>> should just expand deferences into explicit memcpys.
>> 
>> No actual memcpy calls are produced, and this is at least functional on
>> a superset of compilers, and I suspect replacing the whole thing with a
>> naive-looking while (*(w1++) != *(w2++)); loop would be even better (but
>> I can settle for that being too experimental).
>
> Sorry, I don't want to risk any errors, and I would like to avoid any
> experiments with the release branch.  Which is why I'm asking for hard
> evidence.  It isn't that I don't understand what you and others are
> saying, or don't believe you.  It's just that we need to see the
> problems before we can judge the solutions that must be safe on this
> branch.

I was writing the patch for demonstration purposes more than for actual
application.

I understand why you're arguing this, and I have to thank you for it -
such efforts keep Emacs as stable as it is - but this feels like an
example that is too trivial to apply such judgment to, hence my
position.  I am certain that you have an understanding of the issue at
hand, I'm only trying to provide a solution that's safe enough for 29.

Have a lovely day.
-- 
Arsen Arsenović

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 381 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01 15:22                             ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
@ 2023-04-01 16:22                               ` Eli Zaretskii
  2023-04-02  0:50                                 ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
  0 siblings, 1 reply; 28+ messages in thread
From: Eli Zaretskii @ 2023-04-01 16:22 UTC (permalink / raw)
  To: Arsen Arsenović
  Cc: luangruo, mattias.engdegard, vibhavp, rpluim, emacs-devel

> From: Arsen Arsenović <arsen@aarsen.me>
> Cc: luangruo@yahoo.com, mattias.engdegard@gmail.com, vibhavp@gmail.com,
>  rpluim@gmail.com, emacs-devel@gnu.org
> Date: Sat, 01 Apr 2023 17:22:48 +0200
> 
> I understand why you're arguing this, and I have to thank you for it -
> such efforts keep Emacs as stable as it is - but this feels like an
> example that is too trivial to apply such judgment to, hence my
> position.  I am certain that you have an understanding of the issue at
> hand, I'm only trying to provide a solution that's safe enough for 29.

Among other reasons, we'd need a real-life case where this code fails
to test any solutions.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01 13:33                           ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
  2023-04-01 15:22                             ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
@ 2023-04-02  0:48                             ` Po Lu
  1 sibling, 0 replies; 28+ messages in thread
From: Po Lu @ 2023-04-02  0:48 UTC (permalink / raw)
  To: Eli Zaretskii
  Cc: Arsen Arsenović, mattias.engdegard, vibhavp, rpluim,
	emacs-devel

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Arsen Arsenović <arsen@aarsen.me>
>> Cc: Po Lu <luangruo@yahoo.com>, mattias.engdegard@gmail.com,
>>  vibhavp@gmail.com, rpluim@gmail.com, emacs-devel@gnu.org
>> Date: Sat, 01 Apr 2023 14:59:53 +0200
>> 
>> Eli Zaretskii <eliz@gnu.org> writes:
>> 
>> > I'm still unconvinced, and I said already what will have a chance of
>> > convincing me: a specific report about a problem this particular code
>> > causes on a specific existing platform we support in Emacs 29 and with
>> > a specific compiler.
>> 
>> Similar (but not exactly the same) loops as this one have been shown to
>> generate incorrect code in this thread.  It's not a large leap for it to
>> happen to this one, introducing subtle errors for a bit of code that is
>> completely unnecessary (as demonstrated by it being optional),
>> especially at higher optimization levels, where the compiler could
>> easily produce better code than the assumption of a 'mov' would.
>> 
>> Is the following trivial enough for 29?
>
> You are again trying to push for a change without showing any actual
> bug with the existing code.  Please humor me, and please show me an
> actual bug due to the existing code before suggesting a solution.  See
> above for the description of the details I'd like to know about such
> actual bug.

> Sorry, I don't want to risk any errors, and I would like to avoid any
> experiments with the release branch.  Which is why I'm asking for hard
> evidence.  It isn't that I don't understand what you and others are
> saying, or don't believe you.  It's just that we need to see the
> problems before we can judge the solutions that must be safe on this
> branch.

The nature of this bug is that there is no ``hard evidence'' of its
presence, until it strikes.  Just like writing outside malloc'ed memory,
or freeing a pointer twice, or signed integer overflow (which falls
apart entirely on the R4000.)

This code has a very high risk for errors.
Removing it entirely will reduce the risk, since it was only installed
late in Emacs 29's development.



^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: HAVE_FAST_UNALIGNED_ACCESS
  2023-04-01 16:22                               ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
@ 2023-04-02  0:50                                 ` Po Lu
  0 siblings, 0 replies; 28+ messages in thread
From: Po Lu @ 2023-04-02  0:50 UTC (permalink / raw)
  To: Eli Zaretskii
  Cc: Arsen Arsenović, mattias.engdegard, vibhavp, rpluim,
	emacs-devel

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Arsen Arsenović <arsen@aarsen.me>
>> Cc: luangruo@yahoo.com, mattias.engdegard@gmail.com, vibhavp@gmail.com,
>>  rpluim@gmail.com, emacs-devel@gnu.org
>> Date: Sat, 01 Apr 2023 17:22:48 +0200
>> 
>> I understand why you're arguing this, and I have to thank you for it -
>> such efforts keep Emacs as stable as it is - but this feels like an
>> example that is too trivial to apply such judgment to, hence my
>> position.  I am certain that you have an understanding of the issue at
>> hand, I'm only trying to provide a solution that's safe enough for 29.
>
> Among other reasons, we'd need a real-life case where this code fails
> to test any solutions.

-fsanitize=undefined is intended to detect these ``real-life cases''
before they occur.

We are talking about code that is less than three years old, in the
context of a procedure that has not been changed much since the days of
the Unicode branch!  How can you be so certain of its safety?



^ permalink raw reply	[flat|nested] 28+ messages in thread

end of thread, other threads:[~2023-04-02  0:50 UTC | newest]

Thread overview: 28+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-30  9:34 HAVE_FAST_UNALIGNED_ACCESS Robert Pluim
2023-03-30 10:26 ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-03-30 11:09   ` HAVE_FAST_UNALIGNED_ACCESS Sam James
2023-03-30 12:18   ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
     [not found]     ` <87v8ihu3t8.fsf@yahoo.com>
2023-03-31  7:15       ` HAVE_FAST_UNALIGNED_ACCESS Robert Pluim
2023-03-31  7:45       ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
2023-03-31 17:29     ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
2023-03-31 20:13       ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
2023-03-30 10:28 ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
2023-03-30 11:38 ` HAVE_FAST_UNALIGNED_ACCESS Vibhav Pant
2023-03-31 16:57   ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
2023-03-31 17:59     ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-03-31 18:03       ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
2023-03-31 18:12         ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-04-01  0:45         ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
2023-04-01  5:43           ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-04-01  6:31             ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
2023-04-01  6:39               ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-04-01  7:42                 ` HAVE_FAST_UNALIGNED_ACCESS Mattias Engdegård
2023-04-01  8:19                   ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-04-01  9:17                     ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
2023-04-01 11:25                       ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-04-01 12:59                         ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
2023-04-01 13:33                           ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-04-01 15:22                             ` HAVE_FAST_UNALIGNED_ACCESS Arsen Arsenović
2023-04-01 16:22                               ` HAVE_FAST_UNALIGNED_ACCESS Eli Zaretskii
2023-04-02  0:50                                 ` HAVE_FAST_UNALIGNED_ACCESS Po Lu
2023-04-02  0:48                             ` HAVE_FAST_UNALIGNED_ACCESS Po Lu

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.