Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure accumulators do not exceed the minor heap (partly fix #11170). #13431

Merged
merged 3 commits into from
Nov 21, 2020
Merged

Make sure accumulators do not exceed the minor heap (partly fix #11170). #13431

merged 3 commits into from
Nov 21, 2020

Conversation

silene
Copy link
Contributor

@silene silene commented Nov 20, 2020

Accumulators can grow arbitrarily large, even when well-typed. So, this commit makes sure they are allocated on the major heap when they are too large. If so, fields need to be filled with caml_initialize, in case they point to the minor heap.

@xavierleroy

@silene
Make sure accumulators do not exceed the minor heap (partly fix coq#1…
2535afa 
…1170).

Accumulators can grow arbitrarily large, even when well-typed. So, this
commit makes sure they are allocated on the major heap when they are too
large. If so, fields need to be filled with caml_initialize, in case they
point to the minor heap.
@silene silene added kind: fix This fixes a bug or incorrect documentation. part: VM Virtual machine. labels Nov 20, 2020
@silene silene added this to the 8.13+beta1 milestone Nov 20, 2020
@silene silene requested review from a team as code owners November 20, 2020 17:03
xavierleroy
xavierleroy approved these changes Nov 20, 2020
View reviewed changes
Copy link
Contributor

@xavierleroy xavierleroy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. I made two readings of the diff, but this is tricky code, so another reading by another pair of eyes would be good.

@ppedrot
Copy link
Member

ppedrot commented Nov 20, 2020

Bench running at https://gitlab.com/coq/coq/-/jobs/863754892.

@silene
Copy link
Contributor Author

silene commented Nov 20, 2020

Even with letting my imagination running wild, I cannot see how it could cause any noticeable change to performances. But perhaps someone out there is intensively building accumulators with more than 250 arguments.

@gares
Copy link
Member

gares commented Nov 20, 2020

Could you please add a test file which used to segfault, but does no more?

@silene
Copy link
Contributor Author

silene commented Nov 20, 2020

It is a bit complicated. We would have to create an accumulator with millions of arguments, as we have to overflow the whole minor heap. We can workaround the issue by severely reducing the size of the minor heap, but I am not quite sure how to do that with the testsuite.

That said, with a minimal minor heap (which causes Coq to take ages to execute), I can trigger a buffer overflow with

Require Import BinNat.
Fixpoint T n := match n with O => nat | S n => nat -> T n end.
Fixpoint app n : T n -> nat :=
  match n with O => fun x => x | S n => fun f => app n (f 0) end.
Definition n := N.to_nat 5000.
Axiom f : T n.
Eval vm_compute in let t := (app n f, 0) in snd t.

Unfortunately, the invalid access does not immediately crash Coq. It takes some time before an actual segfault occurs (in caml_oldify_local_roots), so I am not quite sure how reproducible this is.

@ppedrot
Copy link
Member

ppedrot commented Nov 20, 2020

You can write a misc test with a script that sets OCAMLRUNPARAM before invoking coqc.

@gares gares self-assigned this Nov 20, 2020
ppedrot
ppedrot reviewed Nov 20, 2020
View reviewed changes
test-suite/misc/aux11170.v Outdated
@@ -0,0 +1,7 @@
Require Import BinNat.
Copy link
Member

@ppedrot ppedrot Nov 20, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this has a lot of dependencies, it might be better to write a self-contained function that generates a big integer without relying on N.

(Ideally, even redefining nat so as to compile with -noinit.)

@ppedrot ppedrot mentioned this pull request Nov 20, 2020
Open
@silene
Copy link
Contributor Author

silene commented Nov 21, 2020

I have removed the dependency on BinNat. Funnily enough, this causes the computation to terminate and return the proper value. That does not mean that there is no memory corruption, just that it does not have any noticeable impact on the execution. As Valgrind says,

More than 10000000 total errors detected. I'm not reporting any more.
Final error counts will be inaccurate. Go fix your program!

@ppedrot
Copy link
Member

ppedrot commented Nov 21, 2020

Bench:

┌─────────────────────────────┬─────────────────────────┬─────────────────────────────────────────────┬─────────────────────────────────────────────┬───────────────────────────────┬───────────────────┐
│                             │      user time [s]      │                 CPU cycles                  │              CPU instructions               │     max resident mem [KB]     │    mem faults     │
│                             │                         │                                             │                                             │                               │                   │
│                package_name │     NEW     OLD PDIFF   │               NEW               OLD PDIFF   │               NEW               OLD PDIFF   │        NEW        OLD PDIFF   │  NEW  OLD PDIFF   │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                 coq-coqutil │   60.26   60.83 -0.94 % │      168518287680      168438403814 +0.05 % │      208458060174      208347552691 +0.05 % │     524720     524876 -0.03 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                    coq-hott │  320.26  322.04 -0.55 % │      872005562001      873885772194 -0.22 % │     1418769660300     1418649709570 +0.01 % │     665380     665440 -0.01 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│      coq-mathcomp-odd-order │ 1046.94 1051.62 -0.45 % │     2914599251815     2926872965747 -0.42 % │     4647024035663     4646895695727 +0.00 % │     974332     974392 -0.01 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│       coq-mathcomp-fingroup │   47.40   47.61 -0.44 % │      131611927915      132001510580 -0.30 % │      181458424721      181426194528 +0.02 % │     480696     480528 +0.03 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                coq-coqprime │   79.97   80.23 -0.32 % │      219702261602      219558601219 +0.07 % │      308229443748      306570129591 +0.54 % │     764224     764008 +0.03 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│          coq-mathcomp-field │  223.43  224.15 -0.32 % │      622137192950      623409578522 -0.20 % │      945641260942      945587199644 +0.01 % │     673840     673388 +0.07 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│       coq-mathcomp-solvable │  170.08  170.50 -0.25 % │      473205160534      474054032482 -0.18 % │      668335490239      668275532696 +0.01 % │     660416     665500 -0.76 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│               coq-fiat-core │  101.59  101.77 -0.18 % │      292065769734      291432604782 +0.22 % │      386284583133      385992272000 +0.08 % │     480004     479836 +0.04 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                coq-bedrock2 │  223.23  223.56 -0.15 % │      617843487614      618710064439 -0.14 % │     1023287241504     1022838185724 +0.04 % │    1085848    1085844 +0.00 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│             coq-lambda-rust │ 1241.06 1242.84 -0.14 % │     3455214603307     3460872270220 -0.16 % │     4932242083614     4928929937424 +0.07 % │    1118176    1096332 +1.99 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│            coq-math-classes │  213.80  214.10 -0.14 % │      595039874500      595131267902 -0.02 % │      812071037885      812060446990 +0.00 % │     522036     522152 -0.02 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                  coq-geocoq │ 1452.52 1454.48 -0.13 % │     4046928580542     4054201148550 -0.18 % │     6139000466334     6137153131543 +0.03 % │    1022948    1019292 +0.36 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│      coq-mathcomp-character │  155.59  155.78 -0.12 % │      432446101914      433274160336 -0.19 % │      599804538536      599794675099 +0.00 % │     711608     711116 +0.07 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                coq-compcert │  642.36  643.11 -0.12 % │     1788825667199     1791067685319 -0.13 % │     2475979784086     2469280310952 +0.27 % │    1046760    1046792 -0.00 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│            coq-fiat-parsers │  633.20  633.62 -0.07 % │     1771738411866     1772238391649 -0.03 % │     2703147398167     2668634725403 +1.29 % │    3640584    3641500 -0.03 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                 coq-unimath │ 3942.59 3944.36 -0.04 % │    10967327964642    10977597122956 -0.09 % │    20974289802065    20972720129197 +0.01 % │    1137988    1134972 +0.27 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                    coq-corn │ 1624.84 1625.11 -0.02 % │     4522602851427     4522931518551 -0.01 % │     6938985763788     6938109690812 +0.01 % │     847072     848432 -0.16 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│        coq-mathcomp-algebra │  140.72  140.68 +0.03 % │      390668979855      390981115730 -0.08 % │      500629008914      500667815340 -0.01 % │     545404     545804 -0.07 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                 coq-bignums │   56.89   56.84 +0.09 % │      157259622713      157254802535 +0.00 % │      211025719315      210981126216 +0.02 % │     481080     481160 -0.02 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                   coq-color │  513.24  512.57 +0.13 % │     1432283137959     1431173969519 +0.08 % │     1797570306261     1797495191766 +0.00 % │    1132572    1132768 -0.02 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                   coq-flocq │  157.15  156.91 +0.15 % │      435507366102      435701815020 -0.04 % │      541388393623      541434695582 -0.01 % │     821152     821136 +0.00 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│              coq-verdi-raft │ 1228.48 1226.47 +0.16 % │     3418688151625     3416528994364 +0.06 % │     4836225605576     4836791391826 -0.01 % │     899964     900068 -0.01 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                         coq │  522.78  521.86 +0.18 % │     1463141983202     1461341637360 +0.12 % │     1954308330520     1954262623372 +0.00 % │     578616     578632 -0.00 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│       coq-engine-bench-lite │  365.54  364.88 +0.18 % │     1028294797382     1026130414080 +0.21 % │     1752458329564     1743508447647 +0.51 % │    3981860    3981992 -0.00 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                coq-rewriter │  719.08  717.63 +0.20 % │     1996894329414     1993199236118 +0.19 % │     3081980704068     3048954063139 +1.08 % │     986300     986148 +0.02 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│             coq-fiat-crypto │ 5068.94 5056.66 +0.24 % │    14086141375264    14043889312324 +0.30 % │    24640712588594    24253945540033 +1.59 % │    2271404    2283644 -0.54 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│ coq-rewriter-perf-SuperFast │  790.58  787.55 +0.38 % │     2201797910125     2194222907167 +0.35 % │     3463472104993     3417981332651 +1.33 % │     980932     980744 +0.02 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│              coq-coquelicot │   68.30   68.01 +0.43 % │      186080312804      185832018160 +0.13 % │      235997957004      235956910085 +0.02 % │     565732     565732 +0.00 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│                   coq-verdi │  103.07  102.60 +0.46 % │      283671281091      282674715828 +0.35 % │      396770525227      396639480481 +0.03 % │     549264     549248 +0.00 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│      coq-mathcomp-ssreflect │   50.90   50.52 +0.75 % │      138591784533      138709381700 -0.08 % │      175863004852      175766482913 +0.05 % │     513860     513840 +0.00 % │    0    0  +nan % │
├─────────────────────────────┼─────────────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┼───────────────────────────────┼───────────────────┤
│               coq-fourcolor │ 2586.96 2553.40 +1.31 % │     7205527222296     7108231422658 +1.37 % │    12431007484352    11797047799931 +5.37 % │     722464     722468 -0.00 % │    0    0  +nan % │
└─────────────────────────────┴─────────────────────────┴─────────────────────────────────────────────┴─────────────────────────────────────────────┴───────────────────────────────┴───────────────────┘

So, fourcolor does seem to be very mildly affected by the patch. It might be noise, but it's unlikely because it's also reflected in the CPU cycles.

@silene
Copy link
Contributor Author

silene commented Nov 21, 2020

So, fourcolor does seem to be very mildly affected by the patch. It might be noise, but it's unlikely because it's also reflected in the CPU cycles.

I just tried. This is actually noise, since Fourcolor does not exercise these code paths. Or rather, the change of code presumably led the compiler to select a different optimization strategy for the whole interpreter. Nothing we can do about it.

@gares
Copy link
Member

gares commented Nov 21, 2020

It looks good to me.
By merging this PR github will close #11170 (since its AI does not understand what "partially fix" means).
I think @silene should open a new issue about the remaining problem.

Well done guys!

@silene silene mentioned this pull request Nov 21, 2020
Open
@gares
Copy link
Member

gares commented Nov 21, 2020

@coqbot merge now

@coqbot-app coqbot-app bot merged commit 9d36da1 into coq:master Nov 21, 2020
@coqbot-app coqbot-app bot added this to Request 8.13+beta1 inclusion in Coq 8.13 Nov 21, 2020
gares added a commit to gares/coq that referenced this pull request Nov 21, 2020
@gares
Backport PR coq#13431: Make sure accumulators do not exceed the minor…
c190825 
… heap (partly fix coq#11170).
@coqbot-app coqbot-app bot moved this from Request 8.13+beta1 inclusion to Shipped in 8.13+beta1 in Coq 8.13 Nov 23, 2020
@gares gares mentioned this pull request Nov 28, 2020
Closed
39 tasks
@silene silene deleted the fix_11170 branch February 25, 2021 17:54
@silene silene mentioned this pull request Feb 9, 2023
Closed
@silene silene mentioned this pull request Feb 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ppedrot ppedrot ppedrot left review comments

@gares gares gares approved these changes

@xavierleroy xavierleroy xavierleroy approved these changes

Assignees

@gares gares

Labels
kind: fix This fixes a bug or incorrect documentation. part: VM Virtual machine.
Projects
No open projects
Coq 8.13
Shipped in 8.13+beta1
Milestone
8.13+beta1
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@silene @ppedrot @gares @xavierleroy