Test Failures on m1 MacBook Ventura: stack-overflow on address

Pasta Pasta pasta at dash.org
Wed Nov 9 17:42:02 CET 2022 

Hello!

After upgrading to MacOS ventura, me and my development team noticed
some weird issues in our tests. Sometimes a test would pass, sometimes
there would be an "illegal hardware instruction" error, and sometimes
it would loop infinitely, all while there were no issues on MacOS
monterey.

When using address sanitizer we found the following
```

test/bls_tests.cpp:336: Leaving test case "bls_sethexstr_tests";
testing time: 30949us
test/bls_tests.cpp:342: Entering test case "bls_sig_tests"
AddressSanitizer:DEADLYSIGNAL
=================================================================
==96761==ERROR: AddressSanitizer: stack-overflow on address
0x00016bdac000 (pc 0x000106b48824 bp 0x00016bda2790 sp 0x00016bda2780
T0)
    #0 0x106b48824 in __gmpn_sub_n+0x7c (test_dash:arm64+0x102af4824)
    #1 0x106b476d8 in fp2_subc_low+0x1c (test_dash:arm64+0x102af36d8)
    #2 0x106b38c50 in fp6_mul_unr+0x19c (test_dash:arm64+0x102ae4c50)
    #3 0xffffac79cd1cb1ef  (<unknown module>)

SUMMARY: AddressSanitizer: stack-overflow
(test_dash:arm64+0x102af4824) in __gmpn_sub_n+0x7c
==96761==ABORTING
```

When using lldb we found
```
(lldb) run -t bls_tests
Process 46677 launched:
'/Users/user/Development/dash/src/test/test_dash' (arm64)
Running 1 test case...
Process 46677 stopped
* thread #1, name = 'd-test', queue = 'com.apple.main-thread', stop
reason = EXC_BAD_ACCESS (code=1, address=0x16fe00000)
    frame #0: 0x0000000100cd9e00 test_dash`__gmpn_sub_n + 120
test_dash`:
->  0x100cd9e00 <+120>: ldp    x4, x5, [x1, #0x10]
    0x100cd9e04 <+124>: ldp    x8, x9, [x2, #0x10]
    0x100cd9e08 <+128>: sbcs   x12, x6, x10
    0x100cd9e0c <+132>: sbcs   x13, x7, x11
Target 0: (test_dash) stopped.
(lldb) bt
* thread #1, name = 'd-test', queue = 'com.apple.main-thread', stop
reason = EXC_BAD_ACCESS (code=1, address=0x16fe00000)
  * frame #0: 0x0000000100cd9e00 test_dash`__gmpn_sub_n + 120
    frame #1: 0x0000000100cd84e4 test_dash`fp_subc_low + 24
    frame #2: 0x0000000100cd9970 test_dash`fp3_sqrn_low + 220
```

This pointed us to GMP as being the issue. We established the
following procedure for testing GMP:
```
wget https://gmplib.org/download/gmp/gmp-6.2.1.tar.bz2
tar xf gmp-6.2.1.tar.bz2
cd gmp-6.2.1
./configure
make
make check
```

The above fails on Ventura but is okay on 12.3.1 Monterey. I have
attached the test-suite.log

GMP 6.2.1
Steps to reproduce are above

Clang
```
> $ clang --version                                                                                                                            Homebrew clang version 15.0.3
Target: arm64-apple-darwin22.1.0
Thread model: posix
InstalledDir: /opt/homebrew/opt/llvm/bin
```

Gcc points to apple clang
```
> $ gcc --version
Apple clang version 14.0.0 (clang-1400.0.29.202)
Target: arm64-apple-darwin22.1.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
```

```
> $ uname -a                                                                                                                                    Darwin pastas-MBP.home 22.1.0 Darwin Kernel Version 22.1.0: Sun Oct  9 20:15:09 PDT 2022; root:xnu-8792.41.9~2/RELEASE_ARM64_T6000 arm64
```

Output of configure is attached

Our only solution at this point is to disable GMP on M1 Macs. Any
advice, patch release, or other fix would be greatly appreciated.

Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test-suite.log
Type: application/octet-stream
Size: 222727 bytes
Desc: not available
URL: <https://gmplib.org/list-archives/gmp-bugs/attachments/20221109/2c4d5f9a/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: configfsf.guess.log
Type: application/octet-stream
Size: 27 bytes
Desc: not available
URL: <https://gmplib.org/list-archives/gmp-bugs/attachments/20221109/2c4d5f9a/attachment-0005.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: config.guess.log
Type: application/octet-stream
Size: 27 bytes
Desc: not available
URL: <https://gmplib.org/list-archives/gmp-bugs/attachments/20221109/2c4d5f9a/attachment-0006.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: configure.log
Type: application/octet-stream
Size: 26077 bytes
Desc: not available
URL: <https://gmplib.org/list-archives/gmp-bugs/attachments/20221109/2c4d5f9a/attachment-0007.obj>

More information about the gmp-bugs mailing list