From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ma1-aaemail-dr-lapp02.apple.com (ma1-aaemail-dr-lapp02.apple.com [17.171.2.68]) by mx.groups.io with SMTP id smtpd.web11.31348.1658771492016921727 for ; Mon, 25 Jul 2022 10:51:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@apple.com header.s=20180706 header.b=UMeLe/v6; spf=pass (domain: apple.com, ip: 17.171.2.68, mailfrom: afish@apple.com) Received: from pps.filterd (ma1-aaemail-dr-lapp02.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp02.apple.com (8.16.0.42/8.16.0.42) with SMTP id 26PHoYQk062471; Mon, 25 Jul 2022 10:51:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=i+TCDguW0QzSgwDx7jO07jbMEPIbz1lslQ4/5onsgyw=; b=UMeLe/v6zeGgG/NZNVimRo2YLHjUjOO9Mqgu+62GOHqzC/Dz2YNenloDJs9R50Gx3Xiz PXmr2sC3YYkKYqKYlfm+G3Au/pPIVUB5b1C+ATKCAv/v5cN/XYJ17AIoXf+RlKQKPaj9 +dVy+C7DxjWVDWl7haI/ieVGMesJxrH+Sh3OLzp/URsS339+4SjVwDL9t6oajACR/oeM 7tpVpcJDKtXN3jUQcPLoOud2R517FaQc+c+14jbyyAX5tGDpR6LLmCE+4ZUvh6/tALSa 8kdJib4MSrQRbxq8hc4bnB5qxFPtq54jjygX3M2LTOlzAZ1vLe8GzSKh60A1I9zwlOQo hA== Received: from rn-mailsvcp-mta-lapp03.rno.apple.com (rn-mailsvcp-mta-lapp03.rno.apple.com [10.225.203.151]) by ma1-aaemail-dr-lapp02.apple.com with ESMTP id 3hgdnu8rpt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 25 Jul 2022 10:51:31 -0700 Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) with ESMTPS id <0RFL00FQK89UKOI0@rn-mailsvcp-mta-lapp03.rno.apple.com>; Mon, 25 Jul 2022 10:51:30 -0700 (PDT) Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) id <0RFL011007PBD500@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Mon, 25 Jul 2022 10:51:30 -0700 (PDT) X-Va-A: X-Va-T-CD: c365ff6c1366ae51b74a8a4e717d3d9d X-Va-E-CD: fa9e1aa2e33b303a80c7290ebbbc84ef X-Va-R-CD: b22de2176895e5e0422f5f3b61053f8b X-Va-CD: 0 X-Va-ID: 9cd996ee-77b3-4045-914c-fe994135d7c3 X-V-A: X-V-T-CD: c365ff6c1366ae51b74a8a4e717d3d9d X-V-E-CD: fa9e1aa2e33b303a80c7290ebbbc84ef X-V-R-CD: b22de2176895e5e0422f5f3b61053f8b X-V-CD: 0 X-V-ID: 142fced5-a762-4051-91b8-3b3bb4bf8e5c X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517,18.0.883 definitions=2022-07-25_12:2022-07-25,2022-07-25 signatures=0 Received: from smtpclient.apple (unknown [17.235.32.128]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) with ESMTPSA id <0RFL00ZMD89SXX00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Mon, 25 Jul 2022 10:51:29 -0700 (PDT) From: "Andrew Fish" Message-id: <72BE8205-F84B-404F-894D-392342188894@apple.com> MIME-version: 1.0 (Mac OS X Mail 16.0 \(3729.0.22.1.1\)) Subject: Re: [edk2-devel] Casting i128 into f64 in UEFI Rust pagefaults Date: Mon, 25 Jul 2022 10:51:17 -0700 In-reply-to: <15b0ac38-4b55-4b19-3f76-506c5b858949@gmail.com> Cc: Mike Kinney , "mikuback@linux.microsoft.com" , "Gaibusab, Jabeena B" , "Yao, Jiewen" To: devel@edk2.groups.io, ayushdevel1325@gmail.com References: <15b0ac38-4b55-4b19-3f76-506c5b858949@gmail.com> X-Mailer: Apple Mail (2.3729.0.22.1.1) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517,18.0.883 definitions=2022-07-25_12:2022-07-25,2022-07-25 signatures=0 Content-type: multipart/alternative; boundary="Apple-Mail=_A76CB669-E570-4800-82A5-FCF3AA02AA1E" --Apple-Mail=_A76CB669-E570-4800-82A5-FCF3AA02AA1E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Ayush, CR2 is the fault address so 0xFFFFFFFFFFFFFFFF. Given for EFI Virt =3D=3D P= hysical the fault address looks like a bad pointer.=20 Sorry I=E2=80=99ve not used VC++ in a long time so I don=E2=80=99t know how= to debug with VC++, but If I was using clang/lldb I=E2=80=99d look at the = source and assembly for the fault address.=20 The image base is: 0x000000000603C000 The fault PC/RIP is: 000000000603DB60 So the faulting code is at 0x1B60 in the image. Given the images are linked= at zero you should be able to load the build product into the debugger and= look at what code is at offset 0x1B60. The same should work for any tools = that dump the binary.=20 Thanks, Andrew Fish > On Jul 25, 2022, at 10:33 AM, Ayush Singh wrot= e: >=20 > Hello everyone.While running Rust tests in UEFI environment, I have come = across a numeric test that causes a pagefault. A simple reproducible exampl= e for this is given below: >=20 > ```rust >=20 > fn main() { > use std::hint::black_box as b; >=20 > let z: i128 =3D b(1); > assert!((-z as f64) < 0.0); > } >=20 > ``` >=20 >=20 > The exception output is as follows: >=20 > ``` >=20 > !!!! X64 Exception Type - 0E(#PF - Page-Fault) CPU Apic ID - 00000000 !!= !! > ExceptionData - 0000000000000000 I:0 R:0 U:0 W:0 P:0 PK:0 SS:0 SGX:0 > RIP - 000000000603DB60, CS - 0000000000000038, RFLAGS - 000000000000024= 6 > RAX - 0000000000000000, RCX - FFFFFFFFFFFFFFFF, RDX - FFFFFFFFFFFFFFFF > RBX - 0000000000000000, RSP - 0000000007EDF1D0, RBP - 0000000007EDF4C0 > RSI - 0000000007EDF360, RDI - 0000000007EDF3C0 > R8 - 0000000000000000, R9 - 0000000000000038, R10 - 0000000000000000 > R11 - 0000000000000000, R12 - 00000000060C6018, R13 - 0000000007EDF520 > R14 - 0000000007EDF6A8, R15 - 0000000005FA9490 > DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 > GS - 0000000000000030, SS - 0000000000000030 > CR0 - 0000000080010033, CR2 - FFFFFFFFFFFFFFFF, CR3 - 0000000007C01000 > CR4 - 0000000000000668, CR8 - 0000000000000000 > DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 > DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 > GDTR - 00000000079DE000 0000000000000047, LDTR - 0000000000000000 > IDTR - 0000000007418018 0000000000000FFF, TR - 0000000000000000 > FXSAVE_STATE - 0000000007EDEE30 > !!!! Find image based on IP(0x603DB60) /var/home/ayush/Documents/Programm= ing/Rust/uefi/hello_world_std/target/x86_64-unknown-uefi/debug/deps/hello_w= orld_std-338028f9369e2d42.pdb (ImageBase=3D000000000603C000, EntryPoint=3D0= 00000000603D8C0) !!!! >=20 > ``` >=20 >=20 > From my testing, the exception only occurs when a few conditions are met. >=20 > 1. The binary is compiled in Debug mode. No error in Release mode. >=20 > 2. `i128` is in a black_box [1]. Does not occur if `black_box` is not pre= sent. >=20 > 3. It has to be `i128`. `i64` or something else work fine. >=20 > 4. The cast has to be done on `-z`. Doing the same with `+z` is fine. >=20 >=20 > I have also been discussing this in the Rust zulipchat [2], so feel free = to chime in there. >=20 >=20 > Additionally, here are links for more information about this program: >=20 > 1. Assembly: https://rust-lang.zulipchat.com/user_uploads/4715/od51Y9Dkfj= ahcg9HHcOud8Fm/hello_world_std-338028f9369e2d42.s >=20 > 2. EFI Binary: https://rust-lang.zulipchat.com/user_uploads/4715/CknqtXLR= 8SaJZmyOnXctQkpL/hello_world_std.efi >=20 > 3. PDB file: https://rust-lang.zulipchat.com/user_uploads/4715/zV4i6DsjgQ= Xotp_gS1naEsU0/hello_world_std-338028f9369e2d42.pdb >=20 >=20 > Yours Sincerely, >=20 > Ayush Singh >=20 >=20 > [1]: https://doc.rust-lang.org/std/hint/fn.black_box.html >=20 > [2]: https://rust-lang.zulipchat.com/#narrow/stream/182449-t-compiler.2Fh= elp/topic/Casting.20i128.20to.20f64.20in.20black_box.20causes.20exception.2= 0in.20UEFI >=20 >=20 >=20 >=20 --Apple-Mail=_A76CB669-E570-4800-82A5-FCF3AA02AA1E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Ayush,

CR2 is = the fault address so 0xFFFFFFFFFFFFFFFF. Given for EFI Virt =3D=3D Physical= the fault address looks like a bad pointer. 

Sorry I=E2=80=99ve not used VC++ in a long time so I don=E2=80=99t know ho= w to debug with VC++, but If I was using clang/lldb I=E2=80=99d look at the= source and assembly for the fault address. 

= The image base is: 0x000000000603C000
The fault PC/RIP is: 000000= 000603DB60

So the faulting code is at 0x1B60 in th= e image. Given the images are linked at zero you should be able to load the= build product into the debugger and look at what code is at offset 0x1B60.= The same should work for any tools that dump the binary. 
<= br>
Thanks,

Andrew Fish

On Jul 25, 2022, at 10:33 AM, Ayush Singh <ay= ushdevel1325@gmail.com> wrote:

Hello everyone.While running Rust tests in UEFI e= nvironment, I have come across a numeric test that causes a pagefault. A si= mple reproducible example for this is given below:

```rust

fn main() {
    use std::hi= nt::black_box as b;

 =    let z: i128 =3D b(1);
  &nbs= p; assert!((-z as f64) < 0.0);
}

```


The exception output is as follows:

```

!!!! X64 Exception Type - 0E(#PF - Page-Fault)&nbs= p; CPU Apic ID - 00000000 !!!!
ExceptionData - 00= 00000000000000  I:0 R:0 U:0 W:0 P:0 PK:0 SS:0 SGX:0
RIP  - 000000000603DB60, CS  - 0000000000000038, RFLAGS - 0= 000000000000246
RAX  - 0000000000000000, RCX -= FFFFFFFFFFFFFFFF, RDX - FFFFFFFFFFFFFFFF
RBX = - 0000000000000000, RSP - 0000000007EDF1D0, RBP - 0000000007EDF4C0<= br style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 1= 2px; font-style: normal; font-variant-caps: normal; font-weight: 400; lette= r-spacing: normal; text-align: start; text-indent: 0px; text-transform: non= e; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;">RSI  - 0000000007EDF360, RDI - 0000000007EDF3C0
R8   - 0000000000000000, R9  - 0000000000= 000038, R10 - 0000000000000000
R11  - 000000= 0000000000, R12 - 00000000060C6018, R13 - 0000000007EDF520
R14  - 0000000007EDF6A8, R15 - 0000000005FA9490
DS   - 0000000000000030, ES  - 0000000000000030, = FS  - 0000000000000030
GS   - 000000= 0000000030, SS  - 0000000000000030
CR0  -= 0000000080010033, CR2 - FFFFFFFFFFFFFFFF, CR3 - 0000000007C01000CR4  - 0000000000000668, CR8 - 0000000000000000<= br style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 1= 2px; font-style: normal; font-variant-caps: normal; font-weight: 400; lette= r-spacing: normal; text-align: start; text-indent: 0px; text-transform: non= e; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;">DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 = - 0000000000000000
DR3  - 0000000000000000, DR= 6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR -= 00000000079DE000 0000000000000047, LDTR - 0000000000000000
IDTR - 0000000007418018 0000000000000FFF,   TR - 0000000= 000000000
FXSAVE_STATE - 0000000007EDEE30!!!! Find image based on IP(0x603DB60) /var/home/ayush/Docum= ents/Programming/Rust/uefi/hello_world_std/target/x86_64-unknown-uefi/debug= /deps/hello_world_std-338028f9369e2d42.pdb (ImageBase=3D000000000603C000, E= ntryPoint=3D000000000603D8C0) !!!!

```


From my testing, the exception only occurs when a few condition= s are met.

1. The binary i= s compiled in Debug mode. No error in Release mode.

2. `i128` is in a black_box [1]. Does not occur i= f `black_box` is not present.

3. It has to be `i128`. `i64` or something else work fine.

4. The cast has to be done on `-z`. Do= ing the same with `+z` is fine.


I have also been discussing this in the Rust= zulipchat [2], so feel free to chime in there.


Additionally, here are links= for more information about this program:
1. Assembly: https://rust-lang.zulipchat.com/user_uploads/4715/od51Y9Dkfj= ahcg9HHcOud8Fm/hello_world_std-338028f9369e2d42.s

2. EFI Binary:&n= bsp;https://rust-lang.zulipchat.com/user_uploads/4715/CknqtXLR8SaJZmyOnX= ctQkpL/hello_world_std.efi

3.= PDB file: h= ttps://rust-lang.zulipchat.com/user_uploads/4715/zV4i6DsjgQXotp_gS1naEsU0/h= ello_world_std-338028f9369e2d42.pdb


Yours Sincerely,

Ayush Singh


[1]: https://doc.rust-lang.org/std/= hint/fn.black_box.html

[2]: https://rust-lang.zulipchat.com/#narrow/stream= /182449-t-compiler.2Fhelp/topic/Casting.20i128.20to.20f64.20in.20black_box.= 20causes.20exception.20in.20UEFI




--Apple-Mail=_A76CB669-E570-4800-82A5-FCF3AA02AA1E--