RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 643505 - mpfr_set_ld broken on s390/s390x
Summary: mpfr_set_ld broken on s390/s390x
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: mpfr
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Frantisek Kluknavsky
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-15 18:42 UTC by Jakub Jelinek
Modified: 2017-12-06 11:08 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-06 11:08:43 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
mpfr-set_ld.patch (1.71 KB, patch)
2010-10-15 20:33 UTC, Jakub Jelinek 		no flags Details | Diff
View All

Description Jakub Jelinek 2010-10-15 18:42:00 UTC 
#include <mpfr.h>
#include <stdio.h>

int
main (void)
{
  mpfr_set_default_prec (__LDBL_MANT_DIG__);
  mpfr_set_emin (-__LDBL_MAX_EXP__-__LDBL_MANT_DIG__+4);
  mpfr_set_emax (__LDBL_MAX_EXP__);
  mpfr_t xx, yy;
  long double l = 0x1.23456789abcdef0123456789abcdp-913L;
  mpfr_init_set_ld (xx, l, GMP_RNDN);
  mpfr_printf ("%Ra\n%La\n%La\n", xx, l, mpfr_get_ld (xx, GMP_RNDN));
  mpfr_clear (xx);
  l = 0x1.23456789abcdef0123456789abcdp-914L;
  mpfr_init_set_ld (yy, l, GMP_RNDN);
  mpfr_printf ("%Ra\n%La\n%La\n", yy, l, mpfr_get_ld (yy, GMP_RNDN));
  mpfr_clear (yy);
  return 0;
}

prints correct number in the first case, but when it is divided by two, it
prints (and similarly retrieves with mpfr_get_ld) complete garbage:

0x9.1a2b3c4d5e6f78091a2b3c4d5e68p-916
0x1.23456789abcdef0123456789abcdp-913
0x1.23456789abcdef0123456789abcdp-913
-0xb.fffffffffffffffffffffffffff8p-1028
0x1.23456789abcdef0123456789abcdp-914
-0x1.7fffffffffffffffffffffffffffp-1025

This breaks my fma tester on s390/s390x, so I can't verify fmal there (for double and float it works properly).  As mpfr is used by gcc, this (potentially, haven't tried to write a testcase) can result in miscompilations on s390/s390x, so it is quite severe.
Comment 2 Jakub Jelinek 2010-10-15 20:08:11 UTC 
I think the bug can be quite obviously seen in set_ld.c, the shift_exp -= NNNN and x /= div1N stuff is only safe if
inexact = mpfr_set_d (u, (double) x, GMP_RNDZ);
hasn't been done in that function, because otherwise all of what has been accumulated into t will be wrongly multiplied by 2^-1024 etc.
What happens when trying to mpfr_set_ld on 0x1.23456789abcdef0123456789abcdp-914L
is that we have:
1st iteration x = 8.215640181713713163755129115618857e-276  
2nd iteration x = -9.9763047253779979586613445625595544e-293  
3rd iteration x = -4.1720134847010025932941863449982576e-309  
div10 = 5.5626846462680034577255817933310102e-309
As 3rd iteration x is smaller in absolute value than div10, we divide it by
0x1p-1024 (i.e. multiply by 0x1p1024 to get something like 0.75 in x) and set shift_exp to -1024.  But we don't adjust t in any way, so instead of the whole
value being roughly 8.215640181713713163755129115618857e-276 it will be
roughly 8.215640181713713163755129115618857e-276 * 0x1p-1024 plus roughly 0.75 * 0x1p-1024.  Shifting t up by the difference would be IMHO unsafe, as it could make the whole number overflow.

Of course even better would be to write a native IEEE quad long double -> mpfr conversion similarly how set_d.c handles IEEE double -> mpfr conversion, by understanding the floating point format in question and just fil in mantissa, exponent and sign.
Comment 3 Jakub Jelinek 2010-10-15 20:33:47 UTC 
Created attachment 453794 [details]
mpfr-set_ld.patch

This is just untested patch, which actually cures this testcase, but I think it might be unsafe with the IBM double double long double format - shifting t up temporarily (so that it can be shifted down again) might overflow it.  For sane floating point formats that shouldn't happen I'd say.

Anyway, it would be preferrable if set_ld and get_ld had native code for IEEE quad (and perhaps also double double, e.g. set_ld with double double should be trivial, just set_d the first double, then set_d the second double, add them together).  Ivana, can you please talk to upstream about this?

FYI, the mpfr fma tester I talked about is at
http://sources.redhat.com/ml/libc-hacker/2010-10/txt00000.txt
(attachment of http://sources.redhat.com/ml/libc-hacker/2010-10/msg00005.html ).
Comment 4 Jakub Jelinek 2010-10-15 20:36:33 UTC 
Or alternatively get IBM to write the native support for IEEE quad and double double.  glibc has sysdeps/ieee754/ldbl-128/ldbl2mpn.c and sysdeps/ieee754/ldbl-128/mpn2ldbl.c, maybe that can be used as a help.
Comment 5 RHEL Program Management 2011-01-07 15:38:06 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 6 Frantisek Kluknavsky 2014-11-26 10:43:57 UTC 
This was fixed upstream by https://gforge.inria.fr/scm/viewvc.php/trunk/src/set_ld.c?root=mpfr&r1=7136&r2=7222
Comment 7 Frantisek Kluknavsky 2014-11-26 10:46:35 UTC 
Upstream bug tracker: https://gforge.inria.fr/tracker/?group_id=136&atid=619&func=detail&aid=11300
Comment 8 Jan Kurik 2017-12-06 11:08:43 UTC 
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/
Note You need to log in before you can comment on or make changes to this bug.