Incorrect NUMCPU command processing leading to CRASH

[atncsj6h]

Hello Fish, Bill,

This time I was able to collect a bit more information about the crash.

Environment:

• Apple Big Sur 11.6.5
• xcode and command line tools 13.2
• built using Bill' s helper

Hercules developer branch at commit level 849e1eb.

Find attached a zip file with:

• the shell script used to run the tests one by one and the shell script log
• _hercTestSuite
• _herctestsuite.log
• NO CRASHES, 83 tests 211 compares

The script can be improved by parsing the arguments to run only the requested tests, but I was in a hurry to get some result and I just needed to run all the tests.

The two files produced by make check:

• allTests.out
• allTests.testin

The two reports at the time of the crash
note that before the crash there was a peak of wakeups

Hope that the data is enough to provide some hints.

enrico

• crash_info.zip

[wrljet]

Clang 13 didn't work for me last time I tried it. But right now I can't remember the specifics.
I will run it again and report back.

[Fish-Git]

• allTests.out

This is quite interesting!

Test case CDSG.tst immediately precedes test case CLCL-et-al.tst (which is the one that Hercules appears to have crashed on), and starts with: numcpu 2 and ends with: numcpu 1 # (reset back to default).

Test case CLCL-et-al.tst (the one that crashed) then starts with: numcpu 1.

BUT YET...

Looking at the actual Hercules log output, I'm seeing the following sequence:

      (Note: some lines removed for clarity; only the important lines are shown)

22:19:40 HHC01603I * Start of test file ../tests/CDSG.tst date in /Users/enrico/hercules.SDL/work/hyperion/tests
22:19:40 HHC01603I numcpu      2
22:19:40 HHC00100I Thread id 000000016e587000, prio 2, name 'Processor CP01' started
22:19:40 HHC00811I Processor CP01: architecture mode z/Arch
22:19:40 HHC02204I NUMCPU         set to 2
22:19:40 HHC00811I Processor CP00: architecture mode ESA/390
22:19:40 HHC00811I Processor CP01: architecture mode ESA/390
22:19:40 HHC00811I Processor CP00: architecture mode z/Arch
22:19:40 HHC00811I Processor CP01: architecture mode z/Arch
22:19:40 HHC00809I Processor CP01: disabled wait state 0002000000000000 0000000000000000
22:19:40 HHC00809I Processor CP00: disabled wait state 0002000000000000 0000000000000000
22:19:40 HHC02334I Script 1: test: test ended
22:19:40 HHC02338I Script 1: test: actual duration: 0.028094 seconds
22:19:40 HHC01603I numcpu      1     # (reset back to default)
22:19:40 HHC02204I NUMCPU         set to 2
22:19:40 HHC00101I Thread id 000000016e47b000, prio 2, name 'Processor CP00' ended
22:19:40 HHC01603I * Start of test file ../tests/CLCL-et-al.tst date in /Users/enrico/hercules.SDL/work/hyperion/tests
22:19:40 HHC00100I Thread id 000000016e693000, prio 2, name 'Processor CP00' started
22:19:40 HHC00811I Processor CP00: architecture mode ESA/390
22:19:40 HHC00811I Processor CP01: architecture mode ESA/390
22:19:40 HHC00101I Thread id 000000016e587000, prio 2, name 'Processor CP01' ended

 
(WTF?!)

How the fuck did numcpu 1 magically get turned into numcpu 2?!?!?!
 

[Fish-Git]

Enrico,

Please try the following patch (also attached):

--- hyperion-1/config.c	2022-03-27 07:43:20.649669000 -0700
+++ hyperion-0/config.c	2022-03-28 06:06:49.151999600 -0700
@@ -1200,7 +1200,8 @@
     }
 
     /* Make sure we did that right */
-    ASSERT( sysblk.cpus == numcpu && numcpu <= sysblk.maxcpu );
+    while (sysblk.cpus != numcpu)
+        usleep(10000);
 
     return 0;
 }

It's a workaround, not a fix (I was too lazy to pinpoint the exact location where the obvious race was), but it should hopefully prevent the problem from occurring. (I was unable to reproduce it, but I will keep trying.)

Thanks.

• numcpu.zip

[wrljet]

(WTF?!)

How the fuck did numcpu 1 magically get turned into numcpu 2?!?!?!

I ran it through the same macOS Big Sur 11.6.5, with xcode tools 13.2, but on x86.

Similar-ish failure. See the end of the log.

(Fish, note, this is without your patch)

• allTests.out-macos-clang13-x86.txt

[wrljet]

Fish, with the patch, it hangs in that new while loop.

bill@Bills-MacBook-Air-2 hercules-helper % tail ~/herctest/hyperion/build/allTests.out
10:06:45 HHC01603I r 500=FF            # And then force our test to stop
10:06:45 HHC02290I A:0000000000000000  K:06
10:06:45 HHC02290I R:0000000000000500  FF                                   .
10:06:45 HHC02264I Script 2: file ../tests/CBUC.subtst processing ended
10:06:45 HHC00809I Processor CP01: disabled wait state 0002000000000000 0000000000000000
10:06:45 HHC00809I Processor CP00: disabled wait state 0002000000000000 0000000000000000
10:06:45 HHC02334I Script 1: test: test ended
10:06:45 HHC02338I Script 1: test: actual duration: 20.001985 seconds
10:06:45 HHC01603I *Done
10:06:45 HHC01603I numcpu      1     # (reset back to default)

[Fish-Git]

@atncsj6h

Hope that the data is enough to provide some hints.

enrico

• crash_info.zip

I would prefer to see a gdb crash dump, not a mac crash file. Analysis of a gdb crash dumo (.core file) should tell us exactly where the crash occurred. Note that you need to build with "--enable-optimization=yes" (or, if you are specifying your own custom optimization flags, you will need to be sure to also include the -g -g3 and -ggdb3 flags). If those flags aren't specified, then the resulting .core file will be useless.

Once we have a good gdb .core file, then we should be able to analyze it to determine exactly where the segfault occurred. See GitHub Issue #199 "How to analyze a Linux "core" file (i.e. crash dump)" for details.

Thanks.

[Fish-Git]

@wrljet

I ran it through the same macOS Big Sur 11.6.5, with xcode tools 13.2, but on x86.

Similar-ish failure. See the end of the log.

Same thing to you too, Bill: since you're able to reproduce the crash too, having a gdb .core file that we can analyze will help tremendously with determining exactly where (and thus hopefully why as a result!) the crash occurred.

But you need to first enable crash dumps on your system.

Looking at your log, I'm seeing:

18:47:22 HHC00017W Crash dumps NOT enabled

and:

    +++ OOPS! +++

Hercules has crashed! (Segmentation fault: 11)

Crash dump NOT created due to ulimit setting...

Refer to GitHub Issue #199 "How to analyze a Linux "core" file (i.e. crash dump)" for details regarding how to enable crash dumps (i.e. ".core" files).

Thanks.

[wrljet]

Hercules has crashed! (Segmentation fault: 11)

Crash dump NOT created due to ulimit setting...

Refer to GitHub Issue #199 "How to analyze a Linux "core" file (i.e. crash dump)" for details regarding how to enable crash dumps (i.e. ".core" files).

FWIW those instructions need to be updated for macOS, and lldb, which would be the default for most Mac users.

ulimit alone doesn't do the trick. There is a /cores directory that is off limits to users by default, preventing generation of core files. (Hercules-Helper announces this situation during its system diagnostics, but doesn't provide instructions on correcting it.) It can be unlocked with sudo chmod a+rwx /cores

And then lldb's commands are quite a bit different than gdb's.

In any case, here's some output from my crash. When I turned off optimization to try to get better results in the traceback, then of course the problem went away.

bill@Bills-MacBook-Air-2 herctest % lldb hyperion/build/.libs/hercules -c /cores/core.91453 
(lldb) target create "hyperion/build/.libs/hercules" --core "/cores/core.91453"
Core file '/cores/core.91453' (x86_64) was loaded.

(lldb) frame variable
libherc.dylib was compiled with optimization - stepping may behave oddly; variables may not be available.
(const int) target_mode = <no location, value may have been optimized out>

(const bool) clear = <no location, value may have been optimized out>

(const bool) ipl = <no location, value may have been optimized out>

(const int) cpu = <no location, value may have been optimized out>

(int) rc = <variable not available>

(int) regs_mode = 1
(CPU_BITMAP) mask = 1
(int) n = 0
(REGS *) regs = NULL
(int) architecture_switch = <no location, value may have been optimized out>

(bool) wait = true
(int) i = <variable not available>

(lldb) bt 
* thread #1, stop reason = signal SIGSTOP
  * frame #0: 0x000000010042cfce libherc.dylib`z900_system_reset(target_mode=<unavailable>, clear=<unavailable>, ipl=<unavailable>, cpu=<unavailable>) at ipl.c:222:36 [opt]
    frame #1: 0x000000010042e299 libherc.dylib`system_reset(target_mode=<unavailable>, clear=<unavailable>, ipl=<unavailable>, cpu=<unavailable>) at ipl.c:916:33 [opt] [artificial]
    frame #2: 0x00000001003f24df libherc.dylib`sysclear_cmd [inlined] reset_cmd(clear=true) at hscpufun.c:288:14 [opt]
    frame #3: 0x00000001003f249a libherc.dylib`sysclear_cmd(ac=<unavailable>, av=0x00007ffeefa06dd0, cmdline=<unavailable>) at hscpufun.c:347:15 [opt]
    frame #4: 0x000000010022900d libherc.dylib`CallHercCmd(argc=1, argv=0x00007ffeefa06dd0, cmdline="sysclear") at cmdtab.c:373:26 [opt]
    frame #5: 0x00000001002292ed libherc.dylib`DoCallHercCmdLine(pszCmdLine="sysclear", internal='\0') at cmdtab.c:428:15 [opt]
    frame #6: 0x000000010022a0c6 libherc.dylib`the_real_panel_command [inlined] HercCmdLine(pszCmdLine=<unavailable>) at cmdtab.c:463:12 [opt]
    frame #7: 0x000000010022a0bf libherc.dylib`the_real_panel_command(cmdline=<unavailable>) at cmdtab.c:833:14 [opt]
    frame #8: 0x000000010046d9c8 libherc.dylib`process_script_file(script_name="allTests.testin", isrcfile=<unavailable>) at script.c:847:9 [opt]
    frame #9: 0x000000010046d5ec libherc.dylib`process_script_file(script_name="allTests.testin", isrcfile=true) at script.c:749:14 [opt]
    frame #10: 0x0000000100422b34 libherc.dylib`process_rc_file(dummy=0x0000000000000000) at impl.c:693:9 [opt]
    frame #11: 0x000000010042208c libherc.dylib`impl(argc=9, argv=0x00007ffeefa12830) at impl.c:1394:9 [opt]
    frame #12: 0x00000001001f0c8e hercules`main(ac=9, av=0x00007ffeefa12830) at bootstrap.c:142:10 [opt]
    frame #13: 0x00007fff20832f3d libdyld.dylib`start + 1
(lldb) 

You'll note: (REGS *) regs = NULL, so I guess it crashed trying regs->cpustate.

regs was just loaded before the failing line 222, regs = sysblk.regs[ i ];

Also, Fish, that Thread Sanitizer report I emailed you earlier today mentions data races on the sysblk.

Bill

[wrljet]

Fish,

Not suggesting this is a fix, but it is a tidbit of additional info: the following patch makes it (make check) work for me:

diff --git a/ipl.c b/ipl.c
index 0d837cfe..ec60ae7a 100644
--- a/ipl.c
+++ b/ipl.c
@@ -219,7 +219,9 @@ int ARCH_DEP( system_reset )( const int target_mode, const bool clear,
 
                 regs = sysblk.regs[ i ];
 
-                if (regs->cpustate != CPUSTATE_STOPPED)
+                // WRL
+                // if (regs->cpustate != CPUSTATE_STOPPED)
+                if (regs == NULL || regs->cpustate != CPUSTATE_STOPPED)
                 {
                     wait = true;

[Fish-Git]

Refer to GitHub Issue #199 "How to analyze a Linux "core" file (i.e. crash dump)" for details regarding how to enable crash dumps (i.e. ".core" files).

FWIW those instructions need to be updated for macOS, and lldb, which would be the default for most Mac users.

Okaaay...   Could you do me a favor and edit a few of the existing comments and/or add some new comments to that GitHub Issue to document how one does it on a Mac please? Thanks!

The bottom line is, in such situations (where Hercules is segfault-ing), we really, REALLY need to see a gdb (or lldb or whatever!) dump that shows us a backtrace that includes source files and line numbers of the thread that crashed, so we can see exactly where Hercules is crashing.

And knowing where it's crashing, is usually enough to tell us why it's crashing too.

[Fish-Git]

This patch makes it (make check) work:
[...]

Yeah, that should do it.

As well as, I believe (hope!), the following tweaked version of my previous patch will too:

--- hyperion-1/config.c	2022-03-27 07:43:20.649669000 -0700
+++ hyperion-0/config.c	2022-03-28 18:21:24.439913500 -0700
@@ -1199,9 +1199,6 @@
             configure_cpu( cpu );
     }
 
-    /* Make sure we did that right */
-    ASSERT( sysblk.cpus == numcpu && numcpu <= sysblk.maxcpu );
-
     return 0;
 }
 
@@ -1222,6 +1219,10 @@
     }
     RELEASE_INTLOCK( NULL );
 
+    /* Make sure we did that right */
+    while (sysblk.cpus != numcpu)
+        usleep(10000);
+
     return rc;
 }
 
@@ -1258,6 +1259,11 @@
         resetAllCpuIds();
     }
     RELEASE_INTLOCK( NULL );
+
+    /* Make sure we did that right */
+    while (sysblk.maxcpu != maxcpu)
+        usleep(10000);
+
     return rc;
 }
 

My bug was checking (looping on) the value with intlock held. The check (loop) should be outside of holding intlock.

• numcpu-try2.zip

Please let me know whether the above patch also fixes the problem or not.

Thanks.

[wrljet]

Refer to GitHub Issue #199 "How to analyze a Linux "core" file (i.e. crash dump)" for details regarding how to enable crash dumps (i.e. ".core" files).

FWIW those instructions need to be updated for macOS, and lldb, which would be the default for most Mac users.

Okaaay... Could you do me a favor and edit a few of the existing comments and/or add some new comments to that GitHub Issue to document how one does it on a Mac please? Thanks!

Yes, I'll do that.

[wrljet]

As well as, I believe (hope!), the following tweaked version of my previous patch will too:

--- hyperion-1/config.c	2022-03-27 07:43:20.649669000 -0700
+++ hyperion-0/config.c	2022-03-28 18:21:24.439913500 -0700
@@ -1199,9 +1199,6 @@
             configure_cpu( cpu );
     }
 
-    /* Make sure we did that right */
-    ASSERT( sysblk.cpus == numcpu && numcpu <= sysblk.maxcpu );
-
     return 0;
 }
 
@@ -1222,6 +1219,10 @@
     }
     RELEASE_INTLOCK( NULL );
 
+    /* Make sure we did that right */
+    while (sysblk.cpus != numcpu)
+        usleep(10000);
+
     return rc;
 }
 
@@ -1258,6 +1259,11 @@
         resetAllCpuIds();
     }
     RELEASE_INTLOCK( NULL );
+
+    /* Make sure we did that right */
+    while (sysblk.maxcpu != maxcpu)
+        usleep(10000);
+
     return rc;
 }
 

My bug was checking (looping on) the value with intlock held. The check (loop) should be outside of holding intlock.

* [numcpu-try2.zip](https://github.com/SDL-Hercules-390/hyperion/files/8367534/numcpu-try2.zip)

Please let me know whether the above patch also fixes the problem or not.

Thanks.

That hangs after logging this:

10:06:15 HHC02264I Script 2: file ../tests/CBUC.subtst processing ended
10:06:15 HHC00809I Processor CP00: disabled wait state 0002000000000000 0000000000000000
10:06:15 HHC00809I Processor CP01: disabled wait state 0002000000000000 0000000000000000
10:06:15 HHC02334I Script 1: test: test ended
10:06:15 HHC02338I Script 1: test: actual duration: 20.001628 seconds
10:06:15 HHC01603I *Done
10:06:15 HHC01603I numcpu      1     # (reset back to default)
10:06:15 HHC00101I Thread id 00007000041b3000, prio 2, name 'Processor CP00' ended
10:06:15 HHC00101I Thread id 00007000045bf000, prio 2, name 'Processor CP01' ended

[atncsj6h]

hi Fish, Bill

what I did
in the .zprofile added
ulimit -c unlimited
not to have to remember to do it by hand before running the tests

as far the /cores permissions things are a bit murkier

sudo chmod 777 /cores

and on the mac-book x86_65 with Big Sur 11.6.5
I got the core dump and the lldb bt commands gave the same results

and now the big why oh why

on mac-mini arm64 with Big Sur 11.6.5
did the same steps

and ... no core dump was produced

the two big sur installation are ONLY APPARENTLY similar
the mac-mini install was the factory one
the mac-book install was an upgrade ( install over an existing catalina )

mi guess is that some preferences were not overwritten
( can be inferred by small little different behaviors )

btw ...
I downloaded from the github repository clang 14.0.0
and the results were the same

an additional remark ( holds for apple )
the exports for the DYLD_LIBRARY_PATH and LD_LIBRARY_PATH
are not passed to a shell script ( system integrity ), that' s
the reason why the 3211 test does not run
when using the libtool wrapper

enrico

[wrljet]

I have thus far been unwilling to update the Xcode-tools to 13 on my Mac M1 hardware.
I'm not confident enough on macOS yet (or ever?) to do that and not know how to back out of it.

I had a hell of a time just getting a Python package installed.

But yes, I've run Clang 14 on the x86 and it acts the same as 13 re: this issue.

Bill

[Fish-Git]

I got the core dump and the lldb bt commands gave the same results

The same results as ................... ? What?

The same results as Bill's?

Or the same results as the "hercules_2022-03-27-221940_enrico-macmini.crash.txt" file in your original crash_info.zip file attached to your original report?

I need your clarification on this, because Bill's dump properly shows the filenames and line numbers in its lldb bt command (which is good because that is what we need to see!), whereas the report that was included in your original crash_info.zip file ("hercules_2022-03-27-221940_enrico-macmini.crash.txt") does not have any filenames or line numbers.

If the lldb of your /core files are not showing Hercules filenames and line numbers in its bt backtrace command, then it's probably because your Hercules was not built with the proper debugging information.

For non-Apple builds, this is the -g -g3 and -ggdb3 optimization options that are normally automatically specified by the ./configure --enable-optimization=yes option.

For Apple builds, I don't know what the proper options should be, since it uses lldb and not gdb. Does lldb need the same -g -g3 and -ggdb3 options? Or does it need slightly different build options to include source file names and line numbers in its debugging information? I don't know!

But someone needs to find out and then document it (and add support for it in configure.ac too) so we don't have these types of problems in the future.

and now the big why oh why

on mac-mini arm64 with Big Sur 11.6.5 did the same steps

and ... no core dump was produced

And THAT is the system that is experiencing the problem? (the crash?) Correct?

Damn! :(

Well, we need to figure out why and get it fixed, because we NEED that dump so we can see where Hercules is crashing! But for now I am going to presume it is crashing in the same place as it is on Bill's system: on line 222 of ipl.c, in the ARCHDEP( system_reset ) function, which Bill already has a "fix" (workaround) for. (*)

---

(*) Which at this point I would suggest we go ahead and commit since my own workaround attempts have all thus far failed miserably!  :(

We're obviously going to need to dig deeper to determine precisely where/why our obvious race condition is occurring so we can develop a more proper fix instead of a workaround.

(I hate workarounds! I'd rather get to the root of the problem and fix it than use a workaround. To me, workarounds are like bandaids: they only treat the symptom but not the cause.)

[wrljet]

If the lldb of your /core files are not showing Hercules filenames and line numbers in its bt backtrace command, then it's probably because your Hercules was not built with the proper debugging information.

For non-Apple builds, this is the -g -g3 and -ggdb3 optimization options that are normally automatically specified by the ./configure --enable-optimization=yes option.

For Apple builds, I don't know what the proper options should be, since it uses lldb and not gdb. Does lldb need the same -g -g3 and -ggdb3 options? Or does it need slightly different build options to include source file names and line numbers in its debugging information? I don't know!

FWIW, Hercules-Helper (which Enrico mentioned he was using) puts in the -g -g3 and -ggdb3 by default.
And those worked for me to get source line numbers.

But I know absolutely nothing about the Apple crash logs, and/or if those ever have source line information.
I literally never heard of those before yesterday.

[wrljet]

Fish, we could also re-title this issue to mention something along the lines of: "Crash with null pointer reference during NUMCPU command, on macOS with Clang 13 and 14".

[atncsj6h]

short summary/clarification:

I did everything over from scratch on the mac-mini silicon
and did it for the first time on the mac-book Intel
the results as far as the crash were the same

my point was to show the different behavior on systems
that should behave the same way

on the intel I got the dump and ( lldb ) bt showed the same line numbers as Bill' s

On the silicon I got the crash with no dump,
I will open an issue on the apple developers list

enrico

PS for Bill
go to utility, console, click on crash reports
and You get a short resume of the crash ...
dll' s back trace, withot the line numbers

[Fish-Git]

Fish, we could also re-title this issue to mention something along the lines of: "Crash with null pointer reference during NUMCPU command, on macOS with Clang 13 and 14".

Done!

[Fish-Git]

on the intel I got the dump and ( lldb ) bt showed the same line numbers as Bill' s

On the silicon I got the crash with no dump

I will open an issue on the apple developers list

Thank you for the clarification, Enrico. Much appreciated.

Please do let us know what Apple has to say about this.

It is, after all, rather difficult to debug a crash when you don't know where the crash is occurring!

[atncsj6h]

Hi Bill, Fish

unfortunately the situation is worse ...

on apple I applied both patches
Bill's patch to ipl.c
Fish's patch 2 to config.c

and the make check hangs

then I reverted Fish's patch 2

and at the same time I got the idea to test also on Fedora35 using clang

on Fedora35 clang 13 ( the original ipl.c )
and apple Big Sur clang 13 ( the patched ipl.c )

the test suite runs happily without crashing
but on both systems I get

>>>>> line 76230: Storage compare mismatch.
                  Want: R:0000000000000A00 FFFFFFFF  
                  Got:  R:0000000000000A00 FFF1F2F3
                  
                  The failure of this test indicates one or more of the CPUs failed
                  to properly update the indicated word to indicate it has completed
                  its job.
                  
                  The word starts out as F0F1F2F3 and as each CPU finishes its loop
                  it changes its corresponding value to FF.  Thus the ending value
                  reported by the failure indicates which of the CPUs failed to
                  properly update its flag.
                  
                  For example: if the ending value is FFFFFFF3, it means CP03 failed
                  to update its flag.  If the ending value is FFFFF2F3 it means both
                  CP02 and CP03 failed to update their flags, etc.
                  
                  The failure of this test therefore indicates either the runtest
                  statement timed out, the implementation of the runtest statement
                  itself is flawed (it should never wakeup early), or else some other
                  part of Hercules is broken.
                  
Test "runtest4: all cpus 1-4 seconds":  1 OK compares.  One failure.

the line number is differenty for Fedora 76260 ( might be to different environments )

just to let You know

enrico

PS
tomorrow I will take a shot at FreeBSD

[atncsj6h]

Hi Fish

a quick and dirty FreeBSD 13 with Clang 13, attempt gave back
( I had to manually fix config.h to disable HDL_USE_LIBTOOL )

Test "ESA/390  LPAR  FMT-0  CPUs = 2":  2 OK compares.  All pass.
Test "ESA/390  LPAR  FMT-1  CPUs = 2":  2 OK compares.  All pass.
Test "z/Arch  BASIC  FMT-0  CPUs = 1":  2 OK compares.  All pass.
>>>>> line 78588: Storage compare mismatch.
                  Want: R:0000000000000200 00066666 44440000  
                  Got:  R:0000000000000200 AA066666 44440000
Test "z/Arch  BASIC  FMT-1  CPUs = 1":  1 OK compares.  One failure.
Test "z/Arch  LPAR  FMT-0  CPUs = 1":  2 OK compares.  All pass.
Test "z/Arch  LPAR  FMT-1  CPUs = 1":  2 OK compares.  All pass.

is the issue related to the current one
or should open a new ticket ?

enrico

[Fish-Git]

on apple I applied both patches Bill's patch to ipl.c Fish's patch 2 to config.c

Mistake!   My config.c patch is BAD.   It should NOT be used.

and the make check hangs

Because my config.c patch is bad.  Please don't use it.

then I reverted Fish's patch 2

Good!

the test suite runs happily without crashing but on both systems I get

>>>>> line 76230: Storage compare mismatch.
                  Want: R:0000000000000A00 FFFFFFFF  
                  Got:  R:0000000000000A00 FFF1F2F3

[...]

Test "runtest4: all cpus 1-4 seconds":  1 OK compares.  One failure.

Interesting!

Methinks we might now be getting a bit closer to the actual root of the problem!

Enrico, if you still have it (or can you please recreate it if you don't), would you please attach the ".out" output file that the runtest (make check) should have created? I would very much like to see it!

I'm beginning to suspect maybe(?) our problem might(?) stem from the following, which I'm seeing in Enrico's original problem report (file "allTests.out" in his "crash_info.zip" attachment):

22:19:19 HHC00112W Thread CPU Time is NOT available.

Precisely how it might impact/trigger our existing problem I'm not quite sure yet, but it's something timing related, and the above HHC00112W warning message is related to timers (as is the failing "runtest4" too!).

[wrljet]

I get this, too, on macOS x86 with Clang 14, and Fedora 35 with Clang 13.
(of course Fedora works with gcc)

Storage compare mismatch.
Want: R:0000000000000A00 FFFFFFFF  
Got:  R:0000000000000A00 FFF1F2F3

[wrljet]

Fish,

22:19:19 HHC00112W Thread CPU Time is NOT available.

Precisely how it might impact/trigger our existing problem I'm not quite sure yet, but it's something timing related, and the above HHC00112W warning message is related to timers (as is the failing "runtest4" too!).

There are plenty of warning messages because getrusage() used in Hercules is assuming a non-Posix Linux enhancement to
the functionality, which macOS (BSD based) does not support. (and in fact this has been on my list to bring up and address
for months)

Just keep in mind, though, the tests works fine with Clang 12 (and older Clangs on older macOS versions).

[atncsj6h]

here is the allTests.out
e

• alltests.out.zip

[atncsj6h]

pleas remember I got the same ffffff fff1f2f3 mismatch on fedora without any patches applied

[Fish-Git]

here is the allTests.out e

• alltests.out.zip

THANK YOU!

This confirms our problem is the same one we've been chasing all along:

There's a flaw (obvious race condition) in our numcpu and maxcpu command handling (i.e. in our configure_cpu, deconfigure_cpu and/or configure_numcpu_intlock_held functions in config.c).

Take a look at this:

(Note: some lines not shown; only "interesting" lines are shown.)

21:19:00 HHC01603I * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
21:19:00 HHC01603I *
21:19:00 HHC01603I * Start of test file ../tests/runtest0.tst date in /Users/enrico/hercules.SDL/work/hyperion/tests
21:19:00 HHC01603I *
[...]
21:19:00 HHC01603I *Testcase runtest0: all cpus 0 seconds
21:19:00 HHC01603I * ----------------------------------------------------------------------------
21:19:00 HHC01603I *
21:19:00 HHC01603I numcpu      4           #  Total CPUs needed for this test...
21:19:00 HHC00100I Thread id 000000016e753000, prio 2, name 'Processor CP01' started
21:19:00 HHC00811I Processor CP01: architecture mode z/Arch
21:19:00 HHC00100I Thread id 000000016e85f000, prio 2, name 'Processor CP02' started
21:19:00 HHC00811I Processor CP02: architecture mode z/Arch
21:19:00 HHC00100I Thread id 000000016e96b000, prio 2, name 'Processor CP03' started
21:19:00 HHC00811I Processor CP03: architecture mode z/Arch
21:19:00 HHC02204I NUMCPU         set to 4
[...]
21:19:00 HHC01603I * Start the test and wait for completion...
21:19:00 HHC01603I *
21:19:00 HHC02336I Script 1: test: test starting
21:19:00 HHC02339I Script 1: test: duration limit: 0.800000 seconds
21:19:00 HHC02228I restart key pressed
21:19:00 HHC02333I Script 1: test: running...
21:19:00 HHC00814I Processor CP00: SIGP Set architecture mode            (12) CP00, PARM 0000000000000001: CC 1 status 00000100
21:19:00 HHC00809I Processor CP00: disabled wait state 0002000180000000 0000000000000000
21:19:00 HHC00809I Processor CP01: disabled wait state 0002000180000000 0000000000000000
21:19:00 HHC00809I Processor CP02: disabled wait state 0002000180000000 0000000000000000
21:19:00 HHC00809I Processor CP03: disabled wait state 0002000180000000 0000000000000000
21:19:00 HHC02334I Script 1: test: test ended
21:19:00 HHC02338I Script 1: test: actual duration: 0.000369 seconds
[...]
21:19:00 HHC01603I numcpu      1           #  Clean up own mess
21:19:00 HHC02204I NUMCPU         set to 4
21:19:00 HHC01603I * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
21:19:00 HHC01603I *
21:19:00 HHC01603I * Start of test file ../tests/runtest4.tst date in /Users/enrico/hercules.SDL/work/hyperion/tests
21:19:00 HHC01603I *
[...]
21:19:00 HHC01603I *Testcase runtest4: all cpus 1-4 seconds
21:19:00 HHC00101I Thread id 000000016e647000, prio 2, name 'Processor CP00' ended
21:19:00 HHC01603I * ----------------------------------------------------------------------------
21:19:00 HHC01603I *
21:19:00 HHC01603I numcpu      4           #  Total CPUs needed for this test...
21:19:00 HHC02389E CPUs must be offline or stopped
21:19:00 HHC00007I Previous message from function 'numcpu_cmd' at hsccmd.c(3952)
21:19:00 HHC01603I *
21:19:00 HHC01603I * ----------------------------------------------------------------------------
21:19:00 HHC01603I *
21:19:00 HHC01603I defsym  secs0     1     #  Loop duration in seconds for each CPU...
21:19:00 HHC01603I defsym  secs1     2
21:19:00 HHC00101I Thread id 000000016e753000, prio 2, name 'Processor CP01' ended
21:19:00 HHC01603I defsym  secs2     3
21:19:00 HHC00101I Thread id 000000016e96b000, prio 2, name 'Processor CP03' ended
21:19:00 HHC01603I defsym  secs3     4
21:19:00 HHC00101I Thread id 000000016e85f000, prio 2, name 'Processor CP02' ended
21:19:00 HHC01603I *
[...]
21:19:00 HHC01603I sysclear                #  Clear the world
21:19:00 HHC00100I Thread id 000000016ea77000, prio 2, name 'Processor CP00' started
21:19:00 HHC00811I Processor CP00: architecture mode z/Arch
21:19:00 HHC00811I Processor CP00: architecture mode ESA/390
21:19:00 HHC02311I sysclear completed
21:19:00 HHC01603I archmode z/Arch         #  Set z/Arch mode
21:19:00 HHC00811I Processor CP00: architecture mode z/Arch
21:19:00 HHC02204I ARCHLVL        set to z/Arch
[...]
21:19:00 HHC01603I * Start the test and wait for completion...
21:19:00 HHC01603I *
21:19:00 HHC02336I Script 1: test: test starting
21:19:00 HHC02339I Script 1: test: duration limit: 21.000000 seconds
21:19:00 HHC02228I restart key pressed
21:19:00 HHC02333I Script 1: test: running...
21:19:00 HHC00814I Processor CP00: SIGP Set architecture mode            (12) CP00, PARM 0000000000000001: CC 1 status 00000100
21:19:00 HHC00814I Processor CP00: SIGP Restart                          (06) CP01, PARM 0000000000000000: CC 3
21:19:01 HHC00809I Processor CP00: disabled wait state 0002000180000000 0000000000000000
21:19:01 HHC02334I Script 1: test: test ended
21:19:01 HHC02338I Script 1: test: actual duration: 0.562810 seconds
[...]
21:19:01 HHC01603I *Compare
21:19:01 HHC01603I r a00-a03
21:19:01 HHC02290I A:0000000000000000  K:06
21:19:01 HHC02290I R:0000000000000A00  FFF1F2F3                             .123
21:19:01 HHC01603I *Want FFFFFFFF

The setting of numcpu 4 for runtest0 succeeded, but after the test completed, it issued a numcpu 1 to clean things up for the next test, which failed with the message HHC02204I NUMCPU set to 4!!

Then runtest4 begins its setup, and one of the first things it does is issue a numcpu 4 command (because it too also needs 4 cpus for its test), but it fails with HHC02389E CPUs must be offline or stopped because the actual shutting down (deconfiguring) of the other cpu threads hadn't completed yet. CPUs 1, 2 and 3 were still running! (Their threads hadn't exited yet!)

As a result, runtest4 ends up being run with only ONE cpu being online (instead of the expected 4). This results in only FLAG0 being set (because CPU 0 was the only CPU running!), resulting in an unsurprising test failure.

Our bug is in our configuring/deconfiguring of our CPU threads. They're not properly waiting for the actual requested cpu thread to begin or end (start or exit) before returning, resulting in a race condition when the next numcpu command comes along before the previous request has actually finished its job. THAT was what I was trying to fix (workaround) with my earlier patch attempts.

Let me take a closer look at our configure/deconfigure cpu logic to see if I can find where our bug is and how best to fix it.   :(

[Fish-Git]

Yeah, I'm quite sure we're looking at more than one issue here.

No, we're actually not. It's been the same bug all along. Even your patch to ipl.c's system_reset function to workaround the crash is actually just a symptom of our underlying flaw in our cpu configuring/deconfiguring logic. Refer to my previous comment just above.

[atncsj6h]

for VM management I use Vagrant and VirtualBox
I installed FreeBSD 13.0 STABLE

as you know for FreeBSD clang is the standard compiler suite
and it comes with the system

usually on vagrant boxes the first thing I do is to update the system
sudo pkg update - to update the repositories info
sudo pkg upgrade - you upgrade the singlr packages

without your patch i got consistently the crash
with your patch I got a cpuple of times a clean run
and many more runs with the usual FFFFFFFF FFF1F2F3 mismatch
running in a virtual machine prpbably there are delays and the error does not show up

the first build failed with gazillions of errors about RTLD_NOW duplicated defines
but when I undefined the HDL_USE_LIBTOOL macro in config.h
everything went fine

how did You get the '--without-included-ltdl' flag to configure ?

e

[wrljet]

Enrico,

for VM management I use Vagrant and VirtualBox I installed FreeBSD 13.0 STABLE

I installed this one: FreeBSD-13.0-RELEASE-amd64-dvd1.iso

as you know for FreeBSD clang is the standard compiler suite and it comes with the system

Yes

usually on vagrant boxes the first thing I do is to update the system
sudo pkg update - to update the repositories info
sudo pkg upgrade - you upgrade the singlr packages

I updated and upgraded pkg. Also installed GUI window manager.
This left me with Clang 11.

I installed git with pkg install.
Cloned Hercules-Helper with git, changed the config to use develop branch, and it built w/o any problem.

without your patch i got consistently the crash
with your patch I got a cpuple of times a clean run
and many more runs with the usual FFFFFFFF FFF1F2F3 mismatch
running in a virtual machine prpbably there are delays and the error does not show up

Note, that ipl.c patch was just to avoid a crash from a NULL pointer reference.
It doesn't fix the underlying threading/locking/waiting issue.

the first build failed with gazillions of errors about RTLD_NOW duplicated defines
but when I undefined the HDL_USE_LIBTOOL macro in config.h
everything went fine

how did You get the '--without-included-ltdl' flag to configure ?

e

--without-included-ltdl will be determined automatically by configure if the prerequisites are all present.
Your gazillion errors would be an indication some of the required packages were not present, so Hercules-Helper
did not set up the INCLUDE and LIB variables.

Please zip and send me the hyperion-buildall-2022...log from your first failed attempt before you tried any
corrective action. Then I should be able to see what it thought was going on.

Bill

[atncsj6h]

(missing attachment from previous comment):

• FreeBSD13_info.zip

ltdl.h is used. We need to use it and the accompanying shared lib provided by the system.

sorry Bill... I strongly disagree
I just ran a bbedit search on the original sources and there no trace of an include of ltdl.h

find attached some odd examples of runs

• allTests_misc_logs.zip

[Fish-Git]

* * * BREAKING NEWS! * * *

"Heisenbug strike actually helped a programmer's bug hunt!"

I added some debugging code (ptt trace calls) in a few key places throughout Hercules to try and hopefully catch our numcpu bug (wherein the numcpu command reports a value different from the one that was requested, which is at the root of our problem) with the intention of providing a patch for Enrico (and/or Bill) to try, since I was never able to reproduce the problem on my own system.

BUT... when I went to test it (just to make sure I didn't have any programming errors before offering it to Enrico/Bill (my first test crashed due to a stupid oversight)), guess what?

IT TRIPPED!   (i.e. triggered, i.e. the bug struck!)

Without my debugging code (i.e. with no changes to the current 'develop' git branch), I'm unable to reproduce the problem.

WITH my debugging code however, I am able to reproduce the problem 100% of the time!

But oddly enough, only for Release builds. With a Debug build I can never reproduce it. It always works fine. When I try the same thing with an optimized Release build however (which are much faster than unoptimized Debug builds), the problem occurs every single time.

(Hint: you only need to run the "runtest0.tst" test. That should be good enough to trigger the bug. If the numcpu 1 command that the test ends with reports that numcpu was set to 4, then the bug has obviously struck.)

NOTE:  I have not had time to analyze my ptt trace output yet, so I don't know what the bug is yet and thus do not yet have a fix ready. I will be doing that as soon as I post this GitHub Issue comment, and will let you know in a subsequent comment what I've found. I just wanted to pass on to you two that, THANKFULLY, I am now able to reproduce the problem on my system, so I can now begin digging into things to try and find where Hercules is going wrong and then develop a fix for it.

That's all for now.

[Fish-Git]

BUG FOUND!   Here's the fix:

1. Please remove all previous patches you may have applied
2. Do git pull (or re-clone) to bring your local repository current with remote.
   (If you re-clone, don't forget to switch to the 'develop' branch)
3. Apply the following patch:

• numcpu-fix.zip

4. Confirm the above patch does indeed fix your problem.

Thanks!

--- hyperion-1/config.c	2022-03-30 20:18:02.673086100 -0700
+++ hyperion-0/config.c	2022-03-30 20:21:18.203829500 -0700
@@ -1120,9 +1120,12 @@
         int   ourcpu;
         bool  arecpu  = are_cpu_thread( &ourcpu );
 
-        /* If we're NOT trying to deconfigure ourselves */
-        if (target_cpu != ourcpu)
+        if (!arecpu || target_cpu != ourcpu)  // NORMAL CASE
         {
+            /* We're either not a CPU thread, or if we are,
+               we're not attempting to deconfigure ourself.
+            */
+
             /* Deconfigure CPU */
             sysblk.regs[ target_cpu ]->configured = 0;
             sysblk.regs[ target_cpu ]->cpustate = CPUSTATE_STOPPING;
@@ -1143,6 +1146,7 @@
             if (arecpu)
                 sysblk.regs[ ourcpu ]->intwait = false;
 
+            /* Wait for cpu_thread to completely exit */
             join_thread( sysblk.cputid[ target_cpu ], NULL );
             detach_thread( sysblk.cputid[ target_cpu ]);
 
@@ -1152,9 +1156,14 @@
             /*       post-processing that is done by various callers.    */
             /*-----------------------------------------------------------*/
         }
-        else
+        else // (arecpu && target_cpu == ourcpu)    HIGHLY UNUSUAL!
         {
-            /* Else we ARE trying to deconfigure ourselves */
+            /* We ARE a cpu thread *AND* we're trying to deconfigure
+               ourself! This can only happen if B220 SERVC instruction
+               is executed to deconfigure its own CPU, or else the CPU
+               issues a Hercules command via the diagnose-8 interface
+               to deconfigure its own CPU (i.e. itself).
+            */
             sysblk.regs[ target_cpu ]->configured = 0;
             sysblk.regs[ target_cpu ]->cpustate = CPUSTATE_STOPPING;
             ON_IC_INTERRUPT( sysblk.regs[ target_cpu ]);
@@ -1203,9 +1212,6 @@
             configure_cpu( cpu );
     }
 
-    /* Make sure we did that right */
-    ASSERT( sysblk.cpus == numcpu && numcpu <= sysblk.maxcpu );
-
     return 0;
 }
 

[atncsj6h]

Hi again Fish,

We are not completely out of the tunnel yet, but what I see is the light, not the train.

I run the tests on Freebsd13 running in virtualbox vm.

The name of the allTests* files should tell the error (see attachment further below).

I ran the make check well around 25 times, and I got the compare mismatch just once, while getting the HHC02332 "timeout" failure:

>>>>> 1 test(s) failed catastrophically.  Bug in Hercules or Testcase is likely. <<<<<

much more often.

My workaround was to hard code in the runtest script a -t5.0 instead of the original -t2.0, as just a wild guess for a higher timeout value .

(As a related issue, the runtest script should be fixed to properly process the passed args; John probably was aware of that because he hard coded the timeout value instead of doing a proper check for the argument presence.)

With the workaround, I now get no HHC02332 failures at all.

Here is the file anyway:

• FreeBSD.zip

enrico

[wrljet]

BUG FOUND! Here's the fix:

1. Please remove all previous patches you may have applied

2. Do git pull (or re-clone) to bring your local repository current with remote.
   (If you re-clone, don't forget to switch to the 'develop' branch)

3. Apply the following patch:


* [numcpu-fix.zip](https://github.com/SDL-Hercules-390/hyperion/files/8385734/numcpu-fix.zip)


4. Confirm the above patch does indeed fix your problem.

Fish,
Get a load of this!

For me, on macOS with Clang 13, and Fedora 35 with Clang 13, the commit before your fix,
Make 'are_cpu_thread' and 'is_diag_instr' bool, not BYTE ( bcd9131 ) fixes the issue.

Bill

P.S. My mood continues to deteriorate!

[Fish-Git]

We are not completely out of the tunnel yet, but what I see is the light, not the train.

Actually we ARE completely out of the tunnel!  The original reported problem has been resolved.  The patch worked.  The numcpu command is now working properly and you are no longer crashing.  This GitHub Issue has now been successfully resolved.  I will be committing the fix, and once I do, I will be closing this issue as having been resolved.

What we are now experiencing are completely different unrelated problems, which we should be creating brand new GitHub Issues for:

1. OORexx not loading. Either it's not installed at all, or it is not installed properly (*), or else it's not working due to item #2 below:

2. The DYLD_LIBRARY_PATH/LD_LIBRARY_PATH and/or HDL_USE_LIBTOOL issue causing Hercules to not build correctly. (I would include the --without-included-ltdl flag and ltdl.h/libltdl issues as being part of this issue as well. I believe they're all related.)

3. A possible (likely?) archlvl bug, similar to the numcpu bug we just fixed, that is causing one of the "stidp.tst" tests to sometimes fail.  (i.e. the 00666666 vs. AA666666 mismatch problem)

I would suggest creating separate (new) GitHub Issues for each of them. I leave it up to you whether you want to create separate GitHub Issues for items #1 and #2 above, or whether you want to create only one GitHub Issue to resolve both problems since they're very likely very closely related.

Item #3 above deserves a completely separate GitHub Issue to be created for it, which I will be doing as soon as I post this message and close THIS issue.

---

(*) One thing that many people forget to do (which can easily impact Hercules, especially its runtest / make check functionality) is to add the necessary code to their .bash_profile (or .profile on Apple?) to auto-start the OORexx "service" (daemon) that Hercules's integrated Rexx support requires. The documentation states it is automatically started the first time Rexx is executed if it's not already running, but that is unfortunately too late for Hercules! It needs to be already loaded and running before Hercules is started. I make it a habit to always add the following to my own .profile:

# To prevent problems with Hercules Rexx loading/starting
# the first time Hercules is started, we need to start the
# rexx daemon first, which is started automatically the
# first time any rexx command is issued.

rexx -v > /dev/null

[Fish-Git]

Fixed by commit 85bd55c.

Closing.

[Fish-Git]

Fish, Get a load of this!

For me, on macOS with Clang 13, and Fedora 35 with Clang 13, the commit before your fix, Make 'are_cpu_thread' and 'is_diag_instr' bool, not BYTE ( bcd9131 ) fixes the issue.

Actually I'm not surprised by that at all since that particular commit accidentally included part of the numcpu fix!

The following change:

hyperion/config.c

Lines 1018 to 1019 in da32975

	if (cpunum)
	*cpunum = -1;

should actually not have been included in commit bcd9131. Commit bcd9131 should have changed ONLY BYTE to bool, and nothing else! The above change (that was accidentally included) is actually part of the numcpu fix, but it got included into commit bcd9131 by accident.

It's actually the combination of both:

hyperion/config.c

Lines 1018 to 1019 in da32975

	if (cpunum)
	*cpunum = -1;

and:

hyperion/config.c

Line 1123 in da32975

if (!arecpu || target_cpu != ourcpu) // NORMAL CASE

that together is what actually properly fixed our numcpu problem. Either one by itself is technically not good enough. Both changes are needed to properly fix the numcpu issue, since we cannot always rely on the value of ourcpu since, before the fix, its value was never being set for the "not a cpu thread" case.

In your particular case (and in many other user's cases too more than likely), yes, it alone will likely fix the problem. But that's not a certainty. The test for arecpu however, in conjunction with a valid ourcpu value being returned, together provide the proper fix for our numcpu handling bug.

P.S. My mood continues to deteriorate!

I'm very sorry to hear that.   :`(

Is there anything I can do to help?

[wrljet]

Hi Bill

• https://unix.stackexchange.com/questions/205089/whats-the-difference-between-the-three-freebsd-versions-current-stable-and-r

• Current is the latest "beta" software.

This is what the developers are working on mainly. It has minimal testing, basically if it compiles they'll push it into the repository. If you're interested in developing or testing development version this is what you're looking for.

Enrico,

I followed a recipe I found on the FreeBSD website, and rebuilt from sources to upgrade/switch from Release to Stable. Took many hours. Everything appeared to work as they claimed.

Now running Clang 13 on FreeBSD 13 STABLE.

Fish,

Tested the latest change/fix, and it does work for me on that system as well.

Bill

[Fish-Git]

Tested the latest change/fix, and it does work for me on that system as well.

Thanks. That's good to hear.

[wrljet]

Also tested now on macOS Monterey 12.3.1 x86, with Apple's xcode-tools / Clang 13.1.6.

Tests pass.