[Bug 1663280] Re: Serious performance degradation of math functions

Daniel Axtens daniel.axtens at canonical.com
Tue Oct 16 03:55:28 UTC 2018


** Description changed:

+ SRU Justification
+ =================
+ 
+ [Impact]
+ 
+  * Severe performance hit on many maths-heavy workloads. For example, a
+ user reports linpack performance of 13 Gflops on Trusty and Bionic and
+ 3.9 Gflops on Xenial.
+ 
+  * Because the impact is so large (>3x) and Xenial is supported until
+ 2021, the fix should be backported.
+ 
+  * The fix avoids an AVX-SSE transition penalty. It stops
+ _dl_runtime_resolve() from using AVX-256 instructions which touch the
+ upper halves of various registers. This change means that the processor
+ does not need to save and restore them.
+ 
+ [Test Case]
+ 
+ Firstly, you need a suitable Intel machine. Users report that Sandy
+ Bridge, Ivy Bridge, Haswell, and Broadwell CPUs are affected, and I
+ have been able to reproduce it on a Skylake CPU using a suitable Azure
+ VM.
+ 
+ Create the following C file, exp.c:
+ 
+ #include <math.h>
+ #include <stdio.h>
+ 
+ int main () {
+   double a, b;
+   for (a = b = 0.0; b < 2.0; b += 0.00000005) a += exp(b);
+   printf("%f\n", a);
+   return 0;
+ }
+ 
+ $ gcc -O3 -march=x86-64 -o exp exp.c -lm
+ 
+ With the current version of glibc:
+ 
+ $ time ./exp
+ ...
+ real    0m1.349s
+ user    0m1.349s
+ 
+ 
+ $ time LD_BIND_NOW=1 ./exp
+ ...
+ real    0m0.625s
+ user    0m0.621s
+ 
+ Observe that LD_BIND_NOW makes a big difference as it avoids the call to
+ _dl_runtime_resolve.
+ 
+ With the proposed update:
+ 
+ $ time ./exp
+ ...
+ real    0m0.625s
+ user    0m0.621s
+ 
+ 
+ $ time LD_BIND_NOW=1 ./exp
+ ...
+ 
+ real    0m0.631s
+ user    0m0.631s
+ 
+ Observe that the normal case is faster, and LD_BIND_NOW makes a
+ negligible difference.
+ 
+ [Regression Potential]
+ 
+ glibc is the nightmare case for regressions as could affect pretty much
+ anything, and this patch touches a key part (dynamic libraries).
+ 
+ We can be fairly confident in the fix generally - it's in the glibc in
+ Bionic, Debian and some RPM-based distros. The backport is based on
+ the patches in the release/2.23/master branch in the upstream glibc
+ repository, and the backport was straightforward.
+ 
+ Obviously that doesn't remove all risk. There is also a fair bit of
+ Ubuntu-specific patching in glibc so other distros are of limited
+ value for ruling out bugs. So I have done the following testing, and
+ I'm happy to do more as required. All testing has been done:
+  - on an Azure VM (affected by the change), with proposed package
+  - on a local VM (not affected by the change), with proposed package
+ 
+  * Boot with the upgraded libc6.
+ 
+  * Watch a youtube video in Firefox over VNC.
+ 
+  * Build some C code (debuild of zlib).
+ 
+  * Test Java by installing and running Eclipse.
+ 
+ Autopkgtest also passes.
+ 
+ [Original Description]
+ 
  Bug [0] has been introduced in Glibc 2.23 [1] and fixed in Glibc 2.25
  [2]. All Ubuntu versions starting from 16.04 are affected because they
  use either Glibc 2.23 or 2.24. Bug introduces serious (2x-4x)
  performance degradation of math functions (pow, exp/exp2/exp10,
  log/log2/log10, sin/cos/sincos/tan, asin/acos/atan/atan2,
  sinh/cosh/tanh, asinh/acosh/atanh) provided by libm. Bug can be
  reproduced on any AVX-capable x86-64 machine.
  
  @strikov: According to a quite reliable source [5] all AMD CPUs and
  latest Intel CPUs (Skylake and Knights Landing) don't suffer from
  AVX/SSE transition penalty. It means that the scope of this bug becomes
  smaller and includes only the following generations of Intel's CPUs:
  Sandy Bridge, Ivy Bridge, Haswell, and Broadwell. Scope still remains
  quite large though.
  
  @strikov: Ubuntu 16.10/17.04 which use Glibc 2.24 may recieve the fix
  from upstream 2.24 branch (as Marcel pointed out, fix has been
  backported to 2.24 branch where Fedora took it successfully) if such
  synchronization will take place. Ubuntu 16.04 (the main target of this
  bug) uses Glibc 2.23 which hasn't been patched upstream and will suffer
  from performance degradation until we fix it manually.
  
  This bug is all about AVX-SSE transition penalty [3]. 256-bit YMM
  registers used by AVX-256 instructions extend 128-bit registers used by
  SSE (XMM0 is a low half of YMM0 and so on). Every time CPU executes SSE
  instruction after AVX-256 instruction it has to store upper half of the
  YMM register to the internal buffer and then restore it when execution
  returns back to AVX instructions. Store/restore is required because old-
  fashioned SSE knows nothing about the upper halves of its registers and
  may damage them. This store/restore operation is time consuming (several
  tens of clock cycles for each operation). To deal with this issue, Intel
  introduced AVX-128 instructions which operate on the same 128-bit XMM
  register as SSE but take into account upper halves of YMM registers.
  Hence, no store/restore required. Practically speaking, AVX-128
  instructions is a new smart form of SSE instructions which can be used
  together with full-size AVX-256 instructions without any penalty. Intel
  recommends to use AVX-128 instructions instead of SSE instructions
  wherever possible. To sum things up, it's okay to mix SSE with AVX-128
  and AVX-128 with AVX-256. Mixing AVX-128 with AVX-256 is allowed because
  both types of instructions are aware of 256-bit YMM registers. Mixing
  SSE with AVX-128 is okay because CPU can guarantee that the upper halves
  of YMM registers don't contain any meaningful data (how one can put it
  there without using AVX-256 instructions) and avoid doing store/restore
  operation (why to care about random trash in the upper halves of the YMM
  registers). It's not okay to mix SSE with AVX-256 due to the transition
  penalty. Scalar floating-point instructions used by routines mentioned
  above are implemented as a subset of SSE and AVX-128 instructions. They
  operate on a small fraction of 128-bit register but still considered
  SSE/AVX-128 instruction. And they suffer from SSE/AVX transition penalty
  as well.
  
  Glibc inadvertently triggers a chain of AVX/SSE transition penalties due
  to inappropriate use of AVX-256 instructions inside
  _dl_runtime_resolve() procedure. By using AVX-256 instructions to
  push/pop YMM registers [4], Glibc makes CPU think that the upper halves
  of XMM registers contain meaningful data which needs to be preserved
  during execution of SSE instructions. With such a 'dirty' flag set every
  switch between SSE and AVX instructions (AVX-128 or AVX-256) leads to a
  time consuming store/restore procedure. This 'dirty' flag never gets
  cleared during the whole program execution which leads to a serious
  overall slowdown. Fixed implementation [2] of _dl_runtime_resolve()
  procedure tries to avoid using AVX-256 instructions if possible.
  
  Buggy _dl_runtime_resolve() gets called every time when dynamic linker
  tries to resolve a symbol (any symbol, not just ones mentioned above).
  It's enough for _dl_runtime_resolve() to be called just once to touch
  the upper halves of the YMM registers and provoke AVX/SSE transition
  penalty in the future. It's safe to say that all dynamically linked
  application call _dl_runtime_resolve() at least once which means that
  all of them may experience slowdown. Performance degradation takes place
  when such application mixes AVX and SSE instructions (switches from AVX
  to SSE or back).
  
  There are two types of math routines provided by libm:
  (a) ones that have AVX-optimized version (exp, sin/cos, tan, atan, log and other)
  (b) ones that don't have AVX-optimized version and rely on general purpose SSE implementation (pow, exp2/exp10, asin/acos, sinh/cosh/tanh, asinh/acosh/atanh and others)
  
  For the former group of routines slowdown happens when they get called
  from SSE code (i.e. from the application compiled with -mno-avx) because
  SSE -> AVX transition takes place. For the latter one slowdown happens
  when routines get called from AVX code (i.e. from the application
  compiled with -mavx) because AVX -> SSE transition takes place. Both
  situations look realistic. SSE code gets generated by gcc to target
  x86-64 and AVX-optimized code gets generated by gcc -march=native on
  AVX-capable machines.
  
  ============================================================================
  
  Let's take one routine from the group (a) and try to reproduce the
  slowdown.
  
  #include <math.h>
  #include <stdio.h>
  
  int main () {
    double a, b;
    for (a = b = 0.0; b < 2.0; b += 0.00000005) a += exp(b);
    printf("%f\n", a);
    return 0;
  }
  
  $ gcc -O3 -march=x86-64 -o exp exp.c -lm
  
  $ time ./exp
  <..> 2.801s <..>
  
  $ time LD_BIND_NOW=1 ./exp
  <..> 0.660s <..>
  
  You can see that application demonstrates 4x better performance when
  _dl_runtime_resolve() doesn't get called. That's how serious the impact
  of AVX/SSE transition can be.
  
  ============================================================================
  
  Let's take one routine from the group (b) and try to reproduce the
  slowdown.
  
  #include <math.h>
  #include <stdio.h>
  
  int main () {
    double a, b;
    for (a = b = 0.0; b < 2.0; b += 0.00000005) a += pow(M_PI, b);
    printf("%f\n", a);
    return 0;
  }
  
  # note that -mavx option has been passed
  $ gcc -O3 -march=x86-64 -mavx -o pow pow.c -lm
  
  $ time ./pow
  <..> 4.157s <..>
  
  $ time LD_BIND_NOW=1 ./pow
  <..> 2.123s <..>
  
  You can see that application demonstrates 2x better performance when
  _dl_runtime_resolve() doesn't get called.
  
  ============================================================================
  
  [!] It's important to mention that the context of this bug might be even
  wider. After a call to buggy _dl_runtime_resolve() any transition
  between AVX-128 and SSE (otherwise legitimate) will suffer from
  performance degradation. Any application which mixes AVX-128 floating
  point code with SSE floating point code (e.g. by using external SSE-only
  library) will experience serious slowdown.
  
  [0] https://sourceware.org/bugzilla/show_bug.cgi?id=20495
  [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=f3dcae82d54e5097e18e1d6ef4ff55c2ea4e621e
  [2] https://sourceware.org/git/?p=glibc.git;a=commit;h=fb0f7a6755c1bfaec38f490fbfcaa39a66ee3604
  [3] https://software.intel.com/en-us/articles/intel-avx-state-transitions-migrating-sse-code-to-avx
  [4] https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/x86_64/dl-trampoline.h;h=d6c7f989b5e74442cacd75963efdc6785ac6549d;hb=fb0f7a6755c1bfaec38f490fbfcaa39a66ee3604#l182
  [5] http://www.agner.org/optimize/blog/read.php?i=761#761

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1663280

Title:
  Serious performance degradation of math functions

Status in GLibC:
  Fix Released
Status in glibc package in Ubuntu:
  Fix Released
Status in glibc source package in Xenial:
  Confirmed
Status in glibc source package in Zesty:
  Won't Fix
Status in glibc package in Fedora:
  Fix Released

Bug description:
  SRU Justification
  =================

  [Impact]

   * Severe performance hit on many maths-heavy workloads. For example,
  a user reports linpack performance of 13 Gflops on Trusty and Bionic
  and 3.9 Gflops on Xenial.

   * Because the impact is so large (>3x) and Xenial is supported until
  2021, the fix should be backported.

   * The fix avoids an AVX-SSE transition penalty. It stops
  _dl_runtime_resolve() from using AVX-256 instructions which touch the
  upper halves of various registers. This change means that the
  processor does not need to save and restore them.

  [Test Case]

  Firstly, you need a suitable Intel machine. Users report that Sandy
  Bridge, Ivy Bridge, Haswell, and Broadwell CPUs are affected, and I
  have been able to reproduce it on a Skylake CPU using a suitable Azure
  VM.

  Create the following C file, exp.c:

  #include <math.h>
  #include <stdio.h>

  int main () {
    double a, b;
    for (a = b = 0.0; b < 2.0; b += 0.00000005) a += exp(b);
    printf("%f\n", a);
    return 0;
  }

  $ gcc -O3 -march=x86-64 -o exp exp.c -lm

  With the current version of glibc:

  $ time ./exp
  ...
  real    0m1.349s
  user    0m1.349s

  
  $ time LD_BIND_NOW=1 ./exp
  ...
  real    0m0.625s
  user    0m0.621s

  Observe that LD_BIND_NOW makes a big difference as it avoids the call
  to _dl_runtime_resolve.

  With the proposed update:

  $ time ./exp
  ...
  real    0m0.625s
  user    0m0.621s

  
  $ time LD_BIND_NOW=1 ./exp
  ...

  real    0m0.631s
  user    0m0.631s

  Observe that the normal case is faster, and LD_BIND_NOW makes a
  negligible difference.

  [Regression Potential]

  glibc is the nightmare case for regressions as could affect pretty much
  anything, and this patch touches a key part (dynamic libraries).

  We can be fairly confident in the fix generally - it's in the glibc in
  Bionic, Debian and some RPM-based distros. The backport is based on
  the patches in the release/2.23/master branch in the upstream glibc
  repository, and the backport was straightforward.

  Obviously that doesn't remove all risk. There is also a fair bit of
  Ubuntu-specific patching in glibc so other distros are of limited
  value for ruling out bugs. So I have done the following testing, and
  I'm happy to do more as required. All testing has been done:
   - on an Azure VM (affected by the change), with proposed package
   - on a local VM (not affected by the change), with proposed package

   * Boot with the upgraded libc6.

   * Watch a youtube video in Firefox over VNC.

   * Build some C code (debuild of zlib).

   * Test Java by installing and running Eclipse.

  Autopkgtest also passes.

  [Original Description]

  Bug [0] has been introduced in Glibc 2.23 [1] and fixed in Glibc 2.25
  [2]. All Ubuntu versions starting from 16.04 are affected because they
  use either Glibc 2.23 or 2.24. Bug introduces serious (2x-4x)
  performance degradation of math functions (pow, exp/exp2/exp10,
  log/log2/log10, sin/cos/sincos/tan, asin/acos/atan/atan2,
  sinh/cosh/tanh, asinh/acosh/atanh) provided by libm. Bug can be
  reproduced on any AVX-capable x86-64 machine.

  @strikov: According to a quite reliable source [5] all AMD CPUs and
  latest Intel CPUs (Skylake and Knights Landing) don't suffer from
  AVX/SSE transition penalty. It means that the scope of this bug
  becomes smaller and includes only the following generations of Intel's
  CPUs: Sandy Bridge, Ivy Bridge, Haswell, and Broadwell. Scope still
  remains quite large though.

  @strikov: Ubuntu 16.10/17.04 which use Glibc 2.24 may recieve the fix
  from upstream 2.24 branch (as Marcel pointed out, fix has been
  backported to 2.24 branch where Fedora took it successfully) if such
  synchronization will take place. Ubuntu 16.04 (the main target of this
  bug) uses Glibc 2.23 which hasn't been patched upstream and will
  suffer from performance degradation until we fix it manually.

  This bug is all about AVX-SSE transition penalty [3]. 256-bit YMM
  registers used by AVX-256 instructions extend 128-bit registers used
  by SSE (XMM0 is a low half of YMM0 and so on). Every time CPU executes
  SSE instruction after AVX-256 instruction it has to store upper half
  of the YMM register to the internal buffer and then restore it when
  execution returns back to AVX instructions. Store/restore is required
  because old-fashioned SSE knows nothing about the upper halves of its
  registers and may damage them. This store/restore operation is time
  consuming (several tens of clock cycles for each operation). To deal
  with this issue, Intel introduced AVX-128 instructions which operate
  on the same 128-bit XMM register as SSE but take into account upper
  halves of YMM registers. Hence, no store/restore required. Practically
  speaking, AVX-128 instructions is a new smart form of SSE instructions
  which can be used together with full-size AVX-256 instructions without
  any penalty. Intel recommends to use AVX-128 instructions instead of
  SSE instructions wherever possible. To sum things up, it's okay to mix
  SSE with AVX-128 and AVX-128 with AVX-256. Mixing AVX-128 with AVX-256
  is allowed because both types of instructions are aware of 256-bit YMM
  registers. Mixing SSE with AVX-128 is okay because CPU can guarantee
  that the upper halves of YMM registers don't contain any meaningful
  data (how one can put it there without using AVX-256 instructions) and
  avoid doing store/restore operation (why to care about random trash in
  the upper halves of the YMM registers). It's not okay to mix SSE with
  AVX-256 due to the transition penalty. Scalar floating-point
  instructions used by routines mentioned above are implemented as a
  subset of SSE and AVX-128 instructions. They operate on a small
  fraction of 128-bit register but still considered SSE/AVX-128
  instruction. And they suffer from SSE/AVX transition penalty as well.

  Glibc inadvertently triggers a chain of AVX/SSE transition penalties
  due to inappropriate use of AVX-256 instructions inside
  _dl_runtime_resolve() procedure. By using AVX-256 instructions to
  push/pop YMM registers [4], Glibc makes CPU think that the upper
  halves of XMM registers contain meaningful data which needs to be
  preserved during execution of SSE instructions. With such a 'dirty'
  flag set every switch between SSE and AVX instructions (AVX-128 or
  AVX-256) leads to a time consuming store/restore procedure. This
  'dirty' flag never gets cleared during the whole program execution
  which leads to a serious overall slowdown. Fixed implementation [2] of
  _dl_runtime_resolve() procedure tries to avoid using AVX-256
  instructions if possible.

  Buggy _dl_runtime_resolve() gets called every time when dynamic linker
  tries to resolve a symbol (any symbol, not just ones mentioned above).
  It's enough for _dl_runtime_resolve() to be called just once to touch
  the upper halves of the YMM registers and provoke AVX/SSE transition
  penalty in the future. It's safe to say that all dynamically linked
  application call _dl_runtime_resolve() at least once which means that
  all of them may experience slowdown. Performance degradation takes
  place when such application mixes AVX and SSE instructions (switches
  from AVX to SSE or back).

  There are two types of math routines provided by libm:
  (a) ones that have AVX-optimized version (exp, sin/cos, tan, atan, log and other)
  (b) ones that don't have AVX-optimized version and rely on general purpose SSE implementation (pow, exp2/exp10, asin/acos, sinh/cosh/tanh, asinh/acosh/atanh and others)

  For the former group of routines slowdown happens when they get called
  from SSE code (i.e. from the application compiled with -mno-avx)
  because SSE -> AVX transition takes place. For the latter one slowdown
  happens when routines get called from AVX code (i.e. from the
  application compiled with -mavx) because AVX -> SSE transition takes
  place. Both situations look realistic. SSE code gets generated by gcc
  to target x86-64 and AVX-optimized code gets generated by gcc
  -march=native on AVX-capable machines.

  ============================================================================

  Let's take one routine from the group (a) and try to reproduce the
  slowdown.

  #include <math.h>
  #include <stdio.h>

  int main () {
    double a, b;
    for (a = b = 0.0; b < 2.0; b += 0.00000005) a += exp(b);
    printf("%f\n", a);
    return 0;
  }

  $ gcc -O3 -march=x86-64 -o exp exp.c -lm

  $ time ./exp
  <..> 2.801s <..>

  $ time LD_BIND_NOW=1 ./exp
  <..> 0.660s <..>

  You can see that application demonstrates 4x better performance when
  _dl_runtime_resolve() doesn't get called. That's how serious the
  impact of AVX/SSE transition can be.

  ============================================================================

  Let's take one routine from the group (b) and try to reproduce the
  slowdown.

  #include <math.h>
  #include <stdio.h>

  int main () {
    double a, b;
    for (a = b = 0.0; b < 2.0; b += 0.00000005) a += pow(M_PI, b);
    printf("%f\n", a);
    return 0;
  }

  # note that -mavx option has been passed
  $ gcc -O3 -march=x86-64 -mavx -o pow pow.c -lm

  $ time ./pow
  <..> 4.157s <..>

  $ time LD_BIND_NOW=1 ./pow
  <..> 2.123s <..>

  You can see that application demonstrates 2x better performance when
  _dl_runtime_resolve() doesn't get called.

  ============================================================================

  [!] It's important to mention that the context of this bug might be
  even wider. After a call to buggy _dl_runtime_resolve() any transition
  between AVX-128 and SSE (otherwise legitimate) will suffer from
  performance degradation. Any application which mixes AVX-128 floating
  point code with SSE floating point code (e.g. by using external SSE-
  only library) will experience serious slowdown.

  [0] https://sourceware.org/bugzilla/show_bug.cgi?id=20495
  [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=f3dcae82d54e5097e18e1d6ef4ff55c2ea4e621e
  [2] https://sourceware.org/git/?p=glibc.git;a=commit;h=fb0f7a6755c1bfaec38f490fbfcaa39a66ee3604
  [3] https://software.intel.com/en-us/articles/intel-avx-state-transitions-migrating-sse-code-to-avx
  [4] https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/x86_64/dl-trampoline.h;h=d6c7f989b5e74442cacd75963efdc6785ac6549d;hb=fb0f7a6755c1bfaec38f490fbfcaa39a66ee3604#l182
  [5] http://www.agner.org/optimize/blog/read.php?i=761#761

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1663280/+subscriptions



More information about the foundations-bugs mailing list