******************************************************************************
********************* IBIS GOLDEN PARSER BUG REPORT FORM *********************
******************************************************************************

PARSER VERSION NUMBER: 6.1.4

PLATFORM (SPARC, HP700, PC, etc.): PC

OS AND VERSION: Debian-based Linux (Kernel 2.6.X, g++ 4.8, GLIBC 2.11)

REPORTED BY: Wei-hsing Huang, SPISim

DATE: October 6, 2018

DESCRIPTION OF BUG:
IBISCHK6.1.4 crashes on Linux with GLIBC2.11 when checking the attached
bug202.ibs with associated .ami and 64-bit .so files for 2 AMI models.
To reproduce, run "ibischk6 bug202.ibs" using 64-bit ibischk6.1.4.

Actions known to avoid the crash:
- Run on Windows with Windows DLLs (not included).
- Run on older Linux systems without GLIBC2.11 (error for each model):
  E5600 (line   45) - Unable to load code file bug202_Rx_LX64.so:
  /lib64/libc.so.6: version `GLIBC_2.11' not found (required by
  ./bug202_Rx_LX64.so)
- Use IBISCHK6.1.2 or earlier (does not load executables).
- Use 32-bit IBISCHK6.1.3 or later (does not check 64-bit executables).
- Compile the model with Kernel 4.4, g++ 5.0, GLIBC2.14.
- Comment out the Tx AMI model so that only the Rx is checked.
- Comment out the Rx AMI model so that only the Tx is checked.

Actions that still result in the crash:
- Recompiling IBISCHK6.1.4 with different dlopen() options: RTLD_NOW,
  RTLD_LOCAL, RTLD_GLOBAL, etc.
- Changing the oredr of dlopen() and dlclose() calls.

For EDA tool comparison, the models do not crash when run together in
Synopsys HSPICE, SiSoft QCD. The testcase crashes in Keysight ADS, using
both or only one model. QCD does not link IBISCHK code. HSPICE 2017.12-SP2-2
embeds IBISCHK5.1.3, which does not check symbol tables. ADS is linked with
a modifed version of IBISCHK6.1.3.

Example valgrind memchk log with crash stack trace:

==28783== Invalid read of size 4
==28783==    at 0x6C44404: std::ctype<wchar_t>::do_is(wchar_t const*, wchar_t const*, unsigned short*) const (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6C07577: void std::__facet_shims::__numpunct_fill_cache<char>(std::integral_constant<bool, true>, std::locale::facet const*, std::__numpunct_cache<char>*) (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BF3DDC: std::locale::facet::_M_cow_shim(std::locale::id const*) const (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BBB83B: std::locale::_Impl::_M_install_facet(std::locale::id const*, std::locale::facet const*) (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BB9DAF: std::locale::_Impl::_Impl(unsigned long) (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BBA774: std::locale::_S_initialize_once() (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x62ECD32: pthread_once (in /lib64/libpthread-2.12.so)
==28783==    by 0x6BBA7C0: std::locale::_S_initialize() (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BBA802: std::locale::locale() (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BBD313: std::ios_base::Init::Init() (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x697ECE3: ??? (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x400E64E: _dl_init (in /lib64/ld-2.12.so)
==28783==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==28783== 
==28783== 
==28783== Process terminating with default action of signal 11 (SIGSEGV)
==28783==  Access not within mapped region at address 0x0
==28783==    at 0x6C44404: std::ctype<wchar_t>::do_is(wchar_t const*, wchar_t const*, unsigned short*) const (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6C07577: void std::__facet_shims::__numpunct_fill_cache<char>(std::integral_constant<bool, true>, std::locale::facet const*, std::__numpunct_cache<char>*) (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BF3DDC: std::locale::facet::_M_cow_shim(std::locale::id const*) const (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BBB83B: std::locale::_Impl::_M_install_facet(std::locale::id const*, std::locale::facet const*) (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BB9DAF: std::locale::_Impl::_Impl(unsigned long) (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BBA774: std::locale::_S_initialize_once() (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x62ECD32: pthread_once (in /lib64/libpthread-2.12.so)
==28783==    by 0x6BBA7C0: std::locale::_S_initialize() (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BBA802: std::locale::locale() (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x6BBD313: std::ios_base::Init::Init() (in /sisoft/home/mlabonte/bug202_draft/bug202_Tx_LX64.so)
==28783==    by 0x697ECE3: ??? (in /sisoft/home/mlabonte/bug20

The stack trace above shows that the SEGV takes place in standard library
code, called during model loading.



INSERT IBIS FILE DEMONSTRATING THE BUG:
For executables download https://ibis.org/bugs/ibischk/bug202_files.zip
==> bug202.ibs <==
|***************************************************************************
|
[IBIS Ver]      5.1
[File name]     bug202.ibs
[File rev]      1.00
[Date]          Jan 1, 2017
|
|***************************************************************************
|
[Component]     BUG202
[Manufacturer]  Test
[Package]
|               typ             min             max
R_pkg           0.0             0.0             0.0
L_pkg           0.0             0.0             0.0
C_pkg           0.0             0.0             0.0
|
|***************************************************************************
|
[Pin]   signal_name     model_name      R_pin   L_pin   C_pin
1p       TxP             Bug202_Tx              NA     NA     NA
1n       TxN             Bug202_Tx              NA     NA     NA
2p       RxP             Bug202_Rx              NA     NA     NA
2n       RxN             Bug202_Rx              NA     NA     NA
|
|***************************************************************************
|
[Diff Pin] inv_pin  vdiff  tdelay_typ  tdelay_min  tdelay_max
1p         1n       0.1V   NA          NA          NA
2p         2n       0.1V   NA          NA          NA
|
|****************************************************************
|
[Model]     Bug202_Rx
Model_type  Input
|
C_comp 0.00p 0.00p 0.00p
Vinh = 0.55
Vinl = 0.45
|
[Temperature_Range]  25    100   0
[Voltage Range]      1.2   1.14  1.26
|
[Algorithmic Model]
Executable Linux_gcc_64             bug202_Rx_LX64.so   bug202.ami
[End Algorithmic Model]
|
|***************************************************************************
|
[Model]        Bug202_Tx
Model_type     Output
|
Vmeas =        0.55
|                            typ                min                max
C_comp                      2.0pF               1.5pF              2.5pF
|
[Voltage Range]             1.1                 1.0                1.2
[Temperature Range]         60                  100                0
|
|***************************************************************************
|
[Pullup]
|
| Voltage I(typ) I(min) I(max)
|
-1.2 4.4444E-2 4.8000E-2 4.1379E-2
0.0 -0.0000E0 -0.0000E0 -0.0000E0
2.4 -8.8889E-2 -9.6000E-2 -8.2759E-2
[Pulldown]
|
| Voltage I(typ) I(min) I(max)
|
-1.2 -4.4444E-2 -4.8000E-2 -4.1379E-2
0.0 0.0000E0 0.0000E0 0.0000E0
2.4 8.8889E-2 9.6000E-2 8.2759E-2
|
|***************************************************************************
|
[Ramp]
R_load = 50.0Ohm
|                   typ                 min                 max
dV/dt_r     2.40E-1V/6.89E-2ns  2.40E-1V/8.59E-2ns  2.40E-1V/6.32E-2ns
dV/dt_f     2.40E-1V/5.89E-2ns  2.40E-1V/7.60E-2ns  2.40E-1V/5.14E-2ns
|
|***************************************************************************
|
[Algorithmic Model]
Executable Linux_gcc_64             bug202_Tx_LX64.so   bug202.ami
[End Algorithmic Model]
|
|***************************************************************************
[End]

==> bug202.ami <==
|*****************************************************************************
| Bug202 Dummy FFE Spec. AMI model
|*****************************************************************************
(FFE
(Reserved_Parameters
  (AMI_Version (Usage Info) (Type String) (Value "6.1"))
  (Ignore_Bits (Usage Info) (Type Integer) (Default 4))
  (Max_Init_Aggressors (Usage Info) (Type Integer) (Default 25))
  (Init_Returns_Impulse (Usage Info) (Type Boolean) (Default True))
  (GetWave_Exists  (Usage Info) (Type Boolean) (Default False))
) | End Reserved_Parameters

(Model_Specific
  (DUMMY_INFO (Usage In) (Type String) (Default "dummy"))
) | End Model_Specific
)


******************************************************************************
******************** BELOW FOR ADMINISTRATION AND TRACKING *******************
******************************************************************************

BUG NUMBER: 202

SEVERITY: [FATAL, SEVERE, MODERATE, ANNOYING, ENHANCEMENT] SEVERE

PRIORITY: [HIGH, MEDIUM, LOW] MEDIUM

STATUS: [OPEN, CLOSED, WILL NOT FIX, NOT A BUG] WILL NOT FIX

FIXED VERSION: 7.0.2

FIXED DATE: June 5, 2020

NOTES ON BUG FIX:
October 12, 2018 - Classified at the IBIS Open Forum Meeting.
It is unknown how this can be fixed in the ibischk6 code.  It appears that
this may be a bug in GLIBC2.11 that has been fixed in later releases.  Some
companies may already work around this issue.  So the final resolution
might be to classify it as WILL NOT FIX or NOT A BUG; or to provide a fix, if
possible. This BUG202 may be deferred to Version 7.0.0 or later.

Classified June 5, 2020 since no fix is practical for Version 7.0.2.


******************************************************************************
******************************************************************************