Skip to content

sta: Fix segfault in Table::findValue for NaN axis values#9990

Open
DeepanshuDadhich wants to merge 1 commit intoThe-OpenROAD-Project:masterfrom
DeepanshuDadhich:fix/segfault-repair-timing-nan-9768
Open

sta: Fix segfault in Table::findValue for NaN axis values#9990
DeepanshuDadhich wants to merge 1 commit intoThe-OpenROAD-Project:masterfrom
DeepanshuDadhich:fix/segfault-repair-timing-nan-9768

Conversation

@DeepanshuDadhich
Copy link
Copy Markdown

@DeepanshuDadhich DeepanshuDadhich commented Mar 30, 2026

Problem

Transient segfault during repair_timing (issue #9768).

The crash occurs in sta::Table::findValue with an out-of-bounds vector access assertion failure.

Root Cause

In findValueIndex() (TableModel.cc), when the input value is NaN (from numerical instabilities in the DMP Ceff delay calculator), all IEEE 754 float comparisons return false. This causes the bisection search to end with lower = -1, which wraps to SIZE_MAX as size_t, triggering an out-of-bounds vector access.

Fix

Add an early guard in findValueIndex() for NaN/Inf values, returning index 0 as a safe fallback.

Testing

  • Normal (non-NaN) table lookups are unaffected
  • NaN/Inf axis values now safely return index 0 instead of crashing
  • The original GF180 UART reproduction case should no longer segfault

Fixes #9768

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the subproject commit for src/sta to a newer version. I have no feedback to provide.

@DeepanshuDadhich
sta: Fix segfault in findValueIndex when axis value is NaN
434fd34 
Update OpenSTA submodule to include fix for segfault during
repair_timing (issue The-OpenROAD-Project#9768).

Root cause: findValueIndex returns SIZE_MAX when given a NaN
value because IEEE 754 NaN comparisons always return false,
causing the bisection search to end with lower=-1.

The fix adds an early guard for NaN/Inf values in findValueIndex,
returning 0 as a safe fallback index.

Fixes The-OpenROAD-Project#9768

Signed-off-by: Deepanshu Dadhich <deepanshudadhich7@gmail.com>
@DeepanshuDadhich DeepanshuDadhich force-pushed the fix/segfault-repair-timing-nan-9768 branch from d73f1af to 434fd34 Compare March 30, 2026 04:34
@DeepanshuDadhich DeepanshuDadhich marked this pull request as ready for review March 30, 2026 04:35
@maliberty maliberty mentioned this pull request Apr 3, 2026
Open
@maliberty
Copy link
Copy Markdown
Member

maliberty commented Apr 3, 2026

conflict to resolve

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Segfault on repair timing

2 participants

@DeepanshuDadhich @maliberty