Bug 76839 - the `impossible' happened: disInstr: INT but not 0x80 !
Summary: the `impossible' happened: disInstr: INT but not 0x80 !
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: general (show other bugs)
Version: unspecified
Platform: Debian testing Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-05 17:32 UTC by Maarten Keijzer
Modified: 2004-03-06 13:53 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Maarten Keijzer 2004-03-05 17:32:28 UTC 
Version:           1:2.1.0-6 (using KDE KDE 3.2.1)
Installed from:    Debian testing/unstable Packages
Compiler:          gcc version 3.3.3 20040214 (prerelease) (Debian) 
OS:          Linux

There's a nasty bug in my program which zeroes out all information (including call stack) in gdb. When I run it through Valgrind, it spits out the following:


==30579== Use of uninitialised value of size 4
==30579==    at 0x8048CBD: eval_next_arg() (tinygp2.cpp:33)
==30579==    by 0x8048E15: eval_mult() (tinygp2.cpp:37)
==30579==    by 0x8048CC5: eval_next_arg() (tinygp2.cpp:33)
==30579==    by 0x8048D4D: eval_plus() (tinygp2.cpp:36)

valgrind: the `impossible' happened:
   disInstr: INT but not 0x80 !
Basic block ctr is approximately 125600000
==30579==    at 0x4017A0F8: vgPlain_core_panic (vg_mylibc.c:1121)
==30579==    by 0x4017A0F7: panic (vg_mylibc.c:1117)
==30579==    by 0x4017A12A: vgPlain_core_panic (vg_mylibc.c:1122)
==30579==    by 0x401AB1BE: disInstr (vg_to_ucode.c:246)

sched status:

Thread 1: status = Runnable, associated_mx = 0x0, associated_cv = 0x0
==30579==    at 0x417095A8: ???
==30579==    by 0x8048E15: eval_mult() (tinygp2.cpp:37)
==30579==    by 0x8048CC5: eval_next_arg() (tinygp2.cpp:33)
==30579==    by 0x8048D4D: eval_plus() (tinygp2.cpp:36)


I'd be happy to supply the source code and parameters under which it happens if anyone is interested (note to self, seed = 1123)
Comment 1 Tom Hughes 2004-03-05 17:39:30 UTC 
That assertion indicates that your program tried to execute an INT (interrupt) instruction for an interrupt number other than 0x80. Interrupt 0x80 is a software interrupt used to implement system calls, but I don't believe an unprivileged program should ever be trying to generate any other sort of interrupt.

The most likely cause of this is that your program is trying to execute something which isn't actually valid code. Given that you say your stack has been trashed it seems likely that the return address of a function was trashed and as a result your program has wandered off to some random address and is trying to execute code there.

This is therefore almost certainly a bug in your program rather than valgrind.
Comment 2 Nicholas Nethercote 2004-03-05 17:50:43 UTC 
Try fixing the "use of uninitialised value" error;  hopefully that is the
cause of the problem.
Comment 3 Nicholas Nethercote 2004-03-05 17:52:19 UTC 
We should probably bomb out in a more informative way, ie. give a nice
message explaining that they've just tried something illegal.  As is, it
looks like Valgrind's fault.

N
Comment 4 Maarten Keijzer 2004-03-05 20:08:13 UTC 
Great these quick responses. 

Indeed, I was well aware that it was my program that was the cause of this behaviour. I knew there was a bug, and valgrind is usually an invaluable tool when gdb doesn't help. The bug is already solved in my code, that's not the issue. It was indeed the message by valgrind and especially its insistence for me to report this behaviour that prompted me to give this error report. Valgrind is a great friend and when it asks me to help it, I comply. 

So indeed, an informative measure ('You just smashed the stack') or an entry in the FAQ seems to be enough. Thanks.
Comment 5 Jeremy Fitzhardinge 2004-03-06 01:06:56 UTC 
We should just handle it like all other illegal instructions.
Comment 6 Tom Hughes 2004-03-06 13:53:27 UTC 
CVS commit by thughes: 

Treat INT with an operand other than 0x80 as an undefined instruction.
CCMAIL: 76839-done@bugs.kde.org


  A            none/tests/filter_int   1.1
  A            none/tests/int.c   1.1 [no copyright]
  A            none/tests/int.stderr.exp   1.1
  A            none/tests/int.stdout.exp   1.1
  A            none/tests/int.vgtest   1.1
  M +1 -1      coregrind/vg_to_ucode.c   1.132
  M +1 -0      none/tests/.cvsignore   1.11
  M +3 -1      none/tests/Makefile.am   1.30


--- valgrind/coregrind/vg_to_ucode.c  #1.131:1.132
@@ -5447,5 +5447,5 @@ static Addr disInstr ( UCodeBlock* cb, A
    case 0xCD: /* INT imm8 */
       d32 = getUChar(eip); eip++;
-      if (d32 != 0x80) VG_(core_panic)("disInstr: INT but not 0x80 !");
+      if (d32 != 0x80) goto decode_failure;
       /* It's important that all ArchRegs carry their up-to-date value
          at this point.  So we declare an end-of-block here, which

--- valgrind/none/tests/.cvsignore  #1.10:1.11
@@ -29,4 +29,5 @@
 insn_sse2
 insn_sse2.c
+int
 map_unmap
 munmap_exe

--- valgrind/none/tests/Makefile.am  #1.29:1.30
@@ -32,4 +32,5 @@
         insn_sse.stderr.exp insn_sse.stdout.exp insn_sse.vgtest \
         insn_sse2.stderr.exp insn_sse2.stdout.exp insn_sse2.vgtest \
+        int.stderr.exp int.stdout.exp int.vgtest \
         map_unmap.stdout.exp map_unmap.vgtest \
         mremap.stdout.exp mremap.vgtest \
@@ -59,5 +60,5 @@
         cpuid dastest discard exec-sigmask floored fork fpu_lazy_eflags \
         fucomip insn_basic insn_cmov insn_mmx insn_mmxext insn_sse insn_sse2 \
-        munmap_exe map_unmap mremap rcl_assert \
+        int munmap_exe map_unmap mremap rcl_assert \
         rcrl readline1 resolv seg_override sha1_test shortpush shorts smc1 \
         pth_blockedsig pushpopseg \
@@ -96,4 +97,5 @@
 insn_sse2_SOURCES       = insn_sse2.def
 insn_sse2_LDADD         = -lm
+int_SOURCES             = int.c
 map_unmap_SOURCES       = map_unmap.c
 mremap_SOURCES          = mremap.c