Bug 105227

Summary: (bound) vex: x86->IR: unhandled instruction bytes: 0x62 0x75 0xF8 0xC7
Product: [Developer tools] valgrind Reporter: Geoff Smith <gsmith>
Component: vexAssignee: Julian Seward <jseward>
Status: REPORTED ---    
Severity: crash CC: njn
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: OpenSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Bug Depends on:    
Bug Blocks: 256630    

Description Geoff Smith 2005-05-07 06:14:00 UTC
Version:            (using KDE KDE 3.3.0)
Installed from:    SuSE RPMs
OS:                Linux

The "BOUND" (x86) instruction is not implemented.  The IBM Rational Ada compiler uses this instruction (albeit rarely) for bounds checking.

valgrind --version :  valgrind-2.4.0
uname -a           :  Linux alpo 2.4.21-27.0.1ELcustom #2
Comment 1 Jeremy Fitzhardinge 2005-05-09 23:11:25 UTC
Geoff Smith wrote:

>The "BOUND" (x86) instruction is not implemented.  The IBM Rational Ada compiler uses this instruction (albeit rarely) for bounds checking.
>  
>

I'm astounded.  It has been a long while since that was a useful
instruction to use...  Shouldn't be too hard to implement as a helper
though.

    J
Comment 2 Tom Hughes 2005-10-06 10:38:24 UTC
In answer to Julian's question on bug 112432 about what a bounds check failure should look like in userspace the answer (from a quick examination of the kernel source) is a SEGV of some sort.
Comment 3 Julian Seward 2005-10-06 20:15:38 UTC
Geoff, is this still alive?  If yes, can you supply a test case
which checks that upon delivery of the resulting signal, you
have enough context (faulting address, or whatever) that the
compiler's code can recover in the way it wants.
Comment 4 Dave Nomura 2005-10-12 01:10:00 UTC
Hi, I work for Geoff Smith (the originator of this bug report)
I have put together a simple test case (below)
When I run the program I get:
windfall-apex%  bound
in handler
info->si_signo = 11
info->si_errno = 0
info->si_code = 128
context.uc_mcontext.gregs[12] = 5

When I run it under valgrind 2.4:
windfall-apex% valgrind bound
==23121== Memcheck, a memory error detector for x86-linux.
==23121== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==23121== Using valgrind-2.4.0, a program supervision framework for x86-linux.
==23121== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==23121== For more details, rerun with: -v
==23121==
--23121-- disInstr: unhandled instruction bytes: 0x62 0x75 0xF8 0x83
--23121--           at 0x80485C1: main (bound.c:48)
==23121==
==23121== Process terminating with default action of signal 4 (SIGILL): dumping core
==23121==  Illegal operand at address 0xB007D056
==23121==    at 0x80485C1: main (bound.c:48)
==23121==
==23121== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 13 from 1)
==23121== malloc/free: in use at exit: 0 bytes in 0 blocks.
==23121== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==23121== For counts of detected errors, rerun with: -v
==23121== No malloc'd blocks -- no leaks are possible.
Illegal instruction

---------------------- bound.c ------------------------
#include <signal.h>
#include <sys/signal.h>
#include <ucontext.h>
#include <stdio.h>

char *p = 0;

void
handler(sig, info, context)
int sig;
siginfo_t *info;
ucontext_t *context;
{
        int i;
        printf("in handler\n");
        printf("info->si_signo = %d\n", info->si_signo);
        printf("info->si_errno = %d\n", info->si_errno);
        printf("info->si_code = %d\n", info->si_code);

        /* register 12 is REG_TRAPNO */
        printf("context.uc_mcontext.gregs[12] = %d\n",
                context->uc_mcontext.gregs[12]);
        exit(0);
}

int
intval()
{
        return 10;
}

int
main()
{
        int arr_bnd[2] = {1, 5};
        int arr[2];
        struct sigaction act, oact;
        register unsigned addr;
        register int ind = intval();

        bzero(&act, sizeof(struct sigaction));
        bzero(&oact, sizeof(struct sigaction));
        act.sa_sigaction = &handler;
        act.sa_flags = SA_SIGINFO;
        sigaction(SIGSEGV, &act, &oact);

        addr = (unsigned)&arr_bnd;
        asm("bound %esi, 0xfffffff8(%ebp)");
        printf("returned from handler\n");
}