Bug 158744

Summary: Valgrind fails to handle interlocked instructions on extended registers (r8, etc) on amd64 (vex amd64->IR: unhandled instruction bytes: 0xF0 0x41 0xF 0xC0 0x87 0xB8)
Product: [Developer tools] valgrind Reporter: Ken Johnson <skywing_reg>
Component: generalAssignee: Julian Seward <jseward>
Status: RESOLVED FIXED    
Severity: crash CC: deadlocklegend
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Ken Johnson 2008-03-04 00:14:59 UTC 
Version:           valgrind-3.4.0.SVN (using Devel)
Installed from:    Compiled sources
Compiler:          gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) 
OS:                Linux

Attempted to use valgrind (first the debian stable release, then the latest 3.3.0 relese, then the latest SVN trunk) on an amd64 machine.  All three releases blow up trying to handle the following:

vex amd64->IR: unhandled instruction bytes: 0xF0 0x41 0xF 0xC0 0x87 0xB8
==6036== Process terminating with default action of signal 4 (SIGILL): dumping core

That corresponds to the following instruction:

(gdb) x/1i 0x4BA9EE
0x4ba9ee <silc_packet_stream_link_va+446>:      lock xadd %al,0xb8(%r15)

Unfortunately this pretty much breaks valgrind completely for me on amd64. :(

Kernel:

valera:~/valgrind/valgrind# uname -a
Linux valera 2.6.18-4-amd64 #1 SMP Fri May 4 00:37:33 UTC 2007 x86_64 GNU/Linux

CPU:

valera:~/valgrind/valgrind# cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Xeon(R) CPU           X3210  @ 2.13GHz
stepping        : 8
cpu MHz         : 2132.666
cache size      : 4096 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss syscall nx lm constant_tsc pni ds_cpl cx16 lahf_lm
bogomips        : 4296.48
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Xeon(R) CPU           X3210  @ 2.13GHz
stepping        : 8
cpu MHz         : 2132.666
cache size      : 4096 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss syscall nx lm constant_tsc pni ds_cpl cx16 lahf_lm
bogomips        : 4264.46
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:
Comment 1 Julian Seward 2008-05-09 16:14:29 UTC 
>            Summary: Valgrind fails to handle interlocked instructions on
>                     extended registers (r8, etc) on amd64 (vex amd64->IR:
>                     unhandled instruction bytes: 0xF0 0x41 0xF 0xC0 0x87
>                     0xB8)


It does barf, like you say, but not because it's interlocked or uses
extended registers.  Merely for the more mundane reason that byte-sized
xadd was not implemented.  Can you try the following patch and let me know
if it does/does not work?

Index: priv/guest-amd64/toIR.c
===================================================================
--- priv/guest-amd64/toIR.c     (revision 1833)
+++ priv/guest-amd64/toIR.c     (working copy)
@@ -15584,9 +15584,13 @@

       /* =-=-=-=-=-=-=-=-=- XADD -=-=-=-=-=-=-=-=-=-= */

-//.. //--       case 0xC0: /* XADD Gb,Eb */
-//.. //--          eip = dis_xadd_G_E ( cb, sorb, 1, eip );
-//.. //--          break;
+      case 0xC0: { /* XADD Gb,Eb */
+         Bool decode_OK = False;
+         delta = dis_xadd_G_E ( &decode_OK, pfx, 1, delta );
+         if (!decode_OK)
+            goto decode_failure;
+         break;
+      }
       case 0xC1: { /* XADD Gv,Ev */
          Bool decode_OK = False;
          delta = dis_xadd_G_E ( &decode_OK, pfx, sz, delta );
Comment 2 Ken Johnson 2008-05-13 21:07:07 UTC 
Yep, that seems to fix the problem.  Thanks!
Comment 3 Julian Seward 2008-05-13 23:38:12 UTC 
Fixed.  Fix will be in 3.3.1.
Comment 4 Tom Hughes 2011-08-11 09:19:19 UTC 
*** Bug 138702 has been marked as a duplicate of this bug. ***