Bug 239992

Summary: vex amd64->IR: unhandled instruction bytes: 0x48 0xF 0xC4 0xC1 0x0 0x48
Product: [Developer tools] valgrind Reporter: Alex Converse <alex.converse>
Component: vexAssignee: Julian Seward <jseward>
Status: RESOLVED FIXED    
Severity: normal CC: dgohman
Priority: NOR    
Version First Reported In: 3.6 SVN   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: a proposed fix

Description Alex Converse 2010-05-29 17:45:49 UTC 
$ svn info
Path: .
URL: svn://svn.valgrind.org/valgrind/trunk
Repository Root: svn://svn.valgrind.org/valgrind
Repository UUID: a5019735-40e9-0310-863c-91ae7b9d1cf9
Revision: 11137
Node Kind: directory
Schedule: normal
Last Changed Author: bart
Last Changed Rev: 11137
Last Changed Date: 2010-05-29 02:44:28 -0400 (Sat, 29 May 2010)


$ uname -a
Linux barcelona 2.6.32-22-generic #33-Ubuntu SMP Wed Apr 28 13:28:05 UTC 2010 x86_64 GNU/Linux


$ cat /proc/cpuinfo 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Core(TM)2 CPU          6600  @ 2.40GHz
stepping	: 6
cpu MHz		: 1596.000
cache size	: 4096 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm tpr_shadow
bogomips	: 4794.90
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Core(TM)2 CPU          6600  @ 2.40GHz
stepping	: 6
cpu MHz		: 1596.000
cache size	: 4096 KB
physical id	: 0
siblings	: 2
core id		: 1
cpu cores	: 2
apicid		: 1
initial apicid	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm tpr_shadow
bogomips	: 4795.32
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:


$ /opt/valgrind/bin/valgrind -v ./ivfdec ../vp8-test-vectors-r1/vp80-00-comprehensive-001.ivf
==16655== Memcheck, a memory error detector
==16655== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==16655== Using Valgrind-3.6.0.SVN and LibVEX; rerun with -h for copyright info
==16655== Command: ./ivfdec ../vp8-test-vectors-r1/vp80-00-comprehensive-001.ivf
==16655== 
--16655-- Valgrind options:
--16655--    --massif:alloc-fn=av_malloc
--16655--    --massif:alloc-fn=av_mallocz
--16655--    --massif:alloc-fn=av_mallocz_static
--16655--    --massif:alloc-fn=posix_memalign
--16655--    -v
--16655-- Contents of /proc/version:
--16655--   Linux version 2.6.32-22-generic (buildd@yellow) (gcc version 4.4.3 (Ubuntu 4.4.3-4ubuntu5) ) #33-Ubuntu SMP Wed Apr 28 13:28:05 UTC 2010
--16655-- Arch and hwcaps: AMD64, amd64-sse3-cx16
--16655-- Page sizes: currently 4096, max supported 4096
--16655-- Valgrind library directory: /opt/valgrind/lib/valgrind
--16655-- Reading syms from /home/alex/Projects/webm/libvpx-build/ivfdec (0x400000)
--16655-- Reading syms from /lib/ld-2.11.1.so (0x4000000)
--16655--   Considering /lib/ld-2.11.1.so ..
--16655--   .. CRC mismatch (computed 9559fc9e wanted 220ed681)
--16655--   Considering /usr/lib/debug/lib/ld-2.11.1.so ..
--16655--   .. CRC is valid
--16655-- Reading syms from /opt/valgrind/lib/valgrind/memcheck-amd64-linux (0x38000000)
--16655--    object doesn't have a dynamic symbol table
--16655-- Reading suppressions file: /opt/valgrind/lib/valgrind/default.supp
--16655-- REDIR: 0x40184a0 (strlen) redirected to 0x380408c7 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--16655-- Reading syms from /opt/valgrind/lib/valgrind/vgpreload_core-amd64-linux.so (0x4a23000)
--16655-- Reading syms from /opt/valgrind/lib/valgrind/vgpreload_memcheck-amd64-linux.so (0x4c25000)
==16655== WARNING: new redirection conflicts with existing -- ignoring it
--16655--     new: 0x040184a0 (strlen              ) R-> 0x04c29790 strlen
--16655-- REDIR: 0x4018310 (index) redirected to 0x4c293a0 (index)
--16655-- REDIR: 0x4018390 (strcmp) redirected to 0x4c29d70 (strcmp)
--16655-- Reading syms from /lib/libm-2.11.1.so (0x4e2e000)
--16655--   Considering /lib/libm-2.11.1.so ..
--16655--   .. CRC mismatch (computed c6eec53b wanted 98a821e9)
--16655--   Considering /usr/lib/debug/lib/libm-2.11.1.so ..
--16655--   .. CRC is valid
--16655-- Reading syms from /lib/libpthread-2.11.1.so (0x50b1000)
--16655--   Considering /lib/libpthread-2.11.1.so ..
--16655--   .. CRC mismatch (computed 9da7e2f6 wanted 8161fac5)
--16655--   Considering /usr/lib/debug/lib/libpthread-2.11.1.so ..
--16655--   .. CRC is valid
--16655-- Reading syms from /lib/libc-2.11.1.so (0x52ce000)
--16655--   Considering /lib/libc-2.11.1.so ..
--16655--   .. CRC mismatch (computed 8ff3f38d wanted b68f5078)
--16655--   Considering /usr/lib/debug/lib/libc-2.11.1.so ..
--16655--   .. CRC is valid
--16655-- REDIR: 0x5352ad0 (__GI_strrchr) redirected to 0x4c291c0 (__GI_strrchr)
--16655-- REDIR: 0x534a520 (malloc) redirected to 0x4c284a6 (malloc)
--16655-- REDIR: 0x5354c30 (memcpy) redirected to 0x4c29e40 (memcpy)
--16655-- REDIR: 0x534c360 (calloc) redirected to 0x4c27769 (calloc)
--16655-- REDIR: 0x5356220 (strchrnul) redirected to 0x4c2aa90 (strchrnul)
--16655-- REDIR: 0x5354350 (mempcpy) redirected to 0x4c2ab00 (mempcpy)
vpx Technologies VP8 Decoder v0.9.0-34-g1689564
--16655-- REDIR: 0x534bf90 (realloc) redirected to 0x4c28557 (realloc)
--16655-- REDIR: 0xffffffffff600000 (???) redirected to 0x380408b3 (vgPlain_amd64_linux_REDIR_FOR_vgettimeofday)
--16655-- REDIR: 0x5353820 (memset) redirected to 0x4c2a9b0 (memset)
--16655-- REDIR: 0x5351010 (__GI_strlen) redirected to 0x4c29750 (__GI_strlen)
--16655-- REDIR: 0x534bde0 (free) redirected to 0x4c280b6 (free)
vex amd64->IR: unhandled instruction bytes: 0x48 0xF 0xC4 0xC1 0x0 0x48
==16655== valgrind: Unrecognised instruction at address 0x42745b.
==16655== Your program just tried to execute an instruction that Valgrind
==16655== did not recognise.  There are two possible reasons for this.
==16655== 1. Your program has a bug and erroneously jumped to a non-code
==16655==    location.  If you are running Memcheck and you just saw a
==16655==    warning about a bad jump, it's probably your program's fault.
==16655== 2. The instruction is legitimate but Valgrind doesn't handle it,
==16655==    i.e. it's Valgrind's fault.  If you think this is the case or
==16655==    you are not sure, please let us know and we'll try to fix it.
==16655== Either way, Valgrind will now raise a SIGILL signal which will
==16655== probably kill your program.
==16655== 
==16655== Process terminating with default action of signal 4 (SIGILL)
==16655==  Illegal opcode at address 0x42745B
==16655==    at 0x42745B: ??? (in /home/alex/Projects/webm/libvpx-build/ivfdec)
==16655==    by 0x41D2C9: vp8_decode_macroblock (in /home/alex/Projects/webm/libvpx-build/ivfdec)
==16655==    by 0x41DD49: vp8_decode_mb_row (in /home/alex/Projects/webm/libvpx-build/ivfdec)
==16655==    by 0x41FCD8: vp8_decode_frame (in /home/alex/Projects/webm/libvpx-build/ivfdec)
==16655==    by 0x40500A: vp8dx_receive_compressed_data (in /home/alex/Projects/webm/libvpx-build/ivfdec)
==16655==    by 0x404884: ??? (in /home/alex/Projects/webm/libvpx-build/ivfdec)
==16655==    by 0x403E7C: vpx_codec_decode (in /home/alex/Projects/webm/libvpx-build/ivfdec)
==16655==    by 0x4032D3: main (in /home/alex/Projects/webm/libvpx-build/ivfdec)
==16655== 
==16655== HEAP SUMMARY:
==16655==     in use at exit: 513,601 bytes in 20 blocks
==16655==   total heap usage: 23 allocs, 3 frees, 538,759 bytes allocated
==16655== 
==16655== Searching for pointers to 20 not-freed blocks
==16655== Checked 1,992,096 bytes
==16655== 
==16655== LEAK SUMMARY:
==16655==    definitely lost: 0 bytes in 0 blocks
==16655==    indirectly lost: 0 bytes in 0 blocks
==16655==      possibly lost: 511,198 bytes in 15 blocks
==16655==    still reachable: 2,403 bytes in 5 blocks
==16655==         suppressed: 0 bytes in 0 blocks
==16655== Rerun with --leak-check=full to see details of leaked memory
==16655== 
==16655== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)
--16655-- 
--16655-- used_suppression:      2 dl-hack3-cond-1
--16655-- used_suppression:      2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a
==16655== 
==16655== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)
Illegal instruction (core dumped)

ivfdec is part of libvpx from webmproject.org
Comment 1 Dan Gohman 2010-05-30 19:01:32 UTC 
Created attachment 47490 [details]
a proposed fix

Ignore a REX.W prefix on an MMX pinsrw instruction. This is similar to what is done with the XMM form of pinsrw.
Comment 2 Julian Seward 2010-07-29 07:14:21 UTC 
Committed (vex r1991).  Thanks.