Bug 376279

Summary: disInstr(arm64): unhandled instruction 0xD50320FF
Product: [Developer tools] valgrind Reporter: Tom Hughes <tom>
Component: vexAssignee: Julian Seward <jseward>
Status: RESOLVED FIXED    
Severity: normal CC: peter.maydell
Priority: NOR    
Version First Reported In: 3.12.0   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Proposed patch

Description Tom Hughes 2017-02-10 10:47:46 UTC 
Unrecognised aarch64 instruction in libgcc from Fedora Rawhide - recently rebuilt with gcc 7 so potential changes to instruction generation:

disInstr(arm64): unhandled instruction 0xD50320FF
disInstr(arm64): 1101'0101 0000'0011 0010'0000 1111'1111
==10841== valgrind: Unrecognised instruction at address 0x4bfdb84.
==10841==    at 0x4BFDB84: ??? (in /usr/lib64/libgcc_s-7-20170204.so.1)
==10841==    by 0x4BFE14F: _Unwind_RaiseException (in /usr/lib64/libgcc_s-7-20170204.so.1)
==10841==    by 0x49F0D4F: __cxa_throw (in /usr/lib64/libstdc++.so.6.0.23)
Comment 1 Tom Hughes 2017-02-10 10:50:03 UTC 
Full log is in the output of the koji build that triggered it (this package runs valgrind as part of it's own tests):

https://kojipkgs.fedoraproject.org//work/tasks/8288/17708288/build.log
Comment 2 Tom Hughes 2017-02-10 11:22:20 UTC 
This appears to be a HINT instruction, but with an immediate value of 0000111 which is unallocated according to the manual I'm looking at.

Now that should mean it's treated as a NOP but I wonder why gcc would choose to generate it?
Comment 3 Tom Hughes 2017-02-10 12:12:19 UTC 
Indeed objdump disassembles in as hint #0x7:

    db78:       d11b43ff        sub     sp, sp, #0x6d0
    db7c:       a9007bfd        stp     x29, x30, [sp]
    db80:       910003fd        mov     x29, sp
>>> db84:       d50320ff        hint    #0x7
    db88:       a90153f3        stp     x19, x20, [sp,#16]
    db8c:       aa0003f3        mov     x19, x0
    db90:       a9025bf5        stp     x21, x22, [sp,#32]
    db94:       aa1e03f4        mov     x20, x30
    db98:       f9001bf7        str     x23, [sp,#48]
Comment 4 Tom Hughes 2017-02-10 13:46:44 UTC 
Created attachment 103953 [details]
Proposed patch

Here's suggested patch that just ignores unknown HINT instructions. Untested as yet...
Comment 5 Peter Maydell 2017-02-10 13:59:49 UTC 
HINT #0x7 is XPACLRI which is one of the ARMv8.3 pointer authentication instructions. This is where they went into binutils:
http://www.cygwin.com/ml/binutils/2016-11/msg00103.html
(which gives a helpful link to https://community.arm.com/processors/b/blog/posts/armv8-a-architecture-2016-additions if you want to know what pointer authentication is all about).

Since these HINT insns all NOP on CPUs before v8.3, gcc can happily use them even if it's not specifically compiling for a v8.3 CPU.
Comment 6 Tom Hughes 2017-02-11 10:46:30 UTC 
Fix tested and committed as VEX r3302.