Bug 428648

Summary: s390_emit_load_mem panics due to 20-bit offset for vector load
Product: [Developer tools] valgrind Reporter: Andreas Arnez <arnez>
Component: vexAssignee: Julian Seward <jseward>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Force 12-bit amode for vector loads

Description Andreas Arnez 2020-11-03 15:32:47 UTC 
With a fairly big test program based on Python3, Valgrind was seen to panic with this message:

vex: the `impossible' happened:                                                                                                                                                                                                              
   s390_emit_load_mem

Where the host stacktrace contains this:

==13902==    by 0x8001F3C73: s390_emit_load_mem (host_s390_defs.c:8451)                                                                                                                                                                      
==13902==    by 0x80020A701: emit_S390Instr (host_s390_defs.c:8516)      

A bit of instrumentation shows that s390_emit_load_mem was invoked with an addressing mode of S390_AMODE_B20, but with a size of 16 bytes.  This means that a vector load with 20-bit offset is requested, which is not supported.
Comment 1 Andreas Arnez 2020-11-03 15:43:55 UTC 
Further analysis shows that the offending "load" originates from s390_isel_vec_expr_wrk() while processing an Iex_Load.  This function generates the addressing mode with s390_isel_amode() and doesn't ensure that the offset stays within 12 bits.  Changing the invocation to s390_isel_amode_short() fixes the problem.
Note that this is similar to Bug 417452, where the same issue appeared with "store" instead of "load".
Comment 2 Andreas Arnez 2020-11-03 17:26:22 UTC 
Created attachment 132997 [details]
Force 12-bit amode for vector loads

This should fix the issue.
Comment 3 Andreas Arnez 2020-11-04 19:02:04 UTC 
Since this is a fairly straightforward (and small) change, I just pushed this as git commit ba73f8d2ebe4b5fe8163ee5ab806f0e50961ebdf.