Bug 492961

Summary: amd64: Use Intel behavior for 16b sh[lr]d when count>16
Product: [Developer tools] valgrind Reporter: Matt Borgerson <contact>
Component: vexAssignee: Julian Seward <jseward>
Status: REPORTED ---    
Severity: normal CC: pjfloyd
Priority: NOR    
Version First Reported In: 3.23 GIT   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Patch
test_shld.c
test_shrd.c

Description Matt Borgerson 2024-09-10 23:04:57 UTC 
Created attachment 173542 [details]
Patch

SUMMARY

According to the Intel SDM for `shld` and `shrd` instructions, the result is undefined when shift count is greater than operand size. Observed behavior of Intel CPUs in this case is to shift bits in from source first, then from destination. This is also how QEMU models these instructions.  Current IR translation shifts values in from source only.  Attached patch modifies translation to match observed behavior in Intel CPU and QEMU.

STEPS TO REPRODUCE
Compile attached test source, then see below for diff commands.

OBSERVED RESULT
```
$ diff <(./test_shld) <(./bin/valgrind ./test_shld)
==286271== Memcheck, a memory error detector
==286271== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==286271== Using Valgrind-3.24.0.GIT and LibVEX; rerun with -h for copyright info
==286271== Command: ./test_shld
==286271== 
==286271== 
==286271== HEAP SUMMARY:
==286271==     in use at exit: 0 bytes in 0 blocks
==286271==   total heap usage: 1 allocs, 1 frees, 4,096 bytes allocated
==286271== 
==286271== All heap blocks were freed -- no leaks are possible
==286271== 
==286271== For lists of detected and suppressed errors, rerun with: -s
==286271== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
19,32c19,32
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000012 R=1234fdb51234f4d1 CCIN=0000 CC=0084
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000013 R=1234fdb51234e9a2 CCIN=0000 CC=0081
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000014 R=1234fdb51234d345 CCIN=0000 CC=0081
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000015 R=1234fdb51234a68a CCIN=0000 CC=0081
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000016 R=1234fdb512344d15 CCIN=0000 CC=0001
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000017 R=1234fdb512349a2b CCIN=0000 CC=0084
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000018 R=1234fdb512343456 CCIN=0000 CC=0005
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000019 R=1234fdb5123468ac CCIN=0000 CC=0004
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001a R=1234fdb51234d159 CCIN=0000 CC=0084
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001b R=1234fdb51234a2b3 CCIN=0000 CC=0081
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001c R=1234fdb512344567 CCIN=0000 CC=0001
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001d R=1234fdb512348acf CCIN=0000 CC=0084
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001e R=1234fdb51234159e CCIN=0000 CC=0001
< shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001f R=1234fdb512342b3c CCIN=0000 CC=0004
---
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000012 R=1234fdb51234f4d0 CCIN=0000 CC=0080
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000013 R=1234fdb51234e9a1 CCIN=0000 CC=0080
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000014 R=1234fdb51234d343 CCIN=0000 CC=0080
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000015 R=1234fdb51234a687 CCIN=0000 CC=0084
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000016 R=1234fdb512344d0f CCIN=0000 CC=0004
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000017 R=1234fdb512349a1e CCIN=0000 CC=0084
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000018 R=1234fdb51234343d CCIN=0000 CC=0000
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000019 R=1234fdb51234687a CCIN=0000 CC=0000
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001a R=1234fdb51234d0f4 CCIN=0000 CC=0080
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001b R=1234fdb51234a1e9 CCIN=0000 CC=0080
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001c R=1234fdb5123443d3 CCIN=0000 CC=0000
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001d R=1234fdb5123487a6 CCIN=0000 CC=0084
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001e R=1234fdb512340f4d CCIN=0000 CC=0004
> shldw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001f R=1234fdb512341e9a CCIN=0000 CC=0004

$ diff <(./test_shrd) <(./bin/valgrind ./test_shrd)
==286477== Memcheck, a memory error detector
==286477== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==286477== Using Valgrind-3.24.0.GIT and LibVEX; rerun with -h for copyright info
==286477== Command: ./test_shrd
==286477== 
==286477== 
==286477== HEAP SUMMARY:
==286477==     in use at exit: 0 bytes in 0 blocks
==286477==   total heap usage: 1 allocs, 1 frees, 4,096 bytes allocated
==286477== 
==286477== All heap blocks were freed -- no leaks are possible
==286477== 
==286477== For lists of detected and suppressed errors, rerun with: -s
==286477== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
20,32c20,32
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000013 R=1234fdb5123407a6 CCIN=0000 CC=0005
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000014 R=1234fdb5123483d3 CCIN=0000 CC=0080
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000015 R=1234fdb51234c1e9 CCIN=0000 CC=0081
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000016 R=1234fdb51234e0f4 CCIN=0000 CC=0081
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000017 R=1234fdb51234f07a CCIN=0000 CC=0080
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000018 R=1234fdb51234783d CCIN=0000 CC=0000
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000019 R=1234fdb512343c1e CCIN=0000 CC=0005
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001a R=1234fdb512349e0f CCIN=0000 CC=0084
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001b R=1234fdb51234cf07 CCIN=0000 CC=0081
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001c R=1234fdb512346783 CCIN=0000 CC=0001
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001d R=1234fdb51234b3c1 CCIN=0000 CC=0081
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001e R=1234fdb5123459e0 CCIN=0000 CC=0001
< shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001f R=1234fdb51234acf0 CCIN=0000 CC=0084
---
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000013 R=1234fdb5123487a6 CCIN=0000 CC=0084
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000014 R=1234fdb5123443d3 CCIN=0000 CC=0000
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000015 R=1234fdb51234a1e9 CCIN=0000 CC=0080
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000016 R=1234fdb51234d0f4 CCIN=0000 CC=0080
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000017 R=1234fdb51234687a CCIN=0000 CC=0000
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000018 R=1234fdb51234343d CCIN=0000 CC=0000
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=0000000000000019 R=1234fdb512349a1e CCIN=0000 CC=0084
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001a R=1234fdb512344d0f CCIN=0000 CC=0004
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001b R=1234fdb51234a687 CCIN=0000 CC=0084
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001c R=1234fdb51234d343 CCIN=0000 CC=0080
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001d R=1234fdb51234e9a1 CCIN=0000 CC=0080
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001e R=1234fdb51234f4d0 CCIN=0000 CC=0080
> shrdw      A=1234fdb512345678 B=21ad96f921ad3d34 C=000000000000001f R=1234fdb512347a68 CCIN=0000 CC=0000
```

EXPECTED RESULT
See above diffs.

SOFTWARE/OS VERSIONS
VALGRIND_3_23_0-108-g5d404b97d

ADDITIONAL INFORMATION

Discovered via QEMU differential tests.

After patch applied:

```
$ diff <(./test_shld) <(./bin/valgrind ./test_shld)
==288985== Memcheck, a memory error detector
==288985== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==288985== Using Valgrind-3.24.0.GIT and LibVEX; rerun with -h for copyright info
==288985== Command: ./test_shld
==288985== 
==288985== 
==288985== HEAP SUMMARY:
==288985==     in use at exit: 0 bytes in 0 blocks
==288985==   total heap usage: 1 allocs, 1 frees, 4,096 bytes allocated
==288985== 
==288985== All heap blocks were freed -- no leaks are possible
==288985== 
==288985== For lists of detected and suppressed errors, rerun with: -s
==288985== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

$ diff <(./test_shrd) <(./bin/valgrind ./test_shrd)
==289007== Memcheck, a memory error detector
==289007== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==289007== Using Valgrind-3.24.0.GIT and LibVEX; rerun with -h for copyright info
==289007== Command: ./test_shrd
==289007== 
==289007== 
==289007== HEAP SUMMARY:
==289007==     in use at exit: 0 bytes in 0 blocks
==289007==   total heap usage: 1 allocs, 1 frees, 4,096 bytes allocated
==289007== 
==289007== All heap blocks were freed -- no leaks are possible
==289007== 
==289007== For lists of detected and suppressed errors, rerun with: -s
==289007== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
```
Comment 1 Matt Borgerson 2024-09-10 23:06:00 UTC 
Created attachment 173543 [details]
test_shld.c
Comment 2 Matt Borgerson 2024-09-10 23:06:15 UTC 
Created attachment 173544 [details]
test_shrd.c