Bug 136529 - vex amd64->IR: unhandled instruction bytes: 0xF3 0x4D 0xF 0x7E
Summary: vex amd64->IR: unhandled instruction bytes: 0xF3 0x4D 0xF 0x7E
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: vex (show other bugs)
Version: 3.2.1
Platform: unspecified Linux
: NOR crash
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
: 143822 (view as bug list)
Depends on:
Blocks: 253451
  Show dependency treegraph
 
Reported: 2006-10-30 20:10 UTC by bnell
Modified: 2011-08-11 10:03 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description bnell 2006-10-30 20:10:00 UTC
Compile and use valgrind on the following simple program:

nellb02linux:bnell> cat vg.cpp

void bad(void)
{
  // rex64XZ movq   %xmm14,%xmm15
  __asm__(" .byte 0xf3\n"
	  " .byte 0x4d\n"
	  " .byte 0x0f\n"
	  " .byte 0x7e\n"
	  " .byte 0xfe\n");
}

int main(int argc, char* argv[])
{
  bad();
  return 0;
}

nellb02linux:bnell> g++ -o vg vg.cpp

nellb02linux:bnell> uname -a 
Linux nellb02linux 2.6.11.4-20a-smp #1 SMP Wed Mar 23 21:52:37 UTC 2005 x86_64
x86_64 x86_64 GNU/Linux

nellb02linux:bnell> rpm -q glibc
glibc-2.3.4-23.4

nellb02linux:bnell> valgrind -v vg
==3636== Memcheck, a memory error detector.
==3636== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==3636== Using LibVEX rev 1658, a library for dynamic binary translation.
==3636== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==3636== Using valgrind-3.2.1, a dynamic binary instrumentation framework.
==3636== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==3636== 
--3636-- Command line
--3636--    vg
--3636-- Startup, with flags:
--3636--    -v
--3636-- Contents of /proc/version:
--3636--   Linux version 2.6.11.4-20a-smp (geeko@buildhost) (gcc version 3.3.5
20050117 (prerelease) (SUSE Linux)) #1 SMP Wed Mar 23 21:52:37 UTC 2005
--3636-- Arch and hwcaps: AMD64, amd64-sse2
--3636-- Valgrind library directory:
/hub/share/sbtools/apps/valgrind-3.2.1/glnxa64-suse9.3/lib/valgrind
--3636-- Reading syms from /mathworks/home/bnell/vg (0x400000)
--3636-- Reading syms from /lib64/ld-2.3.4.so (0x4000000)
--3636-- Reading syms from
/mathworks/hub/share/sbtools/apps/valgrind-3.2.1/glnxa64-suse9.3/lib/valgrind/amd64-linux/memcheck
(0x38000000)
--3636--    object doesn't have a dynamic symbol table
--3636-- Reading suppressions file:
/hub/share/sbtools/apps/valgrind-3.2.1/glnxa64-suse9.3/lib/valgrind/default.supp
--3636-- Reading syms from
/mathworks/hub/share/sbtools/apps/valgrind-3.2.1/glnxa64-suse9.3/lib/valgrind/amd64-linux/vgpreload_core.so
(0x4917000)
--3636-- Reading syms from
/mathworks/hub/share/sbtools/apps/valgrind-3.2.1/glnxa64-suse9.3/lib/valgrind/amd64-linux/vgpreload_memcheck.so
(0x4A18000)
--3636-- REDIR: 0x400FBE0 (index) redirected to 0x4A1B880 (index)
--3636-- REDIR: 0x400FD90 (strcmp) redirected to 0x4A1BAF0 (strcmp)
--3636-- REDIR: 0x40100D0 (strlen) redirected to 0x4A1BA20 (strlen)
--3636-- Reading syms from
/mathworks/devel/sandbox/bnell/Akernel/matlab/sys/os/glnxa64/libstdc++.so.6.0.8
(0x4B1E000)
--3636-- Reading syms from /lib64/tls/libm.so.6 (0x4D1F000)
--3636-- Reading syms from
/mathworks/devel/sandbox/bnell/Akernel/matlab/sys/os/glnxa64/libgcc_s.so.1
(0x4E76000)
--3636-- Reading syms from /lib64/tls/libc.so.6 (0x4F83000)
--3636-- REDIR: 0x4FF2040 (rindex) redirected to 0x4A1B730 (rindex)
--3636-- REDIR: 0x4FF2D50 (memset) redirected to 0x4A1BC40 (memset)
--3636-- REDIR: 0x4FF1660 (strlen) redirected to 0x4A1B9E0 (strlen)
vex amd64->IR: unhandled instruction bytes: 0xF3 0x4D 0xF 0x7E
==3636== valgrind: Unrecognised instruction at address 0x40055C.
==3636== Your program just tried to execute an instruction that Valgrind
==3636== did not recognise.  There are two possible reasons for this.
==3636== 1. Your program has a bug and erroneously jumped to a non-code
==3636==    location.  If you are running Memcheck and you just saw a
==3636==    warning about a bad jump, it's probably your program's fault.
==3636== 2. The instruction is legitimate but Valgrind doesn't handle it,
==3636==    i.e. it's Valgrind's fault.  If you think this is the case or
==3636==    you are not sure, please let us know and we'll try to fix it.
==3636== Either way, Valgrind will now raise a SIGILL signal which will
==3636== probably kill your program.
==3636== 
==3636== Process terminating with default action of signal 4 (SIGILL)
==3636==  Illegal opcode at address 0x40055C
==3636==    at 0x40055C: bad() (in /mathworks/home/bnell/vg)
==3636==    by 0x400577: main (in /mathworks/home/bnell/vg)
--3636-- REDIR: 0x4FEB830 (free) redirected to 0x4A1A6C6 (free)
==3636== 
==3636== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 3 from 2)
--3636-- 
--3636-- supp:    1 strlen-not-intercepted-early-enough-HACK-5
--3636-- supp:    2 dl_relocate_object
==3636== malloc/free: in use at exit: 0 bytes in 0 blocks.
==3636== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==3636== 
==3636== All heap blocks were freed -- no leaks are possible.
--3636--  memcheck: sanity checks: 2 cheap, 1 expensive
--3636--  memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--3636--  memcheck: auxmaps: 0 searches, 0 comparisons
--3636--  memcheck: SMs: n_issued      = 19 (304k, 0M)
--3636--  memcheck: SMs: n_deissued    = 0 (0k, 0M)
--3636--  memcheck: SMs: max_noaccess  = 524287 (8388592k, 8191M)
--3636--  memcheck: SMs: max_undefined = 0 (0k, 0M)
--3636--  memcheck: SMs: max_defined   = 133 (2128k, 2M)
--3636--  memcheck: SMs: max_non_DSM   = 19 (304k, 0M)
--3636--  memcheck: max sec V bit nodes:    0 (0k, 0M)
--3636--  memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0)
--3636--  memcheck: max shadow mem size:   4448k, 4M
--3636-- translate:            fast SP updates identified: 1,473 ( 89.1%)
--3636-- translate:   generic_known SP updates identified: 116 (  7.0%)
--3636-- translate: generic_unknown SP updates identified: 63 (  3.8%)
--3636--     tt/tc: 3,957 tt lookups requiring 4,010 probes
--3636--     tt/tc: 3,957 fast-cache updates, 5 flushes
--3636--  transtab: new        1,875 (47,885 -> 809,571; ratio 169:10) [0 scs]
--3636--  transtab: dumped     0 (0 -> ??)
--3636--  transtab: discarded  12 (294 -> ??)
--3636-- scheduler: 246,961 jumps (bb entries).
--3636-- scheduler: 2/2,199 major/minor sched events.
--3636--    sanity: 3 cheap, 1 expensive checks.
--3636--    exectx: 30,011 lists, 3 contexts (avg 0 per list)
--3636--    exectx: 3 searches, 0 full compares (0 per 1000)
--3636--    exectx: 0 cmp2, 3 cmp4, 0 cmpAll
Illegal instruction
nellb02linux:bnell>
Comment 1 Julian Seward 2006-12-26 00:00:40 UTC
We have a bunch of bug reports like this (redundant REX prefix bits)
and I'm getting the impression what they have in common is SuSE 9.3
on amd64.  (iow, a buggy assembler on that platform).  What does 
"as --version" say?
Comment 2 bnell 2006-12-29 19:58:37 UTC
nellb02linux:src> as --version
GNU assembler 2.15
Copyright 2002 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License.  This program has absolutely no warranty.
This assembler was configured for a target of `x86_64-unknown-linux-gnu'.
Comment 3 Tom Hughes 2011-08-11 09:10:20 UTC
I can't pin down which commit fixed this, but it seems to work now.
Comment 4 Tom Hughes 2011-08-11 10:03:25 UTC
*** Bug 143822 has been marked as a duplicate of this bug. ***