Bug 160954 - ppc build of vagrind crashes with illegal instruction
Summary: ppc build of vagrind crashes with illegal instruction
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: memcheck (show other bugs)
Version: 3.3.0
Platform: Unlisted Binaries Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
: 161251 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-04-17 22:15 UTC by Ed Housey
Modified: 2008-11-06 10:30 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ed Housey 2008-04-17 22:15:35 UTC
 
Comment 1 Ed Housey 2008-04-17 22:18:12 UTC
Hi,

I tried compiling valgrind 3.3.0 for a PPC 32 bit system we have.  I get the error below when trying to run anything under valgrind (example was "valgrind -v ls"

root@ATCA-F120:/root> uname -a
Linux ATCA-F120 2.6.14.7-selinux1-ATCA-F120 #1 Sat Apr 5 07:22:22 MST 2008 ppc GNU/Linux


root@ATCA-F120:/root> valgrind -v ls
==4253== Memcheck, a memory error detector.
==4253== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==4253== Using LibVEX rev 1804, a library for dynamic binary translation.
==4253== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==4253== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==4253== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==4253== 
--4253-- Command line
--4253--    ls
--4253-- Startup, with flags:
--4253--    -v
--4253-- Contents of /proc/version:
--4253--   Linux version 2.6.14.7-selinux1-ATCA-F120 (kent@polycarp) (gcc version 3.4.4 (Wind River Linux)) #1 Sat Apr 5 07:22:22 MST 2008
--4253-- Arch and hwcaps: PPC32, ppc32-int-flt-FX-GX
--4253-- Page sizes: currently 4096, max supported 65536
--4253-- Valgrind library directory: /home/ehousey/valgrind/3.3.0/valgrind-3.3.0/usr/local/lib/valgrind
--4253-- Reading syms from /lib/ld-2.3.6.so (0xFFD0000)
--4253-- Reading syms from /bin/ls (0x10000000)
--4253-- Reading syms from /home/ehousey/valgrind/3.3.0/valgrind-3.3.0/usr/local/lib/valgrind/ppc32-linux/memcheck (0x38000000)
--4253--    object doesn't have a dynamic symbol table
--4253-- Reading suppressions file: /home/ehousey/valgrind/3.3.0/valgrind-3.3.0/usr/local/lib/valgrind/default.supp
disInstr(ppc): unhandled instruction: 0x7D6B4F9E
                 primary 31(0x1F), secondary 1950(0x79E)
==4253== valgrind: Unrecognised instruction at address 0xFFD29A8.
==4253== Your program just tried to execute an instruction that Valgrind
==4253== did not recognise.  There are two possible reasons for this.
==4253== 1. Your program has a bug and erroneously jumped to a non-code
==4253==    location.  If you are running Memcheck and you just saw a
==4253==    warning about a bad jump, it's probably your program's fault.
==4253== 2. The instruction is legitimate but Valgrind doesn't handle it,
==4253==    i.e. it's Valgrind's fault.  If you think this is the case or
==4253==    you are not sure, please let us know and we'll try to fix it.
==4253== Either way, Valgrind will now raise a SIGILL signal which will
==4253== probably kill your program.
==4253== 
==4253== Process terminating with default action of signal 4 (SIGILL)
==4253==  Illegal opcode at address 0xFFD29A8
==4253==    at 0xFFD29A8: dl_main (in /lib/ld-2.3.6.so)
==4253==    by 0xFFDF398: _dl_sysdep_start (in /lib/ld-2.3.6.so)
==4253==    by 0xFFD23A8: _dl_start (in /lib/ld-2.3.6.so)
==4253==    by 0xFFE0628: _start (in /lib/ld-2.3.6.so)
==4253== 
==4253== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1)
--4253-- 
--4253-- supp:      1 glibc-2.3.x-on-SuSE-10.0-(PPC)-1
==4253== malloc/free: in use at exit: 0 bytes in 0 blocks.
==4253== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==4253== 
==4253== All heap blocks were freed -- no leaks are possible.
--4253--  memcheck: sanity checks: 0 cheap, 1 expensive
--4253--  memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--4253--  memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10
--4253--  memcheck: auxmaps_L2: 0 searches, 0 nodes
--4253--  memcheck: SMs: n_issued      = 6 (96k, 0M)
--4253--  memcheck: SMs: n_deissued    = 0 (0k, 0M)
--4253--  memcheck: SMs: max_noaccess  = 65535 (1048560k, 1023M)
--4253--  memcheck: SMs: max_undefined = 0 (0k, 0M)
--4253--  memcheck: SMs: max_defined   = 2 (32k, 0M)
--4253--  memcheck: SMs: max_non_DSM   = 6 (96k, 0M)
--4253--  memcheck: max sec V bit nodes:    0 (0k, 0M)
--4253--  memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0)
--4253--  memcheck: max shadow mem size:   400k, 0M
--4253-- translate:            fast SP updates identified: 11 ( 78.5%)
--4253-- translate:   generic_known SP updates identified: 3 ( 21.4%)
--4253-- translate: generic_unknown SP updates identified: 0 (  0.0%)
--4253--     tt/tc: 158 tt lookups requiring 157 probes
--4253--     tt/tc: 158 fast-cache updates, 2 flushes
--4253--  transtab: new        79 (2,040 -> 30,548; ratio 149:10) [0 scs]
--4253--  transtab: dumped     0 (0 -> ??)
--4253--  transtab: discarded  0 (0 -> ??)
--4253-- scheduler: 202 jumps (bb entries).
--4253-- scheduler: 0/82 major/minor sched events.
--4253--    sanity: 1 cheap, 1 expensive checks.
--4253--    exectx: 769 lists, 1 contexts (avg 0 per list)
--4253--    exectx: 1 searches, 0 full compares (0 per 1000)
--4253--    exectx: 0 cmp2, 0 cmp4, 0 cmpAll
--4253--  errormgr: 1 supplist searches, 22 comparisons during search
--4253--  errormgr: 1 errlist searches, 0 comparisons during search
Illegal instruction
root@ATCA-F120:/root> 

Comment 2 Julian Seward 2008-04-17 22:29:24 UTC
What CPU is this on?
Comment 3 Ed Housey 2008-04-18 20:41:05 UTC
Is this what you are looking for?

root@ATCA-F120:/home/ehousey> cat /proc/cpuinfo
processor       : 0
cpu             : e500v2
revision        : 2.0 (pvr 8021 0020)
bogomips        : 1331.20
chipset         : 8548E
Vendor          : Motorola
Machine         : ATCA-F120 MPC8548E
clock           : 1333MHz
PVR             : 0x80210020
SVR             : 0x80390020
PLL setting     : 0x5
Memory          : 512 MB


Thanks,
Ed
Comment 4 Ed Housey 2008-04-18 20:45:53 UTC
One more thing...if it helps....we have valgrind 3.2.0 in rpm format. This also produces the same error on the previously mentioned CPU.

However both valgrind 3.2.0 (rpm) and 3.3.0 (built from source) work fine on another ppc blade:

root@BIX-3a:/home/ehousey> uname -a
Linux BIX-3a 2.6.14.7-selinux1-ATCA-F101 #2 PREEMPT Tue Mar 11 10:21:04 MST 2008 ppc GNU/Linux

/home/ehousey> cat /proc/cpuinfo
processor       : 0
cpu             : 7447/7457, altivec supported
revision        : 0.1 (pvr 8002 0101)
bogomips        : 663.55
vendor          : Marvell/Galileo
machine         : PPMC280
PVID            : 0x80020101, vendor: Motorola
root@BIX-3a:/home/ehousey>

Comment 5 Julian Seward 2008-05-12 00:32:39 UTC
It's isel:   0:   7d 6b 4f 9e     isel    r11,r11,r9,30
Comment 6 Julian Seward 2008-05-12 00:39:08 UTC
*** Bug 161251 has been marked as a duplicate of this bug. ***
Comment 7 Lukasdz Turon 2008-06-19 14:15:33 UTC
Hi,
I've added isel instruction and tested it on our PPC board (seem to work fine):

# cat /proc/cpuinfo
processor       : 0
cpu             : e500v2
revision        : 0.16 (pvr 8021 0010)
bogomips        : 1052.67
chipset         : 8548E
Vendor          : Freescale Semiconductor
clock           : 1056MHz
PVR             : 0x80210010
SVR             : 0x80390011
PLL setting     : 0x4
Memory          : 512 MB

isel

Integer Select
isel rD, rA, rB, crb

If CR[crb + 32] is set, the contents of rA|0 are copied into rD. If CR[crb + 32] is clear, the
contents of rB are copied into rD.


Code changes:

/valgrind/VEX/priv/guest-ppc# LC_ALL=C TZ=UTC0 diff -Naur toIR.c_orig toIR.c
--- toIR.c_orig 2008-06-01 01:39:08.000000000 +0000
+++ toIR.c      2008-06-19 10:02:28.000000000 +0000
@@ -2890,6 +2890,41 @@
 }


+/*
+  isel instruction
+*/
+static Bool dis_int_isel( UInt theInstr )
+{
+    UChar rD_addr = ifieldRegDS(theInstr);
+    UChar rA_addr = ifieldRegA(theInstr);
+    UChar rB_addr = ifieldRegB(theInstr);
+    UChar crb_idx = ifieldRegC(theInstr);
+
+    IRType ty     = mode64 ? Ity_I64 : Ity_I32;
+
+    IRTemp rA     = newTemp(ty);
+    IRTemp rB     = newTemp(ty);
+    IRTemp rS     = newTemp(ty);
+    IRTemp cr_bi  = newTemp(ty);
+    IRExpr* irx;
+
+    assign( rA, getIReg(rA_addr) );
+    assign( rB, getIReg(rB_addr) );
+    assign( cr_bi, getCRbit( crb_idx ) );
+
+    DIP("isel r%u,r%u,r%u,crb_idx=%u\n", rA_addr, rD_addr, rB_addr, crb_idx);
+
+    irx =  binop(Iop_CmpEQ32, mkexpr(cr_bi), mkU32(0));
+    assign(rS,
+           IRExpr_Mux0X( unop(Iop_1Uto8, irx),
+                         mkexpr(rA),
+                         mkexpr(rB)) );
+
+    putIReg( rD_addr, mkexpr(rS) );
+
+    return True;
+}
+

 /*
   Integer Compare Instructions
@@ -9195,8 +9230,15 @@

    case 0x1F:

+      /* isel instruction */
+      opc2 = IFIELD(theInstr, 0, 5);
+      if ( opc2 == 0x1E)
+      {
+          if (dis_int_isel( theInstr )) goto decode_success;
+          goto decode_failure;
+      }
+
       /* For arith instns, bit10 is the OE flag (overflow enable) */
-
       opc2 = IFIELD(theInstr, 1, 9);
       switch (opc2) {
       /* Integer Arithmetic Instructions */
Comment 8 Julian Seward 2008-11-06 10:30:19 UTC
Fixed.  Vex r1870 and 1871.