I ran valgrind on Firefox in the Android emulator (ARM) using the instructions I posted to https://staktrace.com/spout/entry.php?id=762 and after a while it eventually crashed. I'll attach the full valgrind log output. This happened both times I ran it (once on massif and once on memcheck) but I haven't tried to reproduce it more than than. Reproducible: Didn't try Steps to Reproduce: 1. Follow instructions at https://staktrace.com/spout/entry.php?id=762 2. If running massif, just wait for Fennec to finish starting up. If running memcheck, try opening the awesomebar once Fennec is started up. Actual Results: Crash Expected Results: No crash
Created attachment 73674 [details] Valgrind log including unrecognized instruction
(In reply to comment #0) > 1. Follow instructions at https://staktrace.com/spout/entry.php?id=762 These instructions are telling: "...you need to build Valgrind. Unfortunately the release tarballs available on the Valgrind website seem to be missing some files,..." Can you indicate which files are missing, so that this can be fixed (e.g. in 3.8.1) ? (the best would be to enter a new bug for these missing files). Thanks
(In reply to comment #2) > Can you indicate which files are missing, so that this can be fixed (e.g. in > 3.8.1) ? > (the best would be to enter a new bug for these missing files). Filed bug 306310 for this.
Do you know where I can find the manuals for the thumb instruction set? I'm happy to put together a patch for this if I can find the manuals to see if the instruction is valid or not and what it does.
4: e883 000c stmia.w r3, {r2, r3}
This is "STM<c>.W <Rn>{!},<registers> (Encoding T2)". It is in fact handled by V, at guest_arm_toIR.c around line 16404, with the section heading "{LD,ST}M{IA,DB}". Problem here is that the base register, r3, is in the list .. stmia.w r3, {r2, r3} .. and the ARM docs have the following restriction on validity: Encoding T2 is not available for instructions with the base register in the list and ! specified, and the use of such instructions is deprecated. If the base register is not the lowest-numbered register in the list, such an instruction stores an UNKNOWN value for the base register. The first sentence does not apply, since ! is not specified (no writeback). The second sentence is ambiguous. In this case the base register r3 is not the lowest numbered register in the list. But whether the second sentence applies in all situations or only when ! is specified is unclear (to me) so in short I am unclear if this is a valid instruction. V takes the conservative approach and rejects it, hence this failure. This insn has clearly been created by a JIT, either Dalvik or one of the Fx JITs, as it is in /dev/ashmem. If the insn is indeed valid then this is a bug in V. If it is invalid then it is a bug in the JIT that created it.
(In reply to comment #6) You seem to be quoting from revision B of the ARM ARM; the most recent revision is C.b, where this text has been slightly revised and now reads: "ARM deprecates the use of instructions with the base register in the list and ! specified. If the base register is not the lowest-numbered register in the list, such an instruction stores an UNKNOWN value for the base register. An instruction with the base register in the list and ! specified cannot use encoding T2." The pseudocode is also fairly clear and resolves any lingering ambiguity: basereg-in-list with writeback is UNPREDICTABLE for encoding T2; for encodings T1/A1 it stores an UNKNOWN value if the basereg isn't the earliest register in the list. The non-writeback case is neither deprecated, UNPREDICTABLE nor UNKNOWN. So I think this is a bug in Valgrind.
Thanks for the analysis; also to jbramley who made the same observations on irc. Fixed, r2531 (trunk) and will be in 3.8.1 too. Kats, pls verify.