Valgrind crash with app using pcre 8.33 under amd64 cpu. It happens 100% of the time. vex amd64->IR: unhandled instruction bytes: 0x8F 0xEA 0xF8 0x10 0xEF 0x3 0x5 0x0 vex amd64->IR: REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0 vex amd64->IR: VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=NONE vex amd64->IR: PFX.66=0 PFX.F2=0 PFX.F3=0 ==10389== valgrind: Unrecognised instruction at address 0x4e7cd54. ==10389== at 0x4E7CD54: set_table_bit (pcre_study.c:557) ==10389== by 0x4E7D6F5: set_start_bits (pcre_study.c:986) ==10389== by 0x4E7D7D3: set_start_bits (pcre_study.c:866) ==10389== by 0x4E7E0A5: pcre_study (pcre_study.c:1413)
CPU Info processor : 15 vendor_id : AuthenticAMD cpu family : 21 model : 2 model name : AMD Opteron(tm) Processor 6376 stepping : 0 microcode : 0x6000822 cpu MHz : 2300.000 cache size : 2048 KB physical id : 0 siblings : 16 core id : 7 cpu cores : 8 apicid : 47 initial apicid : 15 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc extd_apicid amd_dcm aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce nodeid_msr tbm topoext perfctr_core perfctr_nb arat cpb hw_pstate npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold bmi1 bogomips : 4599.90 TLB size : 1536 4K pages clflush size : 64 cache_alignment : 64 address sizes : 48 bits physical, 48 bits virtual power management: ts ttp tm 100mhzsteps hwpstate cpb eff_freq_ro
If it's helpful, apparently my attachment to #316874 ( https://bugs.kde.org/attachment.cgi?id=78123 ) contains this instruction.
What instruction is this? Objdump thinks it's invalid and the V insn decoder will reject it too. 0000000000000000 <.text>: 0: 8f .byte 0x8f 1: ea (bad) 2: f8 clc 3: 10 ef adc %ch,%bh 5: 03 .byte 0x3 6: 05 .byte 0x5
Well 0x8F 0xEA 0xF8 is a three byte XOP prefix (an AMD specific extension) which would presumably then make the actual instruction an ADC as the XOP doesn't seem to imply any 66/F2/F3 prefix. See http://wiki.osdev.org/X86-64_Instruction_Encoding#VEX.2FXOP_opcodes for more on XOP but basically it seems to be equivalent to a 3 byte VEX prefix just with a different leading byte.
Hmm, but the map_select field is 0xA though so that might change the underlying instruction.
Yep, that is "XOP opcode map 10" which is AMD specific instructions, and 0x10 becomes "BEXTR reg64, reg/mem64, imm32".
*** Bug 356611 has been marked as a duplicate of this bug. ***
FWIW objdump 2.25.1 can decode these instructions. $ valgrind /bin/ls ==6429== Memcheck, a memory error detector ==6429== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==6429== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==6429== Command: /bin/ls ==6429== vex amd64->IR: unhandled instruction bytes: 0x8F 0xEA 0xF8 0x10 0xC6 0x5 0x3 0x0 vex amd64->IR: REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0 vex amd64->IR: VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=NONE vex amd64->IR: PFX.66=0 PFX.F2=0 PFX.F3=0 ==6429== valgrind: Unrecognised instruction at address 0x40e62c. ==6429== at 0x40E62C: ??? (in /bin/ls) $ objdump -d /bin/ls|grep 40e62c 40e62c: 8f ea f8 10 c6 05 03 bextr $0x305,%rsi,%rax As a workaround I can compile my code with '-march=native -mno-tbm' instead of just '-march=native', but it would be nice if valgrind supported this instruction: https://bugs.gentoo.org/show_bug.cgi?id=563796
According to https://en.wikipedia.org/wiki/Bit_Manipulation_Instruction_Sets#TBM_.28Trailing_Bit_Manipulation.29 TBM instructions are only supported on a few AMD processors (Piledriver, Steamroller and Excavator).
*** This bug has been marked as a duplicate of bug 381819 ***