Bug 371989 - PCMPISTRM $0x72 and PCMPISTRI $0x12 validity bit propagation is imprecise
Summary: PCMPISTRM $0x72 and PCMPISTRI $0x12 validity bit propagation is imprecise
Status: REPORTED
Alias: None
Product: valgrind
Classification: Developer tools
Component: memcheck (show other bugs)
Version: 3.12 SVN
Platform: Compiled Sources Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-02 18:51 UTC by Patrick J. LoPresti
Modified: 2016-12-08 00:44 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Test case illustrating pcmpistrm $0x72 validity bit propagation failure (1.26 KB, text/plain)
2016-11-02 18:51 UTC, Patrick J. LoPresti 		Details
Test case illustrating pcmpistri $0x12 validity bit propagation failure (1.28 KB, text/plain)
2016-11-02 21:42 UTC, Patrick J. LoPresti 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick J. LoPresti 2016-11-02 18:51:42 UTC 
Created attachment 101977 [details]
Test case illustrating pcmpistrm $0x72 validity bit propagation failure

(cf. bug 309921)

Well, here we go again...

The attached program uses inline assembly to do something similar to the Intel C compiler's optimized "strspn()" routine.

It would be easy for me to use a suppression rule for warnings from inside the routine. But as with this example, memcheck generates a warning *outside* of the vectorized function.

So, memcheck is tainting the return value of the function as undefined. But the result is actually perfectly well-defined thanks to (a) the memory alignment of the arguments and (b) the way PCMPISTRM ignores everything after the first null byte.
Comment 1 Patrick J. LoPresti 2016-11-02 18:55:28 UTC 
Forgot to mention:

I believe this example should run without warnings when "--partial-loads-ok=yes --expensive-definedness-checks=yes" are specified to memcheck.
Comment 2 Patrick J. LoPresti 2016-11-02 21:41:24 UTC 
A similar problem happens with Intel's optimized atoi() routine. Actually this is so similar that I believe these can probably be fixed together, so I am just adding the second test case to this bug report as another attachment.

The Intel atoi() code uses PCMPISTRI $0x12,... Once again the return value from the function is tainted as undefined, resulting in memcheck complaints every time the value is used.
Comment 3 Patrick J. LoPresti 2016-11-02 21:42:01 UTC 
Created attachment 101986 [details]
Test case illustrating pcmpistri $0x12 validity bit propagation failure
Comment 4 Julian Seward 2016-11-25 12:33:39 UTC 
I'd fix this, if I could think of a sane way to do so.  Alas ..
Comment 5 Patrick J. LoPresti 2016-12-08 00:44:13 UTC 
Just a thought... How about adding VEX opcodes corresponding to these string instructions?

Although the behavior of these instructions is (ludicrously) complex, the data flow is pretty simple: Two vectors of input; one vector and a few condition codes of output; every byte past the first zero ignored.

It seems to me that it should be pretty straightforward to do the memcheck instrumentation directly for most (all?) of the PCMPxSTRx variants.

Intel has had a few instruction set iterations (AVX2/AVX512/BMI/etc.) and they have not added any more monstrosities like these, so I do not think this would be entering an endless rat hole.

What do you think?