376279 – disInstr(arm64): unhandled instruction 0xD50320FF

Bug 376279 - disInstr(arm64): unhandled instruction 0xD50320FF

Summary: disInstr(arm64): unhandled instruction 0xD50320FF

Status:	RESOLVED FIXED

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	vex (show other bugs)
Version:	3.12.0
Platform:	Fedora RPMs Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-02-10 10:47 UTC by Tom Hughes
Modified:	2017-02-11 10:46 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Proposed patch (804 bytes, patch) 2017-02-10 13:46 UTC, Tom Hughes	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Tom Hughes 2017-02-10 10:47:46 UTC

Unrecognised aarch64 instruction in libgcc from Fedora Rawhide - recently rebuilt with gcc 7 so potential changes to instruction generation:

disInstr(arm64): unhandled instruction 0xD50320FF
disInstr(arm64): 1101'0101 0000'0011 0010'0000 1111'1111
==10841== valgrind: Unrecognised instruction at address 0x4bfdb84.
==10841==    at 0x4BFDB84: ??? (in /usr/lib64/libgcc_s-7-20170204.so.1)
==10841==    by 0x4BFE14F: _Unwind_RaiseException (in /usr/lib64/libgcc_s-7-20170204.so.1)
==10841==    by 0x49F0D4F: __cxa_throw (in /usr/lib64/libstdc++.so.6.0.23)

Comment 1 Tom Hughes 2017-02-10 10:50:03 UTC

Full log is in the output of the koji build that triggered it (this package runs valgrind as part of it's own tests):

https://kojipkgs.fedoraproject.org//work/tasks/8288/17708288/build.log

Comment 2 Tom Hughes 2017-02-10 11:22:20 UTC

This appears to be a HINT instruction, but with an immediate value of 0000111 which is unallocated according to the manual I'm looking at.

Now that should mean it's treated as a NOP but I wonder why gcc would choose to generate it?

Comment 3 Tom Hughes 2017-02-10 12:12:19 UTC

Indeed objdump disassembles in as hint #0x7:

    db78:       d11b43ff        sub     sp, sp, #0x6d0
    db7c:       a9007bfd        stp     x29, x30, [sp]
    db80:       910003fd        mov     x29, sp
>>> db84:       d50320ff        hint    #0x7
    db88:       a90153f3        stp     x19, x20, [sp,#16]
    db8c:       aa0003f3        mov     x19, x0
    db90:       a9025bf5        stp     x21, x22, [sp,#32]
    db94:       aa1e03f4        mov     x20, x30
    db98:       f9001bf7        str     x23, [sp,#48]

Comment 4 Tom Hughes 2017-02-10 13:46:44 UTC

Created attachment 103953 [details]
Proposed patch

Here's suggested patch that just ignores unknown HINT instructions. Untested as yet...

Comment 5 Peter Maydell 2017-02-10 13:59:49 UTC

HINT #0x7 is XPACLRI which is one of the ARMv8.3 pointer authentication instructions. This is where they went into binutils:
http://www.cygwin.com/ml/binutils/2016-11/msg00103.html
(which gives a helpful link to https://community.arm.com/processors/b/blog/posts/armv8-a-architecture-2016-additions if you want to know what pointer authentication is all about).

Since these HINT insns all NOP on CPUs before v8.3, gcc can happily use them even if it's not specifically compiling for a v8.3 CPU.

Comment 6 Tom Hughes 2017-02-11 10:46:30 UTC

Fix tested and committed as VEX r3302.