Bug 402134 - assertion failure in mc_translate.c (noteTmpUsesIn) for Iex_VECRET on arm64
Summary: assertion failure in mc_translate.c (noteTmpUsesIn) for Iex_VECRET on arm64
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: memcheck (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-14 20:28 UTC by Mark Wielaard
Modified: 2018-12-19 20:10 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Wielaard 2018-12-14 20:28:44 UTC 
# valgrind --tool=memcheck -q /usr/sbin/snmpd
VECRET
Memcheck: the 'impossible' happened:
   noteTmpUsesIn

host stacktrace:
==10801==    at 0x58045A28: show_sched_status_wrk (m_libcassert.c:369)
==10801==    by 0x58045B6B: report_and_quit (m_libcassert.c:440)
==10801==    by 0x58045E03: panic (m_libcassert.c:516)
==10801==    by 0x58045E03: vgPlain_tool_panic (m_libcassert.c:531)
==10801==    by 0x58029133: noteTmpUsesIn (mc_translate.c:8037)
==10801==    by 0x58029133: preInstrumentationAnalysis.constprop.26 (mc_translate.c:8221)
==10801==    by 0x58034CC7: vgMemCheck_instrument (mc_translate.c:8333)
==10801==    by 0x5805C563: tool_instrument_then_gdbserver_if_needed (m_translate.c:231)
==10801==    by 0x5812CF83: LibVEX_FrontEnd (main_main.c:650)
==10801==    by 0x5812D4DF: LibVEX_Translate (main_main.c:1185)
==10801==    by 0x5805EF8F: vgPlain_translate (m_translate.c:1813)
==10801==    by 0x580A2DCF: handle_chain_me (scheduler.c:1134)
==10801==    by 0x580A4FFB: vgPlain_scheduler (scheduler.c:1483)
==10801==    by 0x580EC1A3: thread_wrapper (syswrap-linux.c:103)
==10801==    by 0x580EC1A3: run_a_thread_NORETURN (syswrap-linux.c:156)
==10801==    by 0xFFFFFFFFFFFFFFFF: ???

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 10801)
==10801==    at 0x54ECD00: aes_v8_set_encrypt_key (aesv8-armx.S:133)
client stack range: [0x1FFF000000 0x1FFF00FFFF] client SP: 0x1FFF00EA30
valgrind stack range: [0x1003300000 0x10033FFFFF] top usage: 14656 of 1048576


The following seems to solve (or ignore) the issue:

diff --git a/memcheck/mc_translate.c b/memcheck/mc_translate.c
index 7f69ee3ec..04ed864a1 100644
--- a/memcheck/mc_translate.c
+++ b/memcheck/mc_translate.c
@@ -8022,6 +8022,7 @@ static inline void noteTmpUsesIn ( /*MOD*/HowUsed* useEnv,
       use info. */
    switch (at->tag) {
       case Iex_GSPTR:
+      case Iex_VECRET:
       case Iex_Const:
          return;
       case Iex_RdTmp: {
Comment 1 Julian Seward 2018-12-15 09:12:50 UTC 
I suspect your fix is correct, but it concerns me that we haven't
seen a failure of this before.  I'll try to reproduce it.
Comment 2 Mark Wielaard 2018-12-19 20:10:57 UTC 
It is still somewhat unclear why we haven't seen this before, but it seems to correct fix.

commit a751b5be0114378c1b23c787798c8c3d61042cfb
Author: Mark Wielaard <mark@klomp.org>
Date:   Wed Dec 19 20:52:29 2018 +0100

    PR402134 assert fail in mc_translate.c (noteTmpUsesIn) Iex_VECRET on arm64
    
    This happens when processing openssl aes_v8_set_encrypt_key
    (aesv8-armx.S:133). The noteTmpUsesIn () function is new since
    PR387664 Memcheck: make expensive-definedness-checks be the default.
    It didn't handle Iex_VECRET which is used in the arm64 crypto
    instruction dirty handlers.