428648 – s390_emit_load_mem panics due to 20-bit offset for vector load

Bug 428648 - s390_emit_load_mem panics due to 20-bit offset for vector load

Summary: s390_emit_load_mem panics due to 20-bit offset for vector load

Status:	RESOLVED FIXED

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	vex (other bugs)
Version First Reported In:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-11-03 15:32 UTC by Andreas Arnez
Modified:	2020-11-04 19:02 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Force 12-bit amode for vector loads (1.20 KB, patch) 2020-11-03 17:26 UTC, Andreas Arnez	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Arnez 2020-11-03 15:32:47 UTC

With a fairly big test program based on Python3, Valgrind was seen to panic with this message:

vex: the `impossible' happened:                                                                                                                                                                                                              
   s390_emit_load_mem

Where the host stacktrace contains this:

==13902==    by 0x8001F3C73: s390_emit_load_mem (host_s390_defs.c:8451)                                                                                                                                                                      
==13902==    by 0x80020A701: emit_S390Instr (host_s390_defs.c:8516)      

A bit of instrumentation shows that s390_emit_load_mem was invoked with an addressing mode of S390_AMODE_B20, but with a size of 16 bytes.  This means that a vector load with 20-bit offset is requested, which is not supported.

Comment 1 Andreas Arnez 2020-11-03 15:43:55 UTC

Further analysis shows that the offending "load" originates from s390_isel_vec_expr_wrk() while processing an Iex_Load.  This function generates the addressing mode with s390_isel_amode() and doesn't ensure that the offset stays within 12 bits.  Changing the invocation to s390_isel_amode_short() fixes the problem.
Note that this is similar to Bug 417452, where the same issue appeared with "store" instead of "load".

Comment 2 Andreas Arnez 2020-11-03 17:26:22 UTC

Created attachment 132997 [details]
Force 12-bit amode for vector loads

This should fix the issue.

Comment 3 Andreas Arnez 2020-11-04 19:02:04 UTC

Since this is a fairly straightforward (and small) change, I just pushed this as git commit ba73f8d2ebe4b5fe8163ee5ab806f0e50961ebdf.