497861 – ARM: SUBW Rd, Rn, #uimm12 should accept SP as Rn

Bug 497861 - ARM: SUBW Rd, Rn, #uimm12 should accept SP as Rn

Summary: ARM: SUBW Rd, Rn, #uimm12 should accept SP as Rn

Status:	REPORTED

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	vex (other bugs)
Version First Reported In:	3.24 GIT
Platform:	unspecified Other

Importance:	NOR normal
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-12-24 12:10 UTC by Angelos Oikonomopoulos
Modified:	2024-12-24 12:10 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
A trivial fix. (586 bytes, patch) 2024-12-24 12:10 UTC, Angelos Oikonomopoulos	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Angelos Oikonomopoulos 2024-12-24 12:10:06 UTC

Created attachment 176865 [details]
A trivial fix.

SUMMARY
The ARM manual specifies (https://developer.arm.com/documentation/dui0489/i/arm-and-thumb-instructions/sub) that SUBW Rd, Rn, #uimm12 accepts SP as Rn. However, the (T4) SUBW Rd, Rn, #uimm12 case in guest_arm_toIR.c only accepts this form when SP is both Rd and Rn.

STEPS TO REPRODUCE
1. Manually code up a program that uses such an instruction, e.g. I ran into subw    r3, sp, #8 in WebKit's JavaScriptCore.
2. Run the program natively, observe that it doesn't hit a SIGILL.
3. Run the program under valgrind, observe that it takes a SIGILL.

OBSERVED RESULT

SIGILL.

EXPECTED RESULT

No SIGILL.

SOFTWARE/OS VERSIONS
Valgrind at commit 04edd792bd707bace8ccbf947b48b0c70b7dc5d0.

ADDITIONAL INFORMATION