Bug 500979 - botch of 'notrack' prefix for i386
Summary: botch of 'notrack' prefix for i386
Status: REPORTED
Alias: None
Product: valgrind
Classification: Developer tools
Component: memcheck (other bugs)
Version First Reported In: 3.24.0
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-03-03 01:19 UTC by John Reiser
Modified: 2025-03-03 01:19 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description John Reiser 2025-03-03 01:19:45 UTC 
SUMMARY
Memcheck emulates incorrectly the 'notrack' instruction prefix of i386 code when run on amd64.

STEPS TO REPRODUCE
0. $ cat notrack.S   # the i386 assembly code
_start: .globl _start
    push $0   # keep stack 2-word aligned after 'call'
    call jmp_back
    hlt

jmp_back:
    push %esp
    pop %ebp
    .byte 0x3e; jmp *(%ebp)

1. gcc -m32 -g -nostartfiles -nostdlib -o notrack notrack.S  # compile and build for i386 on amd64
2. valgrind ./notrack  # run on amd64 with Linux support for executing i386 programs
3. gdb notrack   # detailed examination of code; see below


OBSERVED RESULT
$ valgrind ./notrack
==748797== Memcheck, a memory error detector
==748797== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==748797== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==748797== Command: ./notrack
==748797== 
==748797== 
==748797== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==748797==  General Protection Fault
==748797==    at 0x804900A: ??? (notrack.S:8)
==748797== 

$ gdb ./notrack   # step-by-step run without valgrind (memcheck)
(gdb) b jmp_back
Breakpoint 1 at 0x8049008: file notrack.S, line 7.
(gdb) run
Starting program: ./notrack 

Breakpoint 1, jmp_back () at notrack.S:7
7	    push %esp
(gdb) x/i $pc
=> 0x8049008 <jmp_back>:	push   %esp
(gdb) p $esp
$1 = (void *) 0xffffcc78
(gdb) stepi
8	    pop %ebp
=> 0x8049009 <jmp_back+1>:	pop    %ebp
(gdb) stepi
0x0804900a in jmp_back () at notrack.S:8
8	    pop %ebp
=> 0x804900a <jmp_back+2>:	notrack jmp *0x0(%ebp)   ## the address of memcheck complaint
(gdb) x/xw $ebp
0xffffcc78:	0x08049007
(gdb) x/i 0x08049007
   0x8049007 <_start+7>:	hlt
(gdb) stepi
_start () at notrack.S:4
4	    hlt   ## successful return to the instruction after the 'call'
(gdb) q

EXPECTED RESULT
No complaint

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
(available in the Info Center app, or by running `kinfo` in a terminal window)
Linux/KDE Plasma: Linux 6.12.13 (Fedora 40)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
$ uname -a
Linux fedora 6.12.13-100.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Feb  8 17:10:01 UTC 2025 x86_64 GNU/Linux