|
From: Konstantin S. <kon...@gm...> - 2010-03-10 06:15:02
|
Hi, Have anyone seen this? The code is generated on the fly by v8... ==24886== Warning: set address range perms: large range [0xe10d000, 0x2e10d000) (noaccess) vex: priv/guest_amd64_toIR.c:14681 (disInstr_AMD64_WRK): Assertion `sz == 2 || sz == 4' failed. vex storage: T total 3070813848 bytes allocated vex storage: P total 816 bytes allocated valgrind: the 'impossible' happened: LibVEX called failure_exit(). ==24886== at 0x3802CA47: report_and_quit /tmp/vg/coregrind/m_libcassert.c:191 ==24886== by 0x3802CAB9: panic /tmp/vg/coregrind/m_libcassert.c:275 ==24886== by 0x3802CB08: vgPlain_core_panic_at /tmp/vg/coregrind/m_libcassert.c:280 ==24886== by 0x3802CB1A: vgPlain_core_panic /tmp/vg/coregrind/m_libcassert.c:285 ==24886== by 0x38045562: failure_exit /tmp/vg/coregrind/m_translate.c:674 ==24886== by 0x380BE798: vex_assert_fail /tmp/vg/VEX/priv/main_util.c:230 ==24886== by 0x3812CB8E: disInstr_AMD64_WRK /tmp/vg/VEX/priv/guest_amd64_toIR.c:14681 ==24886== by 0x3812CF5D: disInstr_AMD64 /tmp/vg/VEX/priv/guest_amd64_toIR.c:16245 ==24886== by 0x380CD3A5: bb_to_IR /tmp/vg/VEX/priv/guest_generic_bb_to_IR.c:263 ==24886== by 0x380BCEF6: LibVEX_Translate /tmp/vg/VEX/priv/main_main.c:453 ==24886== by 0x38043304: vgPlain_translate /tmp/vg/coregrind/m_translate.c:1518 ==24886== by 0x38067DF8: vgPlain_scheduler /tmp/vg/coregrind/m_scheduler/scheduler.c:857 ==24886== by 0x3808EA10: run_a_thread_NORETURN /tmp/vg/coregrind/m_syswrap/syswrap-linux.c:94 |
|
From: Konstantin S. <kon...@gm...> - 2010-03-10 06:19:24
|
Ah, this is already known: bug: https://bugs.kde.org/show_bug.cgi?id=210481 patch: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/valgrind/scripts/vbug210481.patch?revision=36204&view=markup Any chance to put this one-line patch into trunk? Thanks, --kcc ndex: guest_amd64_toIR.c =================================================================== --- VEX/priv/guest_amd64_toIR.c (Revision 1924) +++ VEX/priv/guest_amd64_toIR.c (Arbeitskopie) @@ -14597,7 +14597,7 @@ /* There is no encoding for 32-bit pop in 64-bit mode. So sz==4 actually means sz==8. */ if (haveF2orF3(pfx)) goto decode_failure; - vassert(sz == 2 || sz == 4); + vassert(sz == 2 || sz == 4 || sz == 8); if (sz == 4) sz = 8; if (sz != 8) goto decode_failure; // until we know a sz==2 test case exists On Wed, Mar 10, 2010 at 9:14 AM, Konstantin Serebryany <kon...@gm...> wrote: > Hi, > > Have anyone seen this? > The code is generated on the fly by v8... > > ==24886== Warning: set address range perms: large range [0xe10d000, > 0x2e10d000) (noaccess) > > vex: priv/guest_amd64_toIR.c:14681 (disInstr_AMD64_WRK): Assertion `sz > == 2 || sz == 4' failed. > vex storage: T total 3070813848 bytes allocated > vex storage: P total 816 bytes allocated > > valgrind: the 'impossible' happened: > LibVEX called failure_exit(). > ==24886== at 0x3802CA47: report_and_quit /tmp/vg/coregrind/m_libcassert.c:191 > ==24886== by 0x3802CAB9: panic /tmp/vg/coregrind/m_libcassert.c:275 > ==24886== by 0x3802CB08: vgPlain_core_panic_at > /tmp/vg/coregrind/m_libcassert.c:280 > ==24886== by 0x3802CB1A: vgPlain_core_panic > /tmp/vg/coregrind/m_libcassert.c:285 > ==24886== by 0x38045562: failure_exit /tmp/vg/coregrind/m_translate.c:674 > ==24886== by 0x380BE798: vex_assert_fail /tmp/vg/VEX/priv/main_util.c:230 > ==24886== by 0x3812CB8E: disInstr_AMD64_WRK > /tmp/vg/VEX/priv/guest_amd64_toIR.c:14681 > ==24886== by 0x3812CF5D: disInstr_AMD64 > /tmp/vg/VEX/priv/guest_amd64_toIR.c:16245 > ==24886== by 0x380CD3A5: bb_to_IR > /tmp/vg/VEX/priv/guest_generic_bb_to_IR.c:263 > ==24886== by 0x380BCEF6: LibVEX_Translate /tmp/vg/VEX/priv/main_main.c:453 > ==24886== by 0x38043304: vgPlain_translate > /tmp/vg/coregrind/m_translate.c:1518 > ==24886== by 0x38067DF8: vgPlain_scheduler > /tmp/vg/coregrind/m_scheduler/scheduler.c:857 > ==24886== by 0x3808EA10: run_a_thread_NORETURN > /tmp/vg/coregrind/m_syswrap/syswrap-linux.c:94 > |
|
From: Konstantin S. <kon...@gm...> - 2010-03-10 06:46:44
|
The patch should probably look like this:
@@ -14597,7 +14597,7 @@
/* Note. There is no encoding for a 32-bit popf in 64-bit mode.
So sz==4 actually means sz==8. */
if (haveF2orF3(pfx)) goto decode_failure;
- vassert(sz == 2 || sz == 4);
+ vassert(sz == 2 || sz == 4 || sz == 8);
if (sz == 4) sz = 8;
if (sz != 8) goto decode_failure; // until we know a sz==2 test
case exists
t1 = newTemp(Ity_I64); t2 = newTemp(Ity_I64);
@@ -14678,7 +14678,7 @@
/* There is no encoding for 32-bit pop in 64-bit mode.
So sz==4 actually means sz==8. */
if (haveF2orF3(pfx)) goto decode_failure;
- vassert(sz == 2 || sz == 4);
+ vassert(sz == 2 || sz == 4 || sz == 8);
if (sz == 4) sz = 8;
if (sz != 8) goto decode_failure; // until we know a sz==2 test
case exists
On Wed, Mar 10, 2010 at 9:18 AM, Konstantin Serebryany
<kon...@gm...> wrote:
> Ah, this is already known:
> bug: https://bugs.kde.org/show_bug.cgi?id=210481
> patch: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/valgrind/scripts/vbug210481.patch?revision=36204&view=markup
>
> Any chance to put this one-line patch into trunk?
>
> Thanks,
>
> --kcc
>
>
>
> ndex: guest_amd64_toIR.c
> ===================================================================
> --- VEX/priv/guest_amd64_toIR.c (Revision 1924)
> +++ VEX/priv/guest_amd64_toIR.c (Arbeitskopie)
> @@ -14597,7 +14597,7 @@
> /* There is no encoding for 32-bit pop in 64-bit mode.
> So sz==4 actually means sz==8. */
> if (haveF2orF3(pfx)) goto decode_failure;
> - vassert(sz == 2 || sz == 4);
> + vassert(sz == 2 || sz == 4 || sz == 8);
> if (sz == 4) sz = 8;
> if (sz != 8) goto decode_failure; // until we know a sz==2 test
> case exists
>
>
>
> On Wed, Mar 10, 2010 at 9:14 AM, Konstantin Serebryany
> <kon...@gm...> wrote:
>> Hi,
>>
>> Have anyone seen this?
>> The code is generated on the fly by v8...
>>
>> ==24886== Warning: set address range perms: large range [0xe10d000,
>> 0x2e10d000) (noaccess)
>>
>> vex: priv/guest_amd64_toIR.c:14681 (disInstr_AMD64_WRK): Assertion `sz
>> == 2 || sz == 4' failed.
>> vex storage: T total 3070813848 bytes allocated
>> vex storage: P total 816 bytes allocated
>>
>> valgrind: the 'impossible' happened:
>> LibVEX called failure_exit().
>> ==24886== at 0x3802CA47: report_and_quit /tmp/vg/coregrind/m_libcassert.c:191
>> ==24886== by 0x3802CAB9: panic /tmp/vg/coregrind/m_libcassert.c:275
>> ==24886== by 0x3802CB08: vgPlain_core_panic_at
>> /tmp/vg/coregrind/m_libcassert.c:280
>> ==24886== by 0x3802CB1A: vgPlain_core_panic
>> /tmp/vg/coregrind/m_libcassert.c:285
>> ==24886== by 0x38045562: failure_exit /tmp/vg/coregrind/m_translate.c:674
>> ==24886== by 0x380BE798: vex_assert_fail /tmp/vg/VEX/priv/main_util.c:230
>> ==24886== by 0x3812CB8E: disInstr_AMD64_WRK
>> /tmp/vg/VEX/priv/guest_amd64_toIR.c:14681
>> ==24886== by 0x3812CF5D: disInstr_AMD64
>> /tmp/vg/VEX/priv/guest_amd64_toIR.c:16245
>> ==24886== by 0x380CD3A5: bb_to_IR
>> /tmp/vg/VEX/priv/guest_generic_bb_to_IR.c:263
>> ==24886== by 0x380BCEF6: LibVEX_Translate /tmp/vg/VEX/priv/main_main.c:453
>> ==24886== by 0x38043304: vgPlain_translate
>> /tmp/vg/coregrind/m_translate.c:1518
>> ==24886== by 0x38067DF8: vgPlain_scheduler
>> /tmp/vg/coregrind/m_scheduler/scheduler.c:857
>> ==24886== by 0x3808EA10: run_a_thread_NORETURN
>> /tmp/vg/coregrind/m_syswrap/syswrap-linux.c:94
>>
>
|