Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle MFENCE instructions appropriately #18

Open
zbrid opened this issue Sep 14, 2020 · 2 comments
Open

Handle MFENCE instructions appropriately #18

zbrid opened this issue Sep 14, 2020 · 2 comments

Comments

@zbrid
Copy link
Contributor

zbrid commented Sep 14, 2020
edited
Loading

At the time of this report, SpecFuzz crashes when instrumenting code that uses MFENCEs.

Reproduction instructions
mfence.ll

define void @mfence() {
  call void @llvm.x86.sse2.mfence()
  ret void
}

declare void @llvm.x86.sse2.mfence()

./bin/llc -x86-specfuzz mfence.ll

Output:

SpecFuzzPass.cpp:604: bool {anonymous}::X86SpecFuzzPass::visitWrite(llvm::MachineInstr&, llvm::MachineBasicBlock&): Assertion `MemRefBegin >= 0 && "Not a write instruction"' failed.
Stack dump:
0.	Program arguments: bin/llc -x86-specfuzz -disable-tail-calls -O3 utils.sf.bc -o utils.sf.s 
1.	Running pass 'Function Pass Manager' on module 'utils.sf.bc'.
2.	Running pass 'SpecFuzz' on function '@_Z18FlushFromDataCachePKvS0_'
#0 0x00007f8348758cae llvm::sys::PrintStackTrace(llvm::raw_ostream&) src/lib/Support/Unix/Signals.inc:490:22
#1 0x00007f8348758d41 PrintStackTraceSignalHandler(void*) src/lib/Support/Unix/Signals.inc:554:1
#2 0x00007f8348756d73 llvm::sys::RunSignalHandlers() src/lib/Support/Signals.cpp:67:20
#3 0x00007f8348758773 SignalHandler(int) src/lib/Support/Unix/Signals.inc:353:1
#4 0x00007f8348108e30 (/lib/x86_64-linux-gnu/libc.so.6+0x3be30)
#5 0x00007f8348108db1 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x3bdb1)
#6 0x00007f83480f2537 abort (/lib/x86_64-linux-gnu/libc.so.6+0x25537)
#7 0x00007f83480f240f __tls_get_addr (/lib/x86_64-linux-gnu/libc.so.6+0x2540f)
#8 0x00007f83481015b2 (/lib/x86_64-linux-gnu/libc.so.6+0x345b2)
#9 0x00007f834cd5e240 (anonymous namespace)::X86SpecFuzzPass::visitWrite(llvm::MachineInstr&, llvm::MachineBasicBlock&) src/lib/Target/X86/SpecFuzzPass.cpp:605:41
#10 0x00007f834cd5cae3 (anonymous namespace)::X86SpecFuzzPass::visitFunction(llvm::MachineFunction&) src/lib/Target/X86/SpecFuzzPass.cpp:283:26
#11 0x00007f834cd5c5f3 (anonymous namespace)::X86SpecFuzzPass::runOnMachineFunction(llvm::MachineFunction&) src/lib/Target/X86/SpecFuzzPass.cpp:223:25

Workarounds:

  • Skip instrumenting MFENCE. I'll put up a pull request for this shortly.
  • Remove MFENCE from the code I want to compile.

Longer term solution

  • Not sure. Would it be useful for SpecFuzz to take into account the effects of MFENCEs on the state it stores during speculative execution simulation?
@zbrid zbrid mentioned this issue Sep 14, 2020
Closed
@zbrid zbrid changed the title Crashes on MFENCE instructions Handle MFENCE instructions appropriately Sep 14, 2020
@OleksiiOleksenko
Copy link
Owner

Closed by 46141ef

@canertol
Copy link

I got the same error.
I don't see the error after editing SpecFuzzPass.cpp line 282 from this:

SpecFuzz/src/SpecFuzzPass.cpp

Line 282 in 46141ef

if (MI->mayStore()) {

to this:
if (MI->mayStore() && MI->getOpcode()!=2546 && MI->getOpcode()!=1) {

I couldn't figure out what opcode 2546 and 1 are but they cause the same problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@OleksiiOleksenko @zbrid @canertol