The problem was reported in Android, but not reproduced by real ETM data.
In TrcPktDecodeEtmV4I::mispredictAtom, there is a loop calling m_P0_stack.from_front_next() and m_P0_stack.erase_curr_from_front(). In m_P0_stack, it uses m_iter to point to the next TrcStackElem to read.
The problem happens in below case:
1) pElem points to the last element in m_P0_stack, m_P0_stack.m_iter == m_P0_stack.m_P0_stack.end().
2) pElem->getP0Type() == P0_ADDR.
Since pElem->getP0Type() == P0_ADDR, m_P0_stack.erase_curr_from_front() is called. After the call,
m_P0_stack.m_iter points to one position past m_P0_stack.m_P0_stack.end(). Then *m_iter is read in m_P0_stack.from_front_next().
The problem was reported in Android, but not reproduced by real ETM data.
In TrcPktDecodeEtmV4I::mispredictAtom, there is a loop calling m_P0_stack.from_front_next() and m_P0_stack.erase_curr_from_front(). In m_P0_stack, it uses m_iter to point to the next TrcStackElem to read. The problem happens in below case: 1) pElem points to the last element in m_P0_stack, m_P0_stack.m_iter == m_P0_stack.m_P0_stack.end(). 2) pElem->getP0Type() == P0_ADDR.
Since pElem->getP0Type() == P0_ADDR, m_P0_stack.erase_curr_from_front() is called. After the call, m_P0_stack.m_iter points to one position past m_P0_stack.m_P0_stack.end(). Then *m_iter is read in m_P0_stack.from_front_next().
From https://en.cppreference.com/w/cpp/container/deque/erase: All iterators and references are invalidated after erase. So a fix suggestion is: m_iter = m_P0_stack.erase(erase_iter);