memcheck/tests/origin6-fp fails with valgrind internal error in vex "stmt_is_guardable: unhandled stmt" [clang]

[nbriggs]

If memcheck/tests/origin6-fp.c is compiled with clang (tested with 8, 9) with optimization (-O, -O2), FreeBSD 12.1-RELEASE-p4, i386 system, then valgrind fails with

$ valgrind ./origin6-fp                                                                                                                                                                       ==95931== Memcheck, a memory error detector
==95931== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==95931== Using Valgrind-3.16.0.GIT and LibVEX; rerun with -h for copyright info
==95931== Command: ./origin6-fp
==95931== 

PUTI(136:8xI8)[t9,0] = 0x1:I8

vex: the `impossible' happened:
   stmt_is_guardable: unhandled stmt
vex storage: T total 118394564 bytes allocated
vex storage: P total 448 bytes allocated

valgrind: the 'impossible' happened:
   LibVEX called failure_exit().

host stacktrace:
==95931==    at 0x38033978: ??? (in /usr/local/lib/valgrind/memcheck-x86-freebsd)
==95931==    by 0x38033C46: ??? (in /usr/local/lib/valgrind/memcheck-x86-freebsd)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 100239)
==95931==    at 0x40166E: main (origin6-fp.c:0)
client stack range: [0xFABFD000 0xFABFEFFF] client SP: 0xFABFEBF8
valgrind stack range: [0x51C5000 0x52C4FFF] top usage: 5452 of 1048576
[...]

Using optimization -O0 does not cause the internal failure.

[nbriggs]

Just checked with clang 10 (only for compiling the test itself), same failure. BTW -- It doesn't happen with clang 10 on an Ubuntu 20.04 x86_64 system (using the freebsd_valgrind code of about May 5th). I'm afraid I have no understanding of the VEX library, so the best I can do is dump data that might help.

[paulfloyd]

I don't know that much about VEX either. --vex-guest-chase=no seems to prevent the problem.

[nbriggs]

I wonder if it's reproducible in classic Valgrind and therefore reportable to someone who might know/care to fix the problem.

[paulfloyd]

This just came up in the #valgrind-dev IRC channel. See https://bugs.kde.org/show_bug.cgi?id=422715 I will try the patch tonight.

[nbriggs]

I'm UTC-8, so I tried it this morning and it appears to fix it.

$ perl tests/vg_regtest memcheck/tests/origin6-fp.vgtest
origin6-fp:      valgrind   -q --track-origins=yes ./origin6-fp 
*** origin6-fp failed (stderr) ***

== 1 test, 1 stderr failure, 0 stdout failures, 0 stderrB failures, 0 stdoutB failures, 0 post failures ==
memcheck/tests/origin6-fp                (stderr)

$ patch </tmp/libvex.patch 
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/VEX/priv/guest_generic_bb_to_IR.c b/VEX/priv/guest_generic_bb_to_IR.c
|index 2f204c5b0..0cee970e4 100644
|--- a/VEX/priv/guest_generic_bb_to_IR.c
|+++ b/VEX/priv/guest_generic_bb_to_IR.c
--------------------------
Patching file VEX/priv/guest_generic_bb_to_IR.c using Plan A...
Hunk #1 succeeded at 425.
Hunk #2 succeeded at 451.
Hunk #3 succeeded at 508.
Hunk #4 succeeded at 521.
done
$ gmake >/tmp/gmake.out
Refresh index: 100% (6255/6255), done.
Makefile:1696: warning: ignoring prerequisites on suffix rule definition
$ perl tests/vg_regtest memcheck/tests/origin6-fp.vgtest
origin6-fp:      valgrind   -q --track-origins=yes ./origin6-fp 

== 1 test, 0 stderr failures, 0 stdout failures, 0 stderrB failures, 0 stdoutB failures, 0 post failures ==

$ 

Presumably it'll get committed to the main valgrind git repo and flow into yours?

[paulfloyd]

I expect so. Sounds like there will be a version Valgrind 16.1 released shortly mainly because of this issue.

[paulfloyd]

The change for this just landed upstream. Will merge and closes this issue this evening.

[paulfloyd]

Fix merged from upstream To https://github.com/paulfloyd/freebsd_valgrind.git 7331e2cff..cbfddc494 freebsd -> freebsd