ASSERT Not implemented core/translate.c:545 walk->xsp_adjust == 0
While trying to implement #1025 (closed), the first run of the decode-stress test hits this assert:
$ bin64/drrun -stress_recreate_state -- suite/tests/bin/common.decode
SYSLOG_ERROR: Application /home/bruening/dr/git/build_x64_dbg_tests/suite/tests/bin/common.decode (131441). Internal Error: DynamoRIO debug check failure: Not implemented @/home/bruening/dr/git/src/core/translate.c:545 walk->xsp_adjust == 0
(Error occurred @1738 frags)
0x00007f188a26d000 ff 35 02 90 19 00 push <rel> 0x00007f188a406008[8byte] %rsp -> %rsp 0xfffffff8(%rsp)[8byte]
0x00007f188a26d006 ff 25 04 90 19 00 jmp <rel> 0x00007f188a406010[8byte]
=>
Fragment 1738, tag 0x00007f188a26d000, flags 0x1000018, shared, tracehead, size 83:
0x00007f1845f2cee4 65 48 a3 00 00 00 00 mov %rax -> %gs:0x00[8byte]
00 00 00 00
0x00007f1845f2ceef 48 b8 08 60 40 8a 18 mov $0x00007f188a406008 -> %rax
7f 00 00
0x00007f1845f2cef9 ff 30 push (%rax)[8byte] %rsp -> %rsp 0xfffffff8(%rsp)[8byte]
0x00007f1845f2cefb 65 48 a1 00 00 00 00 mov %gs:0x00[8byte] -> %rax
00 00 00 00
0x00007f1845f2cf06 65 48 a3 00 00 00 00 mov %rax -> %gs:0x00[8byte]
00 00 00 00
0x00007f1845f2cf11 48 b8 10 60 40 8a 18 mov $0x00007f188a406010 -> %rax
7f 00 00
0x00007f1845f2cf1b 65 48 89 0c 25 10 00 mov %rcx -> %gs:0x10[8byte]
00 00
0x00007f1845f2cf24 48 8b 08 mov (%rax)[8byte] -> %rcx
0x00007f1845f2cf27 65 48 a1 00 00 00 00 mov %gs:0x00[8byte] -> %rax
00 00 00 00
0x00007f1845f2cf32 e9 09 ba f8 ff jmp $0x00007f1845eb8940 <shared_bb_ibl_indjmp>
ilist for recreation:
TAG 0x00007f188a26d000
+0 m4 @0x00007f1645f5bab8 65 48 a3 00 00 00 00 mov %rax -> %gs:0x00[8byte]
00 00 00 00
+11 m4 @0x00007f1645f5f280 48 b8 08 60 40 8a 18 mov $0x00007f188a406008 -> %rax
7f 00 00
+21 L3 @0x00007f1645f87498 ff 30 push (%rax)[8byte] %rsp -> %rsp 0xfffffff8(%rsp)[8byte]
+23 m4 @0x00007f1645f5e4a8 65 48 a1 00 00 00 00 mov %gs:0x00[8byte] -> %rax
00 00 00 00
+34 m4 @0x00007f1645f5dc58 65 48 a3 00 00 00 00 mov %rax -> %gs:0x00[8byte]
00 00 00 00
+45 m4 @0x00007f1645f5b1c8 48 b8 10 60 40 8a 18 mov $0x00007f188a406010 -> %rax
7f 00 00
+55 m4 @0x00007f1645f5fa68 65 48 89 0c 25 10 00 mov %rcx -> %gs:0x10[8byte]
00 00
+64 L3 @0x00007f1645f5f768 48 8b 08 mov (%rax)[8byte] -> %rcx
+67 m4 @0x00007f1645f5ae00 65 48 a1 00 00 00 00 mov %gs:0x00[8byte] -> %rax
00 00 00 00
+78 L4 @0x00007f1645f5ac20 e9 ab 29 f6 ff jmp $0x00007f1845eb8940 <shared_bb_ibl_indjmp>
END 0x00007f188a26d000
recreate_app : looking for 0x00007f1845f2cefb in frag @ 0x00007f1845f2cee4 (tag 0x00007f188a26d000)
ok instr: mov %rax -> %gs:0x00[8byte]
translate_walk_track: entering mangle region xl8=0x00007f188a26d000
spill update: spill tls rax offs=0
ok instr: mov $0x00007f188a406008 -> %rax
ok instr: push (%rax)[8byte] %rsp -> %rsp 0xfffffff8(%rsp)[8byte]
state track: push or push_imm
recreate_app -- found valid state pc 0x00007f188a26d006
translation 0x00007f188a26d006 is in mangling epilogue 0x00007f188a26d000 checking for simple symmetric mangling case
SYSLOG_ERROR: Application /home/bruening/dr/git/build_x64_dbg_tests/suite/tests/bin/common.decode (131441). Internal Error: DynamoRIO debug check failure: Not implemented @/home/bruening/dr/git/src/core/translate.c:545 walk->xsp_adjust == 0mangle_rel_addr() has the push as a mangle instr:
/* we need the whole spill...restore region to all be marked mangle */
instr_set_our_mangling(instr, true);And see the big comment before the call to instr_supports_simple_mangling_epilogue() where it sets the restore to an epilogue for non-cti: that's from #3307, PR #3318.
So do we relax the assert, or do we include push/pop with cti's for not setting to epilogue and thus xl8 to pre-app-instr PC and re-execute the push/pop after adjusting xsp?? Leaning toward former since unlike cti we can easily xl8 to post-app-instr PC and it seems safer to not re-do the push.