testcase generation failed with "read from an undefined location" error when "bsr" instruction is involved

[ydroneaud]

When tasked with processing the following function:

  .text
  .globl p2minus1
  .type p2minus1, @function

#! file-offset 0x6c0
#! rip-offset  0x4006c0
#! capacity    32 bytes

# Text                   #  Line  RIP       Bytes  Opcode             
.p2minus1:               #        0x4006c0  0      OPC=<label>        
  xorl %eax, %eax        #  1     0x4006c0  2      OPC=xorl_r32_r32   
  testq %rdi, %rdi       #  2     0x4006c2  3      OPC=testq_r64_r64  
  je .L_4006d6           #  3     0x4006c5  2      OPC=je_label       
  bsrq %rdi, %rcx        #  4     0x4006c7  4      OPC=bsrq_r64_r64   
  orq $0xffffffff, %rax  #  5     0x4006cb  4      OPC=orq_r64_imm8   
  xorq $0x3f, %rcx       #  6     0x4006cf  4      OPC=xorq_r64_imm8  
  shrq %cl, %rax         #  7     0x4006d3  3      OPC=shrq_r64_cl    
.L_4006d6:               #        0x4006d6  0      OPC=<label>        
  nop                    #  8     0x4006d6  1      OPC=nop            
  retq                   #  9     0x4006d7  1      OPC=retq           
  nop                    #  10    0x4006d8  1      OPC=nop            
  nop                    #  11    0x4006d9  1      OPC=nop            
  nop                    #  12    0x4006da  1      OPC=nop            
  nop                    #  13    0x4006db  1      OPC=nop            
  nop                    #  14    0x4006dc  1      OPC=nop            
  nop                    #  15    0x4006dd  1      OPC=nop            
  nop                    #  16    0x4006de  1      OPC=nop            
  nop                    #  17    0x4006df  1      OPC=nop            
                                                                      
.size p2minus1, .-p2minus1

stroke stoke testcase --target bins/p2minus1.s --max_testcases 1024 -o p2minus1.tc fails with the following error:

FATAL ERROR: (p2minus1) Reads from an undefined location: Instruction 'xorq $0x3f, %rcx' reads { %rcx } but only { %rax %rdx %rbx %rsp %rbp %rdi %r12 %r13 %r14 %r15 %xmm0 %xmm1 %cf %pf %zf %sf %of %mxcsr::rc[0] } are defined.

But %rcx should be defined per bsrq instruction.

Seems to be the same issue than #939

[sharmar]

If you see Intel’s manual, bsr instruction has a case in whicleaves the destination register undefined. Since rcx can be possibly undefined, stoke is being conservative here and rejecting the code as it might read from undefined location. Maybe blacklist the bsr instruction if that works for you? —RahulPlease excuse the brevityOn Dec 5, 2022, at 23:16, Yann Droneaud ***@***.***> wrote: When tasked with processing the following function: .text .globl p2minus1 .type p2minus1, @function #! file-offset 0x6c0 #! rip-offset 0x4006c0 #! capacity 32 bytes # Text # Line RIP Bytes Opcode .p2minus1: # 0x4006c0 0 OPC=<label> xorl %eax, %eax # 1 0x4006c0 2 OPC=xorl_r32_r32 testq %rdi, %rdi # 2 0x4006c2 3 OPC=testq_r64_r64 je .L_4006d6 # 3 0x4006c5 2 OPC=je_label bsrq %rdi, %rcx # 4 0x4006c7 4 OPC=bsrq_r64_r64 orq $0xffffffff, %rax # 5 0x4006cb 4 OPC=orq_r64_imm8 xorq $0x3f, %rcx # 6 0x4006cf 4 OPC=xorq_r64_imm8 shrq %cl, %rax # 7 0x4006d3 3 OPC=shrq_r64_cl .L_4006d6: # 0x4006d6 0 OPC=<label> nop # 8 0x4006d6 1 OPC=nop retq # 9 0x4006d7 1 OPC=retq nop # 10 0x4006d8 1 OPC=nop nop # 11 0x4006d9 1 OPC=nop nop # 12 0x4006da 1 OPC=nop nop # 13 0x4006db 1 OPC=nop nop # 14 0x4006dc 1 OPC=nop nop # 15 0x4006dd 1 OPC=nop nop # 16 0x4006de 1 OPC=nop nop # 17 0x4006df 1 OPC=nop .size p2minus1, .-p2minus1 stroke stoke testcase --target bins/p2minus1.s --max_testcases 1024 -o p2minus1.tc fails with the following error: FATAL ERROR: (p2minus1) Reads from an undefined location: Instruction 'xorq $0x3f, %rcx' reads { %rcx } but only { %rax %rdx %rbx %rsp %rbp %rdi %r12 %r13 %r14 %r15 %xmm0 %xmm1 %cf %pf %zf %sf %of %mxcsr::rc[0] } are defined. But %rcx should be defined per bsrq instruction. Seems to be the same issue than #939 —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>