Skip to content
This repository was archived by the owner on Jan 16, 2026. It is now read-only.
This repository was archived by the owner on Jan 16, 2026. It is now read-only.

Handle MFENCE instructions appropriately #18

Open
Open
Handle MFENCE instructions appropriately#18
@zbrid

Description

@zbrid
zbrid
opened on Sep 14, 2020

At the time of this report, SpecFuzz crashes when instrumenting code that uses MFENCEs.

Reproduction instructions
mfence.ll

define void @mfence() {
  call void @llvm.x86.sse2.mfence()
  ret void
}

declare void @llvm.x86.sse2.mfence()

./bin/llc -x86-specfuzz mfence.ll

Output:

SpecFuzzPass.cpp:604: bool {anonymous}::X86SpecFuzzPass::visitWrite(llvm::MachineInstr&, llvm::MachineBasicBlock&): Assertion `MemRefBegin >= 0 && "Not a write instruction"' failed.
Stack dump:
0.	Program arguments: bin/llc -x86-specfuzz -disable-tail-calls -O3 utils.sf.bc -o utils.sf.s 
1.	Running pass 'Function Pass Manager' on module 'utils.sf.bc'.
2.	Running pass 'SpecFuzz' on function '@_Z18FlushFromDataCachePKvS0_'
#0 0x00007f8348758cae llvm::sys::PrintStackTrace(llvm::raw_ostream&) src/lib/Support/Unix/Signals.inc:490:22
#1 0x00007f8348758d41 PrintStackTraceSignalHandler(void*) src/lib/Support/Unix/Signals.inc:554:1
#2 0x00007f8348756d73 llvm::sys::RunSignalHandlers() src/lib/Support/Signals.cpp:67:20
#3 0x00007f8348758773 SignalHandler(int) src/lib/Support/Unix/Signals.inc:353:1
#4 0x00007f8348108e30 (/lib/x86_64-linux-gnu/libc.so.6+0x3be30)
#5 0x00007f8348108db1 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x3bdb1)
#6 0x00007f83480f2537 abort (/lib/x86_64-linux-gnu/libc.so.6+0x25537)
#7 0x00007f83480f240f __tls_get_addr (/lib/x86_64-linux-gnu/libc.so.6+0x2540f)
#8 0x00007f83481015b2 (/lib/x86_64-linux-gnu/libc.so.6+0x345b2)
#9 0x00007f834cd5e240 (anonymous namespace)::X86SpecFuzzPass::visitWrite(llvm::MachineInstr&, llvm::MachineBasicBlock&) src/lib/Target/X86/SpecFuzzPass.cpp:605:41
#10 0x00007f834cd5cae3 (anonymous namespace)::X86SpecFuzzPass::visitFunction(llvm::MachineFunction&) src/lib/Target/X86/SpecFuzzPass.cpp:283:26
#11 0x00007f834cd5c5f3 (anonymous namespace)::X86SpecFuzzPass::runOnMachineFunction(llvm::MachineFunction&) src/lib/Target/X86/SpecFuzzPass.cpp:223:25

Workarounds:

  • Skip instrumenting MFENCE. I'll put up a pull request for this shortly.
  • Remove MFENCE from the code I want to compile.

Longer term solution

  • Not sure. Would it be useful for SpecFuzz to take into account the effects of MFENCEs on the state it stores during speculative execution simulation?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions