common.floatpc_xl8all test fails on win8

[derekbruening]

From [email protected] on April 14, 2014 12:46:14

http://build.chromium.org/p/client.dynamorio/builders/win-8-dr/builds/526/steps/pre-commit%20suite/logs/stdio I can repro locally:

10: Test command: C:\derek\dr\git\build_x64_dbg_tests\bin64\drrun.exe "-s" "60" "-quiet" "-debug" "-use_dll" "C:/derek/dr/git/build_x64_dbg_tests/lib64/debug/dynamorio.dll" "-exit0" "-ops" "-stderr_mask 0xC -msgbox_mask 0 -dumpcore_mask 0x7d -staged -translate_fpu_pc -code_api " "C:/derek/dr/git/build_x64_dbg_tests/suite/tests/bin/common.floatpc.exe"
10: Test timeout computed to be: 1500
10: FXSAVE64 intra is correctly handled
10: FXSAVE64 inter is correctly handled
10: FXSAVE intra is correctly handled
10: FXSAVE inter is incorrectly handled
2/2 Test #10: code_api|common.floatpc_xl8all ...***Failed Required regular expression not found.Regex=[^] 0.36 sec

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=1427

[derekbruening]

From [email protected] on April 14, 2014 10:59:02

xref issue #698 % bin64/drrun -debug -loglevel 4 -translate_fpu_pc -- suite/tests/bin/common.floatpc.exe

The inter fxsave64, which worked:
app:
0x000007f68e711198 d9 ee fldz $0.000000 -> %st0
cache:
0x000007f60e991208 d9 ee fldz $0.000000 -> %st0
float_pc_update: translated 0x000007f60e991208 to 0x000007f68e711198

The inter fxsave, which fails:
app:
0x000007f68e7111f6 d9 ee fldz $0.000000 -> %st0
cache:
0x000007f60e991444 d9 ee fldz $0.000000 -> %st0

float_pc_update: fp state 0x000000976e90f950
float_pc_update: pc 0x000000000e991444 is translated already

0:000> dq @@(state)
000000976e90f950 000000f02000027f 000000000e991444 000000976e90f960 0000000000000000 0000ffff00001f80
000000976e90f970 0000000000000000 0000000000000000 000000976e90f980 0000000000000000 0000000000000000
000000976e90f990 0000000000000000 0000000000000000 000000976e90f9a0 0000000000000000 0000000000000000
000000976e90f9b0 0000000000000000 0000000000000000 000000976e90f9c0 0000000000000000 0000000000000000
0:000> rF
fpcw=027F fpsw=2000 fptw=00F0
st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
st2= 0.000000000000000000000e+0000 st3= 0.000000000000000000000e+0000
st4= 0.000000000000000000000e+0000 st5= 0.000000000000000000000e+0000
st6= 0.000000000000000000000e+0000 st7= 0.000000000000000000000e+0000
0:000> U 0e991444
00000000`0e991444 ?? ???
^ Memory access error in 'U 0e991444'

So the top 32 bits are zeroed out. We expect that for OP_fxsave32 in
64-bit mode.

On Win7 the cache is typically in the bottom 4GB:
0x00000000bfeb6dd8 d9 ee fldz $0.000000 -> %st0
=>
float_pc_update: fp state 0x000000000023f4e0
recreate_app_pc -- translating from pc=0x00000000bfeb6dd8

So the question is: do we try to fit all possible top 32-bit prefixes
(normally there shouldn't be many possibilities), or do we bail?

[derekbruening]

From [email protected] on April 14, 2014 11:13:30

I'm putting in some simple speculation:

float_pc_update: speculating: pc 0x000000000e991444 + top half of vmcode = 0x000007f60e991444
float_pc_update: translated 0x000007f60e991444 to 0x000007f68e7111f6

[derekbruening]

From [email protected] on April 15, 2014 15:42:28

This issue was closed by revision r2670 .

Status: Fixed