SetupArgumentBranchTarget: 2846: assertion failed: INS_CallOrBranchIsMemoryIndirect(ins)

[aparna1996]

I am using z-sim with pin tool version pin-2.14-71313 using the changes suggested in https://github.com/s5z/zsim/pull/149/files. I am new to the PIN tool.

When I am running the simulation and running the process 'echo', the simulator is running properly.
But, when I tried 'ls' or 'mkdir', then the simulator crashed.
I have pasted the error and the stack trace below.

./build/opt/zsim tests/simple.cfg 
[H] Starting zsim, built Wed Feb 15 16:24:32 IST 2017 (rev no git repo)
[H] Creating global segment, 1024 MBs
[H] Global segment shmid = 10813491
[H] Deadlock detection ON
[S 0] Started instance
[S 0] Started RR scheduler, quantum=50 phases
[S 0] Initialized system
[S 0] HDF5 backend: Opening /home/aparna/Downloads/zsim-master/zsim.h5
[S 0] HDF5 backend: Created table, 22624 bytes/record, 47 records/write
[S 0] HDF5 backend: Opening /home/aparna/Downloads/zsim-master/zsim-ev.h5
[S 0] HDF5 backend: Created table, 22624 bytes/record, 6 records/write
[S 0] HDF5 backend: Opening /home/aparna/Downloads/zsim-master/zsim-cmp.h5
[S 0] HDF5 backend: Created table, 2464 bytes/record, 1 records/write
[S 0] Initialization complete
[S 0] Started process, PID 10757
[S 0] procMask: 0x0
[S 0] [0] Adjusting clocks, domain 0, de-ffwd 0
[S 0] vDSO info initialized
[H] Attached to global heap
[S 0] Thread 0 starting
[S 0] Started contention simulation thread 0
[S 0] Started scheduler watchdog thread
[S 0] FF control Thread TID 10760
A: Source/pin/vm_ia32/jit_iarg_ia32.cpp: SetupArgumentBranchTarget: 2846: assertion failed: INS_CallOrBranchIsMemoryIndirect(ins)

################################################################################
## STACK TRACE
################################################################################
addr2line -C -f -e "/home/aparna/Downloads/pin-2.14-71313-gcc.4.4.7-linux/intel64/bin/pinbin" 0x3041c07f9 0x3041c15ce 0x3041c18a0 0x304340617 0x304346215 0x304348898 0x30434fc2b 0x304350910 0x304287c1e 0x30428842d 0x304289e83 0x3042c3dbb 0x3042c7fc4 0x304281e3e 0x304282f09 0x304283bbb 0x30431015b 0x3042f95f8 0x304380868
LEVEL_BASE::MESSAGE_TYPE::DumpTrace()
??:?
LEVEL_BASE::MESSAGE_TYPE::MessageInternal(std::string const&, bool, PIN_ERRTYPE, __va_list_tag*, int)
??:?
LEVEL_BASE::MESSAGE_TYPE::MessageNoReturn(std::string const&, bool, PIN_ERRTYPE, int, ...)
??:?
LEVEL_VM::SavePreservedArguments(LEVEL_CORE::INDEX<6>)
??:?
LEVEL_VM::GetArgReg(LEVEL_CORE::CALLING_STANDARD, LEVEL_CORE::FUNCTION_TYPE, int, bool*)
??:?
LEVEL_VM::SetupArguments(LEVEL_VM::REGION*, LEVEL_CORE::INDEX<6>, LEVEL_VM::ACALL const*, LEVEL_CORE::INDEX<4>, unsigned int, LEVEL_CORE::ADDR<1>, bool, LEVEL_CORE::ATTRIBUTE const*)
??:?
LEVEL_VM::BBL_PrepareForInlining(LEVEL_CORE::CALLING_STANDARD, LEVEL_CORE::INDEX<4>, std::string, unsigned long, LEVEL_CORE::REGISTER_SET<3u, 416u>**, bool*, bool*, bool*, bool*, bool*)
??:?
LEVEL_VM::InsertBridgeCallSequence(LEVEL_VM::REGION*, LEVEL_VM::ACALL const*, LEVEL_CORE::INDEX<6>, LEVEL_CORE::INDEX<6>, LEVEL_CORE::INDEX<4>, LEVEL_CORE::ATTRIBUTE const*)
??:?
LEVEL_VM::InsertCallBefore(LEVEL_VM::REGION*, LEVEL_CORE::INDEX<6>, LEVEL_CORE::INDEX<6>, LEVEL_CORE::INDEX<4>, LEVEL_VM::ACALL*, LEVEL_CORE::ATTRIBUTE const*)
??:?
LEVEL_VM::InsertCallBefore(LEVEL_VM::REGION*, LEVEL_CORE::INDEX<6>, LEVEL_CORE::INDEX<6>, LEVEL_CORE::INDEX<4>, LEVEL_VM::ACALL*, LEVEL_CORE::ATTRIBUTE const*)
??:?
LEVEL_VM::REGION::InsertBeforeAfterCalls()
??:?
LEVEL_VM::REGION::XlateAndInstrument()
??:?
LEVEL_VM::REGION::MakeApplication(LEVEL_VM::SVT_FACTORY const&)
??:?
LEVEL_VM::JIT::Initialize()
??:?
LEVEL_VM::JIT::CompileInternal(LEVEL_CORE::ADDR<1>, LEVEL_VM::SCT_ATTRIBUTES const*, LEVEL_BASE::EXCEPTION_INFO*, unsigned int)
??:?
LEVEL_VM::JIT::Compile(LEVEL_CORE::ADDR<1>, LEVEL_VM::SCT_ATTRIBUTES const*, LEVEL_BASE::EXCEPTION_INFO*)
??:?
LEVEL_VM::IBRANCH_DISPATCHER::HandleIndirectXfer(LEVEL_VM::SCT_ATTRIBUTES const*, LEVEL_VM::PCTXT*, LEVEL_VM::XFER_INDIRECT_ARGS const*)
??:?
LEVEL_VM::VM::Dispatch(LEVEL_VM::VMSVC_ARGS const*, LEVEL_VM::PCTXT*)
??:?
VmLeave
??:?
Detach Service Count: 2083
Pin 2.14
Copyright (c) 2003-2015, Intel Corporation. All rights reserved.
@CHARM-VERSION: $Rev: 71293 $
@CHARM-BUILDER: BUILDER
@CHARM-COMPILER: gcc 4.4.7
@CHARM-TARGET: ia32e
@CHARM-CFLAGS:  __OPTIMIZE__=1  __NO_INLINE__=__NO_INLINE__
Pin app terminated abnormally due to signal 6.
[H] Child 10756 done
[H] Panic on build/opt/zsim_harness.cpp:123: Child 10756 (idx 0) exit was anomalous, killing simulation

I have googled and found a similar error at https://beta.groups.yahoo.com/neo/groups/pinheads/conversations/topics/6302 but I am not able to find the function that they are asking me to modify.

[gaomy3832]

I also encountered this bug and found the fix you mentioned above. The part you want to take a look is https://github.com/s5z/zsim/blob/master/src/zsim.cpp#L567. When running ls with the new kernel, some instruction has opcode XEND (not the far call as in the mentioned fix), and is recognized as a conditional branch. However, for some reason the target address is not valid, thus the error. I think this is more likely a Pin bug rather than a zsim bug, since after we check whether it is a conditional branch, the info should be valid.

A temporary workaround is to ignore the TSX instructions, but that is not a long term solution (plus I don't know much on TSX) thus I left it out of the PR.

[aparna1996]

I commented out the line that you have mentioned and it is working fine as a temporary solution. What problem could be caused by commenting out the line?

[gaomy3832]

You shouldn't just comment out that block. It is needed to correctly simulate all the branches. Without it, the branch side effect is lost in the simulation, e.g., misprediction, etc.. What you should do is to keep the condition but add more to filter out only the offending instruction types. For example

if (INS_Category(ins) == XED_CATEGORY_COND_BR && !INS_IsXend(ins))

[apoorvaaaa5]

Hey, i am getting this same error, what should we do??
[H] Panic on build/opt/zsim_harness.cpp:123: Child 10756 (idx 0) exit was anomalous, killing simulation