非法指令（核心转储） HElib

Posted 2023-02-22

【中文标题】非法指令（核心转储） HElib

【英文标题】：illegal instruction (core dumped ) HElib

【发布时间】：2018-10-10 15:04:05

【问题描述】：

我是 HElib 新手，目前正在测试 AES 的同态解密函数。作为测试的一部分，我手动输入 AES 密钥、纯文本和相应密文的测试值。然后我将密文传递给同态解密函数以获得纯文本的同态加密。这个测试代码似乎工作正常，直到昨天早上它在调用同态解密函数时出错说非法指令（核心转储）。未能在测试代码中找到根本原因，我尝试运行 github repo 中给出的 Test_AES 程序，但它也无法运行。过去，当我关闭虚拟机并重新启动它时遇到此问题时会有所帮助。我试图调试我的测试代码但没有成功。任何调试此问题的帮助将不胜感激。

Pasting the code here :

    uint8_t key[]=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16;
    uint8_t input[]=51,51,48,48,48,48,48,48,48,48,48,48,48,48,48,48;

    uint8_t cipher[]= 201,133,214,86,19,4,199,214,206,13,152,237,236,11,241,25,108,192,10,102,210,173,131,255,215,110,154,43,202,216,154,1;


    //manually adding the test values 
    Vec<uint8_t> aesCtxt(INIT_SIZE, nBlocks16);
    Vec<uint8_t> ptxt(INIT_SIZE, nBlocks16);
    for (long i=0;i<ptxt.length();i++)
    ptxt.put(i,input[i]);

    Vec<uint8_t> aesKey(INIT_SIZE, 16); // AES-128
    for (long i=0;i<aesKey.length();i++)
    aesKey.put(i,key[i]);

    Vec<uint8_t> tmpBytes(INIT_SIZE, nBlocks*16);
    for (long i=0;i<tmpBytes.length();i++)
    tmpBytes.put(i,cipher[i]);

    cerr << " cipher = "; printState(tmpBytes);

    cout<< "going to encrypt AES key";

    vector< Ctxt > encryptedAESkey;

    hAES.encryptAESkey(encryptedAESkey, aesKey, publicKey);

    //going to homomorphically decrypt to get Homomorphic encryption of (ptxt)
    Vec encodedBytes;
    encode4AES(encodedBytes, tmpBytes, hAES.getEA()); // encode as HE plaintext

    vector< Ctxt > doublyEncrypted_AES_x;
    --------->fails here and shows Illegal instruction (core dumped ).< --------------

    // Allocate space for the output ciphertexts, initialized to zero

    doublyEncrypted_AES_x.resize(encodedBytes.length(), Ctxt(ZeroCtxtLike,encryptedAESkey[0]));

    cout<<"Dummy encrypt";

    for (long i=0; i<(long)doublyEncrypted_AES_x.size(); i++) // encode ptxt as HE ctxt

    doublyEncrypted_AES_x[i].DummyEncrypt(encodedBytes[i]);

    hAES.homAESdec(doublyEncrypted_AES_x, encryptedAESkey); // do the real work

提前致谢！

---

编辑： 添加 Valgrind 输出：

==2653== Memcheck, a memory error detector
==2653== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2653== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==2653== Command: ./Test_AES_x
==2653== 
*** Test_AES: c=3, L=42, B=23, boot=0, packed=1, m=771 (=[771]), gens=[5], ords=[-32]
computing key-independent tables...done in 1.08 seconds
  27 primes (21 ctxt/6 special), total bitsize=855.929, security level: -107.015
  32 slots (2 blocks) per ctxt
computing key-dependent tables...done in 10.368 seconds
computing AES tables...ptxt length32AES key  added  input = [c9 85 d6 56 13  4 c7 d6 ce  d 98 ed ec  b f1 19 6c c0  a 66 d2 ad 83 ff d7 6e 9a 2b ca d8 9a  1 ]going to encrypt AES keyentered funcHE encodedd as plaintextcalling func 
vex amd64->IR: unhandled instruction bytes: 0xF3 0x4C 0xF 0x38 0xF6 0x57 0x28 0x66
vex amd64->IR:   REX=1 REX.W=1 REX.R=1 REX.X=0 REX.B=0
vex amd64->IR:   VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F38
vex amd64->IR:   PFX.66=0 PFX.F2=0 PFX.F3=1
==2653== valgrind: Unrecognised instruction at address 0x4e5e0f2.
==2653==    at 0x4E5E0F2: __gmpn_addmul_1 (in /usr/local/lib/libgmp.so.10.3.2)
==2653==    by 0x54F5D2: _ntl_gaorsmul_1(_ntl_gbigint_body*, long, long, _ntl_gbigint_body**) (lip.cpp:8200)
==2653==    by 0x42F7E3: MulAddTo (ZZ.h:507)
==2653==    by 0x42F7E3: operator() (DoubleCRT.cpp:730)
==2653==    by 0x42F7E3: relaxed_exec_index<DoubleCRT::toPoly(NTL::ZZX&, const IndexSet&, bool) const::__lambda5> (BasicThreadPool.h:521)
==2653==    by 0x42F7E3: DoubleCRT::toPoly(NTL::ZZX&, IndexSet const&, bool) const (DoubleCRT.cpp:741)
==2653==    by 0x431BC9: toPoly (DoubleCRT.cpp:759)
==2653==    by 0x431BC9: DoubleCRT::addPrimes(IndexSet const&) (DoubleCRT.cpp:322)
==2653==    by 0x4332D0: DoubleCRT::breakIntoDigits(std::vector<DoubleCRT, std::allocator<DoubleCRT> >&, long) const (DoubleCRT.cpp:301)
==2653==    by 0x446C05: Ctxt::keySwitchPart(CtxtPart const&, KeySwitch const&) (Ctxt.cpp:467)
==2653==    by 0x446F89: Ctxt::reLinearize(long) (Ctxt.cpp:416)
==2653==    by 0x44829D: Ctxt::smartAutomorph(long) (Ctxt.cpp:1008)
==2653==    by 0x451DB7: EncryptedArrayDerived<PA_GF2>::rotate1D(Ctxt&, long, long, bool) const (EncryptedArray.cpp:97)
==2653==    by 0x41111D: decRowShift(Ctxt&, std::vector<DoubleCRT, std::allocator<DoubleCRT> > const&, EncryptedArrayDerived<PA_GF2> const&) (homAES.cpp:713)
==2653==    by 0x4132E9: HomAES::homAESdec(std::vector<Ctxt, std::allocator<Ctxt> >&, std::vector<Ctxt, std::allocator<Ctxt> > const&) const (homAES.cpp:316)
==2653==    by 0x406567: main (Test_AES.cpp:248)
==2653== Your program just tried to execute an instruction that Valgrind
==2653== did not recognise.  There are two possible reasons for this.
==2653== 1. Your program has a bug and erroneously jumped to a non-code
==2653==    location.  If you are running Memcheck and you just saw a
==2653==    warning about a bad jump, it's probably your program's fault.
==2653== 2. The instruction is legitimate but Valgrind doesn't handle it,
==2653==    i.e. it's Valgrind's fault.  If you think this is the case or
==2653==    you are not sure, please let us know and we'll try to fix it.
==2653== Either way, Valgrind will now raise a SIGILL signal which will
==2653== probably kill your program.
==2653== 
==2653== Process terminating with default action of signal 4 (SIGILL)
==2653==  Illegal opcode at address 0x4E5E0F2
==2653==    at 0x4E5E0F2: __gmpn_addmul_1 (in /usr/local/lib/libgmp.so.10.3.2)
==2653==    by 0x54F5D2: _ntl_gaorsmul_1(_ntl_gbigint_body*, long, long, _ntl_gbigint_body**) (lip.cpp:8200)
==2653==    by 0x42F7E3: MulAddTo (ZZ.h:507)
==2653==    by 0x42F7E3: operator() (DoubleCRT.cpp:730)
==2653==    by 0x42F7E3: relaxed_exec_index<DoubleCRT::toPoly(NTL::ZZX&, const IndexSet&, bool) const::__lambda5> (BasicThreadPool.h:521)
==2653==    by 0x42F7E3: DoubleCRT::toPoly(NTL::ZZX&, IndexSet const&, bool) const (DoubleCRT.cpp:741)
==2653==    by 0x431BC9: toPoly (DoubleCRT.cpp:759)
==2653==    by 0x431BC9: DoubleCRT::addPrimes(IndexSet const&) (DoubleCRT.cpp:322)
==2653==    by 0x4332D0: DoubleCRT::breakIntoDigits(std::vector<DoubleCRT, std::allocator<DoubleCRT> >&, long) const (DoubleCRT.cpp:301)
==2653==    by 0x446C05: Ctxt::keySwitchPart(CtxtPart const&, KeySwitch const&) (Ctxt.cpp:467)
==2653==    by 0x446F89: Ctxt::reLinearize(long) (Ctxt.cpp:416)
==2653==    by 0x44829D: Ctxt::smartAutomorph(long) (Ctxt.cpp:1008)
==2653==    by 0x451DB7: EncryptedArrayDerived<PA_GF2>::rotate1D(Ctxt&, long, long, bool) const (EncryptedArray.cpp:97)
==2653==    by 0x41111D: decRowShift(Ctxt&, std::vector<DoubleCRT, std::allocator<DoubleCRT> > const&, EncryptedArrayDerived<PA_GF2> const&) (homAES.cpp:713)
==2653==    by 0x4132E9: HomAES::homAESdec(std::vector<Ctxt, std::allocator<Ctxt> >&, std::vector<Ctxt, std::allocator<Ctxt> > const&) const (homAES.cpp:316)
==2653==    by 0x406567: main (Test_AES.cpp:248)
Dummy encryptHE dummy encrypt ==2653== 
==2653== HEAP SUMMARY:
==2653==     in use at exit: 26,478,071 bytes in 16,450 blocks
==2653==   total heap usage: 183,015 allocs, 166,565 frees, 110,651,486 bytes allocated
==2653== 
==2653== LEAK SUMMARY:
==2653==    definitely lost: 0 bytes in 0 blocks
==2653==    indirectly lost: 0 bytes in 0 blocks
==2653==      possibly lost: 24,531,862 bytes in 9,564 blocks
==2653==    still reachable: 1,946,209 bytes in 6,886 blocks
==2653==         suppressed: 0 bytes in 0 blocks
==2653== Rerun with --leak-check=full to see details of leaked memory
==2653== 
==2653== For counts of detected and suppressed errors, rerun with: -v
==2653== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Illegal instruction (core dumped)

lscpu：

Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                2
On-line CPU(s) list:   0,1
Thread(s) per core:    1
Core(s) per socket:    2
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 63
Stepping:              2
CPU MHz:               2394.420
BogoMIPS:              4788.84
Hypervisor vendor:     Microsoft
Virtualization type:   full
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              30720K
NUMA node0 CPU(s):     0,1

/proc/cpuinfo

处理器 0：

flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm invpcid_single kaiser fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt

处理器 1：

 flags      : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm invpcid_single kaiser fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt`

【问题讨论】：

错误说明是什么？ lscpu 说什么？ /proc/cpuinfo 中显示了哪些标志？

@Florian Weimer 我已将 Valgrind 输出添加到我的问题中，因为这里添加的时间太长。如果您正在寻找其他错误说明，请告诉我吗？我也在为问题添加其他结果，因为它们很长

【参考方案1】：

我在 __gmpn_addmul_1（这是 GMP 库）中遇到了类似的错误指令。 它在云虚拟电脑上。 使用 GMP 的程序运行良好，但在收到此错误后重新启动 VPC。我相信 VPC 处理器架构已针对新的重启进行了更改。 我通过从配置阶段重建 libgmp 解决了这个问题（当检测到 proc 架构时）

【讨论】：

只是重新启动不会显示此问题。我认为我需要关闭和启动 VPC，在这种情况下，虚拟环境可能会更改主机