SIGILL
Encyclopedia
On POSIX
-compliant platforms, SIGILL is the signal sent to a process
when it attempts to execute a malformed, unknown, or privileged instruction. The symbolic constant
for SIGILL is defined in the
. Symbolic signal names are used because signal numbers can vary across platforms.
for signal names; ILL is an abbreviation
for illegal instruction.
with a return address
that points to data
not meant to be executed or trying to execute a function pointer
that is not properly initialized. Other problems might involve compiler
(toolchain
) bugs, filesystem corruption or attempting to execute instructions that require special privileges.
Many platforms implement new instructions
or provide additional registers
on subsequent hardware revisions, so applications compiled for more recent hardware may generate illegal instructions when run on older hardware that does not recognise the new opcodes. An example might be attempting to use MMX instructions on an Intel 80486
processor, which didn't support the feature.
Like all signals, SIGILL can also be generated by users with the appropriate permissions, using the
.
SIGILL can be handled. That is, programmers can specify the action they would like to occur upon receiving a SIGILL, such as execute a subroutine
, ignore the event, or restore the default behaviour. BIND
8 used this mechanism to write server statistics to an external file.
Note that under certain circumstances, attempting to ignore SIGILL can result in undefined behaviour
.
Sometimes bad call linkage will also cause SIGILL. In C++, passing a non-POD
data type into a variadic function
such as printf
will cause undefined behavior; in GCC
this means deliberately placing an illegal instruction at that point in the assembler.
program that attempts to execute an illegal instruction on platforms where 0xFFFFFFFF is not a valid opcode.
Compiling and running it on IA-32
with Linux
produces the following:
$ gcc -o sigill sigill.c
$ ./sigill
Illegal instruction (core dumped)
On more recent processors and Linux versions, the program above may not receive a SIGILL because of the NX bit
feature, that allows the Linux kernel to make the memory pages on the program stack non-executable by default. On those cases, the program will receive the SIGSEGV
signal.
A backtrace from gdb shows that the program crashed within the
Program received signal SIGILL, Illegal instruction.
0xbfffede4 in ??
(gdb) bt
#0 0xbfffede4 in ??
#1 0x0804837f in main
(gdb) x/i $pc
0xbfffede4: (bad)
Note "(bad)", indicating that the debugger
does not recognize the opcode at that address. The mnemonic
representing of the instruction would normally be displayed there.
Compare the output from SIGILL with that of a segmentation fault and a SIGFPE signal.
POSIX
POSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
-compliant platforms, SIGILL is the signal sent to a process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
when it attempts to execute a malformed, unknown, or privileged instruction. The symbolic constant
C preprocessor
The C preprocessor is the preprocessor for the C and C++ computer programming languages. The preprocessor handles directives for source file inclusion , macro definitions , and conditional inclusion ....
for SIGILL is defined in the
signal.hSignal.hsignal.h is a header file defined in the C Standard Library to specify how a program handles signals while it executes. A signal can report some exceptional behavior within the program , or a signal can report some asynchronous event outside the program .A signal can be generated...
header fileHeader file
Some programming languages use header files. These files allow programmers to separate certain elements of a program's source code into reusable files. Header files commonly contain forward declarations of classes, subroutines, variables, and other identifiers...
. Symbolic signal names are used because signal numbers can vary across platforms.
Etymology
SIG is a common prefixPrefix
A prefix is an affix which is placed before the root of a word. Particularly in the study of languages,a prefix is also called a preformative, because it alters the form of the words to which it is affixed.Examples of prefixes:...
for signal names; ILL is an abbreviation
Abbreviation
An abbreviation is a shortened form of a word or phrase. Usually, but not always, it consists of a letter or group of letters taken from the word or phrase...
for illegal instruction.
Description
There are many possible reasons for receiving a SIGILL. A common mistake involves accidentally overwriting stack dataBuffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
with a return address
Return address
In postal mail, a return address is an explicit inclusion of the address of the person sending the message. It provides the recipient with a means to determine how to respond to the sender of the message if needed....
that points to data
Data
The term data refers to qualitative or quantitative attributes of a variable or set of variables. Data are typically the results of measurements and can be the basis of graphs, images, or observations of a set of variables. Data are often viewed as the lowest level of abstraction from which...
not meant to be executed or trying to execute a function pointer
Function pointer
A function pointer is a type of pointer in C, C++, D, and other C-like programming languages, and Fortran 2003. When dereferenced, a function pointer can be used to invoke a function and pass it arguments just like a normal function...
that is not properly initialized. Other problems might involve compiler
Compiler
A compiler is a computer program that transforms source code written in a programming language into another computer language...
(toolchain
Toolchain
In software, a toolchain is the set of programming tools that are used to create a product...
) bugs, filesystem corruption or attempting to execute instructions that require special privileges.
Many platforms implement new instructions
Instruction set
An instruction set, or instruction set architecture , is the part of the computer architecture related to programming, including the native data types, instructions, registers, addressing modes, memory architecture, interrupt and exception handling, and external I/O...
or provide additional registers
Processor register
In computer architecture, a processor register is a small amount of storage available as part of a CPU or other digital processor. Such registers are addressed by mechanisms other than main memory and can be accessed more quickly...
on subsequent hardware revisions, so applications compiled for more recent hardware may generate illegal instructions when run on older hardware that does not recognise the new opcodes. An example might be attempting to use MMX instructions on an Intel 80486
Intel 80486
The Intel 80486 microprocessor was a higher performance follow up on the Intel 80386. Introduced in 1989, it was the first tightly pipelined x86 design as well as the first x86 chip to use more than a million transistors, due to a large on-chip cache and an integrated floating point unit...
processor, which didn't support the feature.
Like all signals, SIGILL can also be generated by users with the appropriate permissions, using the
killKill (Unix)In computing, kill is a command that is used in several popular operating systems to send signals to running processes, for example to request the termination of this process.-Unix and Unix-like:...
system callSystem call
In computing, a system call is how a program requests a service from an operating system's kernel. This may include hardware related services , creating and executing new processes, and communicating with integral kernel services...
.
SIGILL can be handled. That is, programmers can specify the action they would like to occur upon receiving a SIGILL, such as execute a subroutine
Subroutine
In computer science, a subroutine is a portion of code within a larger program that performs a specific task and is relatively independent of the remaining code....
, ignore the event, or restore the default behaviour. BIND
BIND
BIND , or named , is the most widely used DNS software on the Internet.On Unix-like operating systems it is the de facto standard.Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley , the name originates as an acronym from...
8 used this mechanism to write server statistics to an external file.
Note that under certain circumstances, attempting to ignore SIGILL can result in undefined behaviour
Undefined behaviour
In computer programming, undefined behavior is a feature of some programming languages—most famously C. In these languages, to simplify the specification and allow some flexibility in implementation, the specification leaves the results of certain operations specifically undefined.For...
.
Sometimes bad call linkage will also cause SIGILL. In C++, passing a non-POD
Plain Old Data Structures
A plain old data structure is a data structure that is represented only as passive collections of field values, without using encapsulation or other object-oriented features....
data type into a variadic function
Variadic function
In computer programming, a variadic function is a function of indefinite arity, i.e., one which accepts a variable number of arguments. Support for variadic functions differs widely among programming languages....
such as printf
Printf
Printf format string refers to a control parameter used by a class of functions typically associated with some types of programming languages. The format string specifies a method for rendering an arbitrary number of varied data type parameter into a string...
will cause undefined behavior; in GCC
GNU Compiler Collection
The GNU Compiler Collection is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain...
this means deliberately placing an illegal instruction at that point in the assembler.
Example
Here is an example of an ANSI CANSI C
ANSI C refers to the family of successive standards published by the American National Standards Institute for the C programming language. Software developers writing in C are encouraged to conform to the standards, as doing so aids portability between compilers.-History and outlook:The first...
program that attempts to execute an illegal instruction on platforms where 0xFFFFFFFF is not a valid opcode.
Compiling and running it on IA-32
IA-32
IA-32 , also known as x86-32, i386 or x86, is the CISC instruction-set architecture of Intel's most commercially successful microprocessors, and was first implemented in the Intel 80386 as a 32-bit extension of x86 architecture...
with Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
produces the following:
$ gcc -o sigill sigill.c
$ ./sigill
Illegal instruction (core dumped)
On more recent processors and Linux versions, the program above may not receive a SIGILL because of the NX bit
NX bit
The NX bit, which stands for No eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or for storage of data, a feature normally only found in Harvard architecture processors...
feature, that allows the Linux kernel to make the memory pages on the program stack non-executable by default. On those cases, the program will receive the SIGSEGV
SIGSEGV
On POSIX-compliant platforms, SIGSEGV is the signal sent to a process when it makes an invalid memory reference, or segmentation fault. The symbolic constant for SIGSEGV is defined in the header file signal.h...
signal.
A backtrace from gdb shows that the program crashed within the
main
function when the program tried to execute an instruction at address 0xBFFFEDE4:Program received signal SIGILL, Illegal instruction.
0xbfffede4 in ??
(gdb) bt
#0 0xbfffede4 in ??
#1 0x0804837f in main
(gdb) x/i $pc
0xbfffede4: (bad)
Note "(bad)", indicating that the debugger
Debugger
A debugger or debugging tool is a computer program that is used to test and debug other programs . The code to be examined might alternatively be running on an instruction set simulator , a technique that allows great power in its ability to halt when specific conditions are encountered but which...
does not recognize the opcode at that address. The mnemonic
Mnemonic
A mnemonic , or mnemonic device, is any learning technique that aids memory. To improve long term memory, mnemonic systems are used to make memorization easier. Commonly encountered mnemonics are often verbal, such as a very short poem or a special word used to help a person remember something,...
representing of the instruction would normally be displayed there.
Compare the output from SIGILL with that of a segmentation fault and a SIGFPE signal.
See also
- Instruction setInstruction setAn instruction set, or instruction set architecture , is the part of the computer architecture related to programming, including the native data types, instructions, registers, addressing modes, memory architecture, interrupt and exception handling, and external I/O...
- Pentium F0 bug
- Ring 0
- Signal (computing)Signal (computing)A signal is a limited form of inter-process communication used in Unix, Unix-like, and other POSIX-compliant operating systems. Essentially it is an asynchronous notification sent to a process in order to notify it of an event that occurred. When a signal is sent to a process, the operating system...