Fix bug 327238.

 assertion failure in Callgrind: bbcc.c:585 (vgCallgrind_setup_bbcc):
 Assertion 'passed <= last_bb->cjmp_count' failed

Background:
We want to detect the jump behavior of code, that is, the side exit
from a SB, as there can be many. For that, instrumented code writes
the exit number into a global variable (jmps_passed) before an eventual
exit.

With an exception happening in the first few instructions of an SB,
jmps_passed never was written, and still contained an old value. This
got saved/restored around the exception handler, and resulted in the
failed assertion.
Solution: always initialize jmps_passed to zero in setup_bbcc(), which
is called at the beginning of every SB.

git-svn-id: svn://svn.valgrind.org/valgrind/trunk@13712

diff --git a/callgrind/bbcc.c b/callgrind/bbcc.c
index 7696645b37316497eea4023eb14807641e82f9f4..6682706ee6d9e43e42401469b72732a110227c64 100644 (file)
--- a/callgrind/bbcc.c
+++ b/callgrind/bbcc.c
@@ -885,6 +885,10 @@ void CLG_(setup_bbcc)(BB* bb)
   }
   
   CLG_(current_state).bbcc = bbcc;
+  /* Even though this will be set in instrumented code directly before
+   * side exits, it needs to be set to 0 here in case an exception
+   * happens in first instructions of the BB */
+  CLG_(current_state).jmps_passed = 0;
   // needed for log_* handlers called in this BB
   CLG_(bb_base)   = bb->obj->offset + bb->offset;
   CLG_(cost_base) = bbcc->cost;

diff --git a/callgrind/global.h b/callgrind/global.h
index d764e16105521c979fa476893dc7f872d81a8b85..9f7aae71f17afb9e2e1abe33fd6aae510848309f 100644 (file)
--- a/callgrind/global.h
+++ b/callgrind/global.h
@@ -523,7 +523,8 @@ struct _exec_state {
   Bool     collect;
   Context* cxt;
   
-  Int   jmps_passed; /* number of conditional jumps passed in last BB */
+  /* number of conditional jumps passed in last BB */
+  Int   jmps_passed;
   BBCC* bbcc;      /* last BB executed */
   BBCC* nonskipped;
 

diff --git a/callgrind/main.c b/callgrind/main.c
index f9dcd84d3d3c58bf1d6cad26705ce3fcc022c397..5c9f5e5b11b48ff434c4e7f384b8ee7a4651a77e 100644 (file)
--- a/callgrind/main.c
+++ b/callgrind/main.c
@@ -1243,9 +1243,10 @@ IRSB* CLG_(instrument)( VgCallbackClosure* closure,
            /* Update global variable jmps_passed before the jump
             * A correction is needed if VEX inverted the last jump condition
            */
+           UInt val = inverted ? cJumps+1 : cJumps;
            addConstMemStoreStmt( clgs.sbOut,
                                  (UWord) &CLG_(current_state).jmps_passed,
-                                  inverted ? cJumps+1 : cJumps, hWordTy);
+                                 val, hWordTy);
            cJumps++;
 
            break;
@@ -1289,10 +1290,12 @@ IRSB* CLG_(instrument)( VgCallbackClosure* closure,
    /* At the end of the bb.  Flush outstandings. */
    flushEvents( &clgs );
 
-   /* Always update global variable jmps_passed at end of bb.
+   /* Update global variable jmps_passed at end of SB.
+    * As CLG_(current_state).jmps_passed is reset to 0 in setup_bbcc,
+    * this can be omitted if there is no conditional jump in this SB.
     * A correction is needed if VEX inverted the last jump condition
     */
-   {
+   if (cJumps>0) {
       UInt jmps_passed = cJumps;
       if (clgs.bb->cjmp_inverted) jmps_passed--;
       addConstMemStoreStmt( clgs.sbOut,