Petar Jovanovic [Fri, 23 Nov 2012 00:44:37 +0000 (00:44 +0000)]
Correctly model LL/SC on MIPS.
As the issue with RMW on MIPS does not block execution anymore (see Valgrind
patch r13136), we can switch back to model it through LoadL and StoreC instead
of using incorrect Load and Store.
This will give back correct output to memcheck/tests/atomic_incs on MIPS.
Petar Jovanovic [Fri, 23 Nov 2012 00:01:36 +0000 (00:01 +0000)]
Flush events in Callgrind before enering a RMW region.
On some MIPS platforms, we had an issue in which SC would fail each time
due to some memory access occuring in the RMW region.
If code for simulator events is called before LL, it can help SC to pass.
This change fixes a few LL/SC issues on MIPS arch.
Carl Love [Tue, 20 Nov 2012 17:32:48 +0000 (17:32 +0000)]
VEX, ppc fix use of modified value in the Iop_32HLto64 implementation
The issue with the Iop_32HLto64, as explained by Julian:
One of the "rules of the game" of instruction selection is that the register
returned by any of the isel* functions may not be modified -- if it needs to
be modified, first copy the value off to a different register. The rule exists
because, in this case, e->Iex.Binop.arg2 might be an IRExpr_RdTmp, in which
case iselWordExpr_R simply returns the register which holds the value of the
relevant IR temporary. And so if r_Lo is modified then any subsequent uses of
that IR temporary will get the wrong value. In this case, r_Lo is
modified without first copying it.
This patch fixes the issue by assigning the result of the AND operation to
a temporary and then using the temporary result in the OR operation thus
avoiding using a modified value.
Julian Seward [Tue, 20 Nov 2012 15:24:24 +0000 (15:24 +0000)]
Add a special-case implementation of PCMPISTRI $0x3A, which generates
in-line IR instead of calling helpers. This is so that Memcheck can
do exact definedness propagation through it. This is important for
dealing with inlined PCMPISTRI-based strlen calls.
#309921, comment 6. (Patrick J. LoPresti , lopresti@gmail.com)
Callgrind: fix Ir cost update for ignored functions
Also without cache simulation, Callgrind maintains Ir cost.
This is done in setup_bbcc by incrementing an execution counter
for last_bbcc (the cost center for the previously executed BB
in current context) and the global cost counter.
However, we forgot to increment any counter if the currently
executing function should be ignored. We need to still update
costs, add attribute this to a not-ignored call site (as
given in CLG_(current_state).nonskipped).
Before this fix, there was a difference in Ir cost with vs. without
cache simulation. This was because ignored functions (e.g. PLT code)
contributed no cost when not doing cache simulation.
Carl Love [Fri, 16 Nov 2012 19:41:21 +0000 (19:41 +0000)]
vbit-tester, add counts for the number of 1, 2, 3 and 4 operand tests.
This patch adds code to count the number of each type of test. The
number of 1, 2, 3 and 4 operand tests that are generated by the vbit-tester
are counted and printed by the vbit-tester. The user should refer to the
Valgrind output to see if any of the tests failed.
The existing two verbose levels was increased by one level and the the
new output giving the number of tests was inserted as the first verbose
level. The verbose levels are now:
-v shows the number of 1, 2, 3 and 4 operand tests that are generated
-v -v shows IROps being tested
-v -v -v extreme edition, shows input values
Carl Love [Fri, 16 Nov 2012 18:58:08 +0000 (18:58 +0000)]
Valgrind, V-bit tester: Add support for Iop_CmpORD class iops
The Iop_CmpORD class of iops support the POWER specific comparison
instructions. The instructions take two 32-bit or 64-bit operands
and produce a result of the same size. However, only the lower bits
of the result are set by the instruction. The bits are set by the instruction
to indicate if the comparison is "less then", "greater then", or "equal".
This patch adds support to the V-bit tester to verify the propagation
of the undefined bits in the inputs to the output for the Iop_CmpORd iops.
The output bits are always set to undefined if any of the input bits are not
defined.
Julian Seward [Thu, 8 Nov 2012 10:58:16 +0000 (10:58 +0000)]
Improve accuracy of definedness tracking through the x86 PMOVMSKB and
BSF instructions, as the lack of it causes false positives (Valgrind
side). Fixes #308627. (Patrick J. LoPresti <lopresti@gmail.com>)
Julian Seward [Thu, 8 Nov 2012 10:57:08 +0000 (10:57 +0000)]
Improve accuracy of definedness tracking through the x86 PMOVMSKB and
BSF instructions, as the lack of it causes false positives (VEX side).
Fixes #308627. Combined efforts of Patrick J. LoPresti
<lopresti@gmail.com> and me.
factorise sys_socketcall
sys_socketcall was duplicated in syswrap-{ppc64|ppc32|arm|mips32|s390x}-linux.c
=>
* Similarly for what was done for sys_ipc, factorise the code in syswrap-linux.c
* re-enabled PRE_MEM_READ for VKI_SYS_SENDMSG and VKI_SYS_RECVMSG
(PRE_MEM_READ calls were commented out around 2003, for what
was supposed a glibc bug.
The PRE_MEM_READ calls were already re-enabled in s390x)
* s390x also had some more checking to verify the addressibility of
the args and fail the syscall with EFAULT if not addressable
=> same checks are now done for all platforms.
(tested on x86/amd64/mips32/s390x/ppc32/ppc64,
compiled for arm-android-emulator)
Ensure vgdb.c is warningless with -Wpointer-sign
* use normal 'char' (when possible) rather than 'unsigned char'
* fix bug in case a character val >= 128 is given in a -c command
Because most Ir accesses touch only one line, and this
can be detected at instrumentation time, use a special
handler for that. This handler does not need to check
cache line crossing at runtime.
This does not change the results of the simulator at all,
but improves runtime by around 15% on perf benchmarks.
Carl Love [Mon, 29 Oct 2012 20:39:18 +0000 (20:39 +0000)]
Valgrind, ppc: Fix test for 32-bit testsuite.
The 32-bit testsuite executes the 64-bit class instruction prtyd. This
instruction should not be tested in 32-bit mode. The change also updates
the expected output for the test. Note, 32-bit HW will generate a SIGILL
when the prtyd instruction is executed. However, the 64-bit HW executing
a 32-bit application does execute the instruction but only the lower 32-bits
of the result are valid. In general, the 64-bit class instructions should
not be executed in 32-bit binaries.
This fix accompanies the VEX fix in revision 2558 to add the 64-bit mode test
to make sure the 64-bit class instructions are only executed in 64-bit mode.
The VEX bugzilla is:
Bug 308573 - Internal Valgrind error on 64-bit instruction executed in
32-bit mode
Carl Love [Mon, 29 Oct 2012 20:23:41 +0000 (20:23 +0000)]
Valgrind, ppc: Fix missing checks for 64-bit instructions operating in 32-bit mode, Bugzilla 308573
A number of the POWER instructions are only intended to run on 64-bit
hardware. These instructions will give a SIGILL instruction on 32-bit
hardware. The check for 32-bit mode on some of these instructions is
missing. Although, the 64-bit hardware will execute these instructions
on 64-bit hardware without generating a SIGILL the use of these
instructions in 32-bit mode on 64-bit hardware is typically indicative of
a programming error. There are cases where these instructions are used
to determine if the code is running on 32-bit hardware or not. In these
cases, the instruction needs to generate a SIGILL for the error handler
to properly determine the hardware is running in 32-bit mode.
This patch adds the 32-bit mode check for those 64-bit instructions that
do not have the check. If the check fails, the instruction is flagged
as an unsupported instruction and a SIGILL message is generated.
This patch fixes the bug reported in:
Bug 308573 - Internal Valgrind error on 64-bit instruction executed in
32-bit mode
Note, there is an accompaning fix to memcheck/tests/ppc32/power_ISA2_05.c
to only execute the 64-bit instruction prtyd test in 64-bit mode.
Florian Krohm [Sat, 27 Oct 2012 14:25:28 +0000 (14:25 +0000)]
Fix fpconv.c to unbreak the build on z10ec.
Add rounding-6.c to test rounding modes for convert-to-fixed per m3
field. (The previous fpconv gave the impression of testing this but
in fact did not).
Add rounding.h to establish symbolic names for the various rounding
modes.
Petar Jovanovic [Fri, 26 Oct 2012 16:16:43 +0000 (16:16 +0000)]
Additional refinement in PRE(sys_ipc).
Additional refinement in PRE(sys_ipc) on which arguments to check for the call.
This is still a simplistic check, yet it should resolve additional cases.
One of the resolved cases is memcheck/tests/sem on MIPS.
fix 123837 semctl system call: 4rth argument is optional, depending on cmd
Depending on the semctl command (arg3), arg4 might or might not be needed.
The PRE(sys_ipc) multiplexed syscall for semctl was always checking
all 4 args.
The fix consists in dereferencing the 4th arg (which in sys_ipc is ARG5)
only if the semctl syscall cmd implies 4 arguments.
This avoids the false positive on linux x86.
Note that PRE(sys_ipc) is still too simplistic as it assumes
that 6 args are always read, which is not the case.
This seems to cause false positive on mips:
memcheck on none/tests/sem gives:
Syscall param ipc(fifth) contains uninitialised byte(s)
It would be nice to implement the multiplexed PRE(sys_ipc) by
calling the PRE(sys_xxxx) similar PRE, depending on ARG1 of sys_ipc.
This would then avoid the simplistic PRE(sys_ipc) logic without duplicating
the logic in PRE(sys_semctl) (and all other sys_ipc multiplexed syscalls).
However, I found no easy way to do that.
With the current fix, some logic about semctl is partially duplicated between
the PRE(sys_ipc) (for platforms such as x86 having a multiplexed sys call)
and PRE(sys_semctl) (for platforms such as amd64, having a direct sys call)
to fix the false positive encountered on x86.
Follow-up to sys_ipc restructuration
Rev 13078 removed a PRE call (for SEMCTL) in the POST(sys_ipc).
This commit adds the correct POST call for SEMCTL in POST(sys_ipc).
(note: some tests are missing in this area, as removing PRE
and adding POST did not cause any test result to change).
This is the last patch to restructure the sys_ipc code.
After this patch, should be able to do the real fix
for 23837 (semctl GETVAL false positive)
Follow-up to sys_ipc restructuration
Now that the PRE/POS(sys_ipc) code is not duplicated anymore,
fix two strange things in this code:
* PRE(sys_ipc) : add missing ; after the call PRE_REG_READ6
(strange that this was compiling without it ???)
* POST(sys_ipc) : it seems there was a copy/paste of
the PRE(sys_ipc) code for VKI_SEMCTL.
Cannot understand why we would need to call again
deref_Addr and ML_(generic_PRE_sys_semctl) in the POST(sys_ipc).
Fix 308711 - give more info about aspacemgr and arenas in out_of_memory
In case of out of memory, Valgrind will output
the state of the address space manager and of the arena.
Then it will output a message to inform the user about the out of memory.
In case out of memory happens again while outputting the aspacemgr
or arena info, then another trial is done to only output the user msg.
restructure code for future fixing of 123837 (semctl GETVAL false positive)
Regrouped identical code (except for indentation)
from syswrap-ppc64-linux.c, syswrap-ppc32-linux.c,syswrap-mips32-linux.c
syswrap-x86-linux.c, syswrap-s390x-linux.c
into
syswrap-linux.c
(compiled/regtested on x86, amd64, ppc64, mips32, s390x)
Introduce a test to reproduce bug 123837 (semctl GETVAL false positive)
The test succeeds on amd64, but fails on x86, with the following diff:
+Syscall param semctl(arg) points to uninitialised byte(s)
+ at 0x........: semctl@@GLIBC_2.2 (semctl.c:109)
+ by 0x........: main (sem.c:36)
+ Address 0x........ is on thread 1's stack
+
+Syscall param semctl(arg) points to uninitialised byte(s)
+ at 0x........: semctl@@GLIBC_2.2 (semctl.c:109)
+ by 0x........: main (sem.c:43)
+ Address 0x........ is on thread 1's stack
+
Florian Krohm [Sun, 21 Oct 2012 03:23:36 +0000 (03:23 +0000)]
Fix Char/HChar mixups in helgrind and then some.
Also fix all usages of the wordFM data structure. Once upon a time
wordFM used Words but now it uses UWords.
Likewise for WordBag.
Follow-up to cache reorg: update trace cache warning
Update trace cache warning so that it is the same as before the cache reorg
(avoid failure of some tests on Pentium4 as the warning output
must match what is filtered by cachegrind/tests/filter_stderr)
Petar Jovanovic [Fri, 19 Oct 2012 14:45:17 +0000 (14:45 +0000)]
Add a proper support for several MIPS instructions that generate SigFPE.
Add support to properly handle TEQ, ADD and SUB instructions that generate
exceptions on MIPS platforms. A SignalException test for MIPS32 has also been
added, so we can cover more cases.
Florian Krohm [Thu, 18 Oct 2012 03:16:45 +0000 (03:16 +0000)]
Change cache detection for x86/amd64 to fill in VexCacheInfo directly.
New function write_cache_info to dump what was detected for debugging
purposes.
New function cache_info_is_sensible to ensure that autodetected
cache info lives up to the promises made in libvex.h.
Moved the trace-cache related kludgery to cachegrind where it belongs.
Fix 308341 vgdb should report process exit (or fatal signal)
patch from Mark Wielaard.
(with small modifications).
Also clarified some comments related to the resume reply.
projects / thirdparty / valgrind.git / log
