Mark Wielaard [Fri, 6 Feb 2026 12:57:24 +0000 (13:57 +0100)]
Sanity check VG_(realpath) and VG_(readlink) return values
When VG_(realpath) calls VG_(readlink) it failed to check if
VG_(readlink) succeeds, possibly writing to tmp[-1] (on the stack). It
also didn't check the getcwd syscall succeeded, which would cause the
resolved name to start with undefined bits (from the stack).
VG_(data_size) was using too small a (stack) buffer for the
VG_(realpath) call and didn't check whether the call actually
succeeded.
At startup initimg-{darwin,freebsd,linux,solaris} also didn't check
VG_(realpath) would resolve before setting VG_(resolved_exename) to
possibly random bits on the stack. Fix that by using the (unresolved)
exe_name in those cases.
Florian Krohm [Thu, 5 Feb 2026 17:39:49 +0000 (17:39 +0000)]
s390: Change s390_disasm and tweak specification exception message
s390_disasm now returns a pointer to the disassembled insn string or NULL.
A new parameter controls whether the mnemonic should be padded with blanks
to the max. insn length.
When reporting a specification exception also write out the disassembled insn.
Florian Krohm [Wed, 4 Feb 2026 22:34:30 +0000 (22:34 +0000)]
s390: Fix s390_irgen_VGE[FG] and s390_irgen_VSCE[FG]
Instead of creating a specification exception these run into an assertion:
VEX: s390_vr_offset_by_index: invalid index for given type
There are proper s390_insn_assert in s390_irgen_VGEF etc. However, the
vassert happens in s390_format_VRV --> get_vr --> s390_vr_offset_by_index
prior to s390_irgen_... being called.
Fixed by adding s390_insn_assert to s390_format_VRV.
Add decode_sse4_blend_imm which allows to reuse BLENDPD decoder code
for BLENDPS and PBLENDW. Moved math_BLENDPS_128, math_PBLENDW_128
and math_PBLENDVB_128 from VEX/priv/guest_amd64_toIR.c
to VEX/priv/guest_generic_sse.h to be able to reuse existing amd64 code
for x86 implementation.
Moved test_BLENDPS and test_PBLENDW from none/tests/amd64/sse4-64.c to
none/tests/sse4-common.h and updated the expected tests output to match
the new implementation. Removed vassert(0) in VEX/priv/host_x86_defs.c
in push_word_from_tags in order for test_PBLENDW to be able to pass.
Florian Krohm [Wed, 4 Feb 2026 16:03:30 +0000 (16:03 +0000)]
s390: The 2nd coming of disasm-test
With the advent of objdump-based disassembly there is no need anymore to
ensure that the disassembled insns out of valgrind match those from objdump.
This is now correct by construction.
In this patch the disasm-test functionality is changed to ensure that all
expected specification exceptions as specified in the Principles of
Operations are detected and no unexpected specification exceptions are found.
For a given opcode 2 sets of testcases will now be generated:
- one where every insn causes a specification exception
This catches missed specification exceptions.
- one where no insn causes a specification exception
This catches unexpected specification exceptions.
Changes:
Remove command line options --generate and --verify. Those were useful
in the early stages of development but not anymore.
Remove command line options --show-spec-exc and --no-show-miscompares
which are obsolete now.
Replace command line option --check-prereq with --check-march=ARCH.
Remove command line option --all-except-exrl. Add --exclude option which
is more general.
Add command line options --spec-exc and --no-spec-exc.
Remove functions check_objdump and disasm_same.
From verify_stats remove num_mismatch and num_verified members.
Rename verify_stats --> test_stats and add num_generated member.
Rename verify_disassembly --> verify_spec_exceptions.
No longer write .vex file. Write .spec-exc file instead.
Factor out functions run_opcode and choose_int_and_iterate.
New functions asm_detects_spec_exc and insn_bytes_as_string.
Opcode table in opcode.c:
- Remove all constraints that do not cause a specification exception.
- Change modelling of the "Rotate and ...." opcodes. Previously the
i3, i4 and i5 fields are modelled as masks. That was a work-around in
order to be able to specify interesting values and is no longer
needed. Model those fields as integers instead.
Update disasm-test.vgtest.
Update README.
Copyright year updated.
Mark Wielaard [Tue, 3 Feb 2026 18:28:46 +0000 (19:28 +0100)]
Fix asserts in testcases close_range, bug514094 and readlinkat_self.
These tests did an assert (errno = EFAULT) instead of an assert on
errno == EFAULT. close_range was also using an valid flag 2
(CLOSE_RANGE_UNSHARE) instead of a bad one.
Paul Floyd [Thu, 29 Jan 2026 19:32:05 +0000 (20:32 +0100)]
More warning cleanup
Fix a cast from volatile that has been bothering me for a while.
Also a warning dur to some Darwin code that reuses a ULong
for a memory address. That causes a warning on 32bits because
pointers are 32bit but ULong is always 64bit.
Paul Floyd [Wed, 28 Jan 2026 12:38:39 +0000 (13:38 +0100)]
Bug 514613 again (closing </still_reachable> xml tag)
Always close the tag after the heuristic details.
Add 4 testcases, one with no errors, one with a simple leak,
one with a simple reachable and one "Xmas tree" test (in
reference to the TCP/IP Christmas tree packet
https://en.wikipedia.org/wiki/Christmas_tree_packet). That
has most of the errors that memcheck can produce.
Florian Krohm [Thu, 22 Jan 2026 20:03:37 +0000 (20:03 +0000)]
s390: Merge s390_format_VRS_VRDV and s390_format_VRS_VRDVM
Add unused m4 parameter to s390_irgen_VLM / _VSTM. That way we no longer need
to distinguish between s390_format_VRS_VRDV and s390_format_VRS_VRDVM.
Rename remaining function to s390_format_VRSa and use it throughout.
Florian Krohm [Thu, 22 Jan 2026 17:05:42 +0000 (17:05 +0000)]
s390: Merge s390_format_VRX_VRRDM and s390_format_VRX_VRRD
Add unused m3 parameter to s390_irgen_VL / _VST. That way we no longer need
to distinguish between s390_format_VRX_VRRDM and s390_format_VRX_VRRD.
Rename remaining function to s390_format_VRX and use it throughout.
Add field access macros for formats RRFa, RRFb, RRFc, RRFd and RRFe
as per Principles of Ops.
Add field access macros RRD_r1, RRD_r2, RRD_m3.
Remove field access macros RRF_..., RRF2_..., RRF3_..., RRF4_... and RRF5_...
Support blendpd (Blend Packed Double Precision Floating-Point
Values (XMM)) instruction in guest_x86_toIR.c. To be able to
use amd64 math_BLENDPD_128 function for x86 implementation, add
a new VEX/priv/guest_generic_sse.h header and move math_BLENDPD_128
there.
mkV128() was moveda from line 1671 in guest_amd64_toIR.c to line 295,
grouping it with other mkU* constant-creation helpers (mkU8, mkU16,
mkU32, mkU64). This allows guest_generic_sse.h to be included much
earlier (line 300 vs. line 1676), making the code organization more
natural.
The header includes an explaination why it must be included mid-file
(after IR helpers like newTemp, assign, binop, etc. are defined) and
why those helpers cannot be moved to a shared header (they depend on
file-local global state, particularly the 'irsb'
variable).
Add test function to sse4-common.h and update none/tests/x86/sse4-x86.c
to test the instruction.
Remove functions s390_format_RS_RURD, s390_format_RS_RRRD and
s390_format_RS_AARD. Use s390_format_RS instead.
Actually, Principles of Ops has RS-a and RS-b formats. But those
differ only in how they name a particular opcode field and not how
the opcode's 4 bytes are divided up into fields. I did not bother
with that.
Mark [Sat, 17 Jan 2026 16:22:59 +0000 (17:22 +0100)]
Add support for fnop instruction on x86 and amd64
This implements FNOP in guest_amd64_toIR.c and guest_x86_toIR.c by
simply skipping the instruction. Which is OK for now since one of the
x87 FP Limitations is no FP exceptions, except for handling stack
over/underflow.
Add fnop to none/tests/{amd64,x86}/insn_fpu.{def,stdout.exp}.
Also update old 3_1_BUGSTATUS.txt to correct bug number.
Florian Krohm [Thu, 15 Jan 2026 20:16:08 +0000 (20:16 +0000)]
Update s390-check-opcodes.pl
Remove the --check-formats option. The specialisation of opcode names in
<binutils>/opcode/s390_opc.txt is no longer interesting as we do not need
to distinguish whether a register number in an opcode denotes a GPR od FPR
or whatever.
Instead it is better to use those opcode format names as shown in the
Principles of Ops wherever possible. Simplifies proofreading.
Florian Krohm [Thu, 15 Jan 2026 11:10:30 +0000 (11:10 +0000)]
s390: Remove s390_format_RIL and friends.
This patch removes the functions: s390_format_RIL, s390_format_RIL_RU,
s390_format_RIL_RI, s390_format_RIL_RP and s390_format_RIL_UP.
Cf. fa21e88ac38 for a rationale.
Florian Krohm [Thu, 15 Jan 2026 10:08:59 +0000 (10:08 +0000)]
s390: Remove s390_format_RRE and friends.
This patch removes the functions: s390_format_RRE, s390_format_RRE_RR,
s390_format_RRE_FF, s390_format_RRE_RF, s390_format_RRE_FR,
s390_irgen_RRE_R0 and s390_irgen_RRE_F0.
Cf. fa21e88ac38 for a rationale.
Florian Krohm [Thu, 15 Jan 2026 09:19:10 +0000 (09:19 +0000)]
s390: Remove s390_format_RR and friends.
This patch removes the functions: s390_format_RR, s390_format_RR_RR
and s390_format_RR_FF.
First, because of the disassembly changes in 370531396ad there is no
longer a need to specialise s390_format_RR because the register class
of its operands is now irrelevant. Hence s390_format_RR_RR and
s390_format_RR_FF can go.
Secondly, s390_irgen_RR only calls the function pointer being passed in.
So we can call that function directly and s390_irgen_RR can go as well.
The same reasoning also applies to other opcode formats. Patches will
follow soon. Having several installments gives a chance to actually
proofread them.
Florian Krohm [Sun, 11 Jan 2026 17:54:59 +0000 (17:54 +0000)]
vg_regtest: Miscellaneous tweaks
Drop the requirement that there must be at least one .stderr.exp
file. That way we can eliminate some 440 empty stderr.exp files and
a few stderrB.exp files.
Drop the requirement that there must be a "filter_stderr" script.
If there is nothing to filter (e.g. iropt-test) a filter script is
not meaningful. In that is so desired, specify an empty stderr_filter
and stderrB_filter in the .vgtest file.
Paul Floyd [Sat, 10 Jan 2026 14:53:43 +0000 (15:53 +0100)]
regtest: undo changes to str_tester as a workaround for darwin checked functions
I had added parens to force the use of the function rarther than a
macro expanding to the _chk version. The _chk functions are now wrapped
so no longer need to keep the workaround.
Mark Wielaard [Wed, 7 Jan 2026 21:20:49 +0000 (22:20 +0100)]
Disable linux madvise MADV_GUARD_INSTALL
glibc 2.42+ (with linux 6.13+) uses MADV_GUARD_INSTALL to setup stack
guard pages. valgrind currently isn't able to track this and such
guard pages also don't show up in /proc maps (only in /proc pagemap
since linux 6.14). For now valgrind fails a madvise MADV_GUARD_INSTALL
syscall with EINVAL. This causes glibc to fall back to mprotect
PROT_NONE which valgrind is able to track.
Mark Wielaard [Sat, 3 Jan 2026 13:08:08 +0000 (14:08 +0100)]
VEX: Fix srcdir != builddir build
commit 370531396ad1 ("s390: Use objdump machinery to disassemble insns")
broke srcdir != builddir builds with:
../../../VEX/priv/objdump/s390-dis.c:26:10: fatal error: main_util.h: No such file or directory
26 | #include "main_util.h" // vex_strlen
| ^~~~~~~~~~~~~
This comes from including the "wrong" priv directory for main_util.h
in Makefile.vex.am. Fix this by adding -I$(srcdir)/priv. This was
always wrong but didn't cause issues till now because of the extra
objdump subdir.
Paul Floyd [Fri, 26 Dec 2025 13:20:34 +0000 (14:20 +0100)]
Darwin regtest: ensure no stdout output for memcheck/tests/darwin/deep_badparam
The test was doing a write of an uninit ilocal 32byte char buffer.
This has started outputting junk resulting in a stdout diff. So
make sure that the buffer only contains zeros (but still uninit).
Hope the compiler doesn't get too smart.
Support pmulld (packed multiply 32-bit doubleword integers) instruction
in guest_x86_toIR.c and host_x86_isel.c. Add test function to
sse4-common.h and update none/tests/x86/sse4-x86.c to test the
instruction.
projects / thirdparty / valgrind.git / log
