Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / valgrind / fed4dd0626350c4d5c8b3f3ce54ca974fef8e3de / . / vg_memory.c
blob: 731344d040aa363ab56b76242b75d38ba3d385ab [file] [log] [blame]
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]1
2/*--------------------------------------------------------------------*/
3/*--- Maintain bitmaps of memory, tracking the accessibility (A) ---*/
4/*--- and validity (V) status of each byte. ---*/
5/*--- vg_memory.c ---*/
6/*--------------------------------------------------------------------*/
7
8/*
9 This file is part of Valgrind, an x86 protected-mode emulator
10 designed for debugging and profiling binaries on x86-Unixes.
11
12 Copyright (C) 2000-2002 Julian Seward
13 jseward@acm.org
14 Julian_Seward@muraroa.demon.co.uk
15
16 This program is free software; you can redistribute it and/or
17 modify it under the terms of the GNU General Public License as
18 published by the Free Software Foundation; either version 2 of the
19 License, or (at your option) any later version.
20
21 This program is distributed in the hope that it will be useful, but
22 WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 General Public License for more details.
25
26 You should have received a copy of the GNU General Public License
27 along with this program; if not, write to the Free Software
28 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
29 02111-1307, USA.
30
31 The GNU General Public License is contained in the file LICENSE.
32*/
33
34#include "vg_include.h"
35
36/* Define to debug the mem audit system. */
37/* #define VG_DEBUG_MEMORY */
38
39/* Define to debug the memory-leak-detector. */
40/* #define VG_DEBUG_LEAKCHECK */
41
42/* Define to collect detailed performance info. */
43/* #define VG_PROFILE_MEMORY */
44
45
46/*------------------------------------------------------------*/
47/*--- Low-level support for memory checking. ---*/
48/*------------------------------------------------------------*/
49
50/*
51 All reads and writes are checked against a memory map, which
52 records the state of all memory in the process. The memory map is
53 organised like this:
54
55 The top 16 bits of an address are used to index into a top-level
56 map table, containing 65536 entries. Each entry is a pointer to a
57 second-level map, which records the accesibililty and validity
58 permissions for the 65536 bytes indexed by the lower 16 bits of the
59 address. Each byte is represented by nine bits, one indicating
60 accessibility, the other eight validity. So each second-level map
61 contains 73728 bytes. This two-level arrangement conveniently
62 divides the 4G address space into 64k lumps, each size 64k bytes.
63
64 All entries in the primary (top-level) map must point to a valid
65 secondary (second-level) map. Since most of the 4G of address
66 space will not be in use -- ie, not mapped at all -- there is a
67 distinguished secondary map, which indicates `not addressible and
68 not valid' writeable for all bytes. Entries in the primary map for
69 which the entire 64k is not in use at all point at this
70 distinguished map.
71
72 [...] lots of stuff deleted due to out of date-ness
73
74 As a final optimisation, the alignment and address checks for
75 4-byte loads and stores are combined in a neat way. The primary
76 map is extended to have 262144 entries (2^18), rather than 2^16.
77 The top 3/4 of these entries are permanently set to the
78 distinguished secondary map. For a 4-byte load/store, the
79 top-level map is indexed not with (addr >> 16) but instead f(addr),
80 where
81
82 f( XXXX XXXX XXXX XXXX ____ ____ ____ __YZ )
83 = ____ ____ ____ __YZ XXXX XXXX XXXX XXXX or
84 = ____ ____ ____ __ZY XXXX XXXX XXXX XXXX
85
86 ie the lowest two bits are placed above the 16 high address bits.
87 If either of these two bits are nonzero, the address is misaligned;
88 this will select a secondary map from the upper 3/4 of the primary
89 map. Because this is always the distinguished secondary map, a
90 (bogus) address check failure will result. The failure handling
91 code can then figure out whether this is a genuine addr check
92 failure or whether it is a possibly-legitimate access at a
93 misaligned address.
94*/
95
96
97/*------------------------------------------------------------*/
98/*--- Crude profiling machinery. ---*/
99/*------------------------------------------------------------*/
100
101#ifdef VG_PROFILE_MEMORY
102
103#define N_PROF_EVENTS 120
104
105static UInt event_ctr[N_PROF_EVENTS];
106
107static void init_prof_mem ( void )
108{
109 Int i;
110 for (i = 0; i < N_PROF_EVENTS; i++)
111 event_ctr[i] = 0;
112}
113
114void VG_(done_prof_mem) ( void )
115{
116 Int i;
117 for (i = 0; i < N_PROF_EVENTS; i++) {
118 if ((i % 10) == 0)
119 VG_(printf)("\n");
120 if (event_ctr[i] > 0)
121 VG_(printf)( "prof mem event %2d: %d\n", i, event_ctr[i] );
122 }
123 VG_(printf)("\n");
124}
125
126#define PROF_EVENT(ev) \
127 do { vg_assert((ev) >= 0 && (ev) < N_PROF_EVENTS); \
128 event_ctr[ev]++; \
129 } while (False);
130
131#else
132
133static void init_prof_mem ( void ) { }
134 void VG_(done_prof_mem) ( void ) { }
135
136#define PROF_EVENT(ev) /* */
137
138#endif
139
140/* Event index. If just the name of the fn is given, this means the
141 number of calls to the fn. Otherwise it is the specified event.
142
143 10 alloc_secondary_map
144
145 20 get_abit
146 21 get_vbyte
147 22 set_abit
148 23 set_vbyte
149 24 get_abits4_ALIGNED
150 25 get_vbytes4_ALIGNED
151
152 30 set_address_range_perms
153 31 set_address_range_perms(lower byte loop)
154 32 set_address_range_perms(quadword loop)
155 33 set_address_range_perms(upper byte loop)
156
157 35 make_noaccess
158 36 make_writable
159 37 make_readable
160
161 40 copy_address_range_perms
162 41 copy_address_range_perms(byte loop)
163 42 check_writable
164 43 check_writable(byte loop)
165 44 check_readable
166 45 check_readable(byte loop)
167 46 check_readable_asciiz
168 47 check_readable_asciiz(byte loop)
169
170 50 make_aligned_word_NOACCESS
171 51 make_aligned_word_WRITABLE
172
173 60 helperc_LOADV4
174 61 helperc_STOREV4
175 62 helperc_LOADV2
176 63 helperc_STOREV2
177 64 helperc_LOADV1
178 65 helperc_STOREV1
179
180 70 rim_rd_V4_SLOWLY
181 71 rim_wr_V4_SLOWLY
182 72 rim_rd_V2_SLOWLY
183 73 rim_wr_V2_SLOWLY
184 74 rim_rd_V1_SLOWLY
185 75 rim_wr_V1_SLOWLY
186
187 80 fpu_read
188 81 fpu_read aligned 4
189 82 fpu_read aligned 8
190 83 fpu_read 2
191 84 fpu_read 10
192
193 85 fpu_write
194 86 fpu_write aligned 4
195 87 fpu_write aligned 8
196 88 fpu_write 2
197 89 fpu_write 10
198
199 90 fpu_read_check_SLOWLY
200 91 fpu_read_check_SLOWLY(byte loop)
201 92 fpu_write_check_SLOWLY
202 93 fpu_write_check_SLOWLY(byte loop)
203
204 100 is_plausible_stack_addr
205 101 handle_esp_assignment
206 102 handle_esp_assignment(-4)
207 103 handle_esp_assignment(+4)
208 104 handle_esp_assignment(+16)
209 105 handle_esp_assignment(-12)
210 106 handle_esp_assignment(+8)
211 107 handle_esp_assignment(-8)
212
213 110 vg_handle_esp_assignment_SLOWLY
214 111 vg_handle_esp_assignment_SLOWLY(normal; move down)
215 112 vg_handle_esp_assignment_SLOWLY(normal; move up)
216 113 vg_handle_esp_assignment_SLOWLY(normal)
217 114 vg_handle_esp_assignment_SLOWLY(>= HUGE_DELTA)
218*/
219
220/*------------------------------------------------------------*/
221/*--- Function declarations. ---*/
222/*------------------------------------------------------------*/
223
224/* Set permissions for an address range. Not speed-critical. */
225void VGM_(make_noaccess) ( Addr a, UInt len );
226void VGM_(make_writable) ( Addr a, UInt len );
227void VGM_(make_readable) ( Addr a, UInt len );
228
229/* Check permissions for an address range. Not speed-critical. */
230Bool VGM_(check_writable) ( Addr a, UInt len, Addr* bad_addr );
231Bool VGM_(check_readable) ( Addr a, UInt len, Addr* bad_addr );
232Bool VGM_(check_readable_asciiz) ( Addr a, Addr* bad_addr );
233
234static UInt vgm_rd_V4_SLOWLY ( Addr a );
235static UInt vgm_rd_V2_SLOWLY ( Addr a );
236static UInt vgm_rd_V1_SLOWLY ( Addr a );
237static void vgm_wr_V4_SLOWLY ( Addr a, UInt vbytes );
238static void vgm_wr_V2_SLOWLY ( Addr a, UInt vbytes );
239static void vgm_wr_V1_SLOWLY ( Addr a, UInt vbytes );
240static void fpu_read_check_SLOWLY ( Addr addr, Int size );
241static void fpu_write_check_SLOWLY ( Addr addr, Int size );
242
243
244/*------------------------------------------------------------*/
245/*--- Data defns. ---*/
246/*------------------------------------------------------------*/
247
248typedef
249 struct {
250 UChar abits[8192];
251 UChar vbyte[65536];
252 }
253 SecMap;
254
255/* These two are statically allocated. Should they be non-public? */
256SecMap* VG_(primary_map)[ /*65536*/ 262144 ];
257static SecMap vg_distinguished_secondary_map;
258
259#define IS_DISTINGUISHED_SM(smap) \
260 ((smap) == &vg_distinguished_secondary_map)
261
262#define ENSURE_MAPPABLE(addr,caller) \
263 do { \
264 if (IS_DISTINGUISHED_SM(VG_(primary_map)[(addr) >> 16])) { \
265 VG_(primary_map)[(addr) >> 16] = alloc_secondary_map(caller); \
266 /* VG_(printf)("new 2map because of %p\n", addr); */ \
267 } \
268 } while(0)
269
270#define BITARR_SET(aaa_p,iii_p) \
271 do { \
272 UInt iii = (UInt)iii_p; \
273 UChar* aaa = (UChar*)aaa_p; \
274 aaa[iii >> 3] |= (1 << (iii & 7)); \
275 } while (0)
276
277#define BITARR_CLEAR(aaa_p,iii_p) \
278 do { \
279 UInt iii = (UInt)iii_p; \
280 UChar* aaa = (UChar*)aaa_p; \
281 aaa[iii >> 3] &= ~(1 << (iii & 7)); \
282 } while (0)
283
284#define BITARR_TEST(aaa_p,iii_p) \
285 (0 != (((UChar*)aaa_p)[ ((UInt)iii_p) >> 3 ] \
286 & (1 << (((UInt)iii_p) & 7)))) \
287
288
289#define VGM_BIT_VALID 0
290#define VGM_BIT_INVALID 1
291
292#define VGM_NIBBLE_VALID 0
293#define VGM_NIBBLE_INVALID 0xF
294
295#define VGM_BYTE_VALID 0
296#define VGM_BYTE_INVALID 0xFF
297
298#define VGM_WORD_VALID 0
299#define VGM_WORD_INVALID 0xFFFFFFFF
300
301#define VGM_EFLAGS_VALID 0xFFFFFFFE
302#define VGM_EFLAGS_INVALID 0xFFFFFFFF
303
304
305#define IS_ALIGNED4_ADDR(aaa_p) (0 == (((UInt)(aaa_p)) & 3))
306
307
308/*------------------------------------------------------------*/
309/*--- Basic bitmap management, reading and writing. ---*/
310/*------------------------------------------------------------*/
311
312/* Allocate and initialise a secondary map. */
313
314static SecMap* alloc_secondary_map ( __attribute__ ((unused))
315 Char* caller )
316{
317 SecMap* map;
318 UInt i;
319 PROF_EVENT(10);
320
321 /* Mark all bytes as invalid access and invalid value. */
322
323 /* It just happens that a SecMap occupies exactly 18 pages --
324 although this isn't important, so the following assert is
325 spurious. */
326 vg_assert(0 == (sizeof(SecMap) % VKI_BYTES_PER_PAGE));
327 map = VG_(get_memory_from_mmap)( sizeof(SecMap) );
328
329 for (i = 0; i < 8192; i++)
330 map->abits[i] = VGM_BYTE_INVALID; /* Invalid address */
331 for (i = 0; i < 65536; i++)
332 map->vbyte[i] = VGM_BYTE_INVALID; /* Invalid Value */
333
334 /* VG_(printf)("ALLOC_2MAP(%s)\n", caller ); */
335 return map;
336}
337
338
339/* Basic reading/writing of the bitmaps, for byte-sized accesses. */
340
341static __inline__ UChar get_abit ( Addr a )
342{
343 SecMap* sm = VG_(primary_map)[a >> 16];
344 UInt sm_off = a & 0xFFFF;
345 PROF_EVENT(20);
346 return BITARR_TEST(sm->abits, sm_off)
347 ? VGM_BIT_INVALID : VGM_BIT_VALID;
348}
349
350static __inline__ UChar get_vbyte ( Addr a )
351{
352 SecMap* sm = VG_(primary_map)[a >> 16];
353 UInt sm_off = a & 0xFFFF;
354 PROF_EVENT(21);
355 return sm->vbyte[sm_off];
356}
357
358static __inline__ void set_abit ( Addr a, UChar abit )
359{
360 SecMap* sm;
361 UInt sm_off;
362 PROF_EVENT(22);
363 ENSURE_MAPPABLE(a, "set_abit");
364 sm = VG_(primary_map)[a >> 16];
365 sm_off = a & 0xFFFF;
366 if (abit)
367 BITARR_SET(sm->abits, sm_off);
368 else
369 BITARR_CLEAR(sm->abits, sm_off);
370}
371
372static __inline__ void set_vbyte ( Addr a, UChar vbyte )
373{
374 SecMap* sm;
375 UInt sm_off;
376 PROF_EVENT(23);
377 ENSURE_MAPPABLE(a, "set_vbyte");
378 sm = VG_(primary_map)[a >> 16];
379 sm_off = a & 0xFFFF;
380 sm->vbyte[sm_off] = vbyte;
381}
382
383
384/* Reading/writing of the bitmaps, for aligned word-sized accesses. */
385
386static __inline__ UChar get_abits4_ALIGNED ( Addr a )
387{
388 SecMap* sm;
389 UInt sm_off;
390 UChar abits8;
391 PROF_EVENT(24);
392# ifdef VG_DEBUG_MEMORY
393 vg_assert(IS_ALIGNED4_ADDR(a));
394# endif
395 sm = VG_(primary_map)[a >> 16];
396 sm_off = a & 0xFFFF;
397 abits8 = sm->abits[sm_off >> 3];
398 abits8 >>= (a & 4 /* 100b */); /* a & 4 is either 0 or 4 */
399 abits8 &= 0x0F;
400 return abits8;
401}
402
403static UInt __inline__ get_vbytes4_ALIGNED ( Addr a )
404{
405 SecMap* sm = VG_(primary_map)[a >> 16];
406 UInt sm_off = a & 0xFFFF;
407 PROF_EVENT(25);
408# ifdef VG_DEBUG_MEMORY
409 vg_assert(IS_ALIGNED4_ADDR(a));
410# endif
411 return ((UInt*)(sm->vbyte))[sm_off >> 2];
412}
413
414
415/*------------------------------------------------------------*/
416/*--- Setting permissions over address ranges. ---*/
417/*------------------------------------------------------------*/
418
419static void set_address_range_perms ( Addr a, UInt len,
420 UInt example_a_bit,
421 UInt example_v_bit )
422{
423 UChar vbyte, abyte8;
424 UInt vword4, sm_off;
425 SecMap* sm;
426
427 PROF_EVENT(30);
428
429 if (len == 0)
430 return;
431
432 if (len > 100 * 1000 * 1000)
433 VG_(message)(Vg_UserMsg,
434 "Warning: set address range perms: "
435 "large range %d, a %d, v %d",
436 len, example_a_bit, example_v_bit );
437
438 VGP_PUSHCC(VgpSARP);
439
440 /* Requests to change permissions of huge address ranges may
441 indicate bugs in our machinery. 30,000,000 is arbitrary, but so
442 far all legitimate requests have fallen beneath that size. */
443 /* 4 Mar 02: this is just stupid; get rid of it. */
444 /* vg_assert(len < 30000000); */
445
446 /* Check the permissions make sense. */
447 vg_assert(example_a_bit == VGM_BIT_VALID
448 || example_a_bit == VGM_BIT_INVALID);
449 vg_assert(example_v_bit == VGM_BIT_VALID
450 || example_v_bit == VGM_BIT_INVALID);
451 if (example_a_bit == VGM_BIT_INVALID)
452 vg_assert(example_v_bit == VGM_BIT_INVALID);
453
454 /* The validity bits to write. */
455 vbyte = example_v_bit==VGM_BIT_VALID
456 ? VGM_BYTE_VALID : VGM_BYTE_INVALID;
457
458 /* In order that we can charge through the address space at 8
459 bytes/main-loop iteration, make up some perms. */
460 abyte8 = (example_a_bit << 7)
461 | (example_a_bit << 6)
462 | (example_a_bit << 5)
463 | (example_a_bit << 4)
464 | (example_a_bit << 3)
465 | (example_a_bit << 2)
466 | (example_a_bit << 1)
467 | (example_a_bit << 0);
468 vword4 = (vbyte << 24) | (vbyte << 16) | (vbyte << 8) | vbyte;
469
470# ifdef VG_DEBUG_MEMORY
471 /* Do it ... */
472 while (True) {
473 PROF_EVENT(31);
474 if (len == 0) break;
475 set_abit ( a, example_a_bit );
476 set_vbyte ( a, vbyte );
477 a++;
478 len--;
479 }
480
481# else
482 /* Slowly do parts preceding 8-byte alignment. */
483 while (True) {
484 PROF_EVENT(31);
485 if (len == 0) break;
486 if ((a % 8) == 0) break;
487 set_abit ( a, example_a_bit );
488 set_vbyte ( a, vbyte );
489 a++;
490 len--;
491 }
492
493 if (len == 0) {
494 VGP_POPCC;
495 return;
496 }
497 vg_assert((a % 8) == 0 && len > 0);
498
499 /* Once aligned, go fast. */
500 while (True) {
501 PROF_EVENT(32);
502 if (len < 8) break;
503 ENSURE_MAPPABLE(a, "set_address_range_perms(fast)");
504 sm = VG_(primary_map)[a >> 16];
505 sm_off = a & 0xFFFF;
506 sm->abits[sm_off >> 3] = abyte8;
507 ((UInt*)(sm->vbyte))[(sm_off >> 2) + 0] = vword4;
508 ((UInt*)(sm->vbyte))[(sm_off >> 2) + 1] = vword4;
509 a += 8;
510 len -= 8;
511 }
512
513 if (len == 0) {
514 VGP_POPCC;
515 return;
516 }
517 vg_assert((a % 8) == 0 && len > 0 && len < 8);
518
519 /* Finish the upper fragment. */
520 while (True) {
521 PROF_EVENT(33);
522 if (len == 0) break;
523 set_abit ( a, example_a_bit );
524 set_vbyte ( a, vbyte );
525 a++;
526 len--;
527 }
528# endif
529
530 /* Check that zero page and highest page have not been written to
531 -- this could happen with buggy syscall wrappers. Today
532 (2001-04-26) had precisely such a problem with
533 __NR_setitimer. */
534 vg_assert(VG_(first_and_last_secondaries_look_plausible));
535 VGP_POPCC;
536}
537
538
539/* Set permissions for address ranges ... */
540
541void VGM_(make_noaccess) ( Addr a, UInt len )
542{
543 PROF_EVENT(35);
544 set_address_range_perms ( a, len, VGM_BIT_INVALID, VGM_BIT_INVALID );
545}
546
547void VGM_(make_writable) ( Addr a, UInt len )
548{
549 PROF_EVENT(36);
550 set_address_range_perms ( a, len, VGM_BIT_VALID, VGM_BIT_INVALID );
551}
552
553void VGM_(make_readable) ( Addr a, UInt len )
554{
555 PROF_EVENT(37);
556 set_address_range_perms ( a, len, VGM_BIT_VALID, VGM_BIT_VALID );
557}
558
559void VGM_(make_readwritable) ( Addr a, UInt len )
560{
561 PROF_EVENT(38);
562 set_address_range_perms ( a, len, VGM_BIT_VALID, VGM_BIT_VALID );
563}
564
565/* Block-copy permissions (needed for implementing realloc()). */
566
567void VGM_(copy_address_range_perms) ( Addr src, Addr dst, UInt len )
568{
569 UInt i;
570 PROF_EVENT(40);
571 for (i = 0; i < len; i++) {
572 UChar abit = get_abit ( src+i );
573 UChar vbyte = get_vbyte ( src+i );
574 PROF_EVENT(41);
575 set_abit ( dst+i, abit );
576 set_vbyte ( dst+i, vbyte );
577 }
578}
579
580
581/* Check permissions for address range. If inadequate permissions
582 exist, *bad_addr is set to the offending address, so the caller can
583 know what it is. */
584
585Bool VGM_(check_writable) ( Addr a, UInt len, Addr* bad_addr )
586{
587 UInt i;
588 UChar abit;
589 PROF_EVENT(42);
590 for (i = 0; i < len; i++) {
591 PROF_EVENT(43);
592 abit = get_abit(a);
593 if (abit == VGM_BIT_INVALID) {
594 if (bad_addr != NULL) *bad_addr = a;
595 return False;
596 }
597 a++;
598 }
599 return True;
600}
601
602Bool VGM_(check_readable) ( Addr a, UInt len, Addr* bad_addr )
603{
604 UInt i;
605 UChar abit;
606 UChar vbyte;
607 PROF_EVENT(44);
608 for (i = 0; i < len; i++) {
609 abit = get_abit(a);
610 vbyte = get_vbyte(a);
611 PROF_EVENT(45);
612 if (abit != VGM_BIT_VALID || vbyte != VGM_BYTE_VALID) {
613 if (bad_addr != NULL) *bad_addr = a;
614 return False;
615 }
616 a++;
617 }
618 return True;
619}
620
621
622/* Check a zero-terminated ascii string. Tricky -- don't want to
623 examine the actual bytes, to find the end, until we're sure it is
624 safe to do so. */
625
626Bool VGM_(check_readable_asciiz) ( Addr a, Addr* bad_addr )
627{
628 UChar abit;
629 UChar vbyte;
630 PROF_EVENT(46);
631 while (True) {
632 PROF_EVENT(47);
633 abit = get_abit(a);
634 vbyte = get_vbyte(a);
635 if (abit != VGM_BIT_VALID || vbyte != VGM_BYTE_VALID) {
636 if (bad_addr != NULL) *bad_addr = a;
637 return False;
638 }
639 /* Ok, a is safe to read. */
640 if (* ((UChar*)a) == 0) return True;
641 a++;
642 }
643}
644
645
646/* Setting permissions for aligned words. This supports fast stack
647 operations. */
648
649static __inline__ void make_aligned_word_NOACCESS ( Addr a )
650{
651 SecMap* sm;
652 UInt sm_off;
653 UChar mask;
654 PROF_EVENT(50);
655# ifdef VG_DEBUG_MEMORY
656 vg_assert(IS_ALIGNED4_ADDR(a));
657# endif
658 ENSURE_MAPPABLE(a, "make_aligned_word_NOACCESS");
659 sm = VG_(primary_map)[a >> 16];
660 sm_off = a & 0xFFFF;
661 ((UInt*)(sm->vbyte))[sm_off >> 2] = VGM_WORD_INVALID;
662 mask = 0x0F;
663 mask <<= (a & 4 /* 100b */); /* a & 4 is either 0 or 4 */
664 /* mask now contains 1s where we wish to make address bits
665 invalid (1s). */
666 sm->abits[sm_off >> 3] |= mask;
667}
668
669static __inline__ void make_aligned_word_WRITABLE ( Addr a )
670{
671 SecMap* sm;
672 UInt sm_off;
673 UChar mask;
674 PROF_EVENT(51);
675# ifdef VG_DEBUG_MEMORY
676 vg_assert(IS_ALIGNED4_ADDR(a));
677# endif
678 ENSURE_MAPPABLE(a, "make_aligned_word_WRITABLE");
679 sm = VG_(primary_map)[a >> 16];
680 sm_off = a & 0xFFFF;
681 ((UInt*)(sm->vbyte))[sm_off >> 2] = VGM_WORD_INVALID;
682 mask = 0x0F;
683 mask <<= (a & 4 /* 100b */); /* a & 4 is either 0 or 4 */
684 /* mask now contains 1s where we wish to make address bits
685 invalid (0s). */
686 sm->abits[sm_off >> 3] &= ~mask;
687}
688
689
690/*------------------------------------------------------------*/
691/*--- Functions called directly from generated code. ---*/
692/*------------------------------------------------------------*/
693
694static __inline__ UInt rotateRight16 ( UInt x )
695{
696 /* Amazingly, gcc turns this into a single rotate insn. */
697 return (x >> 16) | (x << 16);
698}
699
700
701static __inline__ UInt shiftRight16 ( UInt x )
702{
703 return x >> 16;
704}
705
706
707/* Read/write 1/2/4 sized V bytes, and emit an address error if
708 needed. */
709
710/* VG_(helperc_{LD,ST}V{1,2,4}) handle the common case fast.
711 Under all other circumstances, it defers to the relevant _SLOWLY
712 function, which can handle all situations.
713*/
714
715UInt VG_(helperc_LOADV4) ( Addr a )
716{
717# ifdef VG_DEBUG_MEMORY
718 return vgm_rd_V4_SLOWLY(a);
719# else
720 UInt sec_no = rotateRight16(a) & 0x3FFFF;
721 SecMap* sm = VG_(primary_map)[sec_no];
722 UInt a_off = (a & 0xFFFF) >> 3;
723 UChar abits = sm->abits[a_off];
724 abits >>= (a & 4);
725 abits &= 15;
726 PROF_EVENT(60);
727 if (abits == VGM_NIBBLE_VALID) {
728 /* Handle common case quickly: a is suitably aligned, is mapped,
729 and is addressible. */
730 UInt v_off = a & 0xFFFF;
731 return ((UInt*)(sm->vbyte))[ v_off >> 2 ];
732 } else {
733 /* Slow but general case. */
734 return vgm_rd_V4_SLOWLY(a);
735 }
736# endif
737}
738
739void VG_(helperc_STOREV4) ( Addr a, UInt vbytes )
740{
741# ifdef VG_DEBUG_MEMORY
742 vgm_wr_V4_SLOWLY(a, vbytes);
743# else
744 UInt sec_no = rotateRight16(a) & 0x3FFFF;
745 SecMap* sm = VG_(primary_map)[sec_no];
746 UInt a_off = (a & 0xFFFF) >> 3;
747 UChar abits = sm->abits[a_off];
748 abits >>= (a & 4);
749 abits &= 15;
750 PROF_EVENT(61);
751 if (abits == VGM_NIBBLE_VALID) {
752 /* Handle common case quickly: a is suitably aligned, is mapped,
753 and is addressible. */
754 UInt v_off = a & 0xFFFF;
755 ((UInt*)(sm->vbyte))[ v_off >> 2 ] = vbytes;
756 } else {
757 /* Slow but general case. */
758 vgm_wr_V4_SLOWLY(a, vbytes);
759 }
760# endif
761}
762
763UInt VG_(helperc_LOADV2) ( Addr a )
764{
765# ifdef VG_DEBUG_MEMORY
766 return vgm_rd_V2_SLOWLY(a);
767# else
768 UInt sec_no = rotateRight16(a) & 0x1FFFF;
769 SecMap* sm = VG_(primary_map)[sec_no];
770 UInt a_off = (a & 0xFFFF) >> 3;
771 PROF_EVENT(62);
772 if (sm->abits[a_off] == VGM_BYTE_VALID) {
773 /* Handle common case quickly. */
774 UInt v_off = a & 0xFFFF;
775 return 0xFFFF0000
776 |
777 (UInt)( ((UShort*)(sm->vbyte))[ v_off >> 1 ] );
778 } else {
779 /* Slow but general case. */
780 return vgm_rd_V2_SLOWLY(a);
781 }
782# endif
783}
784
785void VG_(helperc_STOREV2) ( Addr a, UInt vbytes )
786{
787# ifdef VG_DEBUG_MEMORY
788 vgm_wr_V2_SLOWLY(a, vbytes);
789# else
790 UInt sec_no = rotateRight16(a) & 0x1FFFF;
791 SecMap* sm = VG_(primary_map)[sec_no];
792 UInt a_off = (a & 0xFFFF) >> 3;
793 PROF_EVENT(63);
794 if (sm->abits[a_off] == VGM_BYTE_VALID) {
795 /* Handle common case quickly. */
796 UInt v_off = a & 0xFFFF;
797 ((UShort*)(sm->vbyte))[ v_off >> 1 ] = vbytes & 0x0000FFFF;
798 } else {
799 /* Slow but general case. */
800 vgm_wr_V2_SLOWLY(a, vbytes);
801 }
802# endif
803}
804
805UInt VG_(helperc_LOADV1) ( Addr a )
806{
807# ifdef VG_DEBUG_MEMORY
808 return vgm_rd_V1_SLOWLY(a);
809# else
810 UInt sec_no = shiftRight16(a);
811 SecMap* sm = VG_(primary_map)[sec_no];
812 UInt a_off = (a & 0xFFFF) >> 3;
813 PROF_EVENT(64);
814 if (sm->abits[a_off] == VGM_BYTE_VALID) {
815 /* Handle common case quickly. */
816 UInt v_off = a & 0xFFFF;
817 return 0xFFFFFF00
818 |
819 (UInt)( ((UChar*)(sm->vbyte))[ v_off ] );
820 } else {
821 /* Slow but general case. */
822 return vgm_rd_V1_SLOWLY(a);
823 }
824# endif
825}
826
827void VG_(helperc_STOREV1) ( Addr a, UInt vbytes )
828{
829# ifdef VG_DEBUG_MEMORY
830 vgm_wr_V1_SLOWLY(a, vbytes);
831# else
832 UInt sec_no = shiftRight16(a);
833 SecMap* sm = VG_(primary_map)[sec_no];
834 UInt a_off = (a & 0xFFFF) >> 3;
835 PROF_EVENT(65);
836 if (sm->abits[a_off] == VGM_BYTE_VALID) {
837 /* Handle common case quickly. */
838 UInt v_off = a & 0xFFFF;
839 ((UChar*)(sm->vbyte))[ v_off ] = vbytes & 0x000000FF;
840 } else {
841 /* Slow but general case. */
842 vgm_wr_V1_SLOWLY(a, vbytes);
843 }
844# endif
845}
846
847
848/*------------------------------------------------------------*/
849/*--- Fallback functions to handle cases that the above ---*/
850/*--- VG_(helperc_{LD,ST}V{1,2,4}) can't manage. ---*/
851/*------------------------------------------------------------*/
852
853static UInt vgm_rd_V4_SLOWLY ( Addr a )
854{
855 Bool a0ok, a1ok, a2ok, a3ok;
856 UInt vb0, vb1, vb2, vb3;
857
858 PROF_EVENT(70);
859
860 /* First establish independently the addressibility of the 4 bytes
861 involved. */
862 a0ok = get_abit(a+0) == VGM_BIT_VALID;
863 a1ok = get_abit(a+1) == VGM_BIT_VALID;
864 a2ok = get_abit(a+2) == VGM_BIT_VALID;
865 a3ok = get_abit(a+3) == VGM_BIT_VALID;
866
867 /* Also get the validity bytes for the address. */
868 vb0 = (UInt)get_vbyte(a+0);
869 vb1 = (UInt)get_vbyte(a+1);
870 vb2 = (UInt)get_vbyte(a+2);
871 vb3 = (UInt)get_vbyte(a+3);
872
873 /* Now distinguish 3 cases */
874
875 /* Case 1: the address is completely valid, so:
876 - no addressing error
877 - return V bytes as read from memory
878 */
879 if (a0ok && a1ok && a2ok && a3ok) {
880 UInt vw = VGM_WORD_INVALID;
881 vw <<= 8; vw |= vb3;
882 vw <<= 8; vw |= vb2;
883 vw <<= 8; vw |= vb1;
884 vw <<= 8; vw |= vb0;
885 return vw;
886 }
887
888 /* Case 2: the address is completely invalid.
889 - emit addressing error
890 - return V word indicating validity.
891 This sounds strange, but if we make loads from invalid addresses
892 give invalid data, we also risk producing a number of confusing
893 undefined-value errors later, which confuses the fact that the
894 error arose in the first place from an invalid address.
895 */
896 /* VG_(printf)("%p (%d %d %d %d)\n", a, a0ok, a1ok, a2ok, a3ok); */
897 if (!VG_(clo_partial_loads_ok)
898 || ((a & 3) != 0)
899 || (!a0ok && !a1ok && !a2ok && !a3ok)) {
900 VG_(record_address_error)( a, 4, False );
901 return (VGM_BYTE_VALID << 24) | (VGM_BYTE_VALID << 16)
902 | (VGM_BYTE_VALID << 8) | VGM_BYTE_VALID;
903 }
904
905 /* Case 3: the address is partially valid.
906 - no addressing error
907 - returned V word is invalid where the address is invalid,
908 and contains V bytes from memory otherwise.
909 Case 3 is only allowed if VG_(clo_partial_loads_ok) is True
910 (which is the default), and the address is 4-aligned.
911 If not, Case 2 will have applied.
912 */
913 vg_assert(VG_(clo_partial_loads_ok));
914 {
915 UInt vw = VGM_WORD_INVALID;
916 vw <<= 8; vw |= (a3ok ? vb3 : VGM_BYTE_INVALID);
917 vw <<= 8; vw |= (a2ok ? vb2 : VGM_BYTE_INVALID);
918 vw <<= 8; vw |= (a1ok ? vb1 : VGM_BYTE_INVALID);
919 vw <<= 8; vw |= (a0ok ? vb0 : VGM_BYTE_INVALID);
920 return vw;
921 }
922}
923
924static void vgm_wr_V4_SLOWLY ( Addr a, UInt vbytes )
925{
926 /* Check the address for validity. */
927 Bool aerr = False;
928 PROF_EVENT(71);
929
930 if (get_abit(a+0) != VGM_BIT_VALID) aerr = True;
931 if (get_abit(a+1) != VGM_BIT_VALID) aerr = True;
932 if (get_abit(a+2) != VGM_BIT_VALID) aerr = True;
933 if (get_abit(a+3) != VGM_BIT_VALID) aerr = True;
934
935 /* Store the V bytes, remembering to do it little-endian-ly. */
936 set_vbyte( a+0, vbytes & 0x000000FF ); vbytes >>= 8;
937 set_vbyte( a+1, vbytes & 0x000000FF ); vbytes >>= 8;
938 set_vbyte( a+2, vbytes & 0x000000FF ); vbytes >>= 8;
939 set_vbyte( a+3, vbytes & 0x000000FF );
940
941 /* If an address error has happened, report it. */
942 if (aerr)
943 VG_(record_address_error)( a, 4, True );
944}
945
946static UInt vgm_rd_V2_SLOWLY ( Addr a )
947{
948 /* Check the address for validity. */
949 UInt vw = VGM_WORD_INVALID;
950 Bool aerr = False;
951 PROF_EVENT(72);
952
953 if (get_abit(a+0) != VGM_BIT_VALID) aerr = True;
954 if (get_abit(a+1) != VGM_BIT_VALID) aerr = True;
955
956 /* Fetch the V bytes, remembering to do it little-endian-ly. */
957 vw <<= 8; vw |= (UInt)get_vbyte(a+1);
958 vw <<= 8; vw |= (UInt)get_vbyte(a+0);
959
960 /* If an address error has happened, report it. */
961 if (aerr) {
962 VG_(record_address_error)( a, 2, False );
963 vw = (VGM_BYTE_INVALID << 24) | (VGM_BYTE_INVALID << 16)
964 | (VGM_BYTE_VALID << 8) | (VGM_BYTE_VALID);
965 }
966 return vw;
967}
968
969static void vgm_wr_V2_SLOWLY ( Addr a, UInt vbytes )
970{
971 /* Check the address for validity. */
972 Bool aerr = False;
973 PROF_EVENT(73);
974
975 if (get_abit(a+0) != VGM_BIT_VALID) aerr = True;
976 if (get_abit(a+1) != VGM_BIT_VALID) aerr = True;
977
978 /* Store the V bytes, remembering to do it little-endian-ly. */
979 set_vbyte( a+0, vbytes & 0x000000FF ); vbytes >>= 8;
980 set_vbyte( a+1, vbytes & 0x000000FF );
981
982 /* If an address error has happened, report it. */
983 if (aerr)
984 VG_(record_address_error)( a, 2, True );
985}
986
987static UInt vgm_rd_V1_SLOWLY ( Addr a )
988{
989 /* Check the address for validity. */
990 UInt vw = VGM_WORD_INVALID;
991 Bool aerr = False;
992 PROF_EVENT(74);
993
994 if (get_abit(a+0) != VGM_BIT_VALID) aerr = True;
995
996 /* Fetch the V byte. */
997 vw <<= 8; vw |= (UInt)get_vbyte(a+0);
998
999 /* If an address error has happened, report it. */
1000 if (aerr) {
1001 VG_(record_address_error)( a, 1, False );
1002 vw = (VGM_BYTE_INVALID << 24) | (VGM_BYTE_INVALID << 16)
1003 | (VGM_BYTE_INVALID << 8) | (VGM_BYTE_VALID);
1004 }
1005 return vw;
1006}
1007
1008static void vgm_wr_V1_SLOWLY ( Addr a, UInt vbytes )
1009{
1010 /* Check the address for validity. */
1011 Bool aerr = False;
1012 PROF_EVENT(75);
1013 if (get_abit(a+0) != VGM_BIT_VALID) aerr = True;
1014
1015 /* Store the V bytes, remembering to do it little-endian-ly. */
1016 set_vbyte( a+0, vbytes & 0x000000FF );
1017
1018 /* If an address error has happened, report it. */
1019 if (aerr)
1020 VG_(record_address_error)( a, 1, True );
1021}
1022
1023
1024/* ---------------------------------------------------------------------
1025 Called from generated code, or from the assembly helpers.
1026 Handlers for value check failures.
1027 ------------------------------------------------------------------ */
1028
1029void VG_(helperc_value_check0_fail) ( void )
1030{
1031 VG_(record_value_error) ( 0 );
1032}
1033
1034void VG_(helperc_value_check1_fail) ( void )
1035{
1036 VG_(record_value_error) ( 1 );
1037}
1038
1039void VG_(helperc_value_check2_fail) ( void )
1040{
1041 VG_(record_value_error) ( 2 );
1042}
1043
1044void VG_(helperc_value_check4_fail) ( void )
1045{
1046 VG_(record_value_error) ( 4 );
1047}
1048
1049
1050/* ---------------------------------------------------------------------
1051 FPU load and store checks, called from generated code.
1052 ------------------------------------------------------------------ */
1053
1054void VGM_(fpu_read_check) ( Addr addr, Int size )
1055{
1056 /* Ensure the read area is both addressible and valid (ie,
1057 readable). If there's an address error, don't report a value
1058 error too; but if there isn't an address error, check for a
1059 value error.
1060
1061 Try to be reasonably fast on the common case; wimp out and defer
1062 to fpu_read_check_SLOWLY for everything else. */
1063
1064 SecMap* sm;
1065 UInt sm_off, v_off, a_off;
1066 Addr addr4;
1067
1068 PROF_EVENT(80);
1069
1070# ifdef VG_DEBUG_MEMORY
1071 fpu_read_check_SLOWLY ( addr, size );
1072# else
1073
1074 if (size == 4) {
1075 if (!IS_ALIGNED4_ADDR(addr)) goto slow4;
1076 PROF_EVENT(81);
1077 /* Properly aligned. */
1078 sm = VG_(primary_map)[addr >> 16];
1079 sm_off = addr & 0xFFFF;
1080 a_off = sm_off >> 3;
1081 if (sm->abits[a_off] != VGM_BYTE_VALID) goto slow4;
1082 /* Properly aligned and addressible. */
1083 v_off = addr & 0xFFFF;
1084 if (((UInt*)(sm->vbyte))[ v_off >> 2 ] != VGM_WORD_VALID)
1085 goto slow4;
1086 /* Properly aligned, addressible and with valid data. */
1087 return;
1088 slow4:
1089 fpu_read_check_SLOWLY ( addr, 4 );
1090 return;
1091 }
1092
1093 if (size == 8) {
1094 if (!IS_ALIGNED4_ADDR(addr)) goto slow8;
1095 PROF_EVENT(82);
1096 /* Properly aligned. Do it in two halves. */
1097 addr4 = addr + 4;
1098 /* First half. */
1099 sm = VG_(primary_map)[addr >> 16];
1100 sm_off = addr & 0xFFFF;
1101 a_off = sm_off >> 3;
1102 if (sm->abits[a_off] != VGM_BYTE_VALID) goto slow8;
1103 /* First half properly aligned and addressible. */
1104 v_off = addr & 0xFFFF;
1105 if (((UInt*)(sm->vbyte))[ v_off >> 2 ] != VGM_WORD_VALID)
1106 goto slow8;
1107 /* Second half. */
1108 sm = VG_(primary_map)[addr4 >> 16];
1109 sm_off = addr4 & 0xFFFF;
1110 a_off = sm_off >> 3;
1111 if (sm->abits[a_off] != VGM_BYTE_VALID) goto slow8;
1112 /* Second half properly aligned and addressible. */
1113 v_off = addr4 & 0xFFFF;
1114 if (((UInt*)(sm->vbyte))[ v_off >> 2 ] != VGM_WORD_VALID)
1115 goto slow8;
1116 /* Both halves properly aligned, addressible and with valid
1117 data. */
1118 return;
1119 slow8:
1120 fpu_read_check_SLOWLY ( addr, 8 );
1121 return;
1122 }
1123
1124 /* Can't be bothered to huff'n'puff to make these (allegedly) rare
1125 cases go quickly. */
1126 if (size == 2) {
1127 PROF_EVENT(83);
1128 fpu_read_check_SLOWLY ( addr, 2 );
1129 return;
1130 }
1131
1132 if (size == 10) {
1133 PROF_EVENT(84);
1134 fpu_read_check_SLOWLY ( addr, 10 );
1135 return;
1136 }
1137
1138 VG_(printf)("size is %d\n", size);
1139 VG_(panic)("vgm_fpu_read_check: unhandled size");
1140# endif
1141}
1142
1143
1144void VGM_(fpu_write_check) ( Addr addr, Int size )
1145{
1146 /* Ensure the written area is addressible, and moan if otherwise.
1147 If it is addressible, make it valid, otherwise invalid.
1148 */
1149
1150 SecMap* sm;
1151 UInt sm_off, v_off, a_off;
1152 Addr addr4;
1153
1154 PROF_EVENT(85);
1155
1156# ifdef VG_DEBUG_MEMORY
1157 fpu_write_check_SLOWLY ( addr, size );
1158# else
1159
1160 if (size == 4) {
1161 if (!IS_ALIGNED4_ADDR(addr)) goto slow4;
1162 PROF_EVENT(86);
1163 /* Properly aligned. */
1164 sm = VG_(primary_map)[addr >> 16];
1165 sm_off = addr & 0xFFFF;
1166 a_off = sm_off >> 3;
1167 if (sm->abits[a_off] != VGM_BYTE_VALID) goto slow4;
1168 /* Properly aligned and addressible. Make valid. */
1169 v_off = addr & 0xFFFF;
1170 ((UInt*)(sm->vbyte))[ v_off >> 2 ] = VGM_WORD_VALID;
1171 return;
1172 slow4:
1173 fpu_write_check_SLOWLY ( addr, 4 );
1174 return;
1175 }
1176
1177 if (size == 8) {
1178 if (!IS_ALIGNED4_ADDR(addr)) goto slow8;
1179 PROF_EVENT(87);
1180 /* Properly aligned. Do it in two halves. */
1181 addr4 = addr + 4;
1182 /* First half. */
1183 sm = VG_(primary_map)[addr >> 16];
1184 sm_off = addr & 0xFFFF;
1185 a_off = sm_off >> 3;
1186 if (sm->abits[a_off] != VGM_BYTE_VALID) goto slow8;
1187 /* First half properly aligned and addressible. Make valid. */
1188 v_off = addr & 0xFFFF;
1189 ((UInt*)(sm->vbyte))[ v_off >> 2 ] = VGM_WORD_VALID;
1190 /* Second half. */
1191 sm = VG_(primary_map)[addr4 >> 16];
1192 sm_off = addr4 & 0xFFFF;
1193 a_off = sm_off >> 3;
1194 if (sm->abits[a_off] != VGM_BYTE_VALID) goto slow8;
1195 /* Second half properly aligned and addressible. */
1196 v_off = addr4 & 0xFFFF;
1197 ((UInt*)(sm->vbyte))[ v_off >> 2 ] = VGM_WORD_VALID;
1198 /* Properly aligned, addressible and with valid data. */
1199 return;
1200 slow8:
1201 fpu_write_check_SLOWLY ( addr, 8 );
1202 return;
1203 }
1204
1205 /* Can't be bothered to huff'n'puff to make these (allegedly) rare
1206 cases go quickly. */
1207 if (size == 2) {
1208 PROF_EVENT(88);
1209 fpu_write_check_SLOWLY ( addr, 2 );
1210 return;
1211 }
1212
1213 if (size == 10) {
1214 PROF_EVENT(89);
1215 fpu_write_check_SLOWLY ( addr, 10 );
1216 return;
1217 }
1218
1219 VG_(printf)("size is %d\n", size);
1220 VG_(panic)("vgm_fpu_write_check: unhandled size");
1221# endif
1222}
1223
1224
1225/* ---------------------------------------------------------------------
1226 Slow, general cases for FPU load and store checks.
1227 ------------------------------------------------------------------ */
1228
1229/* Generic version. Test for both addr and value errors, but if
1230 there's an addr error, don't report a value error even if it
1231 exists. */
1232
1233void fpu_read_check_SLOWLY ( Addr addr, Int size )
1234{
1235 Int i;
1236 Bool aerr = False;
1237 Bool verr = False;
1238 PROF_EVENT(90);
1239 for (i = 0; i < size; i++) {
1240 PROF_EVENT(91);
1241 if (get_abit(addr+i) != VGM_BIT_VALID)
1242 aerr = True;
1243 if (get_vbyte(addr+i) != VGM_BYTE_VALID)
1244 verr = True;
1245 }
1246
1247 if (aerr) {
1248 VG_(record_address_error)( addr, size, False );
1249 } else {
1250 if (verr)
1251 VG_(record_value_error)( size );
1252 }
1253}
1254
1255
1256/* Generic version. Test for addr errors. Valid addresses are
1257 given valid values, and invalid addresses invalid values. */
1258
1259void fpu_write_check_SLOWLY ( Addr addr, Int size )
1260{
1261 Int i;
1262 Addr a_here;
1263 Bool a_ok;
1264 Bool aerr = False;
1265 PROF_EVENT(92);
1266 for (i = 0; i < size; i++) {
1267 PROF_EVENT(93);
1268 a_here = addr+i;
1269 a_ok = get_abit(a_here) == VGM_BIT_VALID;
1270 if (a_ok) {
1271 set_vbyte(a_here, VGM_BYTE_VALID);
1272 } else {
1273 set_vbyte(a_here, VGM_BYTE_INVALID);
1274 aerr = True;
1275 }
1276 }
1277 if (aerr) {
1278 VG_(record_address_error)( addr, size, True );
1279 }
1280}
1281
1282
1283/*------------------------------------------------------------*/
1284/*--- Tracking permissions around %esp changes. ---*/
1285/*------------------------------------------------------------*/
1286
1287/*
1288 The stack
1289 ~~~~~~~~~
1290 The stack's segment seems to be dynamically extended downwards
1291 by the kernel as the stack pointer moves down. Initially, a
1292 1-page (4k) stack is allocated. When %esp moves below that for
1293 the first time, presumably a page fault occurs. The kernel
1294 detects that the faulting address is in the range from %esp upwards
1295 to the current valid stack. It then extends the stack segment
1296 downwards for enough to cover the faulting address, and resumes
1297 the process (invisibly). The process is unaware of any of this.
1298
1299 That means that Valgrind can't spot when the stack segment is
1300 being extended. Fortunately, we want to precisely and continuously
1301 update stack permissions around %esp, so we need to spot all
1302 writes to %esp anyway.
1303
1304 The deal is: when %esp is assigned a lower value, the stack is
1305 being extended. Create a secondary maps to fill in any holes
1306 between the old stack ptr and this one, if necessary. Then
1307 mark all bytes in the area just "uncovered" by this %esp change
1308 as write-only.
1309
1310 When %esp goes back up, mark the area receded over as unreadable
1311 and unwritable.
1312
1313 Just to record the %esp boundary conditions somewhere convenient:
1314 %esp always points to the lowest live byte in the stack. All
1315 addresses below %esp are not live; those at and above it are.
1316*/
1317
1318/* Does this address look like something in the program's main
1319 stack ? */
1320Bool VG_(is_plausible_stack_addr) ( Addr aa )
1321{
1322 UInt a = (UInt)aa;
1323 PROF_EVENT(100);
1324 if (a < VG_STACK_STARTS_AT &&
1325 a > VG_STACK_STARTS_AT - VG_PLAUSIBLE_STACK_SIZE)
1326 return True;
1327 else
1328 return False;
1329}
1330
1331
1332/* Is this address within some small distance below %ESP? Used only
1333 for the --workaround-gcc296-bugs kludge. */
sewardj8c824512002-04-14 04:16:48 +0000[diff] [blame]1334Bool VG_(is_just_below_ESP)( Addr esp, Addr aa )
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]1335{
sewardj8c824512002-04-14 04:16:48 +0000[diff] [blame]1336 if ((UInt)esp > (UInt)aa
1337 && ((UInt)esp - (UInt)aa) <= VG_GCC296_BUG_STACK_SLOP)
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]1338 return True;
1339 else
1340 return False;
1341}
1342
1343
1344/* Kludgey ... how much does %esp have to change before we reckon that
1345 the application is switching stacks ? */
1346#define VG_HUGE_DELTA (VG_PLAUSIBLE_STACK_SIZE / 4)
1347
1348static Addr get_page_base ( Addr a )
1349{
1350 return a & ~(VKI_BYTES_PER_PAGE-1);
1351}
1352
1353
1354static void vg_handle_esp_assignment_SLOWLY ( Addr );
1355
1356void VGM_(handle_esp_assignment) ( Addr new_espA )
1357{
1358 UInt old_esp = VG_(baseBlock)[VGOFF_(m_esp)];
1359 UInt new_esp = (UInt)new_espA;
1360 Int delta = ((Int)new_esp) - ((Int)old_esp);
1361
1362 PROF_EVENT(101);
1363
1364# ifndef VG_DEBUG_MEMORY
1365
1366 if (IS_ALIGNED4_ADDR(old_esp)) {
1367
1368 /* Deal with the most common cases fast. These are ordered in
1369 the sequence most common first. */
1370
1371 if (delta == -4) {
1372 /* Moving down by 4 and properly aligned.. */
1373 PROF_EVENT(102);
1374 make_aligned_word_WRITABLE(new_esp);
1375 return;
1376 }
1377
1378 if (delta == 4) {
1379 /* Moving up by 4 and properly aligned. */
1380 PROF_EVENT(103);
1381 make_aligned_word_NOACCESS(old_esp);
1382 return;
1383 }
1384
1385 if (delta == 16) {
1386 /* Also surprisingly common. */
1387 PROF_EVENT(104);
1388 make_aligned_word_NOACCESS(old_esp);
1389 make_aligned_word_NOACCESS(old_esp+4);
1390 make_aligned_word_NOACCESS(old_esp+8);
1391 make_aligned_word_NOACCESS(old_esp+12);
1392 return;
1393 }
1394
1395 if (delta == -12) {
1396 PROF_EVENT(105);
1397 make_aligned_word_WRITABLE(new_esp);
1398 make_aligned_word_WRITABLE(new_esp+4);
1399 make_aligned_word_WRITABLE(new_esp+8);
1400 return;
1401 }
1402
1403 if (delta == 8) {
1404 PROF_EVENT(106);
1405 make_aligned_word_NOACCESS(old_esp);
1406 make_aligned_word_NOACCESS(old_esp+4);
1407 return;
1408 }
1409
1410 if (delta == -8) {
1411 PROF_EVENT(107);
1412 make_aligned_word_WRITABLE(new_esp);
1413 make_aligned_word_WRITABLE(new_esp+4);
1414 return;
1415 }
1416 }
1417
1418# endif
1419
1420 /* The above special cases handle 90% to 95% of all the stack
1421 adjustments. The rest we give to the slow-but-general
1422 mechanism. */
1423 vg_handle_esp_assignment_SLOWLY ( new_espA );
1424}
1425
1426
1427static void vg_handle_esp_assignment_SLOWLY ( Addr new_espA )
1428{
1429 UInt old_esp = VG_(baseBlock)[VGOFF_(m_esp)];
1430 UInt new_esp = (UInt)new_espA;
1431 Int delta = ((Int)new_esp) - ((Int)old_esp);
1432
1433 PROF_EVENT(110);
1434 if (-(VG_HUGE_DELTA) < delta && delta < VG_HUGE_DELTA) {
1435 /* "Ordinary" stack change. */
1436 if (new_esp < old_esp) {
1437 /* Moving down; the stack is growing. */
1438 PROF_EVENT(111);
1439 VGM_(make_writable) ( new_esp, old_esp - new_esp );
1440 return;
1441 }
1442 if (new_esp > old_esp) {
1443 /* Moving up; the stack is shrinking. */
1444 PROF_EVENT(112);
1445 VGM_(make_noaccess) ( old_esp, new_esp - old_esp );
1446 return;
1447 }
1448 PROF_EVENT(113);
1449 return; /* when old_esp == new_esp */
1450 }
1451
1452 /* %esp has changed by more than HUGE_DELTA. We take this to mean
1453 that the application is switching to a new stack, for whatever
1454 reason, and we attempt to initialise the permissions around the
1455 new stack in some plausible way. All pretty kludgey; needed to
1456 make netscape-4.07 run without generating thousands of error
1457 contexts.
1458
1459 If we appear to be switching back to the main stack, don't mess
1460 with the permissions in the area at and above the stack ptr.
1461 Otherwise, we're switching to an alternative stack; make the
1462 area above %esp readable -- this doesn't seem right -- the right
1463 thing to do would be to make it writable -- but is needed to
1464 avoid huge numbers of errs in netscape. To be investigated. */
1465
1466 { Addr invalid_down_to = get_page_base(new_esp)
1467 - 0 * VKI_BYTES_PER_PAGE;
1468 Addr valid_up_to = get_page_base(new_esp) + VKI_BYTES_PER_PAGE
1469 + 0 * VKI_BYTES_PER_PAGE;
1470 PROF_EVENT(114);
1471 if (VG_(clo_verbosity) > 1)
1472 VG_(message)(Vg_UserMsg, "Warning: client switching stacks? "
1473 "%%esp: %p --> %p",
1474 old_esp, new_esp);
1475 /* VG_(printf)("na %p, %%esp %p, wr %p\n",
1476 invalid_down_to, new_esp, valid_up_to ); */
1477 VGM_(make_noaccess) ( invalid_down_to, new_esp - invalid_down_to );
1478 if (!VG_(is_plausible_stack_addr)(new_esp)) {
1479 VGM_(make_readable) ( new_esp, valid_up_to - new_esp );
1480 }
1481 }
1482}
1483
1484
1485/*--------------------------------------------------------------*/
1486/*--- Initialise the memory audit system on program startup. ---*/
1487/*--------------------------------------------------------------*/
1488
1489/* Handle one entry derived from /proc/self/maps. */
1490
1491static
1492void init_memory_audit_callback (
1493 Addr start, UInt size,
1494 Char rr, Char ww, Char xx,
1495 UInt foffset, UChar* filename )
1496{
1497 UChar example_a_bit;
1498 UChar example_v_bit;
1499 UInt r_esp;
1500 Bool is_stack_segment;
1501
1502 /* Sanity check ... if this is the executable's text segment,
1503 ensure it is loaded where we think it ought to be. Any file
1504 name which doesn't contain ".so" is assumed to be the
1505 executable. */
1506 if (filename != NULL
1507 && xx == 'x'
1508 && VG_(strstr(filename, ".so")) == NULL
1509 ) {
1510 /* We assume this is the executable. */
1511 if (start != VG_ASSUMED_EXE_BASE) {
1512 VG_(message)(Vg_UserMsg,
1513 "FATAL: executable base addr not as assumed.");
1514 VG_(message)(Vg_UserMsg, "name %s, actual %p, assumed %p.",
1515 filename, start, VG_ASSUMED_EXE_BASE);
sewardjc7c6aed2002-03-24 12:03:00 +0000[diff] [blame]1516 VG_(message)(Vg_UserMsg,
1517 "One reason this could happen is that you have a shared object");
1518 VG_(message)(Vg_UserMsg,
1519 " whose name doesn't contain the characters \".so\", so Valgrind ");
1520 VG_(message)(Vg_UserMsg,
1521 "naively assumes it is the executable. ");
1522 VG_(message)(Vg_UserMsg,
1523 "In that case, rename it appropriately.");
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]1524 VG_(panic)("VG_ASSUMED_EXE_BASE doesn't match reality");
1525 }
1526 }
1527
1528 if (0)
1529 VG_(message)(Vg_DebugMsg,
1530 "initial map %8x-%8x %c%c%c? %8x (%d) (%s)",
1531 start,start+size,rr,ww,xx,foffset,
1532 size, filename?filename:(UChar*)"NULL");
1533
1534 r_esp = VG_(baseBlock)[VGOFF_(m_esp)];
1535 is_stack_segment = start <= r_esp && r_esp < start+size;
1536
1537 /* Figure out the segment's permissions.
1538
1539 All segments are addressible -- since a process can read its
1540 own text segment.
1541
1542 A read-but-not-write segment presumably contains initialised
1543 data, so is all valid. Read-write segments presumably contains
1544 uninitialised data, so is all invalid. */
1545
1546 /* ToDo: make this less bogus. */
1547 if (rr != 'r' && xx != 'x' && ww != 'w') {
1548 /* Very bogus; this path never gets taken. */
1549 /* A no, V no */
1550 example_a_bit = VGM_BIT_INVALID;
1551 example_v_bit = VGM_BIT_INVALID;
1552 } else {
1553 /* A yes, V yes */
1554 example_a_bit = VGM_BIT_VALID;
1555 example_v_bit = VGM_BIT_VALID;
1556 /* Causes a lot of errs for unknown reasons.
1557 if (filename is valgrind.so
1558 [careful about end conditions on filename]) {
1559 example_a_bit = VGM_BIT_INVALID;
1560 example_v_bit = VGM_BIT_INVALID;
1561 }
1562 */
1563 }
1564
1565 set_address_range_perms ( start, size,
1566 example_a_bit, example_v_bit );
1567
1568 if (is_stack_segment) {
1569 /* This is the stack segment. Mark all below %esp as
1570 noaccess. */
1571 if (0)
1572 VG_(message)(Vg_DebugMsg,
1573 "invalidating stack area: %x .. %x",
1574 start,r_esp);
1575 VGM_(make_noaccess)( start, r_esp-start );
1576 }
1577}
1578
1579
1580
1581/* ONLY HERE for sbrk() */
1582#include <unistd.h>
1583
1584/* Initialise the memory audit system. */
1585void VGM_(init_memory_audit) ( void )
1586{
1587 Int i;
1588
1589 init_prof_mem();
1590
1591 for (i = 0; i < 8192; i++)
1592 vg_distinguished_secondary_map.abits[i]
1593 = VGM_BYTE_INVALID; /* Invalid address */
1594 for (i = 0; i < 65536; i++)
1595 vg_distinguished_secondary_map.vbyte[i]
1596 = VGM_BYTE_INVALID; /* Invalid Value */
1597
1598 /* These entries gradually get overwritten as the used address
1599 space expands. */
1600 for (i = 0; i < 65536; i++)
1601 VG_(primary_map)[i] = &vg_distinguished_secondary_map;
1602 /* These ones should never change; it's a bug in Valgrind if they
1603 do. */
1604 for (i = 65536; i < 262144; i++)
1605 VG_(primary_map)[i] = &vg_distinguished_secondary_map;
1606
1607 /* Read the initial memory mapping from the /proc filesystem, and
1608 set up our own maps accordingly. */
1609 VG_(read_procselfmaps) ( init_memory_audit_callback );
1610
1611 /* Last but not least, set up the shadow regs with reasonable (sic)
1612 values. All regs are claimed to have valid values.
1613 */
1614 VG_(baseBlock)[VGOFF_(sh_esp)] = VGM_WORD_VALID;
1615 VG_(baseBlock)[VGOFF_(sh_ebp)] = VGM_WORD_VALID;
1616 VG_(baseBlock)[VGOFF_(sh_eax)] = VGM_WORD_VALID;
1617 VG_(baseBlock)[VGOFF_(sh_ecx)] = VGM_WORD_VALID;
1618 VG_(baseBlock)[VGOFF_(sh_edx)] = VGM_WORD_VALID;
1619 VG_(baseBlock)[VGOFF_(sh_ebx)] = VGM_WORD_VALID;
1620 VG_(baseBlock)[VGOFF_(sh_esi)] = VGM_WORD_VALID;
1621 VG_(baseBlock)[VGOFF_(sh_edi)] = VGM_WORD_VALID;
1622 VG_(baseBlock)[VGOFF_(sh_eflags)] = VGM_EFLAGS_VALID;
1623
1624 /* Record the end of the data segment, so that vg_syscall_mem.c
1625 can make sense of calls to brk().
1626 */
1627 VGM_(curr_dataseg_end) = (Addr)sbrk(0);
1628 if (VGM_(curr_dataseg_end) == (Addr)(-1))
1629 VG_(panic)("vgm_init_memory_audit: can't determine data-seg end");
1630
1631 if (0)
sewardj9a199dc2002-04-14 13:01:38 +0000[diff] [blame]1632 VG_(printf)("DS END is %p\n", (void*)VGM_(curr_dataseg_end));
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]1633
1634 /* Read the list of errors to suppress. This should be found in
1635 the file specified by vg_clo_suppressions. */
1636 VG_(load_suppressions)();
1637}
1638
1639
1640/*------------------------------------------------------------*/
1641/*--- Low-level address-space scanning, for the leak ---*/
1642/*--- detector. ---*/
1643/*------------------------------------------------------------*/
1644
1645static
1646jmp_buf memscan_jmpbuf;
1647
1648static
1649void vg_scan_all_valid_memory_sighandler ( Int sigNo )
1650{
1651 __builtin_longjmp(memscan_jmpbuf, 1);
1652}
1653
1654UInt VG_(scan_all_valid_memory) ( void (*notify_word)( Addr, UInt ) )
1655{
1656 /* All volatile, because some gccs seem paranoid about longjmp(). */
1657 volatile UInt res, numPages, page, vbytes, primaryMapNo, nWordsNotified;
1658 volatile Addr pageBase, addr;
1659 volatile SecMap* sm;
1660 volatile UChar abits;
1661 volatile UInt page_first_word;
1662
1663 vki_ksigaction sigbus_saved;
1664 vki_ksigaction sigbus_new;
1665 vki_ksigaction sigsegv_saved;
1666 vki_ksigaction sigsegv_new;
1667 vki_ksigset_t blockmask_saved;
1668 vki_ksigset_t unblockmask_new;
1669
1670 /* Temporarily install a new sigsegv and sigbus handler, and make
1671 sure SIGBUS, SIGSEGV and SIGTERM are unblocked. (Perhaps the
1672 first two can never be blocked anyway?) */
1673
1674 sigbus_new.ksa_handler = vg_scan_all_valid_memory_sighandler;
1675 sigbus_new.ksa_flags = VKI_SA_ONSTACK | VKI_SA_RESTART;
1676 sigbus_new.ksa_restorer = NULL;
1677 res = VG_(ksigemptyset)( &sigbus_new.ksa_mask );
1678 vg_assert(res == 0);
1679
1680 sigsegv_new.ksa_handler = vg_scan_all_valid_memory_sighandler;
1681 sigsegv_new.ksa_flags = VKI_SA_ONSTACK | VKI_SA_RESTART;
1682 sigsegv_new.ksa_restorer = NULL;
1683 res = VG_(ksigemptyset)( &sigsegv_new.ksa_mask );
1684 vg_assert(res == 0+0);
1685
1686 res = VG_(ksigemptyset)( &unblockmask_new );
1687 res |= VG_(ksigaddset)( &unblockmask_new, VKI_SIGBUS );
1688 res |= VG_(ksigaddset)( &unblockmask_new, VKI_SIGSEGV );
1689 res |= VG_(ksigaddset)( &unblockmask_new, VKI_SIGTERM );
1690 vg_assert(res == 0+0+0);
1691
1692 res = VG_(ksigaction)( VKI_SIGBUS, &sigbus_new, &sigbus_saved );
1693 vg_assert(res == 0+0+0+0);
1694
1695 res = VG_(ksigaction)( VKI_SIGSEGV, &sigsegv_new, &sigsegv_saved );
1696 vg_assert(res == 0+0+0+0+0);
1697
1698 res = VG_(ksigprocmask)( VKI_SIG_UNBLOCK, &unblockmask_new, &blockmask_saved );
1699 vg_assert(res == 0+0+0+0+0+0);
1700
1701 /* The signal handlers are installed. Actually do the memory scan. */
1702 numPages = 1 << (32-VKI_BYTES_PER_PAGE_BITS);
1703 vg_assert(numPages == 1048576);
1704 vg_assert(4096 == (1 << VKI_BYTES_PER_PAGE_BITS));
1705
1706 nWordsNotified = 0;
1707
1708 for (page = 0; page < numPages; page++) {
1709 pageBase = page << VKI_BYTES_PER_PAGE_BITS;
1710 primaryMapNo = pageBase >> 16;
1711 sm = VG_(primary_map)[primaryMapNo];
1712 if (IS_DISTINGUISHED_SM(sm)) continue;
1713 if (__builtin_setjmp(memscan_jmpbuf) == 0) {
1714 /* try this ... */
1715 page_first_word = * (volatile UInt*)pageBase;
1716 /* we get here if we didn't get a fault */
1717 /* Scan the page */
1718 for (addr = pageBase; addr < pageBase+VKI_BYTES_PER_PAGE; addr += 4) {
1719 abits = get_abits4_ALIGNED(addr);
1720 vbytes = get_vbytes4_ALIGNED(addr);
1721 if (abits == VGM_NIBBLE_VALID
1722 && vbytes == VGM_WORD_VALID) {
1723 nWordsNotified++;
1724 notify_word ( addr, *(UInt*)addr );
1725 }
1726 }
1727 } else {
1728 /* We get here if reading the first word of the page caused a
1729 fault, which in turn caused the signal handler to longjmp.
1730 Ignore this page. */
1731 if (0)
1732 VG_(printf)(
1733 "vg_scan_all_valid_memory_sighandler: ignoring page at %p\n",
sewardj9a199dc2002-04-14 13:01:38 +0000[diff] [blame]1734 (void*)pageBase
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]1735 );
1736 }
1737 }
1738
1739 /* Restore signal state to whatever it was before. */
1740 res = VG_(ksigaction)( VKI_SIGBUS, &sigbus_saved, NULL );
1741 vg_assert(res == 0 +0);
1742
1743 res = VG_(ksigaction)( VKI_SIGSEGV, &sigsegv_saved, NULL );
1744 vg_assert(res == 0 +0 +0);
1745
1746 res = VG_(ksigprocmask)( VKI_SIG_SETMASK, &blockmask_saved, NULL );
1747 vg_assert(res == 0 +0 +0 +0);
1748
1749 return nWordsNotified;
1750}
1751
1752
1753/*------------------------------------------------------------*/
1754/*--- Detecting leaked (unreachable) malloc'd blocks. ---*/
1755/*------------------------------------------------------------*/
1756
1757/* A block is either
1758 -- Proper-ly reached; a pointer to its start has been found
1759 -- Interior-ly reached; only an interior pointer to it has been found
1760 -- Unreached; so far, no pointers to any part of it have been found.
1761*/
1762typedef
1763 enum { Unreached, Interior, Proper }
1764 Reachedness;
1765
1766/* A block record, used for generating err msgs. */
1767typedef
1768 struct _LossRecord {
1769 struct _LossRecord* next;
1770 /* Where these lost blocks were allocated. */
1771 ExeContext* allocated_at;
1772 /* Their reachability. */
1773 Reachedness loss_mode;
1774 /* Number of blocks and total # bytes involved. */
1775 UInt total_bytes;
1776 UInt num_blocks;
1777 }
1778 LossRecord;
1779
1780
1781/* Find the i such that ptr points at or inside the block described by
1782 shadows[i]. Return -1 if none found. This assumes that shadows[]
1783 has been sorted on the ->data field. */
1784
1785#ifdef VG_DEBUG_LEAKCHECK
1786/* Used to sanity-check the fast binary-search mechanism. */
1787static Int find_shadow_for_OLD ( Addr ptr,
1788 ShadowChunk** shadows,
1789 Int n_shadows )
1790
1791{
1792 Int i;
1793 Addr a_lo, a_hi;
1794 PROF_EVENT(70);
1795 for (i = 0; i < n_shadows; i++) {
1796 PROF_EVENT(71);
1797 a_lo = shadows[i]->data;
1798 a_hi = ((Addr)shadows[i]->data) + shadows[i]->size - 1;
1799 if (a_lo <= ptr && ptr <= a_hi)
1800 return i;
1801 }
1802 return -1;
1803}
1804#endif
1805
1806
1807static Int find_shadow_for ( Addr ptr,
1808 ShadowChunk** shadows,
1809 Int n_shadows )
1810{
1811 Addr a_mid_lo, a_mid_hi;
1812 Int lo, mid, hi, retVal;
1813 PROF_EVENT(70);
1814 /* VG_(printf)("find shadow for %p = ", ptr); */
1815 retVal = -1;
1816 lo = 0;
1817 hi = n_shadows-1;
1818 while (True) {
1819 PROF_EVENT(71);
1820
1821 /* invariant: current unsearched space is from lo to hi,
1822 inclusive. */
1823 if (lo > hi) break; /* not found */
1824
1825 mid = (lo + hi) / 2;
1826 a_mid_lo = shadows[mid]->data;
1827 a_mid_hi = ((Addr)shadows[mid]->data) + shadows[mid]->size - 1;
1828
1829 if (ptr < a_mid_lo) {
1830 hi = mid-1;
1831 continue;
1832 }
1833 if (ptr > a_mid_hi) {
1834 lo = mid+1;
1835 continue;
1836 }
1837 vg_assert(ptr >= a_mid_lo && ptr <= a_mid_hi);
1838 retVal = mid;
1839 break;
1840 }
1841
1842# ifdef VG_DEBUG_LEAKCHECK
1843 vg_assert(retVal == find_shadow_for_OLD ( ptr, shadows, n_shadows ));
1844# endif
1845 /* VG_(printf)("%d\n", retVal); */
1846 return retVal;
1847}
1848
1849
1850
1851static void sort_malloc_shadows ( ShadowChunk** shadows, UInt n_shadows )
1852{
1853 Int incs[14] = { 1, 4, 13, 40, 121, 364, 1093, 3280,
1854 9841, 29524, 88573, 265720,
1855 797161, 2391484 };
1856 Int lo = 0;
1857 Int hi = n_shadows-1;
1858 Int i, j, h, bigN, hp;
1859 ShadowChunk* v;
1860
1861 PROF_EVENT(72);
1862 bigN = hi - lo + 1; if (bigN < 2) return;
1863 hp = 0; while (incs[hp] < bigN) hp++; hp--;
1864
1865 for (; hp >= 0; hp--) {
1866 PROF_EVENT(73);
1867 h = incs[hp];
1868 i = lo + h;
1869 while (1) {
1870 PROF_EVENT(74);
1871 if (i > hi) break;
1872 v = shadows[i];
1873 j = i;
1874 while (shadows[j-h]->data > v->data) {
1875 PROF_EVENT(75);
1876 shadows[j] = shadows[j-h];
1877 j = j - h;
1878 if (j <= (lo + h - 1)) break;
1879 }
1880 shadows[j] = v;
1881 i++;
1882 }
1883 }
1884}
1885
1886/* Globals, for the callback used by VG_(detect_memory_leaks). */
1887
1888static ShadowChunk** vglc_shadows;
1889static Int vglc_n_shadows;
1890static Reachedness* vglc_reachedness;
1891static Addr vglc_min_mallocd_addr;
1892static Addr vglc_max_mallocd_addr;
1893
1894static
1895void vg_detect_memory_leaks_notify_addr ( Addr a, UInt word_at_a )
1896{
1897 Int sh_no;
1898 Addr ptr = (Addr)word_at_a;
1899 if (ptr >= vglc_min_mallocd_addr && ptr <= vglc_max_mallocd_addr) {
1900 /* Might be legitimate; we'll have to investigate further. */
1901 sh_no = find_shadow_for ( ptr, vglc_shadows, vglc_n_shadows );
1902 if (sh_no != -1) {
1903 /* Found a block at/into which ptr points. */
1904 vg_assert(sh_no >= 0 && sh_no < vglc_n_shadows);
1905 vg_assert(ptr < vglc_shadows[sh_no]->data
1906 + vglc_shadows[sh_no]->size);
1907 /* Decide whether Proper-ly or Interior-ly reached. */
1908 if (ptr == vglc_shadows[sh_no]->data) {
1909 vglc_reachedness[sh_no] = Proper;
1910 } else {
1911 if (vglc_reachedness[sh_no] == Unreached)
1912 vglc_reachedness[sh_no] = Interior;
1913 }
1914 }
1915 }
1916}
1917
1918
1919void VG_(detect_memory_leaks) ( void )
1920{
1921 Int i;
1922 Int blocks_leaked, bytes_leaked;
1923 Int blocks_dubious, bytes_dubious;
1924 Int blocks_reachable, bytes_reachable;
1925 Int n_lossrecords;
1926 UInt bytes_notified;
1927
1928 LossRecord* errlist;
1929 LossRecord* p;
1930
1931 Bool (*ec_comparer_fn) ( ExeContext*, ExeContext* );
1932 PROF_EVENT(76);
1933 vg_assert(VG_(clo_instrument));
1934
1935 /* Decide how closely we want to match ExeContexts in leak
1936 records. */
1937 switch (VG_(clo_leak_resolution)) {
1938 case 2:
1939 ec_comparer_fn = VG_(eq_ExeContext_top2);
1940 break;
1941 case 4:
1942 ec_comparer_fn = VG_(eq_ExeContext_top4);
1943 break;
1944 case VG_DEEPEST_BACKTRACE:
1945 ec_comparer_fn = VG_(eq_ExeContext_all);
1946 break;
1947 default:
1948 VG_(panic)("VG_(detect_memory_leaks): "
1949 "bad VG_(clo_leak_resolution)");
1950 break;
1951 }
1952
1953 /* vg_get_malloc_shadows allocates storage for shadows */
1954 vglc_shadows = VG_(get_malloc_shadows)( &vglc_n_shadows );
1955 if (vglc_n_shadows == 0) {
1956 vg_assert(vglc_shadows == NULL);
1957 VG_(message)(Vg_UserMsg,
1958 "No malloc'd blocks -- no leaks are possible.\n");
1959 return;
1960 }
1961
1962 VG_(message)(Vg_UserMsg,
1963 "searching for pointers to %d not-freed blocks.",
1964 vglc_n_shadows );
1965 sort_malloc_shadows ( vglc_shadows, vglc_n_shadows );
1966
1967 /* Sanity check; assert that the blocks are now in order and that
1968 they don't overlap. */
1969 for (i = 0; i < vglc_n_shadows-1; i++) {
1970 vg_assert( ((Addr)vglc_shadows[i]->data)
1971 < ((Addr)vglc_shadows[i+1]->data) );
1972 vg_assert( ((Addr)vglc_shadows[i]->data) + vglc_shadows[i]->size
1973 < ((Addr)vglc_shadows[i+1]->data) );
1974 }
1975
1976 vglc_min_mallocd_addr = ((Addr)vglc_shadows[0]->data);
1977 vglc_max_mallocd_addr = ((Addr)vglc_shadows[vglc_n_shadows-1]->data)
1978 + vglc_shadows[vglc_n_shadows-1]->size - 1;
1979
1980 vglc_reachedness
1981 = VG_(malloc)( VG_AR_PRIVATE, vglc_n_shadows * sizeof(Reachedness) );
1982 for (i = 0; i < vglc_n_shadows; i++)
1983 vglc_reachedness[i] = Unreached;
1984
1985 /* Do the scan of memory. */
1986 bytes_notified
1987 = VG_(scan_all_valid_memory)( &vg_detect_memory_leaks_notify_addr )
1988 * VKI_BYTES_PER_WORD;
1989
1990 VG_(message)(Vg_UserMsg, "checked %d bytes.", bytes_notified);
1991
1992 blocks_leaked = bytes_leaked = 0;
1993 blocks_dubious = bytes_dubious = 0;
1994 blocks_reachable = bytes_reachable = 0;
1995
1996 for (i = 0; i < vglc_n_shadows; i++) {
1997 if (vglc_reachedness[i] == Unreached) {
1998 blocks_leaked++;
1999 bytes_leaked += vglc_shadows[i]->size;
2000 }
2001 else if (vglc_reachedness[i] == Interior) {
2002 blocks_dubious++;
2003 bytes_dubious += vglc_shadows[i]->size;
2004 }
2005 else if (vglc_reachedness[i] == Proper) {
2006 blocks_reachable++;
2007 bytes_reachable += vglc_shadows[i]->size;
2008 }
2009 }
2010
2011 VG_(message)(Vg_UserMsg, "");
2012 VG_(message)(Vg_UserMsg, "definitely lost: %d bytes in %d blocks.",
2013 bytes_leaked, blocks_leaked );
2014 VG_(message)(Vg_UserMsg, "possibly lost: %d bytes in %d blocks.",
2015 bytes_dubious, blocks_dubious );
2016 VG_(message)(Vg_UserMsg, "still reachable: %d bytes in %d blocks.",
2017 bytes_reachable, blocks_reachable );
2018
2019
2020 /* Common up the lost blocks so we can print sensible error
2021 messages. */
2022
2023 n_lossrecords = 0;
2024 errlist = NULL;
2025 for (i = 0; i < vglc_n_shadows; i++) {
2026 for (p = errlist; p != NULL; p = p->next) {
2027 if (p->loss_mode == vglc_reachedness[i]
2028 && ec_comparer_fn (
2029 p->allocated_at,
2030 vglc_shadows[i]->where) ) {
2031 break;
2032 }
2033 }
2034 if (p != NULL) {
2035 p->num_blocks ++;
2036 p->total_bytes += vglc_shadows[i]->size;
2037 } else {
2038 n_lossrecords ++;
2039 p = VG_(malloc)(VG_AR_PRIVATE, sizeof(LossRecord));
2040 p->loss_mode = vglc_reachedness[i];
2041 p->allocated_at = vglc_shadows[i]->where;
2042 p->total_bytes = vglc_shadows[i]->size;
2043 p->num_blocks = 1;
2044 p->next = errlist;
2045 errlist = p;
2046 }
2047 }
2048
2049 for (i = 0; i < n_lossrecords; i++) {
2050 LossRecord* p_min = NULL;
2051 UInt n_min = 0xFFFFFFFF;
2052 for (p = errlist; p != NULL; p = p->next) {
2053 if (p->num_blocks > 0 && p->total_bytes < n_min) {
2054 n_min = p->total_bytes;
2055 p_min = p;
2056 }
2057 }
2058 vg_assert(p_min != NULL);
2059
2060 if ( (!VG_(clo_show_reachable)) && p_min->loss_mode == Proper) {
2061 p_min->num_blocks = 0;
2062 continue;
2063 }
2064
2065 VG_(message)(Vg_UserMsg, "");
2066 VG_(message)(
2067 Vg_UserMsg,
2068 "%d bytes in %d blocks are %s in loss record %d of %d",
2069 p_min->total_bytes, p_min->num_blocks,
2070 p_min->loss_mode==Unreached ? "definitely lost" :
2071 (p_min->loss_mode==Interior ? "possibly lost"
2072 : "still reachable"),
2073 i+1, n_lossrecords
2074 );
2075 VG_(pp_ExeContext)(p_min->allocated_at);
2076 p_min->num_blocks = 0;
2077 }
2078
2079 VG_(message)(Vg_UserMsg, "");
2080 VG_(message)(Vg_UserMsg, "LEAK SUMMARY:");
2081 VG_(message)(Vg_UserMsg, " possibly lost: %d bytes in %d blocks.",
2082 bytes_dubious, blocks_dubious );
2083 VG_(message)(Vg_UserMsg, " definitely lost: %d bytes in %d blocks.",
2084 bytes_leaked, blocks_leaked );
2085 VG_(message)(Vg_UserMsg, " still reachable: %d bytes in %d blocks.",
2086 bytes_reachable, blocks_reachable );
2087 if (!VG_(clo_show_reachable)) {
2088 VG_(message)(Vg_UserMsg,
2089 "Reachable blocks (those to which a pointer was found) are not shown.");
2090 VG_(message)(Vg_UserMsg,
2091 "To see them, rerun with: --show-reachable=yes");
2092 }
2093 VG_(message)(Vg_UserMsg, "");
2094
2095 VG_(free) ( VG_AR_PRIVATE, vglc_shadows );
2096 VG_(free) ( VG_AR_PRIVATE, vglc_reachedness );
2097}
2098
2099
2100/* ---------------------------------------------------------------------
2101 Sanity check machinery (permanently engaged).
2102 ------------------------------------------------------------------ */
2103
2104/* Check that nobody has spuriously claimed that the first or last 16
2105 pages (64 KB) of address space have become accessible. Failure of
2106 the following do not per se indicate an internal consistency
2107 problem, but they are so likely to that we really want to know
2108 about it if so. */
2109
2110Bool VG_(first_and_last_secondaries_look_plausible) ( void )
2111{
2112 if (IS_DISTINGUISHED_SM(VG_(primary_map)[0])
2113 && IS_DISTINGUISHED_SM(VG_(primary_map)[65535])) {
2114 return True;
2115 } else {
2116 return False;
2117 }
2118}
2119
2120
2121/* A fast sanity check -- suitable for calling circa once per
2122 millisecond. */
2123
sewardj2e93c502002-04-12 11:12:52 +0000[diff] [blame]2124void VG_(do_sanity_checks) ( ThreadId tid, Bool force_expensive )
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]2125{
sewardj2e93c502002-04-12 11:12:52 +0000[diff] [blame]2126 Int i;
2127 Bool do_expensive_checks;
2128 ThreadState* tst;
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]2129
2130 if (VG_(sanity_level) < 1) return;
2131
2132 /* --- First do all the tests that we can do quickly. ---*/
2133
2134 VG_(sanity_fast_count)++;
2135
sewardj2e93c502002-04-12 11:12:52 +0000[diff] [blame]2136 tst = VG_(get_thread_state)(tid);
2137 vg_assert(tst != NULL && tst->status != VgTs_Empty);
2138
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]2139 /* Check that we haven't overrun our private stack. */
2140 for (i = 0; i < 10; i++) {
2141 vg_assert(VG_(stack)[i]
2142 == ((UInt)(&VG_(stack)[i]) ^ 0xA4B3C2D1));
2143 vg_assert(VG_(stack)[10000-1-i]
2144 == ((UInt)(&VG_(stack)[10000-i-1]) ^ 0xABCD4321));
2145 }
2146
2147 /* Check stuff pertaining to the memory check system. */
2148
2149 if (VG_(clo_instrument)) {
2150
2151 /* Check that the eflags tag is as expected. */
sewardj2e93c502002-04-12 11:12:52 +0000[diff] [blame]2152 UInt vv = tst->sh_eflags;
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]2153 vg_assert(vv == VGM_EFLAGS_VALID || VGM_EFLAGS_INVALID);
2154
2155 /* Check that nobody has spuriously claimed that the first or
2156 last 16 pages of memory have become accessible [...] */
2157 vg_assert(VG_(first_and_last_secondaries_look_plausible));
2158 }
2159
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]2160 /* --- Now some more expensive checks. ---*/
2161
2162 /* Once every 25 times, check some more expensive stuff. */
2163
2164 do_expensive_checks = False;
2165 if (force_expensive)
2166 do_expensive_checks = True;
2167 if (VG_(sanity_level) > 1)
2168 do_expensive_checks = True;
2169 if (VG_(sanity_level) == 1
2170 && (VG_(sanity_fast_count) % 25) == 0)
2171 do_expensive_checks = True;
2172
2173 if (do_expensive_checks) {
2174 VG_(sanity_slow_count)++;
2175
2176# if 0
2177 { void zzzmemscan(void); zzzmemscan(); }
2178# endif
2179
2180 if ((VG_(sanity_fast_count) % 250) == 0)
2181 VG_(sanity_check_tc_tt)();
2182
2183 if (VG_(clo_instrument)) {
2184 /* Make sure nobody changed the distinguished secondary. */
2185 for (i = 0; i < 8192; i++)
2186 vg_assert(vg_distinguished_secondary_map.abits[i]
2187 == VGM_BYTE_INVALID);
2188 for (i = 0; i < 65536; i++)
2189 vg_assert(vg_distinguished_secondary_map.vbyte[i]
2190 == VGM_BYTE_INVALID);
2191
2192 /* Make sure that the upper 3/4 of the primary map hasn't
2193 been messed with. */
2194 for (i = 65536; i < 262144; i++)
2195 vg_assert(VG_(primary_map)[i]
2196 == & vg_distinguished_secondary_map);
2197 }
2198 /*
2199 if ((VG_(sanity_fast_count) % 500) == 0) VG_(mallocSanityCheckAll)();
2200 */
2201 }
2202
2203 if (VG_(sanity_level) > 1) {
2204 /* Check sanity of the low-level memory manager. Note that bugs
2205 in the client's code can cause this to fail, so we don't do
2206 this check unless specially asked for. And because it's
2207 potentially very expensive. */
2208 VG_(mallocSanityCheckAll)();
2209 }
2210}
2211
2212
2213/* ---------------------------------------------------------------------
2214 Debugging machinery (turn on to debug). Something of a mess.
2215 ------------------------------------------------------------------ */
2216
2217/* Print the value tags on the 8 integer registers & flag reg. */
2218
2219static void uint_to_bits ( UInt x, Char* str )
2220{
2221 Int i;
2222 Int w = 0;
2223 /* str must point to a space of at least 36 bytes. */
2224 for (i = 31; i >= 0; i--) {
2225 str[w++] = (x & ( ((UInt)1) << i)) ? '1' : '0';
2226 if (i == 24 || i == 16 || i == 8)
2227 str[w++] = ' ';
2228 }
2229 str[w++] = 0;
2230 vg_assert(w == 36);
2231}
2232
sewardj2e93c502002-04-12 11:12:52 +0000[diff] [blame]2233/* Caution! Not vthread-safe; looks in VG_(baseBlock), not the thread
2234 state table. */
2235
sewardjde4a1d02002-03-22 01:27:54 +0000[diff] [blame]2236void VG_(show_reg_tags) ( void )
2237{
2238 Char buf1[36];
2239 Char buf2[36];
2240 UInt z_eax, z_ebx, z_ecx, z_edx,
2241 z_esi, z_edi, z_ebp, z_esp, z_eflags;
2242
2243 z_eax = VG_(baseBlock)[VGOFF_(sh_eax)];
2244 z_ebx = VG_(baseBlock)[VGOFF_(sh_ebx)];
2245 z_ecx = VG_(baseBlock)[VGOFF_(sh_ecx)];
2246 z_edx = VG_(baseBlock)[VGOFF_(sh_edx)];
2247 z_esi = VG_(baseBlock)[VGOFF_(sh_esi)];
2248 z_edi = VG_(baseBlock)[VGOFF_(sh_edi)];
2249 z_ebp = VG_(baseBlock)[VGOFF_(sh_ebp)];
2250 z_esp = VG_(baseBlock)[VGOFF_(sh_esp)];
2251 z_eflags = VG_(baseBlock)[VGOFF_(sh_eflags)];
2252
2253 uint_to_bits(z_eflags, buf1);
2254 VG_(message)(Vg_DebugMsg, "efl %\n", buf1);
2255
2256 uint_to_bits(z_eax, buf1);
2257 uint_to_bits(z_ebx, buf2);
2258 VG_(message)(Vg_DebugMsg, "eax %s ebx %s\n", buf1, buf2);
2259
2260 uint_to_bits(z_ecx, buf1);
2261 uint_to_bits(z_edx, buf2);
2262 VG_(message)(Vg_DebugMsg, "ecx %s edx %s\n", buf1, buf2);
2263
2264 uint_to_bits(z_esi, buf1);
2265 uint_to_bits(z_edi, buf2);
2266 VG_(message)(Vg_DebugMsg, "esi %s edi %s\n", buf1, buf2);
2267
2268 uint_to_bits(z_ebp, buf1);
2269 uint_to_bits(z_esp, buf2);
2270 VG_(message)(Vg_DebugMsg, "ebp %s esp %s\n", buf1, buf2);
2271}
2272
2273
2274#if 0
2275/* For debugging only. Scan the address space and touch all allegedly
2276 addressible words. Useful for establishing where Valgrind's idea of
2277 addressibility has diverged from what the kernel believes. */
2278
2279static
2280void zzzmemscan_notify_word ( Addr a, UInt w )
2281{
2282}
2283
2284void zzzmemscan ( void )
2285{
2286 Int n_notifies
2287 = VG_(scan_all_valid_memory)( zzzmemscan_notify_word );
2288 VG_(printf)("zzzmemscan: n_bytes = %d\n", 4 * n_notifies );
2289}
2290#endif
2291
2292
2293
2294
2295#if 0
2296static Int zzz = 0;
2297
2298void show_bb ( Addr eip_next )
2299{
2300 VG_(printf)("[%4d] ", zzz);
2301 VG_(show_reg_tags)( &VG_(m_shadow );
2302 VG_(translate) ( eip_next, NULL, NULL, NULL );
2303}
2304#endif /* 0 */
2305
2306/*--------------------------------------------------------------------*/
2307/*--- end vg_memory.c ---*/
2308/*--------------------------------------------------------------------*/