summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--memcheck/tests/origin3-no.c98
-rw-r--r--memcheck/tests/origin3-no.stderr.exp47
-rw-r--r--memcheck/tests/origin4-many.c47
-rw-r--r--memcheck/tests/origin4-many.stderr.exp-glibc25-amd6448
-rw-r--r--memcheck/tests/origin4-many.stderr.exp-glibc25-x8648
5 files changed, 220 insertions, 68 deletions
diff --git a/memcheck/tests/origin3-no.c b/memcheck/tests/origin3-no.c
index 7bcabd7f..bec5e3e1 100644
--- a/memcheck/tests/origin3-no.c
+++ b/memcheck/tests/origin3-no.c
@@ -1,6 +1,9 @@
/* This test case was originally written by Nicholas Nethercote. */
+// [[This comment applies to the old piggybacking approach to
+// origin-tracking. The newer approach handles the cases in this file
+// correctly.]]
// This test demonstrates cases the piggybacking algorithm cannot handle,
// but which are handled ok by the instrumentation based algorithm.
@@ -11,54 +14,80 @@
int x = 0;
+__attribute__((noinline)) int t1(void);
+__attribute__((noinline)) int t2(void);
+__attribute__((noinline)) int t3(void);
+__attribute__((noinline)) int t4(void);
+__attribute__((noinline)) int t5(void);
+__attribute__((noinline)) int t6(void);
+
int main(void)
{
assert(4 == sizeof(int));
+ x += t1();
+ x += t2();
+ x += t3();
+ x += t4();
+ x += t5();
+ x += t6();
+
+ return x & 255;
+}
+
+__attribute__((noinline)) int t1(void)
+{
// 8-bit undefined value. When compared it's loaded from memory, so will
// never work.
- {
- char* ptr_to_undef_char = malloc(sizeof(char));
- char undef_char = *ptr_to_undef_char;
- fprintf(stderr, "\nUndef 1 of 8 (8 bit undef)\n");
- x += (undef_char == 0x12 ? 11 : 22);
- }
+ char* ptr_to_undef_char = malloc(sizeof(char));
+ char undef_char = *ptr_to_undef_char;
+ fprintf(stderr, "\nUndef 1 of 8 (8 bit undef)\n");
+ return (undef_char == 0x12 ? 11 : 22);
+}
+__attribute__((noinline)) int t2(void)
+{
// Stack, 8-bit from (recently) 32-bit. But the load only loads 8-bits
// of the value, so it'll never work.
- {
- int undef_stack_int;
- register char undef_stack_char = (char)undef_stack_int;
- fprintf(stderr, "\nUndef 2 of 8 (8 bits of 32 undef)\n");
- x += (undef_stack_char == 0x12 ? 11 : 22);
- }
+ int undef_stack_int;
+ register char undef_stack_char = (char)undef_stack_int;
+ fprintf(stderr, "\nUndef 2 of 8 (8 bits of 32 undef)\n");
+ return (undef_stack_char == 0x12 ? 11 : 22);
+}
+__attribute__((noinline)) int t3(void)
+{
// 32-bit undefined value. This one is identified, and is here for
// sanity-checking.
- {
- int* ptr_to_undef_int = malloc(sizeof(int));
- int undef_int = *ptr_to_undef_int;
- fprintf(stderr, "\nUndef 3 of 8 (32 bit undef)\n");
- x += (undef_int == 0x12345678 ? 13 : 24);
- }
+ int* ptr_to_undef_int = malloc(sizeof(int));
+ int undef_int = *ptr_to_undef_int;
+ fprintf(stderr, "\nUndef 3 of 8 (32 bit undef)\n");
+ return (undef_int == 0x12345678 ? 13 : 24);
+}
+__attribute__((noinline)) int t4(void)
+{
// Unaligned 32-bit value.
- {
- int* ptr_to_undef_int = malloc(sizeof(int) + 1);
- int undef_unaligned_int = *(int*)((long)ptr_to_undef_int + 1);
- fprintf(stderr, "\nUndef 4 of 8 (32 bit undef, unaligned)\n");
- x += (undef_unaligned_int == 0x12345678 ? 14 : 25);
- }
+ int* ptr_to_undef_int = malloc(sizeof(int) + 1);
+ int undef_unaligned_int = *(int*)((long)ptr_to_undef_int + 1);
+ fprintf(stderr, "\nUndef 4 of 8 (32 bit undef, unaligned)\n");
+ return (undef_unaligned_int == 0x12345678 ? 14 : 25);
+}
+__attribute__((noinline)) int t5(void)
+{
// Modified 32-bit value.
- {
- int* ptr_to_undef_int3 = malloc(sizeof(int));
- int modified_undef_int = *ptr_to_undef_int3;
- fprintf(stderr, "\nUndef 5 of 8 (32 bit undef, modified)\n");
- modified_undef_int++;
- x += (modified_undef_int == 0x12345678 ? 15 : 26);
- }
+ int* ptr_to_undef_int3 = malloc(sizeof(int));
+ int modified_undef_int = *ptr_to_undef_int3;
+ fprintf(stderr, "\nUndef 5 of 8 (32 bit undef, modified)\n");
+ modified_undef_int++;
+ return (modified_undef_int == 0x12345678 ? 15 : 26);
+}
+__attribute__((noinline)) int t6(void)
+{
+ int y = 0;
+
// Uninitialised 32-bit value (middle of 3) is made undefined in two
// unaligned pieces:
// |....|....|....| three 4-byte integers
@@ -75,11 +104,12 @@ int main(void)
VALGRIND_MAKE_MEM_UNDEFINED(ptr_to_3_undef_ints, 6);
VALGRIND_MAKE_MEM_UNDEFINED(ptr_to_middle, 6);
fprintf(stderr, "\nUndef 6 of 8 (32 bit undef, unaligned, strange, #1)\n");
- x += (*(ptr_to_3_undef_ints + 0) == 0x12345678 ? 16 : 27);
+ y += (*(ptr_to_3_undef_ints + 0) == 0x12345678 ? 16 : 27);
fprintf(stderr, "\nUndef 7 of 8 (32 bit undef, unaligned, strange, #2)\n");
- x += (*(ptr_to_3_undef_ints + 1) == 0x12345678 ? 17 : 28);
+ y += (*(ptr_to_3_undef_ints + 1) == 0x12345678 ? 17 : 28);
fprintf(stderr, "\nUndef 8 of 8 (32 bit undef, unaligned, strange, #3)\n");
- x += (*(ptr_to_3_undef_ints + 2) == 0x12345678 ? 18 : 29);
+ y += (*(ptr_to_3_undef_ints + 2) == 0x12345678 ? 18 : 29);
+ return y;
}
return x;
diff --git a/memcheck/tests/origin3-no.stderr.exp b/memcheck/tests/origin3-no.stderr.exp
index 7ef704be..d3ffe94e 100644
--- a/memcheck/tests/origin3-no.stderr.exp
+++ b/memcheck/tests/origin3-no.stderr.exp
@@ -1,59 +1,74 @@
Undef 1 of 8 (8 bit undef)
Conditional jump or move depends on uninitialised value(s)
- at 0x........: main (origin3-no.c:24)
+ at 0x........: t1 (origin3-no.c:45)
+ by 0x........: main (origin3-no.c:28)
Uninitialised value was created by a heap allocation
at 0x........: malloc (vg_replace_malloc.c:...)
- by 0x........: main (origin3-no.c:21)
+ by 0x........: t1 (origin3-no.c:42)
+ by 0x........: main (origin3-no.c:28)
Undef 2 of 8 (8 bits of 32 undef)
Conditional jump or move depends on uninitialised value(s)
- at 0x........: main (origin3-no.c:33)
+ at 0x........: t2 (origin3-no.c:55)
+ by 0x........: main (origin3-no.c:29)
Uninitialised value was created by a stack allocation
- at 0x........: main (origin3-no.c:15)
+ at 0x........: t2 (origin3-no.c:49)
Undef 3 of 8 (32 bit undef)
Conditional jump or move depends on uninitialised value(s)
- at 0x........: main (origin3-no.c:42)
+ at 0x........: t3 (origin3-no.c:65)
+ by 0x........: main (origin3-no.c:30)
Uninitialised value was created by a heap allocation
at 0x........: malloc (vg_replace_malloc.c:...)
- by 0x........: main (origin3-no.c:39)
+ by 0x........: t3 (origin3-no.c:62)
+ by 0x........: main (origin3-no.c:30)
Undef 4 of 8 (32 bit undef, unaligned)
Conditional jump or move depends on uninitialised value(s)
- at 0x........: main (origin3-no.c:50)
+ at 0x........: t4 (origin3-no.c:74)
+ by 0x........: main (origin3-no.c:31)
Uninitialised value was created by a heap allocation
at 0x........: malloc (vg_replace_malloc.c:...)
- by 0x........: main (origin3-no.c:47)
+ by 0x........: t4 (origin3-no.c:71)
+ by 0x........: main (origin3-no.c:31)
Undef 5 of 8 (32 bit undef, modified)
Conditional jump or move depends on uninitialised value(s)
- at 0x........: main (origin3-no.c:59)
+ at 0x........: t5 (origin3-no.c:84)
+ by 0x........: main (origin3-no.c:32)
Uninitialised value was created by a heap allocation
at 0x........: malloc (vg_replace_malloc.c:...)
- by 0x........: main (origin3-no.c:55)
+ by 0x........: t5 (origin3-no.c:80)
+ by 0x........: main (origin3-no.c:32)
Undef 6 of 8 (32 bit undef, unaligned, strange, #1)
Conditional jump or move depends on uninitialised value(s)
- at 0x........: main (origin3-no.c:78)
+ at 0x........: t6 (origin3-no.c:107)
+ by 0x........: main (origin3-no.c:33)
Uninitialised value was created by a client request
- at 0x........: main (origin3-no.c:75)
+ at 0x........: t6 (origin3-no.c:104)
+ by 0x........: main (origin3-no.c:33)
Undef 7 of 8 (32 bit undef, unaligned, strange, #2)
Conditional jump or move depends on uninitialised value(s)
- at 0x........: main (origin3-no.c:80)
+ at 0x........: t6 (origin3-no.c:109)
+ by 0x........: main (origin3-no.c:33)
Uninitialised value was created by a client request
- at 0x........: main (origin3-no.c:76)
+ at 0x........: t6 (origin3-no.c:105)
+ by 0x........: main (origin3-no.c:33)
Undef 8 of 8 (32 bit undef, unaligned, strange, #3)
Conditional jump or move depends on uninitialised value(s)
- at 0x........: main (origin3-no.c:82)
+ at 0x........: t6 (origin3-no.c:111)
+ by 0x........: main (origin3-no.c:33)
Uninitialised value was created by a client request
- at 0x........: main (origin3-no.c:76)
+ at 0x........: t6 (origin3-no.c:105)
+ by 0x........: main (origin3-no.c:33)
diff --git a/memcheck/tests/origin4-many.c b/memcheck/tests/origin4-many.c
index f8f6ea7a..6bb850ec 100644
--- a/memcheck/tests/origin4-many.c
+++ b/memcheck/tests/origin4-many.c
@@ -1,16 +1,15 @@
/* This test case was originally written by Nicholas Nethercote. */
-// (old comments)
-// This file tests how many possible origins can be tracked for a single
-// error.
-// XXX: other files don't need to do have multiple origins for errors now,
-// thanks to this test...
-// (end of old comments)
-/* When compiled -O, this produces an executable which reports a
- single uninitialised value error, on the value handed to the exit()
- system call. Fair enough.
+
+
+/* For 'x', we get an uninitialised error for every addition to it. For
+ each one we get one origin identified, even though most of them involve
+ more than one undefined value. */
+
+/* For 'y', we get a single uninitialised value error, on the value handed
+ to the exit() system call. Fair enough.
An important question is: which of the origins is reported in the
error? Well, considering that (1) m_execontext allocates ECUs
@@ -24,6 +23,7 @@
#include <stdio.h>
static int x = 0;
+static int y = 0;
int main(void)
{
@@ -46,14 +46,25 @@ int main(void)
int ui7 = *p_ui7;
int ui8 = *p_ui8;
- x += (ui1 == 0x12345678 ? 12 : 23);
- x += (ui1 +ui2 == 0x12345678 ? 13 : 24);
- x += (ui1 +ui2 +ui3 == 0x12345678 ? 14 : 25);
- x += (ui1 +ui2 +ui3 +ui4 == 0x12345678 ? 15 : 26);
- x += (ui1 +ui2 +ui3 +ui4 +ui5 == 0x12345678 ? 16 : 27);
- x += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 == 0x12345678 ? 17 : 28);
- x += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 +ui7 == 0x12345678 ? 18 : 29);
- x += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 +ui7 +ui8 == 0x12345678 ? 19 : 30);
+#define P printf("huh?")
+
+ x += (ui1 == 0x12345678 ? P : 23);
+ x += (ui1 +ui2 == 0x12345678 ? P : 24);
+ x += (ui1 +ui2 +ui3 == 0x12345678 ? P : 25);
+ x += (ui1 +ui2 +ui3 +ui4 == 0x12345678 ? P : 26);
+ x += (ui1 +ui2 +ui3 +ui4 +ui5 == 0x12345678 ? P : 27);
+ x += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 == 0x12345678 ? P : 28);
+ x += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 +ui7 == 0x12345678 ? P : 29);
+ x += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 +ui7 +ui8 == 0x12345678 ? P : 30);
+
+ y += (ui1 );
+ y += (ui1 +ui2 );
+ y += (ui1 +ui2 +ui3 );
+ y += (ui1 +ui2 +ui3 +ui4 );
+ y += (ui1 +ui2 +ui3 +ui4 +ui5 );
+ y += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 );
+ y += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 +ui7 );
+ y += (ui1 +ui2 +ui3 +ui4 +ui5 +ui6 +ui7 +ui8);
- return x & 1;
+ return y & 1;
}
diff --git a/memcheck/tests/origin4-many.stderr.exp-glibc25-amd64 b/memcheck/tests/origin4-many.stderr.exp-glibc25-amd64
index b9589af6..b1855cba 100644
--- a/memcheck/tests/origin4-many.stderr.exp-glibc25-amd64
+++ b/memcheck/tests/origin4-many.stderr.exp-glibc25-amd64
@@ -1,3 +1,51 @@
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:51)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:32)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:52)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:33)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:53)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:34)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:54)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:35)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:55)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:36)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:56)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:37)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:57)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:38)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:58)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:39)
+
Syscall param exit_group(exit_code) contains uninitialised byte(s)
at 0x........: _Exit (in /...libc...)
by 0x........: ...
diff --git a/memcheck/tests/origin4-many.stderr.exp-glibc25-x86 b/memcheck/tests/origin4-many.stderr.exp-glibc25-x86
index e01aab55..e7b823c7 100644
--- a/memcheck/tests/origin4-many.stderr.exp-glibc25-x86
+++ b/memcheck/tests/origin4-many.stderr.exp-glibc25-x86
@@ -1,3 +1,51 @@
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:51)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:32)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:52)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:33)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:53)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:34)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:54)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:35)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:55)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:36)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:56)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:37)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:57)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:38)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x........: main (origin4-many.c:58)
+ Uninitialised value was created by a heap allocation
+ at 0x........: malloc (vg_replace_malloc.c:...)
+ by 0x........: main (origin4-many.c:39)
+
Syscall param exit_group(exit_code) contains uninitialised byte(s)
at 0x........: _Exit (in /...libc...)
by 0x........: (below main) (in /...libc...)