[oi-dev] Valgrind

Sat Feb 15 19:28:29 UTC 2025

On 15-02-25 08:50, Paul Floyd via oi-dev wrote:

> I'll be asking more questions as I try to clean up more of the 
> outstanding issues.

My first question isn't a Valgrind question, it's a testcase that's 
problematic.

The source file is here

https://sourceware.org/git/?p=valgrind.git;a=blob;f=none/tests/faultstatus.c;h=9e262395bc9c26a47dcae3c4bf91ae6c503c6c6e;hb=HEAD

(it has a few dependencies on Valgrind headers).

The testcase deliberately triggers 4 signals from errors (3 
SIGBUS/SIGSEGV and one SIGFPE). On OI the 3rd one, a SIGBUS, doesn't 
generate an error.

Running the testcase outside of Valgrind gives

paulf at openindiana:~/valgrind/none/tests$ ./faultstatus
Test 1:   PASS
Test 2:   PASS
Test 3:   FAIL: no fault, or handler returned
Test 4:   PASS

As a rule if the test fails outside of Valgrind it also usually fails 
running under Valgrind.

The code is

// __pagesize obtained with (unsigned int)sysconf(_SC_PAGE_SIZE);
#define FILESIZE	(4*__pagesize)
#define MAPSIZE		(2*FILESIZE)

         // in main
	/* we need O_RDWR for the truncate below */
	fd = open("faultstatus.tmp", O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600);
	if (fd == -1) {
		perror("tmpfile");
		exit(1);
	}
	unlink("faultstatus.tmp");
	ftruncate(fd, FILESIZE);

	mapping = mmap(0, MAPSIZE, PROT_READ, MAP_PRIVATE, fd, 0);
	close(fd);

static void test3()
{
	mapping[FILESIZE+10];
}

On my system the asm for that is

0000000000401a8e <test3>:
   401a8e:       55                      push   %rbp
   401a8f:       48 89 e5                mov    %rsp,%rbp
   401a92:       48 8b 05 af 0c 01 00    mov    0x10caf(%rip),%rax 
  # 412748 <mapping>
   401a99:       8b 15 a1 0c 01 00       mov    0x10ca1(%rip),%edx 
  # 412740 <__pagesize>
   401a9f:       c1 e2 02                shl    $0x2,%edx
   401aa2:       83 c2 0a                add    $0xa,%edx
   401aa5:       89 d2                   mov    %edx,%edx
   401aa7:       48 01 d0                add    %rdx,%rax
   401aaa:       0f b6 00                movzbl (%rax),%eax
   401aad:       90                      nop
   401aae:       5d                      pop    %rbp
   401aaf:       c3

I'm expecting an error from the "movzbl (%rax),%eax".

Running the testcase in gdb and using pmap I see that the mmap adds a 
mapping here

00007FFFAF479000         16K rw---  /lib/amd64/libc.so.1
00007FFFAF4F0000         16K r----  dev:304,65542 ino:53206 <= mmap here
00007FFFAF4FF000          4K rwxs-    [ anon

There's 64k of space between the new mmap and the 4k anon mapping. That 
means the 16k mmap is followed by a 48k space of unmapped memory.

Any ideas why OI doesn't generate a signal because of this read?

A+
Paul