fixing valgrind-mmt#7
Open
karolherbst wants to merge 2 commits intoenvytools:mmt-3.14from
Open
Conversation
code assumes there is only one negative entry if there is just one positive one
mslusarz
reviewed
Jun 29, 2019
| (mmt_last_region - idx) * sizeof(struct mmt_mmap_data)); | ||
| VG_(memset)(&mmt_mmaps[mmt_last_region--], 0, sizeof(struct mmt_mmap_data)); | ||
|
|
||
| /* if we only have one reagion, delete 0-x negative region */ |
| } | ||
| } | ||
| } while (found); | ||
| } |
Member
There was a problem hiding this comment.
This doesn't look right. It seems you are papering over bug somewhere else.
How did the bug manifest? Where is the code that "assumes there is only one negative entry if there is just one positive one"?
Author
There was a problem hiding this comment.
it's kind of mmt_bsearch.. but I think the condition is a bit more complicated:
adding region: <0x4029000, 0x402A000>
NEG vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
NEG <0x0000000005e9b000 0xffffffffffffffff> 2543316
NEG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POS vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
POS 00000, id: 00002, start: 0x0000000004029000, end: 0x000000000402a000
POS 00001, id: 00001, start: 0x0000000005d96000, end: 0x0000000005e9b000
POS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
searching entry for: 0x5078EE8
NEG vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
NEG <0x0000000005e9b000 0xffffffffffffffff> 2543325
NEG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POS vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
POS 00000, id: 00002, start: 0x0000000004029000, end: 0x000000000402a000
POS 00001, id: 00001, start: 0x0000000005d96000, end: 0x0000000005e9b000
POS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
adding negative entry: <0x402A000, 0x5D96000>
NEG vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
NEG <0x0000000005e9b000 0xffffffffffffffff> 2543325
NEG <0x000000000402a000 0x0000000005d96000> 0
NEG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POS vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
POS 00000, id: 00002, start: 0x0000000004029000, end: 0x000000000402a000
POS 00001, id: 00001, start: 0x0000000005d96000, end: 0x0000000005e9b000
POS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
freeing region: <0x4029000, 0x402A000>
NEG vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
NEG <0x0000000005e9b000 0xffffffffffffffff> 2543413
NEG <0x0000000004029000 0x0000000005d96000> 52
NEG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POS vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
POS 00000, id: 00001, start: 0x0000000005d96000, end: 0x0000000005e9b000
POS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
searching entry for: 0x5D9600C
NEG vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
NEG <0x0000000005e9b000 0xffffffffffffffff> 2545163
NEG <0x0000000004029000 0x0000000005d96000> 1150
NEG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POS vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
POS 00000, id: 00001, start: 0x0000000005d96000, end: 0x0000000005e9b000
POS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
searching entry for: 0x4021F14
NEG vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
NEG <0x0000000005e9b000 0xffffffffffffffff> 2577319
NEG <0x0000000004029000 0x0000000005d96000> 364613
NEG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POS vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
POS 00000, id: 00001, start: 0x0000000005d96000, end: 0x0000000005e9b000
POS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
adding negative entry: <0x0, 0x5D96000>
NEG vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
NEG <0x0000000005e9b000 0xffffffffffffffff> 2577319
NEG <0x0000000004029000 0x0000000005d96000> 364613
NEG <0x0000000000000000 0x0000000005d96000> 0
NEG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POS vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
POS 00000, id: 00001, start: 0x0000000005d96000, end: 0x0000000005e9b000
POS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
NEG vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
NEG <0x0000000005e9b000 0xffffffffffffffff> 2577319
NEG <0x0000000004029000 0x0000000005d96000> 364613
NEG <0x0000000000000000 0x0000000005d96000> 0
NEG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POS vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
POS 00000, id: 00001, start: 0x0000000005d96000, end: 0x0000000005e9b000
POS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
mmaptrace: ../../mmt/mmt_trace.c:167 (__verify_state): Assertion 'neg1->start < neg2->start || neg1->start >= neg2->end' failed.
mmaptrace: <0x4029000, 0x5D96000> <0x0, 0x5D96000>
Member
There was a problem hiding this comment.
MMT state gets inconsistent at this line: "adding negative entry: <0x0, 0x5D96000>", so the issue indeed comes from mmt_bsearch - it calls add_neg with parameters it has not verifed are not conflicting with existing negative entries. The proposed solution is not correct though.
I'm fixing this right now.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
no idea why that is needed now, but code made an assumption which got broken before.
I am not even sure if this fix is a good one, but it makes mmt working again for me... or at least "more" working.