Version: (using KDE 3.5.9) Installed from: Fedora RPMs Compiler: gcc version 4.1.1 gcc cross-compiler included with IBM's Cell SDK OS: Linux Consider the test program helgrind/tests/tc07_hbl1.c. This test program increments the global variable 'x' atomically from two different threads. When analyzing this program with Helgrind on an i386 or x86_64 system, no races are reported (as expected). When analyzing this program with Helgrind on a ppc64 system, two races are reported (not expected). exp-drd shows similar behavior. I assume this is a VEX issue ? ppc64 output: $ ./vg-in-place -v --tool=helgrind exp-drd/tests/tc07_hbl1 ==31767== Helgrind, a thread error detector. ==31767== Copyright (C) 2007-2008, and GNU GPL'd, by OpenWorks LLP et al. ==31767== Using LibVEX rev 1849M, a library for dynamic binary translation. ==31767== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==31767== Using valgrind-3.4.0.SVN, a dynamic binary instrumentation framework. ==31767== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==31767== --31767-- Command line --31767-- exp-drd/tests/tc07_hbl1 --31767-- Startup, with flags: --31767-- -v --31767-- --tool=helgrind --31767-- Contents of /proc/version: --31767-- Linux version 2.6.20-CBE (root@blade.bsc.es) (gcc version 4.1.1 20070105 (Red Hat 4.1.1-51)) #1 SMP Wed Mar 21 10:24:39 CET 2007 --31767-- Arch and hwcaps: PPC64, ppc64-int-flt-vmx-FX-GX --31767-- Page sizes: currently 65536, max supported 65536 --31767-- Valgrind library directory: ./.in_place --31767-- Reading syms from /home/bart/software/valgrind-cross/exp-drd/tests/tc07_hbl1 (0x10000000) --31767-- Reading syms from /home/bart/software/valgrind-cross/helgrind/helgrind-ppc64-linux (0x38000000) --31767-- object doesn't have a dynamic symbol table --31767-- Reading syms from /lib64/ld-2.5.so (0x80EE8B0000) --31767-- Reading suppressions file: ./.in_place/default.supp --31767-- Reading syms from /home/bart/software/valgrind-cross/coregrind/vgpreload_core-ppc64-linux.so (0x4000000) --31767-- Reading syms from /home/bart/software/valgrind-cross/helgrind/vgpreload_helgrind-ppc64-linux.so (0x4020000) --31767-- Reading syms from /lib64/libpthread-2.5.so (0x80EEBC0000) --31767-- Reading syms from /lib64/librt-2.5.so (0x80EEC00000) --31767-- Reading syms from /lib64/libc-2.5.so (0x80EE900000) --31767-- REDIR: 0x80eebcadb0 (pthread_create@@GLIBC_2.3) redirected to 0x4029420 (pthread_create@*) --31767-- REDIR: 0x80ee9a8ad0 (calloc) redirected to 0x4023af8 (calloc) ==31767== Thread #1 is the program's root thread ==31767== ==31767== Thread #2 was created ==31767== at 0x80EEA14EE8: clone (in /lib64/libc-2.5.so) ==31767== by 0x80EEBCAC18: do_clone (in /lib64/libpthread-2.5.so) ==31767== by 0x80EEBCB110: pthread_create@@GLIBC_2.3 (in /lib64/libpthread-2.5.so) ==31767== by 0x40294F0: pthread_create@* (hg_intercepts.c:213) ==31767== by 0x100007B0: main (tc07_hbl1.c:63) ==31767== ==31767== Possible data race during write of size 4 at 0x10010EDC ==31767== at 0x100007E8: main (tc07_hbl1.c:68) ==31767== Old state: shared-readonly by threads #1, #2 ==31767== New state: shared-modified by threads #1, #2 ==31767== Reason: this thread, #1, holds no consistent locks ==31767== Location 0x10010EDC has never been protected by any lock ==31767== Location 0x10010edc is 0 bytes inside global var "x" ==31767== declared at tc07_hbl1.c:51 --31767-- REDIR: 0x80eebcbda0 (pthread_join) redirected to 0x4026044 (pthread_join) x = 2 --31767-- REDIR: 0x80eebcd1c0 (pthread_mutex_lock) redirected to 0x4026384 (pthread_mutex_lock) --31767-- REDIR: 0x80eebcf0a0 (pthread_mutex_unlock) redirected to 0x4026960 (pthread_mutex_unlock) ==31767== ==31767== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 2) ==31767== ==31767== 1 errors in context 1 of 1: ==31767== Possible data race during write of size 4 at 0x10010EDC ==31767== at 0x100007E8: main (tc07_hbl1.c:68) ==31767== Old state: shared-readonly by threads #1, #2 ==31767== New state: shared-modified by threads #1, #2 ==31767== Reason: this thread, #1, holds no consistent locks ==31767== Location 0x10010EDC has never been protected by any lock ==31767== Location 0x10010edc is 0 bytes inside global var "x" ==31767== declared at tc07_hbl1.c:51 --31767-- --31767-- supp: 2 helgrind-glibc25-101 --31767-- supp: 2 helgrind-glibc25-013 ==31767== ==31767== IN SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 2) ==31767== WordSet "univ_tsets": addTo 99 (2 uncached) delFrom 67 (1 uncached) union 2 intersect 0 (0 uncached) [nb. incl isSubsetOf] minus 0 (0 uncached) elem 67 doubleton 86 isEmpty 0 isSingleton 67 anyElementOf 0 isSubsetOf 0 WordSet "univ_lsets": addTo 145 (2 uncached) delFrom 42 (2 uncached) union 0 intersect 33 (1 uncached) [nb. incl isSubsetOf] minus 0 (0 uncached) elem 16 doubleton 0 isEmpty 28 isSingleton 0 anyElementOf 0 isSubsetOf 1 WordSet "univ_laog": addTo 0 (0 uncached) delFrom 0 (0 uncached) union 0 intersect 0 (0 uncached) [nb. incl isSubsetOf] minus 0 (0 uncached) elem 0 doubleton 0 isEmpty 0 isSingleton 0 anyElementOf 0 isSubsetOf 0 hbefore: 950 queries hbefore: 801 cache 0 hits hbefore: 143 cache > 0 hits hbefore: 6 graph searches hbefore: 6 of which slow hbefore: 0 stack high water mark hbefore: 1 cache invals hbefore: 2,118 probes segments: 4 Segment objects allocated locksets: 3 unique lock sets threadsets: 3 unique thread sets univ_laog: 1 unique lock sets L(ast)L(ock) map: 0 inserts (0 map size) LockN-to-P map: 0 queries (0 map size) string table map: 0 queries (0 map size) LAOG: 0 map size LAOG exposition: 0 map size locks: 16 acquires, 16 releases sanity checks: 1 msm: 55,815 9,454 rd/wr_Excl_nochange msm: 858 6 rd/wr_Excl_transfer msm: 86 0 rd/wr_Excl_to_ShR/ShM msm: 26 5 rd/wr_ShR_to_ShR/ShM msm: 1 0 rd/wr_ShM_to_ShM msm: 9,698 12,950 rd/wr_New_to_Excl msm: 11,304 11,289 rd/wr_NoAccess secmaps: 1,426 allocd ( 11,681,792 g-a-range) linesZ: 365,056 allocd ( 8,761,344 bytes occupied) linesF: 3 allocd ( 396 bytes occupied) secmaps: 3,745 iterator steppings cache: 1,789,687 totrefs (372,513 misses) cache: 372,508 Z-fetch, 5 F-fetch cache: 369,727 Z-wback, 7 F-wback cache: 2 invals, 1 flushes cline: 372,513 normalises cline: reads 8/4/2/1: 45,453 12,917 1,969 18,953 cline: writes 8/4/2/1: 29,665 3,836 70 237 cline: sets 8/4/2/1: 1,674,504 1 0 1 cline: get1s 1, copy1s 0 cline: splits: 8to4 554 4to2 369 2to1 685 cline: pulldowns: 8to4 4,980 4to2 3,779 2to1 4,586 --31767-- translate: fast SP updates identified: 0 ( 0.0%) --31767-- translate: generic_known SP updates identified: 99 ( 73.8%) --31767-- translate: generic_unknown SP updates identified: 35 ( 26.1%) --31767-- tt/tc: 3,849 tt lookups requiring 3,884 probes --31767-- tt/tc: 3,849 fast-cache updates, 2 flushes --31767-- transtab: new 1,921 (58,096 -> 608,816; ratio 104:10) [0 scs] --31767-- transtab: dumped 0 (0 -> ??) --31767-- transtab: discarded 0 (0 -> ??) --31767-- scheduler: 48,263 jumps (bb entries). --31767-- scheduler: 0/2,090 major/minor sched events. --31767-- sanity: 1 cheap, 1 expensive checks. --31767-- exectx: 769 lists, 290 contexts (avg 0 per list) --31767-- exectx: 343 searches, 101 full compares (294 per 1000) --31767-- exectx: 0 cmp2, 10 cmp4, 0 cmpAll --31767-- errormgr: 5 supplist searches, 171 comparisons during search --31767-- errormgr: 5 errlist searches, 10 comparisons during search
The patch below should solve this issue: Index: priv/guest-ppc/toIR.c =================================================================== --- priv/guest-ppc/toIR.c (revision 1856) +++ priv/guest-ppc/toIR.c (working copy) @@ -4896,7 +4896,9 @@ whether rS is stored is dependent on that value. */ /* Success? Do the (32bit) store */ + stmt( IRStmt_MBE(Imbe_BusLock) ); storeBE( mkexpr(EA), mkSzNarrow32(ty, mkexpr(rS)) ); + stmt( IRStmt_MBE(Imbe_BusUnlock) ); // Set CR0[LT GT EQ S0] = 0b001 || XER[SO] putCR321(0, mkU8(1<<1));
Fixed in VEX r1857 / Valgrind r8316.