Bug 162354 - VEX does not recognize ppc64 atomic increments
Summary: VEX does not recognize ppc64 atomic increments
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: general (show other bugs)
Version: unspecified
Platform: Fedora RPMs Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-20 13:59 UTC by Bart Van Assche
Modified: 2008-06-30 15:53 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bart Van Assche 2008-05-20 13:59:43 UTC
Version:            (using KDE 3.5.9)
Installed from:    Fedora RPMs
Compiler:          gcc version 4.1.1 gcc cross-compiler included with IBM's Cell SDK
OS:                Linux

Consider the test program helgrind/tests/tc07_hbl1.c. This test program increments the global variable 'x' atomically from two different threads. When analyzing this program with Helgrind on an i386 or x86_64 system, no races are reported (as expected). When analyzing this program with Helgrind on a ppc64 system, two races are reported (not expected). exp-drd shows similar behavior. I assume this is a VEX issue ?

ppc64 output:

$ ./vg-in-place -v --tool=helgrind exp-drd/tests/tc07_hbl1
==31767== Helgrind, a thread error detector.
==31767== Copyright (C) 2007-2008, and GNU GPL'd, by OpenWorks LLP et al.
==31767== Using LibVEX rev 1849M, a library for dynamic binary translation.
==31767== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==31767== Using valgrind-3.4.0.SVN, a dynamic binary instrumentation framework.
==31767== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==31767==
--31767-- Command line
--31767--    exp-drd/tests/tc07_hbl1
--31767-- Startup, with flags:
--31767--    -v
--31767--    --tool=helgrind
--31767-- Contents of /proc/version:
--31767--   Linux version 2.6.20-CBE (root@blade.bsc.es) (gcc version 4.1.1 20070105 (Red Hat 4.1.1-51)) #1 SMP Wed Mar 21 10:24:39 CET 2007
--31767-- Arch and hwcaps: PPC64, ppc64-int-flt-vmx-FX-GX
--31767-- Page sizes: currently 65536, max supported 65536
--31767-- Valgrind library directory: ./.in_place
--31767-- Reading syms from /home/bart/software/valgrind-cross/exp-drd/tests/tc07_hbl1 (0x10000000)
--31767-- Reading syms from /home/bart/software/valgrind-cross/helgrind/helgrind-ppc64-linux (0x38000000)
--31767--    object doesn't have a dynamic symbol table
--31767-- Reading syms from /lib64/ld-2.5.so (0x80EE8B0000)
--31767-- Reading suppressions file: ./.in_place/default.supp
--31767-- Reading syms from /home/bart/software/valgrind-cross/coregrind/vgpreload_core-ppc64-linux.so (0x4000000)
--31767-- Reading syms from /home/bart/software/valgrind-cross/helgrind/vgpreload_helgrind-ppc64-linux.so (0x4020000)
--31767-- Reading syms from /lib64/libpthread-2.5.so (0x80EEBC0000)
--31767-- Reading syms from /lib64/librt-2.5.so (0x80EEC00000)
--31767-- Reading syms from /lib64/libc-2.5.so (0x80EE900000)
--31767-- REDIR: 0x80eebcadb0 (pthread_create@@GLIBC_2.3) redirected to 0x4029420 (pthread_create@*)
--31767-- REDIR: 0x80ee9a8ad0 (calloc) redirected to 0x4023af8 (calloc)
==31767== Thread #1 is the program's root thread
==31767==
==31767== Thread #2 was created
==31767==    at 0x80EEA14EE8: clone (in /lib64/libc-2.5.so)
==31767==    by 0x80EEBCAC18: do_clone (in /lib64/libpthread-2.5.so)
==31767==    by 0x80EEBCB110: pthread_create@@GLIBC_2.3 (in /lib64/libpthread-2.5.so)
==31767==    by 0x40294F0: pthread_create@* (hg_intercepts.c:213)
==31767==    by 0x100007B0: main (tc07_hbl1.c:63)
==31767==
==31767== Possible data race during write of size 4 at 0x10010EDC
==31767==    at 0x100007E8: main (tc07_hbl1.c:68)
==31767==   Old state: shared-readonly by threads #1, #2
==31767==   New state: shared-modified by threads #1, #2
==31767==   Reason:    this thread, #1, holds no consistent locks
==31767==   Location 0x10010EDC has never been protected by any lock
==31767==   Location 0x10010edc is 0 bytes inside global var "x"
==31767==   declared at tc07_hbl1.c:51
--31767-- REDIR: 0x80eebcbda0 (pthread_join) redirected to 0x4026044 (pthread_join)
x = 2
--31767-- REDIR: 0x80eebcd1c0 (pthread_mutex_lock) redirected to 0x4026384 (pthread_mutex_lock)
--31767-- REDIR: 0x80eebcf0a0 (pthread_mutex_unlock) redirected to 0x4026960 (pthread_mutex_unlock)
==31767==
==31767== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 2)
==31767==
==31767== 1 errors in context 1 of 1:
==31767== Possible data race during write of size 4 at 0x10010EDC
==31767==    at 0x100007E8: main (tc07_hbl1.c:68)
==31767==   Old state: shared-readonly by threads #1, #2
==31767==   New state: shared-modified by threads #1, #2
==31767==   Reason:    this thread, #1, holds no consistent locks
==31767==   Location 0x10010EDC has never been protected by any lock
==31767==   Location 0x10010edc is 0 bytes inside global var "x"
==31767==   declared at tc07_hbl1.c:51
--31767--
--31767-- supp:      2 helgrind-glibc25-101
--31767-- supp:      2 helgrind-glibc25-013
==31767==
==31767== IN SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 2)
==31767==

   WordSet "univ_tsets":
      addTo                99 (2 uncached)
      delFrom              67 (1 uncached)
      union                 2
      intersect             0 (0 uncached) [nb. incl isSubsetOf]
      minus                 0 (0 uncached)
      elem                 67
      doubleton            86
      isEmpty               0
      isSingleton          67
      anyElementOf          0
      isSubsetOf            0

   WordSet "univ_lsets":
      addTo               145 (2 uncached)
      delFrom              42 (2 uncached)
      union                 0
      intersect            33 (1 uncached) [nb. incl isSubsetOf]
      minus                 0 (0 uncached)
      elem                 16
      doubleton             0
      isEmpty              28
      isSingleton           0
      anyElementOf          0
      isSubsetOf            1

   WordSet "univ_laog":
      addTo                 0 (0 uncached)
      delFrom               0 (0 uncached)
      union                 0
      intersect             0 (0 uncached) [nb. incl isSubsetOf]
      minus                 0 (0 uncached)
      elem                  0
      doubleton             0
      isEmpty               0
      isSingleton           0
      anyElementOf          0
      isSubsetOf            0

 hbefore:        950 queries
 hbefore:        801 cache 0 hits
 hbefore:        143 cache > 0 hits
 hbefore:          6 graph searches
 hbefore:          6   of which slow
 hbefore:          0 stack high water mark
 hbefore:          1 cache invals
 hbefore:      2,118 probes

        segments:        4 Segment objects allocated
        locksets:        3 unique lock sets
      threadsets:        3 unique thread sets
       univ_laog:        1 unique lock sets
L(ast)L(ock) map:        0 inserts (0 map size)
  LockN-to-P map:        0 queries (0 map size)
string table map:        0 queries (0 map size)
            LAOG:        0 map size
 LAOG exposition:        0 map size
           locks:       16 acquires, 16 releases
   sanity checks:        1

     msm:       55,815        9,454 rd/wr_Excl_nochange
     msm:          858            6 rd/wr_Excl_transfer
     msm:           86            0 rd/wr_Excl_to_ShR/ShM
     msm:           26            5 rd/wr_ShR_to_ShR/ShM
     msm:            1            0 rd/wr_ShM_to_ShM
     msm:        9,698       12,950 rd/wr_New_to_Excl
     msm:       11,304       11,289 rd/wr_NoAccess

 secmaps:      1,426 allocd (  11,681,792 g-a-range)
  linesZ:    365,056 allocd (   8,761,344 bytes occupied)
  linesF:          3 allocd (         396 bytes occupied)
 secmaps:      3,745 iterator steppings

   cache: 1,789,687 totrefs (372,513 misses)
   cache:      372,508 Z-fetch,            5 F-fetch
   cache:      369,727 Z-wback,            7 F-wback
   cache:            2 invals,             1 flushes

   cline:    372,513 normalises
   cline:  reads 8/4/2/1:       45,453       12,917        1,969       18,953
   cline: writes 8/4/2/1:       29,665        3,836           70          237
   cline:   sets 8/4/2/1:    1,674,504            1            0            1
   cline: get1s 1, copy1s 0
   cline:    splits: 8to4          554    4to2          369    2to1          685
   cline: pulldowns: 8to4        4,980    4to2        3,779    2to1        4,586

--31767-- translate:            fast SP updates identified: 0 (  0.0%)
--31767-- translate:   generic_known SP updates identified: 99 ( 73.8%)
--31767-- translate: generic_unknown SP updates identified: 35 ( 26.1%)
--31767--     tt/tc: 3,849 tt lookups requiring 3,884 probes
--31767--     tt/tc: 3,849 fast-cache updates, 2 flushes
--31767--  transtab: new        1,921 (58,096 -> 608,816; ratio 104:10) [0 scs]
--31767--  transtab: dumped     0 (0 -> ??)
--31767--  transtab: discarded  0 (0 -> ??)
--31767-- scheduler: 48,263 jumps (bb entries).
--31767-- scheduler: 0/2,090 major/minor sched events.
--31767--    sanity: 1 cheap, 1 expensive checks.
--31767--    exectx: 769 lists, 290 contexts (avg 0 per list)
--31767--    exectx: 343 searches, 101 full compares (294 per 1000)
--31767--    exectx: 0 cmp2, 10 cmp4, 0 cmpAll
--31767--  errormgr: 5 supplist searches, 171 comparisons during search
--31767--  errormgr: 5 errlist searches, 10 comparisons during search
Comment 1 Bart Van Assche 2008-06-26 09:44:07 UTC
The patch below should solve this issue:

Index: priv/guest-ppc/toIR.c
===================================================================
--- priv/guest-ppc/toIR.c       (revision 1856)
+++ priv/guest-ppc/toIR.c       (working copy)
@@ -4896,7 +4896,9 @@
             whether rS is stored is dependent on that value. */

          /* Success?  Do the (32bit) store */
+         stmt( IRStmt_MBE(Imbe_BusLock) );
          storeBE( mkexpr(EA), mkSzNarrow32(ty, mkexpr(rS)) );
+         stmt( IRStmt_MBE(Imbe_BusUnlock) );

          // Set CR0[LT GT EQ S0] = 0b001 || XER[SO]
          putCR321(0, mkU8(1<<1));
Comment 2 Bart Van Assche 2008-06-30 15:53:10 UTC
Fixed in VEX r1857 / Valgrind r8316.