Bug 339745

Summary: Valgrind crash when check Marmalade app
Product: [Developer tools] valgrind Reporter: kalibannez <kalibannez>
Component: memcheckAssignee: Rhys Kidd <rhyskidd>
Status: RESOLVED INTENTIONAL    
Severity: wishlist CC: kalibannez, lou.salkind, rhyskidd
Priority: NOR    
Version: 3.10 SVN   
Target Milestone: ---   
Platform: Compiled Sources   
OS: macOS   
See Also: https://bugs.kde.org/show_bug.cgi?id=346023
https://bugs.kde.org/show_bug.cgi?id=344337
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Simple cocoa app, invokes Valgrind crash
Proposed patch (partial, still needs to be tested on OS X 10.10)

Description kalibannez 2014-10-07 10:56:58 UTC
I try to check my Marmalade app with valgrind
I think, my check have two non-usuals: 
1) i'm compilling valgrind by myself with --enable-only32bit flag. I need it therefore Marmalade build it apps for i386 architecture only.
2) Marmalade works like described in this page: https://www.madewithmarmalade.com/marmalade/how-marmalade-works. I.e. after app start platform-depended pre-compiled loader loading my dynamic lib (what is my game).

I try to run my app under valgrind with this command line:
valgrind --dsymutil=yes --error-limit=no --trace-children=yes MyApp.app

It starts with output:
==91052== Memcheck, a memory error detector
==91052== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==91052== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info

finding one "Conditional jump or move depends on uninitialised value", and crashes with this:

valgrind: m_syswrap/syswrap-x86-darwin.c:421 (void wqthread_hijack(Addr, Addr, Addr, Addr, Int, Addr)): Assertion 'VG_(is_valid_tid)(tid)' failed.

host stacktrace:
==91052==    at 0x3803FD38: ???
==91052==    by 0x380400CF: ???
==91052==    by 0x380400A6: ???
==91052==    by 0x380F7761: ???

sched status:
  running_tid=0

Thread 1: status = VgTs_WaitSys
==91052==    at 0x527CF7A: mach_msg_trap (in /usr/lib/system/libsystem_kernel.dylib)
==91052==    by 0x5118FF5: _vproc_transaction_try_exit (in /usr/lib/system/liblaunch.dylib)
==91052==    by 0x511564D: vproc_swap_integer (in /usr/lib/system/liblaunch.dylib)
==91052==    by 0x511B17E: vproc_release (in /usr/lib/system/liblaunch.dylib)
==91052==    by 0x50DB318: dispatch_once_f (in /usr/lib/system/libdispatch.dylib)
==91052==    by 0x511575C: _vproc_transaction_begin (in /usr/lib/system/liblaunch.dylib)
==91052==    by 0x8CC2F9: ??? (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==91052==    by 0x8A792E: ??? (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==91052==    by 0x8D8B87: ??? (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==91052==    by 0x8D8A03: ??? (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==91052==    by 0x50DB318: dispatch_once_f (in /usr/lib/system/libdispatch.dylib)
==91052==    by 0x50DC1BC: dispatch_once (in /usr/lib/system/libdispatch.dylib)
==91052==    by 0x8D87D1: ??? (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==91052==    by 0x8D85A5: ??? (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==91052==    by 0x8D2DBB: ??? (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==91052==    by 0x8D2C15: ??? (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==91052==    by 0xDA0E56: -[NSUserDefaults(NSUserDefaults) init] (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation)
==91052==    by 0xDA0551: +[NSUserDefaults(NSUserDefaults) standardUserDefaults] (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation)
==91052==    by 0x12660A2: ??? (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit)
==91052==    by 0xBD7EB5: _class_initialize (in /usr/lib/libobjc.A.dylib)
==91052==    by 0xBD7CDA: _class_initialize (in /usr/lib/libobjc.A.dylib)
==91052==    by 0xBDDDE0: lookUpImpOrForward (in /usr/lib/libobjc.A.dylib)
==91052==    by 0xBD7CA2: _class_lookupMethodAndLoadCache3 (in /usr/lib/libobjc.A.dylib)
==91052==    by 0xBD74E0: objc_msgSend (in /usr/lib/libobjc.A.dylib)
==91052==    by 0x2444: ??? (in /path_to_my_app/MyApp.app/Contents/MacOS/MyApp)
Comment 1 Rhys Kidd 2014-10-07 21:12:16 UTC
Note: This has been reported with Firefox on Mac OS X (10.8) as well and may be duplicate of https://bugs.kde.org/show_bug.cgi?id=322368 and https://bugs.kde.org/show_bug.cgi?id=216837

Can you post the output of 'uname -msr'?
Comment 2 kalibannez 2014-10-08 12:40:47 UTC
> Can you post the output of 'uname -msr'?
kalibannez$uname -msr
Darwin 13.3.0 x86_64

Note: i'm using Valgrind, compiled for i386 arch, and i testing application, compiled for i386. Not for x86_64 like kernel os OS X.
Comment 3 kalibannez 2014-10-12 18:53:22 UTC
Created attachment 89103 [details]
Simple cocoa app, invokes Valgrind crash

For make test just compile this Xcode project and execute:
valgrind ./VGTest.app
Comment 4 kalibannez 2014-10-12 19:01:56 UTC
Please not that both valgrind and test app must be compiled for i386 architecture. For test it run:
lipo -info ./VGTest.app/Contents/MacOS/VGTest
Output must be:
Non-fat file: VGTest.app/Contents/MacOS/VGTest is architecture: i386
Comment 5 kalibannez 2014-10-12 19:02:18 UTC
Please not that both valgrind and test app must be compiled for i386 architecture. For test it run:
lipo -info ./VGTest.app/Contents/MacOS/VGTest
Output must be:
Non-fat file: VGTest.app/Contents/MacOS/VGTest is architecture: i386
Comment 6 Julian Seward 2014-10-12 19:12:18 UTC
To build/run:
  cd VGTest/
  xcodebuild 
  ./vg-in-place ./build/Release/VGTest.app/Contents/MacOS/VGTest
Comment 7 Julian Seward 2014-11-22 11:07:44 UTC
This might be a problem with the computation of "magic_delta" for 
the target (32 bit 10.9) and therefore very easy to fix.
Comment 8 Rhys Kidd 2014-11-27 12:28:43 UTC
Julian, is there any external commentary on the calculation of "magic_delta" beyond the source code which you could point me towards?
Comment 9 Rhys Kidd 2015-01-26 00:52:06 UTC
Created attachment 90661 [details]
Proposed patch (partial, still needs to be tested on OS X 10.10)
Comment 10 Rhys Kidd 2015-01-26 00:55:55 UTC
kalibannez,
Can you please apply the proposed patch to your local copy of Valgrind and rebuild?
Based on my testing here, the newly added 'magic_delta' for OS X 10.9 (32 bit) works to resolve the crash as found within your provided VGTest.

I am hopeful this fix will also resolve the crash in your Marmalade app. Please let us know either way.

TODO before being ready for commit:
1. Check the magic constants against OS X 10.10

Please note there is a further, unrelated crash report in VGTest after passing the 'magic_delta' check, due to "unhandled syscall: mach:41". 
It will be addressed in a separate bugzilla report.
Comment 11 Rhys Kidd 2015-01-26 03:03:20 UTC
OS X 10.10 uses the same magic constants.

c.f. http://www.opensource.apple.com/source/libpthread/libpthread-105.1.4/kern/workqueue_internal.h for WQ_FLAG_THREAD_REUSE 0x00020000.
Comment 12 Rhys Kidd 2015-01-26 03:27:56 UTC
Partial fix in r14888.
Comment 13 Rhys Kidd 2015-02-21 13:19:30 UTC
Refer related bug: https://bugs.kde.org/show_bug.cgi?id=344337 ("unhandled syscall: mach:41")
Comment 14 Rhys Kidd 2015-05-30 09:07:28 UTC
Refer related bug: https://bugs.kde.org/show_bug.cgi?id=346023 ("vex x86->IR: unhandled instruction bytes: 0x66 0xF 0x3A 0xB (roundsd)")
Comment 15 Rhys Kidd 2015-06-01 00:26:58 UTC
Unfortunately, given Valgrind does not plan to support SSE4 instructions on 32 bit (which Marmalade uses) it looks unlikely that Marmalade will be supported on Valgrind until they transition to 64 bit on OS X.

I've noticed that they are already supporting 64 bit on iOS, to meet the Apple Store requirements from 1 February 2015, so hopefully shouldn't be too long.

If there is some way that you can compile your Marmalade app for 64 bit, it should start working correctly on Valgrind.

See https://bugs.kde.org/show_bug.cgi?id=332917 and http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits