| Summary: | integer overflow in summary using callgrind client requests with --dump-every-bb, --dump-before, --dump-after | ||
|---|---|---|---|
| Product: | [Developer tools] valgrind | Reporter: | gamma0987 |
| Component: | callgrind | Assignee: | Josef Weidendorfer <josef.weidendorfer> |
| Status: | REPORTED --- | ||
| Severity: | normal | CC: | pjfloyd |
| Priority: | NOR | ||
| Version First Reported In: | 3.23.0 | ||
| Target Milestone: | --- | ||
| Platform: | Arch Linux | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: | The main program, headers and the output files | ||
Created attachment 174042 [details] The main program, headers and the output files STEPS TO REPRODUCE 1. Compile main.c from the attachment. I used `clang main.c -o main -lm`. (The actual point here is the usage of CALLGRIND_START_INSTRUMENTATION and CALLGRIND_STOP_INSTRUMENTATION) 2. run `valgrind with valgrind --tool=callgrind --separate-threads=yes --dump-after='find_primes' ./main` 3. Inspect the summary lines in the callgrind output files. One or some of them show very high values close to the maximum ulong value. (`--dump-before=find_primes` or `--dump-every-bb=100000` cause similar overflow(s) in the summary line of one or more files. Running callgrind with --cache-sim=yes causes the overflow in the cache metrics, too) The output file `callgrind.out.3476195-02` ``` # callgrind format version: 1 creator: callgrind-3.23.0 pid: 3476195 cmd: ./main part: 2 thread: 2 desc: I1 cache: desc: D1 cache: desc: LL cache: desc: Timerange: Basic block 683044 - 2542554 desc: Trigger: Program termination positions: line events: Ir summary: 18446744073707324667 totals: 0 ``` shows the overflow of the Instruction counts in the summary line. The summary of the file `callgrind.out.3476195.1-02` shows `2226949` Instructions. ``` # callgrind format version: 1 creator: callgrind-3.23.0 pid: 3476195 cmd: ./main part: 1 thread: 2 desc: I1 cache: desc: D1 cache: desc: LL cache: desc: Timerange: Basic block 0 - 683044 desc: Trigger: --dump-after=find_primes positions: line events: Ir summary: 2226949 ... ``` I don't think it is a coincidence that `18446744073707324667 (Ir from callgrind.out.3476195-02) + 2226949 (Ir from callgrind.out.3476195.1-02) = 0`. EXPECTED BEHAVIOUR: I guess the instruction counts in the summary of the `ccallgrind.out.3476195-02` file should actually be 0. ADDITIONAL INFORMATION The original bug was observed in a rust program (iai-callgrind) using valgrind/callgrind , and the `main.c` of the attachment is the quick and dirty C implementation of the failing rust test. I hope the main.c suffices to track down the bug.