Bug 266990 - setns instruction causes false positive
Summary: setns instruction causes false positive
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: memcheck (show other bugs)
Version: 3.6.0
Platform: Compiled Sources Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-23 17:11 UTC by Stephan Bergmann
Modified: 2011-03-28 00:13 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Bergmann 2011-02-23 17:11:15 UTC 
The below transcript is from a x86_64 Ubuntu machine using a self-built Valgrind 3.6.1 (no package yet available; also happens with 3.6.0 system package, however).  The testcase is a stripped down version of a scenario found in OpenOffice.org, where the original scenario does not involve hand-made asm; but I found no easy way to trigger the problem with a small, "clean" C/C++ testcase.

My understanding is that all bits of (byte-sized) bool b should have a definite value after using testb/setns on a byte for which only the MSB has a definite value, but the output says valgrind thinks otherwise.


> cat test.cxx
struct S {
    int: 7;
    int b: 1;
};
void f(S * p);
int g(S const * p);
int main() {
    S s;
    f(&s);
    g(&s);
}

> cat test1.cxx
struct S {
    int: 7;
    int b: 1;
};
void f(S * p) { p->b = 0; }
int g(S const * p) {
    bool b;
    asm ("movb (%1), %%al     \n\
          testb %%al, %%al    \n\
          setns %%r13b        \n\
          movb %%r13b, %0     \n"
         : "=r"(b) : "r"(p) : "rax", "r13");
    return b ? 1 : 0;
}

> g++ -m64 -g test.cxx test1.cxx

> valgrind/bin/valgrind -v ./a.out
==24320== Memcheck, a memory error detector
==24320== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==24320== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==24320== Command: ./a.out
==24320==
--24320-- Valgrind options:
--24320--    -v
--24320-- Contents of /proc/version:
--24320--   Linux version 2.6.32-26-server (buildd@allspice) (gcc version 4.4.3 (Ubuntu 4.4.3-4ubuntu5) ) #48-Ubuntu SMP Wed Nov 24 10:28:32 UTC 2010
--24320-- Arch and hwcaps: AMD64, amd64-sse2
--24320-- Page sizes: currently 4096, max supported 4096
--24320-- Valgrind library directory: /home/me/valgrind/lib/valgrind
--24320-- Reading syms from /home/me/a.out (0x400000)
--24320-- Reading syms from /lib/ld-2.11.1.so (0x4000000)
--24320--   Considering /lib/ld-2.11.1.so ..
--24320--   .. CRC mismatch (computed 88039adb wanted c17ec96b)
--24320--   Considering /usr/lib/debug/lib/ld-2.11.1.so ..
--24320--   .. CRC is valid
--24320-- Reading syms from /home/me/valgrind/lib/valgrind/memcheck-amd64-linux (0x38000000)
--24320--    object doesn't have a dynamic symbol table
--24320-- Reading suppressions file: /home/me/valgrind/lib/valgrind/default.supp
--24320-- REDIR: 0x4018290 (strlen) redirected to 0x38042bd7 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--24320-- Reading syms from /home/me/valgrind/lib/valgrind/vgpreload_core-amd64-linux.so (0x4a22000)
--24320-- Reading syms from /home/me/valgrind/lib/valgrind/vgpreload_memcheck-amd64-linux.so (0x4c24000)
==24320== WARNING: new redirection conflicts with existing -- ignoring it
--24320--     new: 0x04018290 (strlen              ) R-> 0x04c28be0 strlen
--24320-- REDIR: 0x4018100 (index) redirected to 0x4c287f0 (index)
--24320-- REDIR: 0x4018180 (strcmp) redirected to 0x4c291c0 (strcmp)
--24320-- Reading syms from /usr/lib/libstdc++.so.6.0.13 (0x4e2e000)
--24320--   Considering /usr/lib/libstdc++.so.6.0.13 ..
--24320--   .. CRC mismatch (computed 7b5bd5a5 wanted e2f63673)
--24320--    object doesn't have a symbol table
--24320-- Reading syms from /lib/libm-2.11.1.so (0x5142000)
--24320--   Considering /lib/libm-2.11.1.so ..
--24320--   .. CRC mismatch (computed 043548c3 wanted a081b93d)
--24320--   Considering /usr/lib/debug/lib/libm-2.11.1.so ..
--24320--   .. CRC is valid
--24320-- Reading syms from /lib/libgcc_s.so.1 (0x53c5000)
--24320--   Considering /lib/libgcc_s.so.1 ..
--24320--   .. CRC mismatch (computed 7c01dfc9 wanted 9d78e511)
--24320--    object doesn't have a symbol table
--24320-- Reading syms from /lib/libc-2.11.1.so (0x55dc000)
--24320--   Considering /lib/libc-2.11.1.so ..
--24320--   .. CRC mismatch (computed 375e41a0 wanted 405b95a9)
--24320--   Considering /usr/lib/debug/lib/libc-2.11.1.so ..
--24320--   .. CRC is valid
--24320-- REDIR: 0x5660b00 (__GI_strrchr) redirected to 0x4c28610 (__GI_strrchr)
==24320== Conditional jump or move depends on uninitialised value(s)
==24320==    at 0x400612: g(S const*) (test1.cxx:13)
==24320==    by 0x4005D3: main (test.cxx:10)
==24320==
--24320-- REDIR: 0x5659e10 (free) redirected to 0x4c27406 (free)
==24320==
==24320== HEAP SUMMARY:
==24320==     in use at exit: 0 bytes in 0 blocks
==24320==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==24320==
==24320== All heap blocks were freed -- no leaks are possible
==24320==
==24320== Use --track-origins=yes to see where uninitialised values come from
==24320== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
==24320==
==24320== 1 errors in context 1 of 1:
==24320== Conditional jump or move depends on uninitialised value(s)
==24320==    at 0x400612: g(S const*) (test1.cxx:13)
==24320==    by 0x4005D3: main (test.cxx:10)
==24320==
--24320--
--24320-- used_suppression:      2 U1004-ARM-_dl_relocate_object
--24320-- used_suppression:      2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a
==24320==
==24320== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
Comment 1 Julian Seward 2011-03-28 00:13:50 UTC 
Fixed, vex r2118.  Thanks for providing a small test case.