I think that I'm going to close all issues for Darwin 16 (MacOS X 10.12) and earlier. The macs that I can access are running 10.7 Intel (but I hardly ever boot that machine, I should take it to be recycled) 10.13 Intel in VirtualBox (this is the last version that we support) 13 Intel 15 arm64 (a new mac mini) Overall I get about 200 fails on 10.13. Since memcheck is probably what most users want I'll concentrate on that (and 'none' after that). Here is a list of issues that I see == 262 tests, 36 stderr failures, 4 stdout failures, 0 stderrB failures, 0 stdoutB failures, 0 post failures == Many leaks in libc ============== Affects at least 8 tests For instance, the "accounting" test: --- accounting.stderr.exp 2022-06-06 23:06:24.000000000 +0200 +++ accounting.stderr.out 2025-11-01 07:53:47.000000000 +0100 @@ -5,8 +5,8 @@ HEAP SUMMARY: - in use at exit: 0 bytes in 0 blocks - total heap usage: 1 allocs, 1 frees, 1 bytes allocated + in use at exit: 17,750 bytes in 151 blocks + total heap usage: 173 allocs, 22 frees, 26,199 bytes allocated autofreepool* also have extra LEAK SUMMARY blocks some tests have differences in leak categories Possible fixes: If the summary is not part of the test, add -q to vgopts Otherwise a) change the summary to ignore suppressed allocs or b) add expecteds/filters Aborts in some overlap tests ======================= Affects 4 tests I need to look at this a bit more but I think that debug builds use checked str* and mem* that we aren't redirecting. bug401284 gives ==13887== Process terminating with default action of signal 6 (SIGABRT) ==13887== at 0x10063BB96: __pthread_sigmask (in /usr/lib/system/libsystem_kernel.dylib) ==13887== by 0x10031223A: __abort (in /usr/lib/system/libsystem_c.dylib) ==13887== by 0x1003121BC: abort (in /usr/lib/system/libsystem_c.dylib) ==13887== by 0x100312320: abort_report_np (in /usr/lib/system/libsystem_c.dylib) ==13887== by 0x100336BF4: __chk_fail (in /usr/lib/system/libsystem_c.dylib) ==13887== by 0x100336C04: __chk_fail_overlap (in /usr/lib/system/libsystem_c.dylib) ==13887== by 0x100336C35: __chk_overlap (in /usr/lib/system/libsystem_c.dylib) ==13887== by 0x100336D0A: __strncat_chk (in /usr/lib/system/libsystem_c.dylib) ==13887== by 0x100000F0C: main (bug401284.c:10) Clearly we aren't redirecting __strncat_chk libc functionality ============== Darwin doesn't have aligned_alloc (or is it memalign?) duplicate_align_size_errors needs a Darwin expected clang DWARF differences ==================== Probably the biggest category (10 or more?). No inline info, variable names not detected. scalar and scalar_nocancel ====================== These are Darwin-specific. Need to look at what has changed. Other ===== gone_abort_xml extra addr and missing frame post-syscall fails to interrupt thread_alloca segfaults redir failures ========== static malloc and wrapmallloc and wrapmallocstatic wcpncpy Stack description ============== descr_belowsp has several diffs as to how Darwin sees the memory below the stack.
I'm seeing some flaky tests threadname leak-cases-possible leak-delta leak-tree nanoleak2 Otherwise, tests consistently failing are now down to 25. libc leaks ======= memcheck/tests/accounting (stderr) memcheck/tests/big_blocks_freed_list (stderr) memcheck/tests/leak-cases-exit-on-definite (stderr) memcheck/tests/lks (stderr) extra LEAK SUMMARY (all zero???) ============================ memcheck/tests/leak-autofreepool-2 (stderr) memcheck/tests/leak-autofreepool-6 (stderr) leak category =========== memcheck/tests/leak-cases-full (stderr) memcheck/tests/leak-cases-summary (stderr) memcheck/tests/leak_cpp_interior (stderr) several diffs then SIGBUS ===================== memcheck/tests/descr_belowsp (stderr) debuginfo diffs (including inlining) ============================ memcheck/tests/dw4 (stderr) memcheck/tests/inlinfo (stderr) memcheck/tests/inlinfosupp (stderr) memcheck/tests/inlinfosuppobj (stderr) memcheck/tests/origin5-bz2 (stderr) memcheck/tests/supponlyobj (stderr) memcheck/tests/varinfo2 (stderr) memcheck/tests/varinfo3 (stderr) memcheck/tests/varinfo5 (stderr) memcheck/tests/varinfo6 (stderr) missing stack =========== memcheck/tests/gone_abrt_xml (stderr) failed to interrupt =============== memcheck/tests/post-syscall (stderr) failed redir in exe ============== memcheck/tests/static_malloc (stderr) memcheck/tests/wrapmalloc (stdout) memcheck/tests/wrapmallocstatic (stdout) EXEC FAILED ========== memcheck/tests/execve2 (stderr) memcheck/tests/thread_alloca (stderr) The ones that I consider important are the exec failures, SIGBUS in descr_belowsp (does that mean that the stack info in Valgrind is wrong?), and the missing interrupt in post-syscall.
memcheck/tests/leak-autofreepool-2 and 6 don't really have all zero leak summaries. ==18683== suppressed: 17,749 bytes in 151 blocks gets filtered to be zero for other tests, but it is still there.
And the execve failure in thread_alloca is with errno 2 no such file or directory.
execve2 fixed, will create another item for thread_alloca
I'm looking at the cases like static_malloc. This bit of code is not working right 1424 vg_assert(!di->have_dinfo); -> 1425 if (di->fsm.have_rx_map && 1426 di->fsm.rw_map_count == expected_rw_load_count) { 1427 /* Ok, so, finally, we found what we need, and we haven't 1428 already read debuginfo for this object. So let's do so no expected_rw_load_count we get from the macho header ant it is 1. di->fsm.rw_map_count comes from the segement which hass (NSegment) $0 = { kind = SkFileC start = 4294967296 end = 4294971391 smode = SmFixed dev = 16777220 ino = 2151778714093 offset = 0 mode = 31288 fnIdx = 4 hasR = '\x01' hasW = '\0' hasX = '\x01' hasT = '\0' isCH = '\0' -> 1279 is_rx_map = seg->hasR && seg->hasX && !seg->hasW; 1280 is_rw_map = seg->hasR && seg->hasW && !seg->hasX; So that sets RX but not RW. The next seg is RO Next seg is the synamic loader. So the macho header is seeing an RW seg but the two segments don't contain any. One of them is wrong.
Found and fixed the problem with static_malloc. expected_rw_load_count now gets the same value of RW segments as load_thin_file mmaps and stores in nsegments.
I'm now down to == 266 tests, 19 stderr failures, 2 stdout failures, 0 stderrB failures, 0 stdoutB failures, 0 post failures == memcheck/tests/accounting (stderr) memcheck/tests/big_blocks_freed_list (stderr) memcheck/tests/descr_belowsp (stderr) memcheck/tests/dw4 (stderr) memcheck/tests/gone_abrt_xml (stderr) memcheck/tests/leak-autofreepool-2 (stderr) memcheck/tests/leak-autofreepool-6 (stderr) memcheck/tests/leak-cases-exit-on-definite (stderr) memcheck/tests/leak-cases-full (stderr) memcheck/tests/leak-cases-summary (stderr) memcheck/tests/leak_cpp_interior (stderr) memcheck/tests/lks (stderr) memcheck/tests/origin5-bz2 (stderr) memcheck/tests/thread_alloca (stderr) memcheck/tests/threadname (stderr) memcheck/tests/varinfo2 (stderr) memcheck/tests/varinfo3 (stderr) memcheck/tests/varinfo5 (stderr) memcheck/tests/varinfo6 (stderr) memcheck/tests/wrapmalloc (stdout) memcheck/tests/wrapmallocstatic (stdout) The last two, I need to debug in the macho loading code. threadname and thread_alloca crash intermittently. Memcheck: mc_leakcheck.c:1128 (void lc_scan_memory(Addr, SizeT, Bool, Int, Int, Addr, SizeT)): Assertion 'bad_scanned_addr >= VG_ROUNDUP(start, sizeof(Addr))' failed. An address not 8 byte aligned? descr_belowsp gives a SIGBUS ==88201== Process terminating with default action of signal 10 (SIGBUS) ==88201== Non-existent physical address at address 0x70000448EE9F ==88201== at 0x100001D08: bad_things_till_guard_page (descr_belowsp.c:74) ==88201== by 0x10000187C: child_fn_0 (descr_belowsp.c:113) ==88201== by 0x100674660: _pthread_body (in /usr/lib/system/libsystem_pthread.dylib) ==88201== by 0x10067450C: _pthread_start (in /usr/lib/system/libsystem_pthread.dylib) ==88201== by 0x100673BF8: thread_start (in /usr/lib/system/libsystem_pthread.dylib) Need to check Valgrind's map of the stack and guard page. Just 3 more kinds of errors that look fixable.
The x86 test more_x86_fp fails with vex x86->IR: unhandled instruction bytes: 0x66 0xF 0x3A 0x16 VEX has /* 66 0F 3A 0F = PALIGNR -- Packed Align Right (XMM) */ if (sz == 2 && insn[0] == 0x0F && insn[1] == 0x3A && insn[2] == 0x0F) { Either the instruction bytes are wrong in the message or sz != 2