|
From: Nicholas N. <nj...@cs...> - 2005-12-24 18:15:43
|
Hi, In the recent Valgrind survey five people complained about the difficulty of tracking down the root cause of undefined value errors, caused by the fact that Memcheck waits until an undefined value can affect the visible behaviour of the program (eg. is used in a conditional branch, or a syscall input). A couple of people suggested doing more eager checking, and this idea has come up before. The problem is that the copying of undefined values is common, mostly due to the practice of padding structs for alignment and bitfields. I did some experimentation with eager checking a couple of years ago and found that it caused large numbers of false positives. I repeated the experiment again yesterday and saw the same results. I changed Memcheck to complain about the loading of any undefined values and tried various programs. For the empty C program that just returns zero, I get 24 errors from 23 contexts, most just from the dynamic linker. I get the following counts for the following programs: empty 1 errors from 1 context perf/bz2 8405487 errors from 30 contexts perf/tinycc 4647525 errors from 301 contexts I had to use --error-limit=no for these otherwise Memcheck would have stopped reporting errors after 100,000. These programs have no (unsuppressed) errors when run with a normal Memcheck. If I suppress the ones in the dynamic linker, I get: empty 1 errors from 1 context perf/bz2 8405464 errors from 8 contexts perf/tinycc 4647501 errors from 299 contexts If I change things so that any undefined value loaded gets loaded as if it was defined (to avoid possible cascading errors), I get: empty 1 errors from 1 context perf/bz2 4202624 errors from 2 contexts perf/tinycc 1137041 errors from 113 contexts I've attached the output from that last tinycc run. Some extra programs: vim 521 errors from 120 contexts gcc 384 errors from 53 contexts emacs 4876 errors from 63 contexts It has been suggested that an option be present to do this eager checking, but I'm not convinced it would be useful given the overwhelming number of false positives. I'm wondering what other people think. If you want to try this out for yourself, I've attached the patch I used. It's against the COMPVBITS branch, do this to check it out and build: svn co svn://www.valgrind.org/valgrind/branches/COMPVBITS cd COMPVBITS sh ./autogen.sh ./configure --prefix=<...> patch -p0 < eager.diff make Nick |