|
From: Ashley P. <as...@qu...> - 2006-01-06 15:42:14
|
On Sat, 2005-12-24 at 12:15 -0600, Nicholas Nethercote wrote: > Hi, > > In the recent Valgrind survey five people complained about the difficulty > of tracking down the root cause of undefined value errors, caused by the > fact that Memcheck waits until an undefined value can affect the visible > behaviour of the program (eg. is used in a conditional branch, or a > syscall input). I've often wondered why Valgrind didn't check at this level, it's what I always thought it should do although I've now come around to the "only report when it has a consequence" model. > I did some experimentation with eager checking a couple of years ago and > found that it caused large numbers of false positives. I repeated the > experiment again yesterday and saw the same results. I changed Memcheck > to complain about the loading of any undefined values and tried various > programs. For the empty C program that just returns zero, I get 24 errors > from 23 contexts, most just from the dynamic linker. I get the following > counts for the following programs: > > empty 1 errors from 1 context > perf/bz2 8405487 errors from 30 contexts > perf/tinycc 4647525 errors from 301 contexts > I had to use --error-limit=no for these otherwise Memcheck would have > stopped reporting errors after 100,000. These programs have no > (unsuppressed) errors when run with a normal Memcheck. Well that's not overly encouraging but the only numbers that actually matter here are the number of contexts, not the number of errors. > I've attached the output from that last tinycc run. What do you get it you use --num-callers=4?. Does this affect how unique contexts are collated or just how they are displayed. It looks to me like you would only need a small number of suppressions to reduce this error count to almost zero. > It has been suggested that an option be present to do this eager checking, > but I'm not convinced it would be useful given the overwhelming number of > false positives. I'm wondering what other people think. I'd like to see it as an option, huge numbers of false positives can be daunting when you first see them but that's in itself is not a good reason for not having this option. One problem of the current scheme is it can be difficult to find the underlying cause of a undefined value, I'd have thought having this as an option would allow people to pinpoint errors reported by the current scheme much quicker and I'd like to see it for that reason alone. Ashley, |