[Valgrind-developers] memcheck vs. mmap(,,PROT_NONE,,,)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'd like a review of the reasons why memcheck gives "less good" diagnosis
for access to a page that is mapped with PROT_NONE, versus access to a page
that is not mapped at all.

This code
-----
#include <sys/types.h>
#include <sys/mman.h>

main()
{
        return *(char *)mmap(0, 4096, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
}
-----

gets only an after-the-fact message
-----
==6145== Process terminating with default action of signal 11 (SIGSEGV)
==6145==  Bad permissions for mapped region at address 0x4027000
==6145==    at 0x80483B9: main (prot_none.c:6)
-----

whereas the related code:
        return *(char *)0;
gets a message both before and after the actual reference:
-----
==6152== Invalid read of size 1
==6152==    at 0x8048357: main (prot_none.c:6)
==6152==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6152==
==6152== Process terminating with default action of signal 11 (SIGSEGV)
==6152==  Access not within mapped region at address 0x0
==6152==    at 0x8048357: main (prot_none.c:6)
-----

Why does the PROT_NONE page omit a before-the-fact message such as
-----
==6145== Invalid read of size 1
==6145==    at 0x8048357: main (prot_none.c:6)
==6145==  Address 0x4027000 has PROT_NONE
-----

[All examples tested on x86 linux-2.6.24 using one-day-old code from SVN.]

-- 