|
From: Philippe W. <phi...@sk...> - 2012-03-04 23:10:36
|
On Fri, 2012-03-02 at 11:54 +0100, Julian Seward wrote:
> Thinking about this X-on-memcheck game a bit more .. it's great that
> you found some leaks. I am a bit surprised though that you didn't
> find any uninitialised value or out-of-range errors w.r.t. heap
> blocks though (300+ kloc, never Memcheck'd before, no heap errors?!)
> and this makes me wonder if the inner annotations for heap block
> allocation are working correctly.
...
> kind of thing .. it would be nice to know that we see an error from
> all 3.
VG_(debugLog)(1, "main", "Starting the dynamic memory manager\n");
{ void* p = VG_(malloc)( "main.vm.1", 12345 );
char local[123];
if (argc > 100) {local[27] = argc; local[81] = VG_(strlen)(argv[1]);}
if (local[27] + local[81] >= 12) VG_(printf)("baah %d", local[27]); //<<<< Error detected
if ( ((UInt*)p)[123] == 456) VG_(printf)("foo"); else VG_(printf)("bar"); //<<<< Error detected
if ( ((UInt*)p)[-1] == 456) VG_(printf)("sheesh kebab");
if (p) VG_(free)( p );
if ( ((UInt*)p)[345] == 456) VG_(printf)("used after free"); else VG_(printf)("after free bar"); //<<<<< Error detected
}
VG_(debugLog)(1, "main", "Dynamic memory manager is running\n");
I had to persuade the compiler to not remove the local[123] before
I got an error for this one.
For what concerns the p[-1] : I think there is no error detected
because the memcheck annotations need at least two improvements:
* they do not "declare" the red zone to the outer valgrind.
* when a block is freed, the memory is marked undefined, while
it should be marked no access.
But m_mallocfree.c needs to access the free blocks (e.g.
to give it back as the next block).
So, there is a need to mark the memory "no access" when
freed, then temporarily accessible again when m_mallocfree.c
needs it for its internal business, then marking it again
no access (till it is really allocated).
The first thing is probably easy.
The second looks significantly more tricky (and might make the
outer/inner combination even slower as any m_mallocfree.c
free or alloc will imply a bunch of client requests.).
Philippe
|