Menu
▾
▴
Re: [Valgrind-developers] Help me fix cmov amd64 false positive
|
From: Eyal S. <eya...@gm...> - 2022-11-27 02:09:20
|
Okay, I've figured it out. Thanks for your help! It's a long and boring research that I did but the result is that I'm going to change the "mcx_mask" from an array of bits (uint) to an array of ulong so that we can be more precise. This ought to solve the problem. Let me know if you want more details. I'll get some code ready and send it out for review. Maybe it'll get accepted? If you're curious, here are all the other improvements that I have made to valgrind in my branch. Maybe they could get merged, too? https://github.com/eyal0/valgrind/commit/4f130b5b5ea6be2c0c93f6359a88f7a2e51e459e https://github.com/eyal0/valgrind/commit/eccc56d407f2b2f277765bc0dae42cadb86c133a https://github.com/eyal0/valgrind/commit/c3a5f06e4620599339601640e9a18c383ecb4e2e Thanks again for your explanation! Eyal On Sat, Nov 26, 2022 at 2:36 PM Mark Wielaard <ma...@kl...> wrote: > Hi Eyal, > > On Sat, Nov 26, 2022 at 01:22:51PM -0700, Eyal Soha wrote: > > I found a false positive in amd64 conditional move. I'm comfortable > fixing > > it if I can just find how the cmov gets translated into IR for memcheck. > > I've done work on other IR before but I'm having the hardest time just > > finding where this code is generated! > > > > The issue is that the sign flag is depending upon all bits being defined > > where actually it only needs the highest bit. > > > > Where can I find how cmovnz translates to the valid bit checking IR? If > > there are docs that will help me, I'm happy to read them. And if not, > I'll > > make docs to describe whatever I'm taught. > > The amd64 code is transformed into VEX IR in > VEX/priv/guest_amd64_toIR.c. Look for "cmov not zero" to find > cmovnz. Which will call dis_cmov_E_G which uses > mk_amd64g_calculate_condition. The actual IR created is described in > VEX/pub/libvex_ir.h. The code that instruments this IR for memcheck > definedness checking is in memcheck/mc_translate.c. > > README_DEVELOPERS has some hints at the end about Printing out > problematic blocks. valgrind can print out various stages of the IR, > which is really helpful tracking down where which transformation > occurs. > > Cheers, > > Mark > |
