Re: [Valgrind-developers] adding system call support

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

In message <Pin...@sc...>
          Bob Friesenhahn <bfr...@si...> wrote:

> As a followup, if I create a patch containing my updates and apply it
> to the released 2.1.1 sources, valgrind gets a lot further through
> execution of the program.  This implies that the abort I encountered
> with the CVS version is peculiar to the CVS version:
> 
> --24414-- sys_wait_results: got PX_SetSigmask for TID 2
> ==24414==
> ==24414== Invalid read of size 4
> ==24414==    at 0x3C074AA9: (within /lib/librt-2.3.3.so)
> ==24414==    by 0x3C8A200B: pthread_once (vg_libpthread.c:1730)
> ==24414==    by 0x3C074228: timer_create (in /lib/librt-2.3.3.so)
> ==24414==    by 0x808A323: CTimeBox::CreateTimer() (TimeBox.cc:74)
> ==24414==    by 0x808B209: CTimeBox::CTimeBox(char*) (TimeBox.cc:126)
> ==24414==    by 0x809241B: InitializeFunct() (basefuncts.cc:548)
> ==24414==    by 0x809F2EE: main (guiMain.cc:218)
> ==24414==  Address 0x4A is not stack'd, malloc'd or free'd
> ==24414==
> ==24414== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> ==24414==  Access not within mapped region at address 0x4A
> ==24414==    at 0x3C074AA9: (within /lib/librt-2.3.3.so)
> ==24414==    by 0x3C8A200B: pthread_once (vg_libpthread.c:1730)
> ==24414==    by 0x3C074228: timer_create (in /lib/librt-2.3.3.so)
> ==24414==    by 0x808A323: CTimeBox::CreateTimer() (TimeBox.cc:74)
> ==24414==    by 0x808B209: CTimeBox::CTimeBox(char*) (TimeBox.cc:126)
> ==24414==    by 0x809241B: InitializeFunct() (basefuncts.cc:548)
> ==24414==    by 0x809F2EE: main (guiMain.cc:218)
> 
> This crash does not occur without valgrind, however, it is quite
> possible that the related librt/application code is indeed faulty
> since the timer notify method the code is using (SIGEV_THREAD) has not
> been observed (by me) to be working in this kernel.

I've worked out what is causing this now, and I'm not sure what we
can do about it...

The basic problem is that the glibc timer_create() implementation
in librt does something tryly horrible. It creates a helper thread
with pthread_create() and then casts the returned thread handle to
a struct pthread and tries to look into it.

Under valgrind the thread handle is not a pointer, it is a small
unique integer, hance the attempt to access a low address.

In fact we are better off not implementing the timer system calls
for now as librt will take ENOSYS as a trigger to fall back to the
old way of doing things with a thread that blocks with a futex for
the required length of time and then runs the handler function.

Tom

-- 
Tom Hughes (th...@cy...)
Software Engineer, Cyberscience Corporation
http://www.cyberscience.com/