|
From: <sv...@va...> - 2012-07-05 21:11:19
|
philippe 2012-07-05 22:11:12 +0100 (Thu, 05 Jul 2012)
New Revision: 12714
Log:
Improve behaviour of mempool redzone checking if user does not follow the manual (297911)
User is supposed to mark the superblock(s) of a mempool as noaccess.
As Valgrind objective is to find bugs for users which are doing bugs, let's even
find (some) bugs if the user has a bug in the bug detection code.
Modified files:
trunk/NEWS
trunk/docs/internals/3_7_BUGSTATUS.txt
trunk/memcheck/mc_malloc_wrappers.c
trunk/memcheck/tests/mempool2.c
trunk/memcheck/tests/mempool2.stderr.exp
Modified: trunk/memcheck/tests/mempool2.stderr.exp (+31 -14)
===================================================================
--- trunk/memcheck/tests/mempool2.stderr.exp 2012-07-05 17:21:49 +01:00 (rev 12713)
+++ trunk/memcheck/tests/mempool2.stderr.exp 2012-07-05 22:11:12 +01:00 (rev 12714)
@@ -3,57 +3,57 @@
Invalid read of size 1
at 0x........: test (mempool2.c:135)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Address 0x........ is 1 bytes before a block of size 10 client-defined
at 0x........: allocate (mempool2.c:108)
by 0x........: test (mempool2.c:130)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Invalid read of size 1
at 0x........: test (mempool2.c:136)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Address 0x........ is 0 bytes after a block of size 10 client-defined
at 0x........: allocate (mempool2.c:108)
by 0x........: test (mempool2.c:130)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
------ out of range reads in mmap-backed pool ------
Invalid read of size 1
at 0x........: test (mempool2.c:140)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Address 0x........ is 1 bytes before a block of size 20 client-defined
at 0x........: allocate (mempool2.c:108)
by 0x........: test (mempool2.c:131)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Invalid read of size 1
at 0x........: test (mempool2.c:141)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Address 0x........ is 0 bytes after a block of size 20 client-defined
at 0x........: allocate (mempool2.c:108)
by 0x........: test (mempool2.c:131)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
------ read free in malloc-backed pool ------
Illegal memory pool address
at 0x........: test (mempool2.c:145)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Address 0x........ is 0 bytes inside a block of size 32 alloc'd
at 0x........: malloc (vg_replace_malloc.c:...)
by 0x........: make_pool (mempool2.c:46)
by 0x........: test (mempool2.c:122)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
------ read free in mmap-backed pool ------
Illegal memory pool address
at 0x........: test (mempool2.c:150)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Address 0x........ is not stack'd, malloc'd or (recently) free'd
@@ -61,21 +61,38 @@
Illegal memory pool address
at 0x........: test (mempool2.c:155)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Address 0x........ is 0 bytes inside a block of size 32 alloc'd
at 0x........: malloc (vg_replace_malloc.c:...)
by 0x........: make_pool (mempool2.c:46)
by 0x........: test (mempool2.c:122)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
------ double free in mmap-backed pool ------
Illegal memory pool address
at 0x........: test (mempool2.c:159)
- by 0x........: main (mempool2.c:174)
+ by 0x........: main (mempool2.c:196)
Address 0x........ is not stack'd, malloc'd or (recently) free'd
+------ 2 invalid access in 'no no-access superblock' ---
+
+Invalid read of size 1
+ at 0x........: test (mempool2.c:178)
+ by 0x........: main (mempool2.c:196)
+ Address 0x........ is 1 bytes before a block of size 10 client-defined
+ at 0x........: test (mempool2.c:171)
+ by 0x........: main (mempool2.c:196)
+
+Invalid read of size 1
+ at 0x........: test (mempool2.c:179)
+ by 0x........: main (mempool2.c:196)
+ Address 0x........ is 0 bytes after a block of size 10 client-defined
+ at 0x........: test (mempool2.c:171)
+ by 0x........: main (mempool2.c:196)
+
+
------ done ------
Modified: trunk/memcheck/mc_malloc_wrappers.c (+8 -0)
===================================================================
--- trunk/memcheck/mc_malloc_wrappers.c 2012-07-05 17:21:49 +01:00 (rev 12713)
+++ trunk/memcheck/mc_malloc_wrappers.c 2012-07-05 22:11:12 +01:00 (rev 12714)
@@ -767,6 +767,14 @@
if (MP_DETAILED_SANITY_CHECKS) check_mempool_sane(mp);
MC_(new_block)(tid, addr, szB, /*ignored*/0, mp->is_zeroed,
MC_AllocCustom, mp->chunks);
+ if (mp->rzB > 0) {
+ // This is not needed if the user application has properly
+ // marked the superblock noaccess when defining the mempool.
+ // We however still mark the redzones noaccess to still catch
+ // some bugs if user forgot.
+ MC_(make_mem_noaccess) ( addr - mp->rzB, mp->rzB);
+ MC_(make_mem_noaccess) ( addr + szB, mp->rzB);
+ }
if (MP_DETAILED_SANITY_CHECKS) check_mempool_sane(mp);
}
}
Modified: trunk/NEWS (+5 -0)
===================================================================
--- trunk/NEWS 2012-07-05 17:21:49 +01:00 (rev 12713)
+++ trunk/NEWS 2012-07-05 22:11:12 +01:00 (rev 12714)
@@ -34,6 +34,10 @@
- If a redzone size > 0 is given, VALGRIND_MALLOCLIKE_BLOCK now
will detect an invalid access of these redzones, by marking them
noaccess.
+ Similarly, if a redzone size is given for a memory pool,
+ VALGRIND_MEMPOOL_ALLOC will mark the redzones no access.
+ This still allows to find some bugs if the user has forgotten
+ to mark the pool superblock noaccess.
- Using the new option --soname-synonyms, Memcheck can now understand
a program using statically linked malloc or using alternative
@@ -179,6 +183,7 @@
instructions on machines that do not support it
297497 POWER Processor decimal floating point instruction support missing
297976 s390x: revisit EX implementation
+297911 valgrind does not report 'invalid write' when using APIs for custom memory allocators.
297991 Valgrind interferes with mmap()+ftell()
297992 Support systems missing WIFCONTINUED (e.g. pre-2.6.10 Linux)
297993 Fix compilation of valgrind with gcc -g3.
Modified: trunk/memcheck/tests/mempool2.c (+22 -0)
===================================================================
--- trunk/memcheck/tests/mempool2.c 2012-07-05 17:21:49 +01:00 (rev 12713)
+++ trunk/memcheck/tests/mempool2.c 2012-07-05 22:11:12 +01:00 (rev 12714)
@@ -158,6 +158,28 @@
"\n------ double free in mmap-backed pool ------\n\n");
VALGRIND_MEMPOOL_FREE(p2, x2);
+ {
+ // test that redzone are still protected even if the user forgets
+ // to mark the superblock noaccess.
+ char superblock[100];
+
+ VALGRIND_CREATE_MEMPOOL(superblock, REDZONE_SIZE, 0);
+ // User should mark the superblock no access to benefit
+ // from full Valgrind memcheck protection.
+ // VALGRIND_MEMPOOL_ALLOC will however still ensure the
+ // redzones are protected.
+ VALGRIND_MEMPOOL_ALLOC(superblock, superblock+30, 10);
+
+ res += superblock[30]; // valid
+ res += superblock[39]; // valid
+
+ fprintf(stderr,
+ "\n------ 2 invalid access in 'no no-access superblock' ---\n\n");
+ res += superblock[29]; // invalid
+ res += superblock[40]; // invalid
+
+ VALGRIND_DESTROY_MEMPOOL(superblock);
+ }
// claim res is used, so gcc can't nuke this all
__asm__ __volatile__("" : : "r"(res));
Modified: trunk/docs/internals/3_7_BUGSTATUS.txt (+0 -4)
===================================================================
--- trunk/docs/internals/3_7_BUGSTATUS.txt 2012-07-05 17:21:49 +01:00 (rev 12713)
+++ trunk/docs/internals/3_7_BUGSTATUS.txt 2012-07-05 22:11:12 +01:00 (rev 12714)
@@ -225,10 +225,6 @@
297701 Another alias for strncasecmp_l in libc-2.13.so
**possible 3.8.0, trivial fix
-297911 valgrind does not report 'invalid write' when using APIs for
- custom memory allocators.
- probably invalid
-
298097 on ppc32 (e500mc core) target, valgrind report a app a
mem error but the app is good to me.
probably closable (may be dup of 296318)
|