|
From: Zoltan H. <zhe...@in...> - 2011-04-05 09:36:52
|
Hi,
The following code works perfectly on x86 32 and 64 (at least a full
WebKit is able to run):
static
IRSB* fr_instrument(VgCallbackClosure* closure,
IRSB* sbIn,
VexGuestLayout* layout,
VexGuestExtents* vge,
IRType gWordTy, IRType hWordTy)
{
Int i;
IRSB* sbOut;
IRTypeEnv* tyenv = sbIn->tyenv;
IRDirty* di;
IRType dataTy;
IRExpr** argv;
IRCAS* cas;
// We don't care about mmaps
if (!clo_mmap)
return sbIn;
// From lackey tool
tl_assert(gWordTy == hWordTy);
sbOut = deepCopyIRSBExceptStmts(sbIn);
// Copy verbatim any IR preamble preceding the first IMark
i = 0;
while (i < sbIn->stmts_used && sbIn->stmts[i]->tag != Ist_IMark) {
addStmtToIRSB( sbOut, sbIn->stmts[i] );
i++;
}
for (/*use current i*/; i < sbIn->stmts_used; i++) {
IRStmt* st = sbIn->stmts[i];
if (!st || st->tag == Ist_NoOp) continue;
switch (st->tag) {
case Ist_NoOp: // Make compiler happy
case Ist_AbiHint:
case Ist_Put:
case Ist_PutI:
case Ist_MBE:
case Ist_IMark:
case Ist_WrTmp:
case Ist_Exit:
addStmtToIRSB( sbOut, st );
break;
case Ist_Store:
dataTy = typeOfIRExpr( tyenv, st->Ist.Store.data );
argv = mkIRExprVec_2( st->Ist.Store.addr, mkIRExpr_HWord(
sizeofIRType( dataTy ) ) );
di = unsafeIRDirty_0_N(/*regparms*/2, "trace_store",
VG_(fnptr_to_fnentry)( trace_store ), argv);
addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
addStmtToIRSB( sbOut, st );
break;
case Ist_LLSC:
if (st->Ist.LLSC.storedata != NULL) {
dataTy = typeOfIRExpr( tyenv, st->Ist.LLSC.storedata );
argv = mkIRExprVec_2( st->Ist.LLSC.addr, mkIRExpr_HWord(
sizeofIRType( dataTy ) ) );
di = unsafeIRDirty_0_N(/*regparms*/2, "trace_store",
VG_(fnptr_to_fnentry)( trace_store ), argv);
addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
addStmtToIRSB( sbOut, st );
}
break;
case Ist_Dirty:
di = st->Ist.Dirty.details;
if (di->mFx != Ifx_None) {
// This dirty helper accesses memory. Collect the details.
tl_assert(di->mAddr != NULL);
tl_assert(di->mSize != 0);
if (di->mFx == Ifx_Write || di->mFx == Ifx_Modify) {
argv = mkIRExprVec_2( di->mAddr, mkIRExpr_HWord(
di->mSize ) );
di = unsafeIRDirty_0_N( /*regparms*/2, "trace_store",
VG_(fnptr_to_fnentry)( trace_store ), argv );
addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
}
} else {
tl_assert(di->mAddr == NULL);
tl_assert(di->mSize == 0);
}
addStmtToIRSB( sbOut, st );
break;
case Ist_CAS:
cas = st->Ist.CAS.details;
tl_assert(cas->addr != NULL);
tl_assert(cas->dataLo != NULL);
argv = mkIRExprVec_2( cas->addr, mkIRExpr_HWord(
sizeofIRType(typeOfIRExpr(tyenv, cas->dataLo)) * (cas->dataHi
!= NULL ? 2 : 1) ) );
di = unsafeIRDirty_0_N( /*regparms*/2, "trace_store",
VG_(fnptr_to_fnentry)( trace_store ), argv );
addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
addStmtToIRSB( sbOut, st );
break;
}
}
return sbOut;
}
But it fails on ARM with:
IR SANITY CHECK FAILURE
IRSB {
t0:I32 t1:I32 t2:I32 t3:I32 t4:I32 t5:I32 t6:I32 t7:I32
t8:I1 t9:I32 t10:I32 t11:I32 t12:I32 t13:I32 t14:I32 t15:I32
t16:I8 t17:I32 t18:I32 t19:I32 t20:I32 t21:I32 t22:I32
t23:I32
t24:I32 t25:I32 t26:I32 t27:I32 t28:I32 t29:I32 t30:I1
t31:I1
t32:I32 t33:I32 t34:I32 t35:I1 t36:I32 t37:I32 t38:I32
t39:I32
t40:I32 t41:I32 t42:I32 t43:I32 t44:I32 t45:I32 t46:I32
t47:I32
t48:I32 t49:I32 t50:I32 t51:I32 t52:I8 t53:I32 t54:I32
t55:I32
t56:I32 t57:I32 t58:I32 t59:I32 t60:I32 t61:I32 t62:I32
t63:I32
t64:I32 t65:I32 t66:I32 t67:I1 t68:I32 t69:I1 t70:I1 t71:I1
t72:I1 t73:I32 t74:I32 t75:I1 t76:I32 t77:I32 t78:I8 t79:I32
t80:I32 t81:I32 t82:I32 t83:I32 t84:I1
------ IMark(0xFFFF0FC0, 4) ------
IR-Fence
------ IMark(0xFFFF0FC4, 4) ------
PUT(60) = 0xFFFF0FC4:I32
t18 = GET:I32(8)
------ IMark(0xFFFF0FC8, 4) ------
t4 = GET:I32(0)
t5 = Sub32(t0,t4)
PUT(12) = t5
PUT(64) = 0x2:I32
PUT(68) = t0
PUT(72) = t4
PUT(76) = 0x0:I32
------ IMark(0xFFFF0FCC, 4) ------
PUT(60) = 0xFFFF0FCC:I32
t69 = CmpEQ32(t0,t4)
t68 = 1Uto32(t69)
t70 = 32to1(t68)
t71 = Not1(t70)
if (t71) goto {Boring} 0xFFFF0FD0:I32
t33 = GET:I32(4)
DIRTY 1:I1 ::: trace_store[rp=2]{0x3800028c}(t18,0x4:I32)
t8 = ( STle-Cond(t18) = t33 )
t72 = Not1(t8)
t73 = 1Uto32(t72)
PUT(12) = t73
------ IMark(0xFFFF0FD0, 4) ------
t75 = CmpEQ32(t0,t4)
t74 = 1Uto32(t75)
t76 =
armg_calculate_flag_c[mcx=0x9]{0x381304c8}(0x2:I32,t0,t4,0x0:I32):I32
t14 = Xor32(t73,0x1:I32)
t77 =
armg_calculate_flag_v[mcx=0x9]{0x381304b4}(0x2:I32,t0,t4,0x0:I32):I32
t78 = 32to8(t74)
t79 = Mux0X(t78,0x2:I32,0x5:I32)
PUT(64) = t79
t80 = Mux0X(t78,t0,t14)
PUT(68) = t80
t81 = Mux0X(t78,t4,t76)
PUT(72) = t81
t82 = Mux0X(t78,0x0:I32,t77)
PUT(76) = t82
------ IMark(0xFFFF0FD4, 4) ------
PUT(60) = 0xFFFF0FD4:I32
t83 = armg_calculate_condition[mcx=0x9]{0x381304dc}(t79,t80,t81,t82):I32
t84 = 32to1(t83)
if (t84) goto {Boring} 0xFFFF0FC4:I32
goto {Boring} 0xFFFF0FD8:I32
}
IN STATEMENT:
t5 = Sub32(t0,t4)
ERROR = IRTemp use before def in IRExpr
vex: the `impossible' happened:
sanityCheckFail: exiting due to bad IR
vex storage: T total 38331500 bytes allocated
vex storage: P total 0 bytes allocated
valgrind: the 'impossible' happened:
LibVEX called failure_exit().
==19434== at 0x38004664: report_and_quit (m_libcassert.c:193)
==19434== by 0x625A5A4F: ???
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable
==19434== at 0xFFFF0FC0: ???
Could you help me?
Thanks in advance,
Zoltan
|
|
From: Kirill B. <bat...@is...> - 2011-04-05 11:34:08
|
On Tue, 5 Apr 2011, Zoltan Herczeg wrote:
> case Ist_LLSC:
> if (st->Ist.LLSC.storedata != NULL) {
> dataTy = typeOfIRExpr( tyenv, st->Ist.LLSC.storedata );
> argv = mkIRExprVec_2( st->Ist.LLSC.addr, mkIRExpr_HWord(
> sizeofIRType( dataTy ) ) );
> di = unsafeIRDirty_0_N(/*regparms*/2, "trace_store",
> VG_(fnptr_to_fnentry)( trace_store ), argv);
> addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
> addStmtToIRSB( sbOut, st );
> }
> break;
This "if" needs an "else" part for the case when LLSC is Load-linked.
Otherwise the statement would not been copied sometimes.
> ------ IMark(0xFFFF0FC0, 4) ------
> IR-Fence
> ------ IMark(0xFFFF0FC4, 4) ------
> PUT(60) = 0xFFFF0FC4:I32
> t18 = GET:I32(8)
// A load-linked statement should be here but it is missing.
// Original instruction was: "ldrex r3, [r2]"
> ------ IMark(0xFFFF0FC8, 4) ------
> t4 = GET:I32(0)
> t5 = Sub32(t0,t4)
> PUT(12) = t5
> PUT(64) = 0x2:I32
> PUT(68) = t0
> PUT(72) = t4
> PUT(76) = 0x0:I32
> ------ IMark(0xFFFF0FCC, 4) ------
----
Kirill.
|
|
From: Zoltan H. <zhe...@in...> - 2011-04-05 11:52:02
|
Hi,
thank you very much, now it works! Seems x86 does not use this form.
Regards,
Zoltan
>
>
> On Tue, 5 Apr 2011, Zoltan Herczeg wrote:
>
>> case Ist_LLSC:
>> if (st->Ist.LLSC.storedata != NULL) {
>> dataTy = typeOfIRExpr( tyenv, st->Ist.LLSC.storedata );
>> argv = mkIRExprVec_2( st->Ist.LLSC.addr,
>> mkIRExpr_HWord(
>> sizeofIRType( dataTy ) ) );
>> di = unsafeIRDirty_0_N(/*regparms*/2, "trace_store",
>> VG_(fnptr_to_fnentry)( trace_store ), argv);
>> addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
>> addStmtToIRSB( sbOut, st );
>> }
>> break;
> This "if" needs an "else" part for the case when LLSC is Load-linked.
> Otherwise the statement would not been copied sometimes.
>
>> ------ IMark(0xFFFF0FC0, 4) ------
>> IR-Fence
>> ------ IMark(0xFFFF0FC4, 4) ------
>> PUT(60) = 0xFFFF0FC4:I32
>> t18 = GET:I32(8)
> // A load-linked statement should be here but it is missing.
> // Original instruction was: "ldrex r3, [r2]"
>> ------ IMark(0xFFFF0FC8, 4) ------
>> t4 = GET:I32(0)
>> t5 = Sub32(t0,t4)
>> PUT(12) = t5
>> PUT(64) = 0x2:I32
>> PUT(68) = t0
>> PUT(72) = t4
>> PUT(76) = 0x0:I32
>> ------ IMark(0xFFFF0FCC, 4) ------
>
> ----
> Kirill.
>
|
|
From: Zoltan H. <zhe...@in...> - 2011-04-05 12:35:16
|
Hi,
now a simple applications is able to run on an ARM-Tegra board with
valgrind, but I got the following error with WebKit:
==29248==
==29248== Process terminating with default action of signal 11 (SIGSEGV)
==29248== Bad permissions for mapped region at address 0x7800B7C
==29248== at 0x7128DC8: __pthread_initialize_minimal (in
/lib/libpthread-2.10.1.so)
==29248==
Do you know about this error?
Thanks in advance,
Zoltan
> Hi,
>
> thank you very much, now it works! Seems x86 does not use this form.
>
> Regards,
> Zoltan
>
>>
>>
>> On Tue, 5 Apr 2011, Zoltan Herczeg wrote:
>>
>>> case Ist_LLSC:
>>> if (st->Ist.LLSC.storedata != NULL) {
>>> dataTy = typeOfIRExpr( tyenv, st->Ist.LLSC.storedata );
>>> argv = mkIRExprVec_2( st->Ist.LLSC.addr,
>>> mkIRExpr_HWord(
>>> sizeofIRType( dataTy ) ) );
>>> di = unsafeIRDirty_0_N(/*regparms*/2, "trace_store",
>>> VG_(fnptr_to_fnentry)( trace_store ), argv);
>>> addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
>>> addStmtToIRSB( sbOut, st );
>>> }
>>> break;
>> This "if" needs an "else" part for the case when LLSC is Load-linked.
>> Otherwise the statement would not been copied sometimes.
>>
>>> ------ IMark(0xFFFF0FC0, 4) ------
>>> IR-Fence
>>> ------ IMark(0xFFFF0FC4, 4) ------
>>> PUT(60) = 0xFFFF0FC4:I32
>>> t18 = GET:I32(8)
>> // A load-linked statement should be here but it is missing.
>> // Original instruction was: "ldrex r3, [r2]"
>>> ------ IMark(0xFFFF0FC8, 4) ------
>>> t4 = GET:I32(0)
>>> t5 = Sub32(t0,t4)
>>> PUT(12) = t5
>>> PUT(64) = 0x2:I32
>>> PUT(68) = t0
>>> PUT(72) = t4
>>> PUT(76) = 0x0:I32
>>> ------ IMark(0xFFFF0FCC, 4) ------
>>
>> ----
>> Kirill.
|