|
From: Konstantin S. <kon...@gm...> - 2010-01-28 08:39:43
|
Hello,
It looks like the futex syscall with FUTEX_WAKE parameter is handled
incorrectly by the valgrind core.
PRE(sys_futex)
{
/*
arg param used by ops
ARG1 - u32 *futex all
...
PRE_MEM_READ( "futex(futex)", ARG1, sizeof(Int) );
When futex is called with FUTEX_WAKE, the first parameter is not
dereferenced and hence valgrind should not do PRE_MEM_READ( "futex(futex)",
ARG1, sizeof(Int) );
>From man 2 futex:
FUTEX_WAKE
This operation wakes at most val processes waiting on this
futex address (i.e., inside FUTEX_WAIT).
Here is a legal program on which memcheck complains:
int *f;
void *wait_thread(void *) {
printf("wait_thread in\n");
sys_futex(f, FUTEX_WAIT, 42, 0);
printf("wait_thread out\n");
}
int main() {
f = (int*)malloc(sizeof(int));
*f = 42;
pthread_t t;
pthread_create(&t, NULL, wait_thread, NULL);
sleep(2);
printf("calling sys_futex(f, FUTEX_WAKE, 42) (first time)\n");
sys_futex(f, FUTEX_WAKE, 42, 0);
pthread_join(t, NULL);
printf("calling free(f)\n");
free (f);
printf("calling sys_futex(f, FUTEX_WAKE, 42) (second time; f has been
already freed)\n");
sys_futex(f, FUTEX_WAKE, 42, 0);
return 0;
}
==28526== Syscall param futex(futex) points to unaddressable byte(s)
==28526== at 0x4007E6: sys_futex(int*, int, int, kernel_timespec*) (in
/home/kcc/tmp/a.out)
==28526== by 0x4008CF: main (in /home/kcc/tmp/a.out)
==28526== Address 0x5b40040 is 0 bytes inside a block of size 4 free'd
==28526== at 0x4C22D2B: free (vg_replace_malloc.c:325)
==28526== by 0x4008AA: main (in /home/kcc/tmp/a.out)
==28526==
Could someone please fix this?
Shall I open a bug report?
Thanks,
--kcc
|