libmudflap object unregistration
Frank Ch. Eigler
fche@redhat.com
Wed Jun 15 16:15:00 GMT 2005
+ 2005-06-15 Frank Ch. Eigler <fche@redhat.com>
+
+ Fix for uncaching bug reported by Herman ten Brugge.
+ * mf-runtime.c (__mf_uncache_object): Search whole cache.
+ * testsuite/libmudflap.c/fail40-frag.c: New test.
+
Index: mf-runtime.c
===================================================================
RCS file: /cvs/gcc/gcc/libmudflap/mf-runtime.c,v
retrieving revision 1.22
diff -w -s -p -r1.22 mf-runtime.c
*** mf-runtime.c 4 Apr 2005 10:09:46 -0000 1.22
--- mf-runtime.c 15 Jun 2005 16:14:20 -0000
*************** void __mfu_check (void *ptr, size_t sz,
*** 919,925 ****
judgement = -1;
}
! /* We now know that the access spans one or more only valid objects. */
if (LIKELY (judgement >= 0))
for (i = 0; i < obj_count; i++)
{
--- 919,925 ----
judgement = -1;
}
! /* We now know that the access spans no invalid objects. */
if (LIKELY (judgement >= 0))
for (i = 0; i < obj_count; i++)
{
*************** __mf_uncache_object (__mf_object_t *old_
*** 1064,1077 ****
/* Can it possibly exist in the cache? */
if (LIKELY (old_obj->read_count + old_obj->write_count))
{
uintptr_t low = old_obj->low;
uintptr_t high = old_obj->high;
! unsigned idx_low = __MF_CACHE_INDEX (low);
! unsigned idx_high = __MF_CACHE_INDEX (high);
unsigned i;
! for (i = idx_low; i <= idx_high; i++)
{
- struct __mf_cache *entry = & __mf_lookup_cache [i];
/* NB: the "||" in the following test permits this code to
tolerate the situation introduced by __mf_check over
contiguous objects, where a cache entry spans several
--- 1064,1077 ----
/* Can it possibly exist in the cache? */
if (LIKELY (old_obj->read_count + old_obj->write_count))
{
+ /* As reported by Herman ten Brugge, we need to scan the entire
+ cache for entries that may hit this object. */
uintptr_t low = old_obj->low;
uintptr_t high = old_obj->high;
! struct __mf_cache *entry = & __mf_lookup_cache [0];
unsigned i;
! for (i = 0; i <= __mf_lc_mask; i++, entry++)
{
/* NB: the "||" in the following test permits this code to
tolerate the situation introduced by __mf_check over
contiguous objects, where a cache entry spans several
Index: testsuite/libmudflap.c/fail40-frag.c
===================================================================
RCS file: testsuite/libmudflap.c/fail40-frag.c
diff -N testsuite/libmudflap.c/fail40-frag.c
*** /dev/null 1 Jan 1970 00:00:00 -0000
--- testsuite/libmudflap.c/fail40-frag.c 15 Jun 2005 16:14:20 -0000
***************
*** 0 ****
--- 1,56 ----
+ /* Test proper lookup-uncaching of large objects */
+ #include "../config.h"
+
+ #include <unistd.h>
+ #include <string.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #ifdef HAVE_SYS_MMAN_H
+ #include <sys/mman.h>
+ #endif
+
+ int main ()
+ {
+ #ifndef MAP_ANONYMOUS
+ #define MAP_ANONYMOUS MAP_ANON
+ #endif
+ #ifdef HAVE_MMAP
+ volatile unsigned char *p;
+ unsigned num = getpagesize ();
+ unsigned i;
+ int rc;
+
+ /* Get a bit of usable address space. We really want an 2**N+1-sized object,
+ so the low/high addresses wrap when hashed into the lookup cache. So we
+ will manually unregister the entire mmap, then re-register a slice. */
+ p = mmap (NULL, num, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
+ if (p == NULL)
+ return 1;
+ /* Now unregister it, as if munmap was called. But don't actually munmap, so
+ we can write into the memory. */
+ __mf_unregister ((void *) p, num, __MF_TYPE_HEAP_I);
+
+ /* Now register it under a slightly inflated, 2**N+1 size. */
+ __mf_register ((void *) p, num+1, __MF_TYPE_HEAP_I, "fake mmap registration");
+
+ /* Traverse array to ensure that entire lookup cache is made to point at it. */
+ for (i=0; i<num; i++)
+ p[i] = 0;
+
+ /* Unregister it. This should clear the entire lookup cache, even though
+ hash(low) == hash (high) (and probably == 0) */
+ __mf_unregister ((void *) p, num+1, __MF_TYPE_HEAP_I);
+
+ /* Now touch the middle portion of the ex-array. If the lookup cache was
+ well and truly cleaned, then this access should trap. */
+ p[num/2] = 1;
+
+ return 0;
+ #else
+ return 1;
+ #endif
+ }
+ /* { dg-output "mudflap violation 1.*check/write.*" } */
+ /* { dg-output "Nearby object 1.*" } */
+ /* { dg-output "mudflap dead object.*fake mmap registration.*" } */
+ /* { dg-do run { xfail *-*-* } } */
More information about the Gcc-patches
mailing list