libmudflap object unregistration

Frank Ch. Eigler fche@redhat.com
Wed Jun 15 16:15:00 GMT 2005 

+ 2005-06-15  Frank Ch. Eigler  <fche@redhat.com>
+ 
+ 	Fix for uncaching bug reported by Herman ten Brugge.
+ 	* mf-runtime.c (__mf_uncache_object): Search whole cache.
+ 	* testsuite/libmudflap.c/fail40-frag.c: New test.
+ 

Index: mf-runtime.c
===================================================================
RCS file: /cvs/gcc/gcc/libmudflap/mf-runtime.c,v
retrieving revision 1.22
diff -w -s -p -r1.22 mf-runtime.c
*** mf-runtime.c	4 Apr 2005 10:09:46 -0000	1.22
--- mf-runtime.c	15 Jun 2005 16:14:20 -0000
*************** void __mfu_check (void *ptr, size_t sz, 
*** 919,925 ****
                    judgement = -1;
                }
  
!             /* We now know that the access spans one or more only valid objects.  */
              if (LIKELY (judgement >= 0))
                for (i = 0; i < obj_count; i++)
                  {
--- 919,925 ----
                    judgement = -1;
                }
  
!             /* We now know that the access spans no invalid objects.  */
              if (LIKELY (judgement >= 0))
                for (i = 0; i < obj_count; i++)
                  {
*************** __mf_uncache_object (__mf_object_t *old_
*** 1064,1077 ****
    /* Can it possibly exist in the cache?  */
    if (LIKELY (old_obj->read_count + old_obj->write_count))
      {
        uintptr_t low = old_obj->low;
        uintptr_t high = old_obj->high;
!       unsigned idx_low = __MF_CACHE_INDEX (low);
!       unsigned idx_high = __MF_CACHE_INDEX (high);
        unsigned i;
!       for (i = idx_low; i <= idx_high; i++)
          {
-           struct __mf_cache *entry = & __mf_lookup_cache [i];
            /* NB: the "||" in the following test permits this code to
               tolerate the situation introduced by __mf_check over
               contiguous objects, where a cache entry spans several
--- 1064,1077 ----
    /* Can it possibly exist in the cache?  */
    if (LIKELY (old_obj->read_count + old_obj->write_count))
      {
+       /* As reported by Herman ten Brugge, we need to scan the entire
+          cache for entries that may hit this object. */
        uintptr_t low = old_obj->low;
        uintptr_t high = old_obj->high;
!       struct __mf_cache *entry = & __mf_lookup_cache [0];
        unsigned i;
!       for (i = 0; i <= __mf_lc_mask; i++, entry++)
          {
            /* NB: the "||" in the following test permits this code to
               tolerate the situation introduced by __mf_check over
               contiguous objects, where a cache entry spans several
Index: testsuite/libmudflap.c/fail40-frag.c
===================================================================
RCS file: testsuite/libmudflap.c/fail40-frag.c
diff -N testsuite/libmudflap.c/fail40-frag.c
*** /dev/null	1 Jan 1970 00:00:00 -0000
--- testsuite/libmudflap.c/fail40-frag.c	15 Jun 2005 16:14:20 -0000
***************
*** 0 ****
--- 1,56 ----
+ /* Test proper lookup-uncaching of large objects */
+ #include "../config.h"
+ 
+ #include <unistd.h>
+ #include <string.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #ifdef HAVE_SYS_MMAN_H
+ #include <sys/mman.h>
+ #endif
+ 
+ int main ()
+ {
+ #ifndef MAP_ANONYMOUS
+ #define MAP_ANONYMOUS MAP_ANON
+ #endif
+ #ifdef HAVE_MMAP
+   volatile unsigned char *p;
+   unsigned num = getpagesize ();
+   unsigned i;
+   int rc;
+ 
+   /* Get a bit of usable address space.  We really want an 2**N+1-sized object,
+      so the low/high addresses wrap when hashed into the lookup cache.  So we
+      will manually unregister the entire mmap, then re-register a slice.  */
+   p = mmap (NULL, num, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
+   if (p == NULL)
+     return 1;
+   /* Now unregister it, as if munmap was called.  But don't actually munmap, so
+      we can write into the memory.  */
+   __mf_unregister ((void *) p, num, __MF_TYPE_HEAP_I);
+ 
+   /* Now register it under a slightly inflated, 2**N+1 size.  */
+   __mf_register ((void *) p, num+1, __MF_TYPE_HEAP_I, "fake mmap registration");
+ 
+   /* Traverse array to ensure that entire lookup cache is made to point at it.  */
+   for (i=0; i<num; i++)
+     p[i] = 0;
+ 
+   /* Unregister it.  This should clear the entire lookup cache, even though
+      hash(low) == hash (high)  (and probably == 0) */
+   __mf_unregister ((void *) p, num+1, __MF_TYPE_HEAP_I);
+ 
+   /* Now touch the middle portion of the ex-array.  If the lookup cache was
+      well and truly cleaned, then this access should trap.  */
+   p[num/2] = 1;
+ 
+   return 0;
+ #else
+   return 1;
+ #endif
+ }
+ /* { dg-output "mudflap violation 1.*check/write.*" } */
+ /* { dg-output "Nearby object 1.*" } */
+ /* { dg-output "mudflap dead object.*fake mmap registration.*" } */
+ /* { dg-do run { xfail *-*-* } } */

More information about the Gcc-patches mailing list