> https://bugs.kde.org/show_bug.cgi?id=294285
> 1) Am I correct that this is a bug?
It seems to me that there may be at least one set of cases where
the memcheck complaint might be correct, namely if there is no '\0'
in an allocated block whose length is not a multiple of 16.
[Example: blk = malloc(11); allocator delivers block of
16 bytes; memcpy(blk, "123456789AB", 11); if (x < strlen(blk)) ...;]
Then pcmpeqb examines blk[11] that is beyond the malloc()ed length.
That's a true error unless it can be proved that the uninit
portion of the pcmpeqb result (the 0xF800 bits of the mask)
never is used. Proving that the pmovmskb and the bsf do not
depend on the uninit bits is hard. It's harder than proving
the correctness of the "super-optimized" code for strlen()
that uses general purpose registers and constants such as
0x01010101 and 0xfefefeff. memcheck currently cannot grok such
general-register code, and developers have resisted employing heuristics
such as looking for immediate constants 0x01010101, etc. The workarounds
are to demand interception of many str*() and mem*() routines,
to avoid generating inline str*(), and to write explicit suppressions.
> 2) How hard would it be to fix? Specifically, is this something a
> skilled C programmer with no prior knowledge of Valgrind might be able
> to tackle in a reasonable timeframe? :-)
It's exceptionally difficult, and essentially impossible given the
current aversion to dealing properly with data-dependent uninits.
The sequence pcmpeqb;pmovmskb;bsf is an idiom that can be detected
in nearly all cases, so the complaint could be auto-intercepted "on demand."
In particular, I have posted code that heuristically detects inlined
strlen() on demand for traditional $ARCH such as PowerPC and x86,
but the patch was ignored.
[Note that memcheck doesn't even grok data-dependent (non-)propagation
of Carry bits in two's complement integer addition! memcheck says:
"any uninit input to ADD ==> all output bits of same or higher place
value ("to the left") are uninit. This is pessimistic because it
ignores the possibility of '0' bits in matching positions
of the inputs, which stops the propagation of uninit Carry.]
--
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Valgrind-users mailing list
Valgrind-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/valgrind-users
