1 2 /*--------------------------------------------------------------------*/ 3 /*--- A header file for all parts of the MemCheck tool. ---*/ 4 /*--- mc_include.h ---*/ 5 /*--------------------------------------------------------------------*/ 6 7 /* 8 This file is part of MemCheck, a heavyweight Valgrind tool for 9 detecting memory errors. 10 11 Copyright (C) 2000-2010 Julian Seward 12 jseward (at) acm.org 13 14 This program is free software; you can redistribute it and/or 15 modify it under the terms of the GNU General Public License as 16 published by the Free Software Foundation; either version 2 of the 17 License, or (at your option) any later version. 18 19 This program is distributed in the hope that it will be useful, but 20 WITHOUT ANY WARRANTY; without even the implied warranty of 21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 General Public License for more details. 23 24 You should have received a copy of the GNU General Public License 25 along with this program; if not, write to the Free Software 26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 27 02111-1307, USA. 28 29 The GNU General Public License is contained in the file COPYING. 30 */ 31 32 #ifndef __MC_INCLUDE_H 33 #define __MC_INCLUDE_H 34 35 #define MC_(str) VGAPPEND(vgMemCheck_,str) 36 37 38 /* This is a private header file for use only within the 39 memcheck/ directory. */ 40 41 /*------------------------------------------------------------*/ 42 /*--- Tracking the heap ---*/ 43 /*------------------------------------------------------------*/ 44 45 /* We want at least a 64B redzone on client heap blocks for Memcheck */ 46 #define MC_MALLOC_REDZONE_SZB 64 47 48 /* For malloc()/new/new[] vs. free()/delete/delete[] mismatch checking. */ 49 typedef 50 enum { 51 MC_AllocMalloc = 0, 52 MC_AllocNew = 1, 53 MC_AllocNewVec = 2, 54 MC_AllocCustom = 3 55 } 56 MC_AllocKind; 57 58 /* This describes a heap block. Nb: first two fields must match core's 59 * VgHashNode. */ 60 typedef 61 struct _MC_Chunk { 62 struct _MC_Chunk* next; 63 Addr data; // Address of the actual block. 64 SizeT szB : (sizeof(SizeT)*8)-2; // Size requested; 30 or 62 bits. 65 MC_AllocKind allockind : 2; // Which operation did the allocation. 66 ExeContext* where; // Where it was allocated. 67 } 68 MC_Chunk; 69 70 /* Memory pool. Nb: first two fields must match core's VgHashNode. */ 71 typedef 72 struct _MC_Mempool { 73 struct _MC_Mempool* next; 74 Addr pool; // pool identifier 75 SizeT rzB; // pool red-zone size 76 Bool is_zeroed; // allocations from this pool are zeroed 77 VgHashTable chunks; // chunks associated with this pool 78 } 79 MC_Mempool; 80 81 82 void* MC_(new_block) ( ThreadId tid, 83 Addr p, SizeT size, SizeT align, 84 Bool is_zeroed, MC_AllocKind kind, 85 VgHashTable table); 86 void MC_(handle_free) ( ThreadId tid, 87 Addr p, UInt rzB, MC_AllocKind kind ); 88 89 void MC_(create_mempool) ( Addr pool, UInt rzB, Bool is_zeroed ); 90 void MC_(destroy_mempool) ( Addr pool ); 91 void MC_(mempool_alloc) ( ThreadId tid, Addr pool, 92 Addr addr, SizeT size ); 93 void MC_(mempool_free) ( Addr pool, Addr addr ); 94 void MC_(mempool_trim) ( Addr pool, Addr addr, SizeT size ); 95 void MC_(move_mempool) ( Addr poolA, Addr poolB ); 96 void MC_(mempool_change) ( Addr pool, Addr addrA, Addr addrB, SizeT size ); 97 Bool MC_(mempool_exists) ( Addr pool ); 98 99 MC_Chunk* MC_(get_freed_list_head)( void ); 100 101 /* For tracking malloc'd blocks. Nb: it's quite important that it's a 102 VgHashTable, because VgHashTable allows duplicate keys without complaint. 103 This can occur if a user marks a malloc() block as also a custom block with 104 MALLOCLIKE_BLOCK. */ 105 extern VgHashTable MC_(malloc_list); 106 107 /* For tracking memory pools. */ 108 extern VgHashTable MC_(mempool_list); 109 110 /* Shadow memory functions */ 111 Bool MC_(check_mem_is_noaccess)( Addr a, SizeT len, Addr* bad_addr ); 112 void MC_(make_mem_noaccess) ( Addr a, SizeT len ); 113 void MC_(make_mem_undefined_w_otag)( Addr a, SizeT len, UInt otag ); 114 void MC_(make_mem_defined) ( Addr a, SizeT len ); 115 void MC_(copy_address_range_state) ( Addr src, Addr dst, SizeT len ); 116 117 void MC_(print_malloc_stats) ( void ); 118 119 void* MC_(malloc) ( ThreadId tid, SizeT n ); 120 void* MC_(__builtin_new) ( ThreadId tid, SizeT n ); 121 void* MC_(__builtin_vec_new) ( ThreadId tid, SizeT n ); 122 void* MC_(memalign) ( ThreadId tid, SizeT align, SizeT n ); 123 void* MC_(calloc) ( ThreadId tid, SizeT nmemb, SizeT size1 ); 124 void MC_(free) ( ThreadId tid, void* p ); 125 void MC_(__builtin_delete) ( ThreadId tid, void* p ); 126 void MC_(__builtin_vec_delete) ( ThreadId tid, void* p ); 127 void* MC_(realloc) ( ThreadId tid, void* p, SizeT new_size ); 128 SizeT MC_(malloc_usable_size) ( ThreadId tid, void* p ); 129 130 131 /*------------------------------------------------------------*/ 132 /*--- Origin tracking translate-time support ---*/ 133 /*------------------------------------------------------------*/ 134 135 /* See detailed comments in mc_machine.c. */ 136 Int MC_(get_otrack_shadow_offset) ( Int offset, Int szB ); 137 IRType MC_(get_otrack_reg_array_equiv_int_type) ( IRRegArray* arr ); 138 139 /* Constants which are used as the lowest 2 bits in origin tags. 140 141 An origin tag comprises an upper 30-bit ECU field and a lower 2-bit 142 'kind' field. The ECU field is a number given out by m_execontext 143 and has a 1-1 mapping with ExeContext*s. An ECU can be used 144 directly as an origin tag (otag), but in fact we want to put 145 additional information 'kind' field to indicate roughly where the 146 tag came from. This helps print more understandable error messages 147 for the user -- it has no other purpose. 148 149 Hence the following 2-bit constants are needed for 'kind' field. 150 151 To summarise: 152 153 * Both ECUs and origin tags are represented as 32-bit words 154 155 * m_execontext and the core-tool interface deal purely in ECUs. 156 They have no knowledge of origin tags - that is a purely 157 Memcheck-internal matter. 158 159 * all valid ECUs have the lowest 2 bits zero and at least 160 one of the upper 30 bits nonzero (see VG_(is_plausible_ECU)) 161 162 * to convert from an ECU to an otag, OR in one of the MC_OKIND_ 163 constants below 164 165 * to convert an otag back to an ECU, AND it with ~3 166 */ 167 168 #define MC_OKIND_UNKNOWN 0 /* unknown origin */ 169 #define MC_OKIND_HEAP 1 /* this is a heap origin */ 170 #define MC_OKIND_STACK 2 /* this is a stack origin */ 171 #define MC_OKIND_USER 3 /* arises from user-supplied client req */ 172 173 174 /*------------------------------------------------------------*/ 175 /*--- Profiling of memory events ---*/ 176 /*------------------------------------------------------------*/ 177 178 /* Define to collect detailed performance info. */ 179 /* #define MC_PROFILE_MEMORY */ 180 181 #ifdef MC_PROFILE_MEMORY 182 # define N_PROF_EVENTS 500 183 184 UInt MC_(event_ctr)[N_PROF_EVENTS]; 185 HChar* MC_(event_ctr_name)[N_PROF_EVENTS]; 186 187 # define PROF_EVENT(ev, name) \ 188 do { tl_assert((ev) >= 0 && (ev) < N_PROF_EVENTS); \ 189 /* crude and inaccurate check to ensure the same */ \ 190 /* event isn't being used with > 1 name */ \ 191 if (MC_(event_ctr_name)[ev]) \ 192 tl_assert(name == MC_(event_ctr_name)[ev]); \ 193 MC_(event_ctr)[ev]++; \ 194 MC_(event_ctr_name)[ev] = (name); \ 195 } while (False); 196 197 #else 198 199 # define PROF_EVENT(ev, name) /* */ 200 201 #endif /* MC_PROFILE_MEMORY */ 202 203 204 /*------------------------------------------------------------*/ 205 /*--- V and A bits (Victoria & Albert ?) ---*/ 206 /*------------------------------------------------------------*/ 207 208 /* The number of entries in the primary map can be altered. However 209 we hardwire the assumption that each secondary map covers precisely 210 64k of address space. */ 211 #define SM_SIZE 65536 /* DO NOT CHANGE */ 212 #define SM_MASK (SM_SIZE-1) /* DO NOT CHANGE */ 213 214 #define V_BIT_DEFINED 0 215 #define V_BIT_UNDEFINED 1 216 217 #define V_BITS8_DEFINED 0 218 #define V_BITS8_UNDEFINED 0xFF 219 220 #define V_BITS16_DEFINED 0 221 #define V_BITS16_UNDEFINED 0xFFFF 222 223 #define V_BITS32_DEFINED 0 224 #define V_BITS32_UNDEFINED 0xFFFFFFFF 225 226 #define V_BITS64_DEFINED 0ULL 227 #define V_BITS64_UNDEFINED 0xFFFFFFFFFFFFFFFFULL 228 229 230 /*------------------------------------------------------------*/ 231 /*--- Leak checking ---*/ 232 /*------------------------------------------------------------*/ 233 234 typedef 235 enum { 236 // Nb: the order is important -- it dictates the order of loss records 237 // of equal sizes. 238 Reachable =0, // Definitely reachable from root-set. 239 Possible =1, // Possibly reachable from root-set; involves at 240 // least one interior-pointer along the way. 241 IndirectLeak =2, // Leaked, but reachable from another leaked block 242 // (be it Unreached or IndirectLeak). 243 Unreached =3, // Not reached, ie. leaked. 244 // (At best, only reachable from itself via a cycle.) 245 } 246 Reachedness; 247 248 /* For VALGRIND_COUNT_LEAKS client request */ 249 extern SizeT MC_(bytes_leaked); 250 extern SizeT MC_(bytes_indirect); 251 extern SizeT MC_(bytes_dubious); 252 extern SizeT MC_(bytes_reachable); 253 extern SizeT MC_(bytes_suppressed); 254 255 /* For VALGRIND_COUNT_LEAK_BLOCKS client request */ 256 extern SizeT MC_(blocks_leaked); 257 extern SizeT MC_(blocks_indirect); 258 extern SizeT MC_(blocks_dubious); 259 extern SizeT MC_(blocks_reachable); 260 extern SizeT MC_(blocks_suppressed); 261 262 typedef 263 enum { 264 LC_Off, 265 LC_Summary, 266 LC_Full, 267 } 268 LeakCheckMode; 269 270 /* When a LossRecord is put into an OSet, these elements represent the key. */ 271 typedef 272 struct _LossRecordKey { 273 Reachedness state; // LC_Extra.state value shared by all blocks. 274 ExeContext* allocated_at; // Where they were allocated. 275 } 276 LossRecordKey; 277 278 /* A loss record, used for generating err msgs. Multiple leaked blocks can be 279 * merged into a single loss record if they have the same state and similar 280 * enough allocation points (controlled by --leak-resolution). */ 281 typedef 282 struct _LossRecord { 283 LossRecordKey key; // Key, when used in an OSet. 284 SizeT szB; // Sum of all MC_Chunk.szB values. 285 SizeT indirect_szB; // Sum of all LC_Extra.indirect_szB values. 286 UInt num_blocks; // Number of blocks represented by the record. 287 } 288 LossRecord; 289 290 void MC_(detect_memory_leaks) ( ThreadId tid, LeakCheckMode mode ); 291 292 Bool MC_(is_valid_aligned_word) ( Addr a ); 293 Bool MC_(is_within_valid_secondary) ( Addr a ); 294 295 void MC_(pp_LeakError)(UInt n_this_record, UInt n_total_records, 296 LossRecord* l); 297 298 299 /*------------------------------------------------------------*/ 300 /*--- Errors and suppressions ---*/ 301 /*------------------------------------------------------------*/ 302 303 /* Did we show to the user, any errors for which an uninitialised 304 value origin could have been collected (but wasn't) ? If yes, 305 then, at the end of the run, print a 1 line message advising that a 306 rerun with --track-origins=yes might help. */ 307 extern Bool MC_(any_value_errors); 308 309 /* Standard functions for error and suppressions as required by the 310 core/tool iface */ 311 Bool MC_(eq_Error) ( VgRes res, Error* e1, Error* e2 ); 312 void MC_(before_pp_Error) ( Error* err ); 313 void MC_(pp_Error) ( Error* err ); 314 UInt MC_(update_Error_extra) ( Error* err ); 315 316 Bool MC_(is_recognised_suppression) ( Char* name, Supp* su ); 317 318 Bool MC_(read_extra_suppression_info) ( Int fd, Char** buf, 319 SizeT* nBuf, Supp *su ); 320 321 Bool MC_(error_matches_suppression) ( Error* err, Supp* su ); 322 323 Bool MC_(get_extra_suppression_info) ( Error* err, 324 /*OUT*/Char* buf, Int nBuf ); 325 326 Char* MC_(get_error_name) ( Error* err ); 327 328 /* Recording of errors */ 329 void MC_(record_address_error) ( ThreadId tid, Addr a, Int szB, 330 Bool isWrite ); 331 void MC_(record_cond_error) ( ThreadId tid, UInt otag ); 332 void MC_(record_value_error) ( ThreadId tid, Int szB, UInt otag ); 333 void MC_(record_jump_error) ( ThreadId tid, Addr a ); 334 335 void MC_(record_free_error) ( ThreadId tid, Addr a ); 336 void MC_(record_illegal_mempool_error) ( ThreadId tid, Addr a ); 337 void MC_(record_freemismatch_error) ( ThreadId tid, MC_Chunk* mc ); 338 339 void MC_(record_overlap_error) ( ThreadId tid, Char* function, 340 Addr src, Addr dst, SizeT szB ); 341 void MC_(record_core_mem_error) ( ThreadId tid, Char* msg ); 342 void MC_(record_regparam_error) ( ThreadId tid, Char* msg, UInt otag ); 343 void MC_(record_memparam_error) ( ThreadId tid, Addr a, 344 Bool isAddrErr, Char* msg, UInt otag ); 345 void MC_(record_user_error) ( ThreadId tid, Addr a, 346 Bool isAddrErr, UInt otag ); 347 348 Bool MC_(record_leak_error) ( ThreadId tid, 349 UInt n_this_record, 350 UInt n_total_records, 351 LossRecord* lossRecord, 352 Bool print_record, 353 Bool count_error ); 354 355 /* Is this address in a user-specified "ignored range" ? */ 356 Bool MC_(in_ignored_range) ( Addr a ); 357 358 359 /*------------------------------------------------------------*/ 360 /*--- Client blocks ---*/ 361 /*------------------------------------------------------------*/ 362 363 /* Describes a client block. See mc_main.c. An unused block has 364 start == size == 0. */ 365 typedef 366 struct { 367 Addr start; 368 SizeT size; 369 ExeContext* where; 370 Char* desc; 371 } 372 CGenBlock; 373 374 /* Get access to the client block array. */ 375 void MC_(get_ClientBlock_array)( /*OUT*/CGenBlock** blocks, 376 /*OUT*/UWord* nBlocks ); 377 378 379 /*------------------------------------------------------------*/ 380 /*--- Command line options + defaults ---*/ 381 /*------------------------------------------------------------*/ 382 383 /* Allow loads from partially-valid addresses? default: YES */ 384 extern Bool MC_(clo_partial_loads_ok); 385 386 /* Max volume of the freed blocks queue. */ 387 extern Long MC_(clo_freelist_vol); 388 389 /* Do leak check at exit? default: NO */ 390 extern LeakCheckMode MC_(clo_leak_check); 391 392 /* How closely should we compare ExeContexts in leak records? default: 2 */ 393 extern VgRes MC_(clo_leak_resolution); 394 395 /* In leak check, show reachable-but-not-freed blocks? default: NO */ 396 extern Bool MC_(clo_show_reachable); 397 398 /* In leak check, show possibly-lost blocks? default: YES */ 399 extern Bool MC_(clo_show_possible); 400 401 /* In leak check, show possibly-lost blocks? default: YES */ 402 extern Bool MC_(clo_show_possibly_lost); 403 404 /* Assume accesses immediately below %esp are due to gcc-2.96 bugs. 405 * default: NO */ 406 extern Bool MC_(clo_workaround_gcc296_bugs); 407 408 /* Fill malloc-d/free-d client blocks with a specific value? -1 if 409 not, else 0x00 .. 0xFF indicating the fill value to use. Can be 410 useful for causing programs with bad heap corruption to fail in 411 more repeatable ways. Note that malloc-filled and free-filled 412 areas are still undefined and noaccess respectively. This merely 413 causes them to contain the specified values. */ 414 extern Int MC_(clo_malloc_fill); 415 extern Int MC_(clo_free_fill); 416 417 /* Indicates the level of instrumentation/checking done by Memcheck. 418 419 1 = No undefined value checking, Addrcheck-style behaviour only: 420 only address checking is done. This is faster but finds fewer 421 errors. Note that although Addrcheck had 1 bit per byte 422 overhead vs the old Memcheck's 9 bits per byte, with this mode 423 and compressed V bits, no memory is saved with this mode -- 424 it's still 2 bits per byte overhead. This is a little wasteful 425 -- it could be done with 1 bit per byte -- but lets us reuse 426 the many shadow memory access functions. Note that in this 427 mode neither the secondary V bit table nor the origin-tag cache 428 are used. 429 430 2 = Address checking and Undefined value checking are performed, 431 but origins are not tracked. So the origin-tag cache is not 432 used in this mode. This setting is the default and corresponds 433 to the "normal" Memcheck behaviour that has shipped for years. 434 435 3 = Address checking, undefined value checking, and origins for 436 undefined values are tracked. 437 438 The default is 2. 439 */ 440 extern Int MC_(clo_mc_level); 441 442 // Print a short summary to a separate file. 443 extern const char* MC_(clo_summary_file); 444 445 446 /*------------------------------------------------------------*/ 447 /*--- Instrumentation ---*/ 448 /*------------------------------------------------------------*/ 449 450 /* Functions defined in mc_main.c */ 451 452 /* For the fail_w_o functions, the UWord arg is actually the 32-bit 453 origin tag and should really be UInt, but to be simple and safe 454 considering it's called from generated code, just claim it to be a 455 UWord. */ 456 VG_REGPARM(2) void MC_(helperc_value_checkN_fail_w_o) ( HWord, UWord ); 457 VG_REGPARM(1) void MC_(helperc_value_check8_fail_w_o) ( UWord ); 458 VG_REGPARM(1) void MC_(helperc_value_check4_fail_w_o) ( UWord ); 459 VG_REGPARM(1) void MC_(helperc_value_check1_fail_w_o) ( UWord ); 460 VG_REGPARM(1) void MC_(helperc_value_check0_fail_w_o) ( UWord ); 461 462 /* And call these ones instead to report an uninitialised value error 463 but with no origin available. */ 464 VG_REGPARM(1) void MC_(helperc_value_checkN_fail_no_o) ( HWord ); 465 VG_REGPARM(0) void MC_(helperc_value_check8_fail_no_o) ( void ); 466 VG_REGPARM(0) void MC_(helperc_value_check4_fail_no_o) ( void ); 467 VG_REGPARM(0) void MC_(helperc_value_check1_fail_no_o) ( void ); 468 VG_REGPARM(0) void MC_(helperc_value_check0_fail_no_o) ( void ); 469 470 /* V-bits load/store helpers */ 471 VG_REGPARM(1) void MC_(helperc_STOREV64be) ( Addr, ULong ); 472 VG_REGPARM(1) void MC_(helperc_STOREV64le) ( Addr, ULong ); 473 VG_REGPARM(2) void MC_(helperc_STOREV32be) ( Addr, UWord ); 474 VG_REGPARM(2) void MC_(helperc_STOREV32le) ( Addr, UWord ); 475 VG_REGPARM(2) void MC_(helperc_STOREV16be) ( Addr, UWord ); 476 VG_REGPARM(2) void MC_(helperc_STOREV16le) ( Addr, UWord ); 477 VG_REGPARM(2) void MC_(helperc_STOREV8) ( Addr, UWord ); 478 479 VG_REGPARM(1) ULong MC_(helperc_LOADV64be) ( Addr ); 480 VG_REGPARM(1) ULong MC_(helperc_LOADV64le) ( Addr ); 481 VG_REGPARM(1) UWord MC_(helperc_LOADV32be) ( Addr ); 482 VG_REGPARM(1) UWord MC_(helperc_LOADV32le) ( Addr ); 483 VG_REGPARM(1) UWord MC_(helperc_LOADV16be) ( Addr ); 484 VG_REGPARM(1) UWord MC_(helperc_LOADV16le) ( Addr ); 485 VG_REGPARM(1) UWord MC_(helperc_LOADV8) ( Addr ); 486 487 void MC_(helperc_MAKE_STACK_UNINIT) ( Addr base, UWord len, 488 Addr nia ); 489 490 /* Origin tag load/store helpers */ 491 VG_REGPARM(2) void MC_(helperc_b_store1) ( Addr a, UWord d32 ); 492 VG_REGPARM(2) void MC_(helperc_b_store2) ( Addr a, UWord d32 ); 493 VG_REGPARM(2) void MC_(helperc_b_store4) ( Addr a, UWord d32 ); 494 VG_REGPARM(2) void MC_(helperc_b_store8) ( Addr a, UWord d32 ); 495 VG_REGPARM(2) void MC_(helperc_b_store16)( Addr a, UWord d32 ); 496 VG_REGPARM(1) UWord MC_(helperc_b_load1) ( Addr a ); 497 VG_REGPARM(1) UWord MC_(helperc_b_load2) ( Addr a ); 498 VG_REGPARM(1) UWord MC_(helperc_b_load4) ( Addr a ); 499 VG_REGPARM(1) UWord MC_(helperc_b_load8) ( Addr a ); 500 VG_REGPARM(1) UWord MC_(helperc_b_load16)( Addr a ); 501 502 /* Functions defined in mc_translate.c */ 503 IRSB* MC_(instrument) ( VgCallbackClosure* closure, 504 IRSB* bb_in, 505 VexGuestLayout* layout, 506 VexGuestExtents* vge, 507 IRType gWordTy, IRType hWordTy ); 508 509 IRSB* MC_(final_tidy) ( IRSB* ); 510 511 #endif /* ndef __MC_INCLUDE_H */ 512 513 /*--------------------------------------------------------------------*/ 514 /*--- end ---*/ 515 /*--------------------------------------------------------------------*/ 516
