I have been trying to understand why valgrind complains about "Use of uninitialised value of size 8" for this small test program that uses ucontexts. It is basically a program that creates "n_ucs" ucontexts and switches over them for "max_switch" times.
I understand the "Warning: client switching stacks?" (which is basically what the program all about), but I can't really make sense to all the "Use of uninitialised value of size 8"
I would like to get some help understanding if Valgrind errors are false positive or if this program has something fundamentally wrong. (I see a lot of them on a much larger program that uses the same mechanisms, but I have distilled it to the minimum to post here).
Any help is appreciated.
Thanks,
Jack
#include <stdio.h>
#include <stdlib.h>
#include <sys/time.h>
#include <ucontext.h>
#define STACK_SIZE (8*1024)
int n_ucs = 1;
int max_switchs = 10;
int n_switchs = 0;
int tid = 0;
ucontext_t *ucs;
static ucontext_t engine_uc;
static void func(int arg)
{
while (n_switchs < max_switchs) {
int c_tid = tid;
int n_tid = (tid + 1) % n_ucs;
n_switchs++;
tid = n_tid;
swapcontext(&ucs[c_tid], &ucs[n_tid]);
}
}
int main(int argc, char **argv)
{
if (argc > 1)
n_ucs = atoi(argv[1]);
if (argc > 2)
max_switchs = atoi(argv[2]);
ucs = malloc(sizeof(ucontext_t) * n_ucs);
int i;
for (i = 0; i < n_ucs; i++) {
/* Create initial ucontext_t, including stack */
getcontext(&ucs[i]);
ucs[i].uc_stack.ss_sp = malloc(STACK_SIZE);
ucs[i].uc_stack.ss_size = STACK_SIZE;
ucs[i].uc_stack.ss_flags = 0;
ucs[i].uc_link = &engine_uc;
makecontext(&ucs[i], (void (*)())func, 1, i);
}
/* jump to the first uc */
swapcontext(&engine_uc, &ucs[tid]);
/* destroy stacks */
for (i = 0; i < n_ucs; i++)
free(ucs[i].uc_stack.ss_sp);
free(ucs);
return 0;
}
compile with gcc main.c and run with ./a.out 2 2
gcc -v
Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.8/lto-wrapper Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.8.2-19ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-4.8/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.8 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.8 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-libmudflap --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.8-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.8-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.8-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
ldd --version
ldd (Ubuntu EGLIBC 2.19-0ubuntu6.3) 2.19 Copyright (C) 2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper.
valgrind --track-origins=yes ./a.out 2 2
==21949== Memcheck, a memory error detector
==21949== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==21949== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==21949== Command: ./a.out 2 2
==21949==
==21949== Warning: client switching stacks? SP change: 0xffefffdd8 --> 0x51ff7b8
==21949== to suppress, use: --max-stackframe=68616717856 or greater
==21949== Use of uninitialised value of size 8
==21949== at 0x400738: func (main.c:25)
==21949== by 0x4E58EC4: (below main) (libc-start.c:287)
==21949== Uninitialised value was created by a stack allocation
==21949== at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Conditional jump or move depends on uninitialised value(s)
==21949== at 0x4E807A7: __start_context (__start_context.S:37)
==21949== by 0x4E58EC4: (below main) (libc-start.c:287)
==21949== Uninitialised value was created by a stack allocation
==21949== at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Syscall param rt_sigprocmask(set) contains uninitialised byte(s)
==21949== at 0x4E7E0EC: setcontext (setcontext.S:47)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== Uninitialised value was created by a stack allocation
==21949== at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Use of uninitialised value of size 8
==21949== at 0x4E7E0F5: setcontext (setcontext.S:54)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== Uninitialised value was created by a stack allocation
==21949== at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Use of uninitialised value of size 8
==21949== at 0x4E7E0FE: setcontext (setcontext.S:56)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== by 0x4E807AD: __start_context (__start_context.S:39)
==21949== Uninitialised value was created by a stack allocation
==21949== at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Warning: client switching stacks? SP change: 0x51ff7c0 --> 0xffefffde0
==21949== to suppress, use: --max-stackframe=68616717856 or greater
==21949==
==21949== HEAP SUMMARY:
==21949== in use at exit: 0 bytes in 0 blocks
==21949== total heap usage: 3 allocs, 3 frees, 18,256 bytes allocated
==21949==
==21949== All heap blocks were freed -- no leaks are possible
==21949==
==21949== For counts of detected and suppressed errors, rerun with: -v
==21949== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
You must notify valgrind about the stack's change. Read an example here https://github.com/lu-zero/valgrind/blob/master/memcheck/tests/linux/stack_changes.c
This is the correct code:
#include <stdio.h>
#include <stdlib.h>
#include <sys/time.h>
#include <ucontext.h>
#include <valgrind/valgrind.h>
#define STACK_SIZE (8*1024)
int n_ucs = 1;
int max_switchs = 10;
int n_switchs = 0;
int tid = 0;
ucontext_t *ucs;
static ucontext_t engine_uc;
void func(int arg)
{
while (n_switchs < max_switchs) {
int c_tid = tid;
int n_tid = (tid + 1) % n_ucs;
n_switchs++;
tid = n_tid;
swapcontext(&ucs[c_tid], &ucs[n_tid]);
}
}
int main(int argc, char **argv)
{
if (argc > 1)
n_ucs = atoi(argv[1]);
if (argc > 2)
max_switchs = atoi(argv[2]);
ucs = malloc(sizeof(ucontext_t) * n_ucs);
//store the VALGRIND_STACK_REGISTER return values
int* valgrind_ret = malloc(n_ucs*sizeof(int));
int i;
for (i = 0; i < n_ucs; i++) {
/* Create initial ucontext_t, including stack */
getcontext(&ucs[i]);
//pass stack to valgrind
void* mystack = malloc(STACK_SIZE);
VALGRIND_STACK_REGISTER(mystack, mystack + STACK_SIZE);
ucs[i].uc_stack.ss_sp = mystack;
ucs[i].uc_stack.ss_size = STACK_SIZE;
ucs[i].uc_stack.ss_flags = 0;
ucs[i].uc_link = &engine_uc;
makecontext(&ucs[i], (void (*)())func, 1, i);
}
/* jump to the first uc */
swapcontext(&engine_uc, &ucs[tid]);
/* destroy stacks */
for (i = 0; i < n_ucs; i++) {
//valgrind stack deregister
VALGRIND_STACK_DEREGISTER(valgrind_ret[i]);
free(ucs[i].uc_stack.ss_sp);
}
free(ucs);
return 0;
}
I still don't exactly understand why valgrind is showing these uninitialized errors exactly but i'll give it my best shot to explain what I understood till now;
On running and analyzing the program via valgrind and based on information from man pages of swapcontext(3) and getcontext(3), I think it is failing to detect the some context swaps (failing to see stack pointer change for swapcontext from tid 0 to tid 1 and the swapcontext from tid 1 back to tid 0)
Read below as: who's stack[number of call]:function call
So, I think function call trace is something like this:
main:swapcontext(main, tid 0) ->
main[tid 0's 1st func call]:func() ->
tid 0:swapcontext(tid 0, tid 1) -> {Stack => tiod 0}
tid 1:func() ->
swapcontext(tid 1, tid 0) -> {Stack => tiod 1}
tid 0[2nd call]: func() ->
return immediately since n_switchs = 2 ->
pop tid 0[2nd call]: func() stack frame from tid 1's stack -> {1st Uninitialized access according to valgrind}
tid 0[2nd call]: func() finishes -> checks uc_link; finds engine_uc (main context) set there ->
From here on things get unclear for me but following seems to be the likely trace:
resets sigprocmask -> {2nd Uninitialized access} setcontext()s back to main context -> {3rd Uinitialized access ?} {Stack => main}
On return, stack frame for [tid 0's 1st call] popped from main's stack->
main [tid 0's 1st call]:func() finishes as well because of n_switchs = 2 -> check uc_link; finds engine_uc again -> resets sigprocmask -> {not uninitialized access ?}
On return, stack frame for main:swapcontext() is popped from main's stack ->
setcontext()s back to main context -> {4th Uninitialized access ?} {Stack => main}
we come back to main(), free stuff and exit
Some References:
https://www.gnu.org/software/libc/manual/html_node/System-V-contexts.html http://www.cs.uwm.edu/classes/cs315/Bacon/Lecture/HTML/ch10s07.html
Note: I know this is not a complete answer but I didn't want to post such a long explanation in comments section; hence posted here.
来源:https://stackoverflow.com/questions/25703245/valgrind-error-and-ucontext-why-use-of-uninitialised-value-of-size-8