diff options
author | fche <fche@138bc75d-0d04-0410-961f-82ee72b054a4> | 2005-06-15 16:15:40 +0000 |
---|---|---|
committer | fche <fche@138bc75d-0d04-0410-961f-82ee72b054a4> | 2005-06-15 16:15:40 +0000 |
commit | ee3e981073525e18e194a8c1cbe08cd763ff70ca (patch) | |
tree | 50b5a1f27c89b4772df3a0f85aeb3dba758084d7 | |
parent | f14c820769ea23e8fee897c654e56ccc65aa3cca (diff) | |
download | gcc-ee3e981073525e18e194a8c1cbe08cd763ff70ca.tar.gz |
2005-06-15 Frank Ch. Eigler <fche@redhat.com>
Fix for uncaching bug reported by Herman ten Brugge.
* mf-runtime.c (__mf_uncache_object): Search whole cache.
* testsuite/libmudflap.c/fail40-frag.c: New test.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@100985 138bc75d-0d04-0410-961f-82ee72b054a4
-rw-r--r-- | libmudflap/ChangeLog | 6 | ||||
-rw-r--r-- | libmudflap/mf-runtime.c | 10 | ||||
-rw-r--r-- | libmudflap/testsuite/libmudflap.c/fail40-frag.c | 56 |
3 files changed, 67 insertions, 5 deletions
diff --git a/libmudflap/ChangeLog b/libmudflap/ChangeLog index 6689b971655..1a35d91c356 100644 --- a/libmudflap/ChangeLog +++ b/libmudflap/ChangeLog @@ -1,3 +1,9 @@ +2005-06-15 Frank Ch. Eigler <fche@redhat.com> + + Fix for uncaching bug reported by Herman ten Brugge. + * mf-runtime.c (__mf_uncache_object): Search whole cache. + * testsuite/libmudflap.c/fail40-frag.c: New test. + 2005-05-23 Alfred M. Szmidt <ams@gnu.org> PR libmudflap/21724 diff --git a/libmudflap/mf-runtime.c b/libmudflap/mf-runtime.c index 5732c063408..317aeaef521 100644 --- a/libmudflap/mf-runtime.c +++ b/libmudflap/mf-runtime.c @@ -919,7 +919,7 @@ void __mfu_check (void *ptr, size_t sz, int type, const char *location) judgement = -1; } - /* We now know that the access spans one or more only valid objects. */ + /* We now know that the access spans no invalid objects. */ if (LIKELY (judgement >= 0)) for (i = 0; i < obj_count; i++) { @@ -1064,14 +1064,14 @@ __mf_uncache_object (__mf_object_t *old_obj) /* Can it possibly exist in the cache? */ if (LIKELY (old_obj->read_count + old_obj->write_count)) { + /* As reported by Herman ten Brugge, we need to scan the entire + cache for entries that may hit this object. */ uintptr_t low = old_obj->low; uintptr_t high = old_obj->high; - unsigned idx_low = __MF_CACHE_INDEX (low); - unsigned idx_high = __MF_CACHE_INDEX (high); + struct __mf_cache *entry = & __mf_lookup_cache [0]; unsigned i; - for (i = idx_low; i <= idx_high; i++) + for (i = 0; i <= __mf_lc_mask; i++, entry++) { - struct __mf_cache *entry = & __mf_lookup_cache [i]; /* NB: the "||" in the following test permits this code to tolerate the situation introduced by __mf_check over contiguous objects, where a cache entry spans several diff --git a/libmudflap/testsuite/libmudflap.c/fail40-frag.c b/libmudflap/testsuite/libmudflap.c/fail40-frag.c new file mode 100644 index 00000000000..610be20554d --- /dev/null +++ b/libmudflap/testsuite/libmudflap.c/fail40-frag.c @@ -0,0 +1,56 @@ +/* Test proper lookup-uncaching of large objects */ +#include "../config.h" + +#include <unistd.h> +#include <string.h> +#include <stdio.h> +#include <stdlib.h> +#ifdef HAVE_SYS_MMAN_H +#include <sys/mman.h> +#endif + +int main () +{ +#ifndef MAP_ANONYMOUS +#define MAP_ANONYMOUS MAP_ANON +#endif +#ifdef HAVE_MMAP + volatile unsigned char *p; + unsigned num = getpagesize (); + unsigned i; + int rc; + + /* Get a bit of usable address space. We really want an 2**N+1-sized object, + so the low/high addresses wrap when hashed into the lookup cache. So we + will manually unregister the entire mmap, then re-register a slice. */ + p = mmap (NULL, num, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); + if (p == NULL) + return 1; + /* Now unregister it, as if munmap was called. But don't actually munmap, so + we can write into the memory. */ + __mf_unregister ((void *) p, num, __MF_TYPE_HEAP_I); + + /* Now register it under a slightly inflated, 2**N+1 size. */ + __mf_register ((void *) p, num+1, __MF_TYPE_HEAP_I, "fake mmap registration"); + + /* Traverse array to ensure that entire lookup cache is made to point at it. */ + for (i=0; i<num; i++) + p[i] = 0; + + /* Unregister it. This should clear the entire lookup cache, even though + hash(low) == hash (high) (and probably == 0) */ + __mf_unregister ((void *) p, num+1, __MF_TYPE_HEAP_I); + + /* Now touch the middle portion of the ex-array. If the lookup cache was + well and truly cleaned, then this access should trap. */ + p[num/2] = 1; + + return 0; +#else + return 1; +#endif +} +/* { dg-output "mudflap violation 1.*check/write.*" } */ +/* { dg-output "Nearby object 1.*" } */ +/* { dg-output "mudflap dead object.*fake mmap registration.*" } */ +/* { dg-do run { xfail *-*-* } } */ |