1 2/*--------------------------------------------------------------------*/ 3/*--- A header file for all parts of the MemCheck tool. ---*/ 4/*--- mc_include.h ---*/ 5/*--------------------------------------------------------------------*/ 6 7/* 8 This file is part of MemCheck, a heavyweight Valgrind tool for 9 detecting memory errors. 10 11 Copyright (C) 2000-2010 Julian Seward 12 jseward@acm.org 13 14 This program is free software; you can redistribute it and/or 15 modify it under the terms of the GNU General Public License as 16 published by the Free Software Foundation; either version 2 of the 17 License, or (at your option) any later version. 18 19 This program is distributed in the hope that it will be useful, but 20 WITHOUT ANY WARRANTY; without even the implied warranty of 21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 General Public License for more details. 23 24 You should have received a copy of the GNU General Public License 25 along with this program; if not, write to the Free Software 26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 27 02111-1307, USA. 28 29 The GNU General Public License is contained in the file COPYING. 30*/ 31 32#ifndef __MC_INCLUDE_H 33#define __MC_INCLUDE_H 34 35#define MC_(str) VGAPPEND(vgMemCheck_,str) 36 37 38/* This is a private header file for use only within the 39 memcheck/ directory. */ 40 41/*------------------------------------------------------------*/ 42/*--- Tracking the heap ---*/ 43/*------------------------------------------------------------*/ 44 45/* We want at least a 64B redzone on client heap blocks for Memcheck */ 46#define MC_MALLOC_REDZONE_SZB 64 47 48/* For malloc()/new/new[] vs. free()/delete/delete[] mismatch checking. */ 49typedef 50 enum { 51 MC_AllocMalloc = 0, 52 MC_AllocNew = 1, 53 MC_AllocNewVec = 2, 54 MC_AllocCustom = 3 55 } 56 MC_AllocKind; 57 58/* This describes a heap block. Nb: first two fields must match core's 59 * VgHashNode. */ 60typedef 61 struct _MC_Chunk { 62 struct _MC_Chunk* next; 63 Addr data; // Address of the actual block. 64 SizeT szB : (sizeof(SizeT)*8)-2; // Size requested; 30 or 62 bits. 65 MC_AllocKind allockind : 2; // Which operation did the allocation. 66 ExeContext* where; // Where it was allocated. 67 } 68 MC_Chunk; 69 70/* Memory pool. Nb: first two fields must match core's VgHashNode. */ 71typedef 72 struct _MC_Mempool { 73 struct _MC_Mempool* next; 74 Addr pool; // pool identifier 75 SizeT rzB; // pool red-zone size 76 Bool is_zeroed; // allocations from this pool are zeroed 77 VgHashTable chunks; // chunks associated with this pool 78 } 79 MC_Mempool; 80 81 82void* MC_(new_block) ( ThreadId tid, 83 Addr p, SizeT size, SizeT align, 84 Bool is_zeroed, MC_AllocKind kind, 85 VgHashTable table); 86void MC_(handle_free) ( ThreadId tid, 87 Addr p, UInt rzB, MC_AllocKind kind ); 88 89void MC_(create_mempool) ( Addr pool, UInt rzB, Bool is_zeroed ); 90void MC_(destroy_mempool) ( Addr pool ); 91void MC_(mempool_alloc) ( ThreadId tid, Addr pool, 92 Addr addr, SizeT size ); 93void MC_(mempool_free) ( Addr pool, Addr addr ); 94void MC_(mempool_trim) ( Addr pool, Addr addr, SizeT size ); 95void MC_(move_mempool) ( Addr poolA, Addr poolB ); 96void MC_(mempool_change) ( Addr pool, Addr addrA, Addr addrB, SizeT size ); 97Bool MC_(mempool_exists) ( Addr pool ); 98 99MC_Chunk* MC_(get_freed_list_head)( void ); 100 101/* For tracking malloc'd blocks. Nb: it's quite important that it's a 102 VgHashTable, because VgHashTable allows duplicate keys without complaint. 103 This can occur if a user marks a malloc() block as also a custom block with 104 MALLOCLIKE_BLOCK. */ 105extern VgHashTable MC_(malloc_list); 106 107/* For tracking memory pools. */ 108extern VgHashTable MC_(mempool_list); 109 110/* Shadow memory functions */ 111Bool MC_(check_mem_is_noaccess)( Addr a, SizeT len, Addr* bad_addr ); 112void MC_(make_mem_noaccess) ( Addr a, SizeT len ); 113void MC_(make_mem_undefined_w_otag)( Addr a, SizeT len, UInt otag ); 114void MC_(make_mem_defined) ( Addr a, SizeT len ); 115void MC_(copy_address_range_state) ( Addr src, Addr dst, SizeT len ); 116 117void MC_(print_malloc_stats) ( void ); 118 119void* MC_(malloc) ( ThreadId tid, SizeT n ); 120void* MC_(__builtin_new) ( ThreadId tid, SizeT n ); 121void* MC_(__builtin_vec_new) ( ThreadId tid, SizeT n ); 122void* MC_(memalign) ( ThreadId tid, SizeT align, SizeT n ); 123void* MC_(calloc) ( ThreadId tid, SizeT nmemb, SizeT size1 ); 124void MC_(free) ( ThreadId tid, void* p ); 125void MC_(__builtin_delete) ( ThreadId tid, void* p ); 126void MC_(__builtin_vec_delete) ( ThreadId tid, void* p ); 127void* MC_(realloc) ( ThreadId tid, void* p, SizeT new_size ); 128SizeT MC_(malloc_usable_size) ( ThreadId tid, void* p ); 129 130 131/*------------------------------------------------------------*/ 132/*--- Origin tracking translate-time support ---*/ 133/*------------------------------------------------------------*/ 134 135/* See detailed comments in mc_machine.c. */ 136Int MC_(get_otrack_shadow_offset) ( Int offset, Int szB ); 137IRType MC_(get_otrack_reg_array_equiv_int_type) ( IRRegArray* arr ); 138 139/* Constants which are used as the lowest 2 bits in origin tags. 140 141 An origin tag comprises an upper 30-bit ECU field and a lower 2-bit 142 'kind' field. The ECU field is a number given out by m_execontext 143 and has a 1-1 mapping with ExeContext*s. An ECU can be used 144 directly as an origin tag (otag), but in fact we want to put 145 additional information 'kind' field to indicate roughly where the 146 tag came from. This helps print more understandable error messages 147 for the user -- it has no other purpose. 148 149 Hence the following 2-bit constants are needed for 'kind' field. 150 151 To summarise: 152 153 * Both ECUs and origin tags are represented as 32-bit words 154 155 * m_execontext and the core-tool interface deal purely in ECUs. 156 They have no knowledge of origin tags - that is a purely 157 Memcheck-internal matter. 158 159 * all valid ECUs have the lowest 2 bits zero and at least 160 one of the upper 30 bits nonzero (see VG_(is_plausible_ECU)) 161 162 * to convert from an ECU to an otag, OR in one of the MC_OKIND_ 163 constants below 164 165 * to convert an otag back to an ECU, AND it with ~3 166*/ 167 168#define MC_OKIND_UNKNOWN 0 /* unknown origin */ 169#define MC_OKIND_HEAP 1 /* this is a heap origin */ 170#define MC_OKIND_STACK 2 /* this is a stack origin */ 171#define MC_OKIND_USER 3 /* arises from user-supplied client req */ 172 173 174/*------------------------------------------------------------*/ 175/*--- Profiling of memory events ---*/ 176/*------------------------------------------------------------*/ 177 178/* Define to collect detailed performance info. */ 179/* #define MC_PROFILE_MEMORY */ 180 181#ifdef MC_PROFILE_MEMORY 182# define N_PROF_EVENTS 500 183 184UInt MC_(event_ctr)[N_PROF_EVENTS]; 185HChar* MC_(event_ctr_name)[N_PROF_EVENTS]; 186 187# define PROF_EVENT(ev, name) \ 188 do { tl_assert((ev) >= 0 && (ev) < N_PROF_EVENTS); \ 189 /* crude and inaccurate check to ensure the same */ \ 190 /* event isn't being used with > 1 name */ \ 191 if (MC_(event_ctr_name)[ev]) \ 192 tl_assert(name == MC_(event_ctr_name)[ev]); \ 193 MC_(event_ctr)[ev]++; \ 194 MC_(event_ctr_name)[ev] = (name); \ 195 } while (False); 196 197#else 198 199# define PROF_EVENT(ev, name) /* */ 200 201#endif /* MC_PROFILE_MEMORY */ 202 203 204/*------------------------------------------------------------*/ 205/*--- V and A bits (Victoria & Albert ?) ---*/ 206/*------------------------------------------------------------*/ 207 208/* The number of entries in the primary map can be altered. However 209 we hardwire the assumption that each secondary map covers precisely 210 64k of address space. */ 211#define SM_SIZE 65536 /* DO NOT CHANGE */ 212#define SM_MASK (SM_SIZE-1) /* DO NOT CHANGE */ 213 214#define V_BIT_DEFINED 0 215#define V_BIT_UNDEFINED 1 216 217#define V_BITS8_DEFINED 0 218#define V_BITS8_UNDEFINED 0xFF 219 220#define V_BITS16_DEFINED 0 221#define V_BITS16_UNDEFINED 0xFFFF 222 223#define V_BITS32_DEFINED 0 224#define V_BITS32_UNDEFINED 0xFFFFFFFF 225 226#define V_BITS64_DEFINED 0ULL 227#define V_BITS64_UNDEFINED 0xFFFFFFFFFFFFFFFFULL 228 229 230/*------------------------------------------------------------*/ 231/*--- Leak checking ---*/ 232/*------------------------------------------------------------*/ 233 234typedef 235 enum { 236 // Nb: the order is important -- it dictates the order of loss records 237 // of equal sizes. 238 Reachable =0, // Definitely reachable from root-set. 239 Possible =1, // Possibly reachable from root-set; involves at 240 // least one interior-pointer along the way. 241 IndirectLeak =2, // Leaked, but reachable from another leaked block 242 // (be it Unreached or IndirectLeak). 243 Unreached =3, // Not reached, ie. leaked. 244 // (At best, only reachable from itself via a cycle.) 245 } 246 Reachedness; 247 248/* For VALGRIND_COUNT_LEAKS client request */ 249extern SizeT MC_(bytes_leaked); 250extern SizeT MC_(bytes_indirect); 251extern SizeT MC_(bytes_dubious); 252extern SizeT MC_(bytes_reachable); 253extern SizeT MC_(bytes_suppressed); 254 255/* For VALGRIND_COUNT_LEAK_BLOCKS client request */ 256extern SizeT MC_(blocks_leaked); 257extern SizeT MC_(blocks_indirect); 258extern SizeT MC_(blocks_dubious); 259extern SizeT MC_(blocks_reachable); 260extern SizeT MC_(blocks_suppressed); 261 262typedef 263 enum { 264 LC_Off, 265 LC_Summary, 266 LC_Full, 267 } 268 LeakCheckMode; 269 270/* When a LossRecord is put into an OSet, these elements represent the key. */ 271typedef 272 struct _LossRecordKey { 273 Reachedness state; // LC_Extra.state value shared by all blocks. 274 ExeContext* allocated_at; // Where they were allocated. 275 } 276 LossRecordKey; 277 278/* A loss record, used for generating err msgs. Multiple leaked blocks can be 279 * merged into a single loss record if they have the same state and similar 280 * enough allocation points (controlled by --leak-resolution). */ 281typedef 282 struct _LossRecord { 283 LossRecordKey key; // Key, when used in an OSet. 284 SizeT szB; // Sum of all MC_Chunk.szB values. 285 SizeT indirect_szB; // Sum of all LC_Extra.indirect_szB values. 286 UInt num_blocks; // Number of blocks represented by the record. 287 } 288 LossRecord; 289 290void MC_(detect_memory_leaks) ( ThreadId tid, LeakCheckMode mode ); 291 292Bool MC_(is_valid_aligned_word) ( Addr a ); 293Bool MC_(is_within_valid_secondary) ( Addr a ); 294 295void MC_(pp_LeakError)(UInt n_this_record, UInt n_total_records, 296 LossRecord* l); 297 298 299/*------------------------------------------------------------*/ 300/*--- Errors and suppressions ---*/ 301/*------------------------------------------------------------*/ 302 303/* Did we show to the user, any errors for which an uninitialised 304 value origin could have been collected (but wasn't) ? If yes, 305 then, at the end of the run, print a 1 line message advising that a 306 rerun with --track-origins=yes might help. */ 307extern Bool MC_(any_value_errors); 308 309/* Standard functions for error and suppressions as required by the 310 core/tool iface */ 311Bool MC_(eq_Error) ( VgRes res, Error* e1, Error* e2 ); 312void MC_(before_pp_Error) ( Error* err ); 313void MC_(pp_Error) ( Error* err ); 314UInt MC_(update_Error_extra) ( Error* err ); 315 316Bool MC_(is_recognised_suppression) ( Char* name, Supp* su ); 317 318Bool MC_(read_extra_suppression_info) ( Int fd, Char** buf, 319 SizeT* nBuf, Supp *su ); 320 321Bool MC_(error_matches_suppression) ( Error* err, Supp* su ); 322 323Bool MC_(get_extra_suppression_info) ( Error* err, 324 /*OUT*/Char* buf, Int nBuf ); 325 326Char* MC_(get_error_name) ( Error* err ); 327 328/* Recording of errors */ 329void MC_(record_address_error) ( ThreadId tid, Addr a, Int szB, 330 Bool isWrite ); 331void MC_(record_cond_error) ( ThreadId tid, UInt otag ); 332void MC_(record_value_error) ( ThreadId tid, Int szB, UInt otag ); 333void MC_(record_jump_error) ( ThreadId tid, Addr a ); 334 335void MC_(record_free_error) ( ThreadId tid, Addr a ); 336void MC_(record_illegal_mempool_error) ( ThreadId tid, Addr a ); 337void MC_(record_freemismatch_error) ( ThreadId tid, MC_Chunk* mc ); 338 339void MC_(record_overlap_error) ( ThreadId tid, Char* function, 340 Addr src, Addr dst, SizeT szB ); 341void MC_(record_core_mem_error) ( ThreadId tid, Char* msg ); 342void MC_(record_regparam_error) ( ThreadId tid, Char* msg, UInt otag ); 343void MC_(record_memparam_error) ( ThreadId tid, Addr a, 344 Bool isAddrErr, Char* msg, UInt otag ); 345void MC_(record_user_error) ( ThreadId tid, Addr a, 346 Bool isAddrErr, UInt otag ); 347 348Bool MC_(record_leak_error) ( ThreadId tid, 349 UInt n_this_record, 350 UInt n_total_records, 351 LossRecord* lossRecord, 352 Bool print_record, 353 Bool count_error ); 354 355/* Is this address in a user-specified "ignored range" ? */ 356Bool MC_(in_ignored_range) ( Addr a ); 357 358 359/*------------------------------------------------------------*/ 360/*--- Client blocks ---*/ 361/*------------------------------------------------------------*/ 362 363/* Describes a client block. See mc_main.c. An unused block has 364 start == size == 0. */ 365typedef 366 struct { 367 Addr start; 368 SizeT size; 369 ExeContext* where; 370 Char* desc; 371 } 372 CGenBlock; 373 374/* Get access to the client block array. */ 375void MC_(get_ClientBlock_array)( /*OUT*/CGenBlock** blocks, 376 /*OUT*/UWord* nBlocks ); 377 378 379/*------------------------------------------------------------*/ 380/*--- Command line options + defaults ---*/ 381/*------------------------------------------------------------*/ 382 383/* Allow loads from partially-valid addresses? default: YES */ 384extern Bool MC_(clo_partial_loads_ok); 385 386/* Max volume of the freed blocks queue. */ 387extern Long MC_(clo_freelist_vol); 388 389/* Do leak check at exit? default: NO */ 390extern LeakCheckMode MC_(clo_leak_check); 391 392/* How closely should we compare ExeContexts in leak records? default: 2 */ 393extern VgRes MC_(clo_leak_resolution); 394 395/* In leak check, show reachable-but-not-freed blocks? default: NO */ 396extern Bool MC_(clo_show_reachable); 397 398/* In leak check, show possibly-lost blocks? default: YES */ 399extern Bool MC_(clo_show_possible); 400 401/* In leak check, show possibly-lost blocks? default: YES */ 402extern Bool MC_(clo_show_possibly_lost); 403 404/* Assume accesses immediately below %esp are due to gcc-2.96 bugs. 405 * default: NO */ 406extern Bool MC_(clo_workaround_gcc296_bugs); 407 408/* Fill malloc-d/free-d client blocks with a specific value? -1 if 409 not, else 0x00 .. 0xFF indicating the fill value to use. Can be 410 useful for causing programs with bad heap corruption to fail in 411 more repeatable ways. Note that malloc-filled and free-filled 412 areas are still undefined and noaccess respectively. This merely 413 causes them to contain the specified values. */ 414extern Int MC_(clo_malloc_fill); 415extern Int MC_(clo_free_fill); 416 417/* Indicates the level of instrumentation/checking done by Memcheck. 418 419 1 = No undefined value checking, Addrcheck-style behaviour only: 420 only address checking is done. This is faster but finds fewer 421 errors. Note that although Addrcheck had 1 bit per byte 422 overhead vs the old Memcheck's 9 bits per byte, with this mode 423 and compressed V bits, no memory is saved with this mode -- 424 it's still 2 bits per byte overhead. This is a little wasteful 425 -- it could be done with 1 bit per byte -- but lets us reuse 426 the many shadow memory access functions. Note that in this 427 mode neither the secondary V bit table nor the origin-tag cache 428 are used. 429 430 2 = Address checking and Undefined value checking are performed, 431 but origins are not tracked. So the origin-tag cache is not 432 used in this mode. This setting is the default and corresponds 433 to the "normal" Memcheck behaviour that has shipped for years. 434 435 3 = Address checking, undefined value checking, and origins for 436 undefined values are tracked. 437 438 The default is 2. 439*/ 440extern Int MC_(clo_mc_level); 441 442// Print a short summary to a separate file. 443extern const char* MC_(clo_summary_file); 444 445 446/*------------------------------------------------------------*/ 447/*--- Instrumentation ---*/ 448/*------------------------------------------------------------*/ 449 450/* Functions defined in mc_main.c */ 451 452/* For the fail_w_o functions, the UWord arg is actually the 32-bit 453 origin tag and should really be UInt, but to be simple and safe 454 considering it's called from generated code, just claim it to be a 455 UWord. */ 456VG_REGPARM(2) void MC_(helperc_value_checkN_fail_w_o) ( HWord, UWord ); 457VG_REGPARM(1) void MC_(helperc_value_check8_fail_w_o) ( UWord ); 458VG_REGPARM(1) void MC_(helperc_value_check4_fail_w_o) ( UWord ); 459VG_REGPARM(1) void MC_(helperc_value_check1_fail_w_o) ( UWord ); 460VG_REGPARM(1) void MC_(helperc_value_check0_fail_w_o) ( UWord ); 461 462/* And call these ones instead to report an uninitialised value error 463 but with no origin available. */ 464VG_REGPARM(1) void MC_(helperc_value_checkN_fail_no_o) ( HWord ); 465VG_REGPARM(0) void MC_(helperc_value_check8_fail_no_o) ( void ); 466VG_REGPARM(0) void MC_(helperc_value_check4_fail_no_o) ( void ); 467VG_REGPARM(0) void MC_(helperc_value_check1_fail_no_o) ( void ); 468VG_REGPARM(0) void MC_(helperc_value_check0_fail_no_o) ( void ); 469 470/* V-bits load/store helpers */ 471VG_REGPARM(1) void MC_(helperc_STOREV64be) ( Addr, ULong ); 472VG_REGPARM(1) void MC_(helperc_STOREV64le) ( Addr, ULong ); 473VG_REGPARM(2) void MC_(helperc_STOREV32be) ( Addr, UWord ); 474VG_REGPARM(2) void MC_(helperc_STOREV32le) ( Addr, UWord ); 475VG_REGPARM(2) void MC_(helperc_STOREV16be) ( Addr, UWord ); 476VG_REGPARM(2) void MC_(helperc_STOREV16le) ( Addr, UWord ); 477VG_REGPARM(2) void MC_(helperc_STOREV8) ( Addr, UWord ); 478 479VG_REGPARM(1) ULong MC_(helperc_LOADV64be) ( Addr ); 480VG_REGPARM(1) ULong MC_(helperc_LOADV64le) ( Addr ); 481VG_REGPARM(1) UWord MC_(helperc_LOADV32be) ( Addr ); 482VG_REGPARM(1) UWord MC_(helperc_LOADV32le) ( Addr ); 483VG_REGPARM(1) UWord MC_(helperc_LOADV16be) ( Addr ); 484VG_REGPARM(1) UWord MC_(helperc_LOADV16le) ( Addr ); 485VG_REGPARM(1) UWord MC_(helperc_LOADV8) ( Addr ); 486 487void MC_(helperc_MAKE_STACK_UNINIT) ( Addr base, UWord len, 488 Addr nia ); 489 490/* Origin tag load/store helpers */ 491VG_REGPARM(2) void MC_(helperc_b_store1) ( Addr a, UWord d32 ); 492VG_REGPARM(2) void MC_(helperc_b_store2) ( Addr a, UWord d32 ); 493VG_REGPARM(2) void MC_(helperc_b_store4) ( Addr a, UWord d32 ); 494VG_REGPARM(2) void MC_(helperc_b_store8) ( Addr a, UWord d32 ); 495VG_REGPARM(2) void MC_(helperc_b_store16)( Addr a, UWord d32 ); 496VG_REGPARM(1) UWord MC_(helperc_b_load1) ( Addr a ); 497VG_REGPARM(1) UWord MC_(helperc_b_load2) ( Addr a ); 498VG_REGPARM(1) UWord MC_(helperc_b_load4) ( Addr a ); 499VG_REGPARM(1) UWord MC_(helperc_b_load8) ( Addr a ); 500VG_REGPARM(1) UWord MC_(helperc_b_load16)( Addr a ); 501 502/* Functions defined in mc_translate.c */ 503IRSB* MC_(instrument) ( VgCallbackClosure* closure, 504 IRSB* bb_in, 505 VexGuestLayout* layout, 506 VexGuestExtents* vge, 507 IRType gWordTy, IRType hWordTy ); 508 509IRSB* MC_(final_tidy) ( IRSB* ); 510 511#endif /* ndef __MC_INCLUDE_H */ 512 513/*--------------------------------------------------------------------*/ 514/*--- end ---*/ 515/*--------------------------------------------------------------------*/ 516