1ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 2ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown/* Test Valgrind's ability to spot writes to code which has been 3ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown translated, and discard the out-of-date translations. 4ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 5ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown CORRECT output is 6ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 7ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 0 8ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in q 1 9ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 2 10ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in q 3 11ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 4 12ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in q 5 13ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 6 14ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in q 7 15ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 8 16ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in q 9 17ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 18ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown WRONG output (if you fail to spot code-writes to code[0 .. 4]) is 19ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 20ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 0 21ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 1 22ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 2 23ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 3 24ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 4 25ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 5 26ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 6 27ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 7 28ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 8 29ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown in p 9 30ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown*/ 31ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 32ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <stdio.h> 33ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 34ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Browntypedef unsigned int Addr; 35ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Browntypedef unsigned char UChar; 36ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 37ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid q ( int n ) 38ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{ 39ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown printf("in q %d\n", n); 40ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown} 41ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 42ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid p ( int n ) 43ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{ 44ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown printf("in p %d\n", n); 45ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown} 46ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 47ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownstatic UChar code[10]; 48ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 49ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown/* Make `code' be PUSHL $dest ; ret */ 50ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// This forces the branch onwards to be indirect, so vex can't chase it 51ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid set_dest ( Addr dest ) 52ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{ 53ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown code[0] = 0x68; /* PUSH imm32 */ 54ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown code[1] = (dest & 0xFF); 55ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown code[2] = ((dest >> 8) & 0xFF); 56ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown code[3] = ((dest >> 16) & 0xFF); 57ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown code[4] = ((dest >> 24) & 0xFF); 58ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown code[5] = 0xC3; 59ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown} 60ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 61ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown/* Calling aa gets eventually to the function residing in code[0..]. 62ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown This indirection is necessary to defeat Vex's basic-block chasing 63ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown optimisation. That will merge up to three basic blocks into the 64ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown same IR superblock, which causes the test to succeed when it 65ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown shouldn't if main calls code[] directly. */ 66ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 67ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// force an indirect branch to code[0], so vex can't chase it 68ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline)) 69ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid dd ( int x, void (*f)(int) ) { f(x); } 70ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 71ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline)) 72ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid cc ( int x ) { dd(x, (void(*)(int)) &code[0]); } 73ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 74ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline)) 75ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid bb ( int x ) { cc(x); } 76ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 77ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline)) 78ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid aa ( int x ) { bb(x); } 79ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 80ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline)) 81ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid diversion ( void ) { } 82ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 83ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownint main ( void ) 84ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{ 85ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown int i; 86ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown for (i = 0; i < 10; i += 2) { 87ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown set_dest ( (Addr)&p ); 88ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // diversion(); 89ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown aa(i); 90ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown set_dest ( (Addr)&q ); 91ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // diversion(); 92ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown aa(i+1); 93ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown } 94ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown return 0; 95ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown} 96