1ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
2ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown/* Test Valgrind's ability to spot writes to code which has been
3ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   translated, and discard the out-of-date translations.
4ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
5ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   CORRECT output is
6ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
7ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 0
8ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in q 1
9ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 2
10ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in q 3
11ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 4
12ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in q 5
13ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 6
14ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in q 7
15ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 8
16ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in q 9
17ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
18ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown  WRONG output (if you fail to spot code-writes to code[0 .. 4]) is
19ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
20ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 0
21ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 1
22ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 2
23ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 3
24ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 4
25ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 5
26ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 6
27ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 7
28ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 8
29ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      in p 9
30ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown*/
31ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
32ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <stdio.h>
33ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
34ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Browntypedef unsigned int Addr;
35ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Browntypedef unsigned char UChar;
36ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
37ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid q ( int n )
38ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
39ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   printf("in q %d\n", n);
40ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
41ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
42ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid p ( int n )
43ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
44ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   printf("in p %d\n", n);
45ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
46ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
47ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownstatic UChar code[10];
48ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
49ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown/* Make `code' be PUSHL $dest ; ret */
50ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// This forces the branch onwards to be indirect, so vex can't chase it
51ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid set_dest ( Addr dest )
52ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
53ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   code[0] = 0x68; /* PUSH imm32 */
54ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   code[1] = (dest & 0xFF);
55ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   code[2] = ((dest >> 8) & 0xFF);
56ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   code[3] = ((dest >> 16) & 0xFF);
57ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   code[4] = ((dest >> 24) & 0xFF);
58ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   code[5] = 0xC3;
59ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
60ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
61ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown/* Calling aa gets eventually to the function residing in code[0..].
62ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   This indirection is necessary to defeat Vex's basic-block chasing
63ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   optimisation.  That will merge up to three basic blocks into the
64ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   same IR superblock, which causes the test to succeed when it
65ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   shouldn't if main calls code[] directly.  */
66ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
67ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown// force an indirect branch to code[0], so vex can't chase it
68ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline))
69ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid dd ( int x, void (*f)(int) ) { f(x); }
70ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
71ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline))
72ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid cc ( int x ) { dd(x, (void(*)(int)) &code[0]); }
73ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
74ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline))
75ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid bb ( int x ) { cc(x); }
76ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
77ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline))
78ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid aa ( int x ) { bb(x); }
79ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
80ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown__attribute__((noinline))
81ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownvoid diversion ( void ) { }
82ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown
83ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownint main ( void )
84ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{
85ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   int i;
86ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   for (i = 0; i < 10; i += 2) {
87ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      set_dest ( (Addr)&p );
88ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      //      diversion();
89ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      aa(i);
90ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      set_dest ( (Addr)&q );
91ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      //      diversion();
92ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown      aa(i+1);
93ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   }
94ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown   return 0;
95ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown}
96