valgrind/memcheck/tests/amd64-linux/defcfaexpr.S - nest-cam/4320010/valgrind - Git at Google


 /* This is really horrible.  It checks that the
    stack unwinder understands DW_CFA_def_cfa_expression.  It is
    the result of compiling this:

 void bbb ( long x )
 {
   __asm__ __volatile__(
       "cmp %0,%0\n\t"
       "jz .Lxyzzy\n"
       ".Lxyzzy:\n\t"
       : : "r"(x) : "cc"
       );
 }

 void aaa ( long x ) {
   bbb(x);
 }

 int main ( void )
 {
   long *p = malloc(8);
   aaa( *p );
   return 0;
 }

 and bracketing the cmp/jz insns with a move down/up by 256 of %rsp.
 The .jz causes memcheck to complain, hence unwind the stack, but
 that cannot be successfully done unless the return address can
 be found.  Hence the handwritten CFI below uses
 DW_CFA_def_cfa_expression to make that possible.

 The CFI below isn't really right in that aaa appears twice
 in the backtrace

 ==12868== Conditional jump or move depends on uninitialised value(s)
 ==12868==    at 0x400512: bbb (in /home/sewardj/VgTRUNK/trunk/mad0)
 ==12868==    by 0x400520: aaa (in /home/sewardj/VgTRUNK/trunk/mad0)
 ==12868==    by 0x400520: aaa (in /home/sewardj/VgTRUNK/trunk/mad0)
 ==12868==    by 0x400538: main (in /home/sewardj/VgTRUNK/trunk/mad0)

 but GDB behaves the same, so I'm not too concerned - indicates
 the problem is with the handwritten CFI and not with
 V's interpretation of it.
 */


 	.file	"bad0.c"
 	.text


 .globl bbb
 	.type	bbb, @function
 bbb:
 .LFB2:
 .Lbbb1:
 	subq $256,%rsp
 .Lbbb2:
 	cmp %rdi,%rdi
 	jz .Lxyzzy
 .Lxyzzy:
 	addq $256,%rsp
 .Lbbb3:
 	ret
 .Lbbb4:
 .LFE2:
 	.size	bbb, .-bbb


 .globl aaa
 	.type	aaa, @function
 aaa:
 .LFB3:
 	call	bbb
 	rep ; ret
 .LFE3:
 	.size	aaa, .-aaa
 .globl main
 	.type	main, @function
 main:
 .LFB4:
 	subq	$8, %rsp
 .LCFI0:
 	movl	$8, %edi
 	call	malloc
 	movq	(%rax), %rdi
 	call	aaa
 	movl	$0, %eax
 	addq	$8, %rsp
 	ret
 .LFE4:
 	.size	main, .-main
 	.section	.eh_frame,"a",@progbits
 .Lframe1:
 	.long	.LECIE1-.LSCIE1
 .LSCIE1:
 	.long	0x0
 	.byte	0x1
 	.string	"zR"
 	.uleb128 0x1
 	.sleb128 -8
 	.byte	0x10
 	.uleb128 0x1
 	.byte	0x3
 	.byte	0xc
 	.uleb128 0x7
 	.uleb128 0x8
 	.byte	0x90
 	.uleb128 0x1
 	.align 8
 .LECIE1:

 /* start of the FDE for bbb */
 .LSFDE1:
 	.long	.LEFDE1-.LASFDE1	/* length of FDE */
 .LASFDE1:
 	.long	.LASFDE1-.Lframe1	/* CIE pointer */
 	.long	.LFB2			/* & bbb */
 	.long	.LFE2-.LFB2		/* sizeof(bbb) */
 	.uleb128 0			/* augmentation length */
 	.byte	0x40 + .Lbbb2 - .Lbbb1	/* _advance_loc to .Lbbb2 */

 	/* For the section in between .Lbbb2 and .Lbbb3, set the
 	CFA to be %rsp+256, and set the return address (dwarf r16)
 	to be *(CFA+0). */
 	.byte     0x0f	/* _def_cfa_expression */
 	.uleb128  .Lexpr1e-.Lexpr1s /* length of expression */
 .Lexpr1s:
 	.byte	0x77	/* DW_OP_breg7 == %rsp + sleb128(0) */
 	.sleb128 0
 	.byte	0x40	/* DW_OP_lit16 */
 	.byte	0x40	/* DW_OP_lit16 */
 	.byte	0x1e	/* DW_OP_mul */
 	.byte	0x22	/* DW_OP_plus */
 .Lexpr1e:
 	.byte 0x90	/* _cfa_offset:	r16 = *(cfa+0) */
 	.uleb128 0

 	.byte	0x40 + .Lbbb3 - .Lbbb2	/* _advance_loc to .Lbbb3 */

 	/* For the section .Lbbb3 to .Lbbb4, should set CFA back to
 	something sensible.  This tries to do it but still causes
 	GDB to show an extraneous aaa frame on the stack.  Oh well. */
 	/* Now set CFA back to %rsp+0 */
 	.byte     0x0f	/* _def_cfa_expression */
 	.uleb128  .Lexpr2e-.Lexpr2s /* length of expression */
 .Lexpr2s:
 	.byte	0x77	/* DW_OP_breg7 == %rsp + sleb128(0) */
 	.sleb128 0
 	.byte	0x30	/* DW_OP_lit0 */
 	.byte	0x1c	/* DW_OP_minus */
 .Lexpr2e:
 	.byte 0x90	/* _cfa_offset:	r16 = *(cfa+0) */
 	.uleb128 0

 	.byte	0x40 + .Lbbb4 - .Lbbb3	/* _advance_loc to .Lbbb4 */
 	.uleb128 0x0			/* ??? */
 	.align 8
 .LEFDE1:
 /* end of the FDE for bbb */

 .LSFDE3:
 	.long	.LEFDE3-.LASFDE3
 .LASFDE3:
 	.long	.LASFDE3-.Lframe1
 	.long	.LFB3
 	.long	.LFE3-.LFB3
 	.uleb128 0x0
 	.align 8
 .LEFDE3:
 .LSFDE5:
 	.long	.LEFDE5-.LASFDE5
 .LASFDE5:
 	.long	.LASFDE5-.Lframe1
 	.long	.LFB4
 	.long	.LFE4-.LFB4
 	.uleb128 0x0
 	.byte	0x4
 	.long	.LCFI0-.LFB4
 	.byte	0xe
 	.uleb128 0x10
 	.align 8
 .LEFDE5:
 	.ident	"GCC: (GNU) 4.1.2 20061115 (prerelease) (SUSE Linux)"
 	.section	.note.GNU-stack,"",@progbits

	/* This is really horrible. It checks that the
	stack unwinder understands DW_CFA_def_cfa_expression. It is
	the result of compiling this:

	void bbb ( long x )
	{
	__asm__ __volatile__(
	"cmp %0,%0\n\t"
	"jz .Lxyzzy\n"
	".Lxyzzy:\n\t"
	: : "r"(x) : "cc"
	);
	}

	void aaa ( long x ) {
	bbb(x);
	}

	int main ( void )
	{
	long *p = malloc(8);
	aaa( *p );
	return 0;
	}

	and bracketing the cmp/jz insns with a move down/up by 256 of %rsp.
	The .jz causes memcheck to complain, hence unwind the stack, but
	that cannot be successfully done unless the return address can
	be found. Hence the handwritten CFI below uses
	DW_CFA_def_cfa_expression to make that possible.

	The CFI below isn't really right in that aaa appears twice
	in the backtrace

	==12868== Conditional jump or move depends on uninitialised value(s)
	==12868== at 0x400512: bbb (in /home/sewardj/VgTRUNK/trunk/mad0)
	==12868== by 0x400520: aaa (in /home/sewardj/VgTRUNK/trunk/mad0)
	==12868== by 0x400520: aaa (in /home/sewardj/VgTRUNK/trunk/mad0)
	==12868== by 0x400538: main (in /home/sewardj/VgTRUNK/trunk/mad0)

	but GDB behaves the same, so I'm not too concerned - indicates
	the problem is with the handwritten CFI and not with
	V's interpretation of it.
	*/


	.file "bad0.c"
	.text


	.globl bbb
	.type bbb, @function
	bbb:
	.LFB2:
	.Lbbb1:
	subq $256,%rsp
	.Lbbb2:
	cmp %rdi,%rdi
	jz .Lxyzzy
	.Lxyzzy:
	addq $256,%rsp
	.Lbbb3:
	ret
	.Lbbb4:
	.LFE2:
	.size bbb, .-bbb



	.globl aaa
	.type aaa, @function
	aaa:
	.LFB3:
	call bbb
	rep ; ret
	.LFE3:
	.size aaa, .-aaa
	.globl main
	.type main, @function
	main:
	.LFB4:
	subq $8, %rsp
	.LCFI0:
	movl $8, %edi
	call malloc
	movq (%rax), %rdi
	call aaa
	movl $0, %eax
	addq $8, %rsp
	ret
	.LFE4:
	.size main, .-main
	.section .eh_frame,"a",@progbits
	.Lframe1:
	.long .LECIE1-.LSCIE1
	.LSCIE1:
	.long 0x0
	.byte 0x1
	.string "zR"
	.uleb128 0x1
	.sleb128 -8
	.byte 0x10
	.uleb128 0x1
	.byte 0x3
	.byte 0xc
	.uleb128 0x7
	.uleb128 0x8
	.byte 0x90
	.uleb128 0x1
	.align 8
	.LECIE1:

	/* start of the FDE for bbb */
	.LSFDE1:
	.long .LEFDE1-.LASFDE1 /* length of FDE */
	.LASFDE1:
	.long .LASFDE1-.Lframe1 /* CIE pointer */
	.long .LFB2 /* & bbb */
	.long .LFE2-.LFB2 /* sizeof(bbb) */
	.uleb128 0 /* augmentation length */
	.byte 0x40 + .Lbbb2 - .Lbbb1 /* _advance_loc to .Lbbb2 */

	/* For the section in between .Lbbb2 and .Lbbb3, set the
	CFA to be %rsp+256, and set the return address (dwarf r16)
	to be (CFA+0). /
	.byte 0x0f /* _def_cfa_expression */
	.uleb128 .Lexpr1e-.Lexpr1s /* length of expression */
	.Lexpr1s:
	.byte 0x77 /* DW_OP_breg7 == %rsp + sleb128(0) */
	.sleb128 0
	.byte 0x40 /* DW_OP_lit16 */
	.byte 0x40 /* DW_OP_lit16 */
	.byte 0x1e /* DW_OP_mul */
	.byte 0x22 /* DW_OP_plus */
	.Lexpr1e:
	.byte 0x90 /* _cfa_offset: r16 = (cfa+0) /
	.uleb128 0

	.byte 0x40 + .Lbbb3 - .Lbbb2 /* _advance_loc to .Lbbb3 */

	/* For the section .Lbbb3 to .Lbbb4, should set CFA back to
	something sensible. This tries to do it but still causes
	GDB to show an extraneous aaa frame on the stack. Oh well. */
	/* Now set CFA back to %rsp+0 */
	.byte 0x0f /* _def_cfa_expression */
	.uleb128 .Lexpr2e-.Lexpr2s /* length of expression */
	.Lexpr2s:
	.byte 0x77 /* DW_OP_breg7 == %rsp + sleb128(0) */
	.sleb128 0
	.byte 0x30 /* DW_OP_lit0 */
	.byte 0x1c /* DW_OP_minus */
	.Lexpr2e:
	.byte 0x90 /* _cfa_offset: r16 = (cfa+0) /
	.uleb128 0

	.byte 0x40 + .Lbbb4 - .Lbbb3 /* _advance_loc to .Lbbb4 */
	.uleb128 0x0 /* ??? */
	.align 8
	.LEFDE1:
	/* end of the FDE for bbb */

	.LSFDE3:
	.long .LEFDE3-.LASFDE3
	.LASFDE3:
	.long .LASFDE3-.Lframe1
	.long .LFB3
	.long .LFE3-.LFB3
	.uleb128 0x0
	.align 8
	.LEFDE3:
	.LSFDE5:
	.long .LEFDE5-.LASFDE5
	.LASFDE5:
	.long .LASFDE5-.Lframe1
	.long .LFB4
	.long .LFE4-.LFB4
	.uleb128 0x0
	.byte 0x4
	.long .LCFI0-.LFB4
	.byte 0xe
	.uleb128 0x10
	.align 8
	.LEFDE5:
	.ident "GCC: (GNU) 4.1.2 20061115 (prerelease) (SUSE Linux)"
	.section .note.GNU-stack,"",@progbits