| blob | c30ec48efb3a2f4171786d8813b3782db8418058 |
2 /*--------------------------------------------------------------------*/
3 /*--- A header file for all parts of the MemCheck tool. ---*/
4 /*--- mc_include.h ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of MemCheck, a heavyweight Valgrind tool for
9 detecting memory errors.
11 Copyright (C) 2000-2017 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, see <http://www.gnu.org/licenses/>.
27 The GNU General Public License is contained in the file COPYING.
28 */
30 #ifndef __MC_INCLUDE_H
31 #define __MC_INCLUDE_H
33 #define MC_(str) VGAPPEND(vgMemCheck_,str)
36 /* This is a private header file for use only within the
37 memcheck/ directory. */
39 /*------------------------------------------------------------*/
40 /*--- Tracking the heap ---*/
41 /*------------------------------------------------------------*/
43 /* By default, we want at least a 16B redzone on client heap blocks
44 for Memcheck.
45 The default can be modified by --redzone-size. */
46 #define MC_MALLOC_DEFAULT_REDZONE_SZB 16
47 // effective redzone, as (possibly) modified by --redzone-size:
50 /* For malloc()/new/new[] vs. free()/delete/delete[] mismatch checking. */
51 typedef
57 }
58 MC_AllocKind;
60 /* This describes a heap block. Nb: first two fields must match core's
61 * VgHashNode. */
62 typedef
69 /* Variable-length array. The size depends on MC_(clo_keep_stacktraces).
70 This array optionally stores the alloc and/or free stack trace. */
71 }
72 MC_Chunk;
74 /* Returns the execontext where the MC_Chunk was allocated/freed.
75 Returns VG_(null_ExeContext)() if the execontext has not been recorded (due
76 to MC_(clo_keep_stacktraces) and/or because block not yet freed). */
80 /* Records and sets execontext according to MC_(clo_keep_stacktraces) */
84 /* number of pointers needed according to MC_(clo_keep_stacktraces). */
87 /* Memory pool. Nb: first two fields must match core's VgHashNode. */
88 typedef
96 // memory, and used as pool.
98 }
99 MC_Mempool;
121 /* Searches for a recently freed block which might bracket Addr a.
122 Return the MC_Chunk* for this block or NULL if no bracketting block
123 is found. */
126 /* For efficient pooled alloc/free of the MC_Chunk. */
129 /* For tracking malloc'd blocks. Nb: it's quite important that it's a
130 VgHashTable, because VgHashTable allows duplicate keys without complaint.
131 This can occur if a user marks a malloc() block as also a custom block with
132 MALLOCLIKE_BLOCK. */
135 /* For tracking memory pools. */
138 /* Shadow memory functions */
148 /* nr of free operations done */
170 /*------------------------------------------------------------*/
171 /*--- Origin tracking translate-time support ---*/
172 /*------------------------------------------------------------*/
174 /* See detailed comments in mc_machine.c. */
178 /* Constants which are used as the lowest 2 bits in origin tags.
180 An origin tag comprises an upper 30-bit ECU field and a lower 2-bit
181 'kind' field. The ECU field is a number given out by m_execontext
182 and has a 1-1 mapping with ExeContext*s. An ECU can be used
183 directly as an origin tag (otag), but in fact we want to put
184 additional information 'kind' field to indicate roughly where the
185 tag came from. This helps print more understandable error messages
186 for the user -- it has no other purpose.
188 Hence the following 2-bit constants are needed for 'kind' field.
190 To summarise:
192 * Both ECUs and origin tags are represented as 32-bit words
194 * m_execontext and the core-tool interface deal purely in ECUs.
195 They have no knowledge of origin tags - that is a purely
196 Memcheck-internal matter.
198 * all valid ECUs have the lowest 2 bits zero and at least
199 one of the upper 30 bits nonzero (see VG_(is_plausible_ECU))
201 * to convert from an ECU to an otag, OR in one of the MC_OKIND_
202 constants below
204 * to convert an otag back to an ECU, AND it with ~3
205 */
213 /*------------------------------------------------------------*/
214 /*--- Profiling of memory events ---*/
215 /*------------------------------------------------------------*/
217 /* Define to collect detailed performance info. */
218 /* #define MC_PROFILE_MEMORY */
219 #ifdef MC_PROFILE_MEMORY
221 /* Order of enumerators does not matter. But MCPE_LAST has to be the
222 last entry in the list as it is used as an array bound. */
224 MCPE_LOADV8,
225 MCPE_LOADV8_SLOW1,
226 MCPE_LOADV8_SLOW2,
227 MCPE_LOADV16,
228 MCPE_LOADV16_SLOW1,
229 MCPE_LOADV16_SLOW2,
230 MCPE_LOADV32,
231 MCPE_LOADV32_SLOW1,
232 MCPE_LOADV32_SLOW2,
233 MCPE_LOADV64,
234 MCPE_LOADV64_SLOW1,
235 MCPE_LOADV64_SLOW2,
236 MCPE_LOADV_128_OR_256,
237 MCPE_LOADV_128_OR_256_SLOW_LOOP,
238 MCPE_LOADV_128_OR_256_SLOW1,
239 MCPE_LOADV_128_OR_256_SLOW2,
240 MCPE_LOADVN_SLOW,
241 MCPE_LOADVN_SLOW_LOOP,
242 MCPE_STOREV8,
243 MCPE_STOREV8_SLOW1,
244 MCPE_STOREV8_SLOW2,
245 MCPE_STOREV8_SLOW3,
246 MCPE_STOREV8_SLOW4,
247 MCPE_STOREV16,
248 MCPE_STOREV16_SLOW1,
249 MCPE_STOREV16_SLOW2,
250 MCPE_STOREV16_SLOW3,
251 MCPE_STOREV16_SLOW4,
252 MCPE_STOREV32,
253 MCPE_STOREV32_SLOW1,
254 MCPE_STOREV32_SLOW2,
255 MCPE_STOREV32_SLOW3,
256 MCPE_STOREV32_SLOW4,
257 MCPE_STOREV64,
258 MCPE_STOREV64_SLOW1,
259 MCPE_STOREV64_SLOW2,
260 MCPE_STOREV64_SLOW3,
261 MCPE_STOREV64_SLOW4,
262 MCPE_STOREVN_SLOW,
263 MCPE_STOREVN_SLOW_LOOP,
264 MCPE_MAKE_ALIGNED_WORD32_UNDEFINED,
265 MCPE_MAKE_ALIGNED_WORD32_UNDEFINED_SLOW,
266 MCPE_MAKE_ALIGNED_WORD64_UNDEFINED,
267 MCPE_MAKE_ALIGNED_WORD64_UNDEFINED_SLOW,
268 MCPE_MAKE_ALIGNED_WORD32_NOACCESS,
269 MCPE_MAKE_ALIGNED_WORD32_NOACCESS_SLOW,
270 MCPE_MAKE_ALIGNED_WORD64_NOACCESS,
271 MCPE_MAKE_ALIGNED_WORD64_NOACCESS_SLOW,
272 MCPE_MAKE_MEM_NOACCESS,
273 MCPE_MAKE_MEM_UNDEFINED,
274 MCPE_MAKE_MEM_UNDEFINED_W_OTAG,
275 MCPE_MAKE_MEM_DEFINED,
276 MCPE_CHEAP_SANITY_CHECK,
277 MCPE_EXPENSIVE_SANITY_CHECK,
278 MCPE_COPY_ADDRESS_RANGE_STATE,
279 MCPE_COPY_ADDRESS_RANGE_STATE_LOOP1,
280 MCPE_COPY_ADDRESS_RANGE_STATE_LOOP2,
281 MCPE_CHECK_MEM_IS_NOACCESS,
282 MCPE_CHECK_MEM_IS_NOACCESS_LOOP,
283 MCPE_IS_MEM_ADDRESSABLE,
284 MCPE_IS_MEM_ADDRESSABLE_LOOP,
285 MCPE_IS_MEM_DEFINED,
286 MCPE_IS_MEM_DEFINED_LOOP,
287 MCPE_IS_MEM_DEFINED_COMPREHENSIVE,
288 MCPE_IS_MEM_DEFINED_COMPREHENSIVE_LOOP,
289 MCPE_IS_DEFINED_ASCIIZ,
290 MCPE_IS_DEFINED_ASCIIZ_LOOP,
291 MCPE_FIND_CHUNK_FOR_OLD,
292 MCPE_FIND_CHUNK_FOR_OLD_LOOP,
293 MCPE_SET_ADDRESS_RANGE_PERMS,
294 MCPE_SET_ADDRESS_RANGE_PERMS_SINGLE_SECMAP,
295 MCPE_SET_ADDRESS_RANGE_PERMS_STARTOF_SECMAP,
296 MCPE_SET_ADDRESS_RANGE_PERMS_MULTIPLE_SECMAPS,
297 MCPE_SET_ADDRESS_RANGE_PERMS_DIST_SM1,
298 MCPE_SET_ADDRESS_RANGE_PERMS_DIST_SM2,
299 MCPE_SET_ADDRESS_RANGE_PERMS_DIST_SM1_QUICK,
300 MCPE_SET_ADDRESS_RANGE_PERMS_DIST_SM2_QUICK,
301 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP1A,
302 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP1B,
303 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP1C,
304 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP8A,
305 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP8B,
306 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP64K,
307 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP64K_FREE_DIST_SM,
308 MCPE_NEW_MEM_STACK,
309 MCPE_NEW_MEM_STACK_4,
310 MCPE_NEW_MEM_STACK_8,
311 MCPE_NEW_MEM_STACK_12,
312 MCPE_NEW_MEM_STACK_16,
313 MCPE_NEW_MEM_STACK_32,
314 MCPE_NEW_MEM_STACK_112,
315 MCPE_NEW_MEM_STACK_128,
316 MCPE_NEW_MEM_STACK_144,
317 MCPE_NEW_MEM_STACK_160,
318 MCPE_DIE_MEM_STACK,
319 MCPE_DIE_MEM_STACK_4,
320 MCPE_DIE_MEM_STACK_8,
321 MCPE_DIE_MEM_STACK_12,
322 MCPE_DIE_MEM_STACK_16,
323 MCPE_DIE_MEM_STACK_32,
324 MCPE_DIE_MEM_STACK_112,
325 MCPE_DIE_MEM_STACK_128,
326 MCPE_DIE_MEM_STACK_144,
327 MCPE_DIE_MEM_STACK_160,
328 MCPE_MAKE_STACK_UNINIT_W_O,
329 MCPE_MAKE_STACK_UNINIT_NO_O,
330 MCPE_MAKE_STACK_UNINIT_128_NO_O,
331 MCPE_MAKE_STACK_UNINIT_128_NO_O_ALIGNED_16,
332 MCPE_MAKE_STACK_UNINIT_128_NO_O_ALIGNED_8,
333 MCPE_MAKE_STACK_UNINIT_128_NO_O_SLOWCASE,
334 /* Do not add enumerators past this line. */
335 MCPE_LAST
336 };
340 # define PROF_EVENT(ev) \
341 do { tl_assert((ev) >= 0 && (ev) < MCPE_LAST); \
342 MC_(event_ctr)[ev]++; \
343 } while (False);
345 #else
352 /*------------------------------------------------------------*/
353 /*--- V and A bits (Victoria & Albert ?) ---*/
354 /*------------------------------------------------------------*/
356 /* The number of entries in the primary map can be altered. However
357 we hardwire the assumption that each secondary map covers precisely
358 64k of address space. */
362 #define V_BIT_DEFINED 0
363 #define V_BIT_UNDEFINED 1
365 #define V_BITS8_DEFINED 0
366 #define V_BITS8_UNDEFINED 0xFF
368 #define V_BITS16_DEFINED 0
369 #define V_BITS16_UNDEFINED 0xFFFF
371 #define V_BITS32_DEFINED 0
372 #define V_BITS32_UNDEFINED 0xFFFFFFFF
374 #define V_BITS64_DEFINED 0ULL
375 #define V_BITS64_UNDEFINED 0xFFFFFFFFFFFFFFFFULL
377 /* Set to 1 to enable handwritten assembly helpers on targets for
378 which it is supported. */
379 #define ENABLE_ASSEMBLY_HELPERS 1
381 /* Comment the below to disable the fast case LOADV */
382 #define PERF_FAST_LOADV 1
384 /*------------------------------------------------------------*/
385 /*--- Leak checking ---*/
386 /*------------------------------------------------------------*/
388 typedef
390 // Nb: the order is important -- it dictates the order of loss records
391 // of equal sizes.
394 // least one interior-pointer along the way.
396 // (be it Unreached or IndirectLeak).
398 // (At best, only reachable from itself via a cycle.)
399 }
400 Reachedness;
402 // Build mask to check or set Reachedness r membership
403 #define R2S(r) (1 << (r))
404 // Reachedness r is member of the Set s ?
405 #define RiS(r,s) ((s) & R2S(r))
406 // Returns a set containing all Reachedness
409 /* For VALGRIND_COUNT_LEAKS client request */
416 /* For VALGRIND_COUNT_LEAK_BLOCKS client request */
423 typedef
425 LC_Off,
426 LC_Summary,
427 LC_Full,
428 }
429 LeakCheckMode;
431 typedef
436 // decrease in size or blocks.
437 LCD_New // Output new loss records.
438 }
439 LeakCheckDeltaMode;
441 /* When a LossRecord is put into an OSet, these elements represent the key. */
442 typedef
446 }
447 LossRecordKey;
449 /* A loss record, used for generating err msgs. Multiple leaked blocks can be
450 * merged into a single loss record if they have the same state and similar
451 * enough allocation points (controlled by --leak-resolution). */
452 typedef
461 }
462 LossRecord;
464 typedef
466 LeakCheckMode mode;
467 UInt show_leak_kinds;
468 UInt errors_for_leak_kinds;
469 UInt heuristics;
470 LeakCheckDeltaMode deltamode;
474 }
475 LeakCheckParams;
479 // Each time a leak search is done, the leak search generation
480 // MC_(leak_search_gen) is incremented.
483 // maintains the lcp.deltamode given in the last call to detect_memory_leaks
486 // prints the list of blocks corresponding to the given loss_record_nr slice
487 // (from/to) (up to maximum max_blocks)
488 // Returns True if loss_record_nr_from identifies a correct loss record
489 // from last leak search, returns False otherwise.
490 // Note that loss_record_nr_to can be bigger than the nr of loss records. All
491 // loss records after from will then be examined and maybe printed.
492 // If heuristics != 0, print only the loss records/blocks found via
493 // one of the heuristics in the set.
497 // Prints the addresses/registers/... at which a pointer to
498 // the given range [address, address+szB[ is found.
501 // if delta_mode == LCD_Any, prints in buf an empty string
502 // otherwise prints a delta in the layout " (+%'lu)" or " (-%'lu)"
505 LeakCheckDeltaMode delta_mode);
511 // Prints as user msg a description of the given loss record.
516 /*------------------------------------------------------------*/
517 /*--- Errors and suppressions ---*/
518 /*------------------------------------------------------------*/
520 /* Did we show to the user, any errors for which an uninitialised
521 value origin could have been collected (but wasn't) ? If yes,
522 then, at the end of the run, print a 1 line message advising that a
523 rerun with --track-origins=yes might help. */
526 /* Standard functions for error and suppressions as required by the
527 core/tool iface */
548 /* Recording of errors */
550 Bool isWrite );
570 UInt n_this_record,
571 UInt n_total_records,
573 Bool print_record,
574 Bool count_error );
579 /* Leak kinds tokens to call VG_(parse_enum_set). */
582 /* prints a description of address a in the specified debuginfo epoch */
585 /* Is this address in a user-specified "ignored range" ? */
588 /* Is this address in a user-specified "ignored range of offsets below
589 the current thread's stack pointer?" */
593 /*------------------------------------------------------------*/
594 /*--- Client blocks ---*/
595 /*------------------------------------------------------------*/
597 /* Describes a client block. See mc_main.c. An unused block has
598 start == size == 0. */
599 typedef
601 Addr start;
602 SizeT size;
605 }
606 CGenBlock;
608 /* Get access to the client block array. */
613 /*------------------------------------------------------------*/
614 /*--- Command line options + defaults ---*/
615 /*------------------------------------------------------------*/
617 /* Allow loads from partially-valid addresses? default: YES */
620 /* Max volume of the freed blocks queue. */
623 /* Blocks with a size >= MC_(clo_freelist_big_blocks) will be put
624 in the "big block" freed blocks queue. */
627 /* Do leak check at exit? default: NO */
630 /* How closely should we compare ExeContexts in leak records? default: 2 */
633 /* In leak check, show loss records if their R2S(reachedness) is set.
634 Default : R2S(Possible) | R2S(Unreached). */
637 /* In leak check, a loss record is an error if its R2S(reachedness) is set.
638 Default : R2S(Possible) | R2S(Unreached). */
641 /* Various leak check heuristics which can be activated/deactivated. */
642 typedef
645 // no heuristic.
647 // Consider interior pointer pointing at the array of char in a
648 // std::string as reachable.
650 // Consider interior pointer pointing at offset 64bit of a block as
651 // reachable, when the first 8 bytes contains the block size - 8.
652 // Such length+interior pointers are used by e.g. sqlite3MemMalloc.
653 // On 64bit platforms LchNewArray will also match these blocks.
655 // Consider interior pointer pointing at second word of a new[] array as
656 // reachable. Such interior pointers are used for arrays whose elements
657 // have a destructor.
659 // Conside interior pointer pointing just after what looks a vtable
660 // as reachable.
661 }
662 LeakCheckHeuristic;
664 // Nr of heuristics, including the LchNone heuristic.
665 #define N_LEAK_CHECK_HEURISTICS 5
667 // Build mask to check or set Heuristic h membership
668 #define H2S(h) (1 << (h))
669 // Heuristic h is member of the Set s ?
670 #define HiS(h,s) ((s) & H2S(h))
672 /* Heuristics set to use for the leak search.
673 Default : all heuristics. */
676 /* Assume accesses immediately below %esp are due to gcc-2.96 bugs.
677 * default: NO */
680 /* Fill malloc-d/free-d client blocks with a specific value? -1 if
681 not, else 0x00 .. 0xFF indicating the fill value to use. Can be
682 useful for causing programs with bad heap corruption to fail in
683 more repeatable ways. Note that malloc-filled and free-filled
684 areas are still undefined and noaccess respectively. This merely
685 causes them to contain the specified values. */
689 /* Which stack trace(s) to keep for malloc'd/free'd client blocks?
690 For each client block, the stack traces where it was allocated
691 and/or freed are optionally kept depending on MC_(clo_keep_stacktraces). */
692 typedef
699 }
700 KeepStacktraces;
703 /* Indicates the level of instrumentation/checking done by Memcheck.
705 1 = No undefined value checking, Addrcheck-style behaviour only:
706 only address checking is done. This is faster but finds fewer
707 errors. Note that although Addrcheck had 1 bit per byte
708 overhead vs the old Memcheck's 9 bits per byte, with this mode
709 and compressed V bits, no memory is saved with this mode --
710 it's still 2 bits per byte overhead. This is a little wasteful
711 -- it could be done with 1 bit per byte -- but lets us reuse
712 the many shadow memory access functions. Note that in this
713 mode neither the secondary V bit table nor the origin-tag cache
714 are used.
716 2 = Address checking and Undefined value checking are performed,
717 but origins are not tracked. So the origin-tag cache is not
718 used in this mode. This setting is the default and corresponds
719 to the "normal" Memcheck behaviour that has shipped for years.
721 3 = Address checking, undefined value checking, and origins for
722 undefined values are tracked.
724 The default is 2.
725 */
728 /* Should we show mismatched frees? Default: YES */
731 /* Should we warn about deprecated realloc() of size 0 ? Default : YES */
734 /* Indicates the level of detail for Vbit tracking through integer add,
735 subtract, and some integer comparison operations. */
736 typedef
740 EdcYES // All operations instrumented expensively
741 }
742 ExpensiveDefinednessChecks;
744 /* Level of expense in definedness checking for add/sub and compare
745 operations. Default: EdcAUTO */
748 /* Do we have a range of stack offsets to ignore? Default: NO */
754 /*------------------------------------------------------------*/
755 /*--- Instrumentation ---*/
756 /*------------------------------------------------------------*/
758 /* Functions defined in mc_main.c */
760 /* For the fail_w_o functions, the UWord arg is actually the 32-bit
761 origin tag and should really be UInt, but to be simple and safe
762 considering it's called from generated code, just claim it to be a
763 UWord. */
770 /* And call these ones instead to report an uninitialised value error
771 but with no origin available. */
778 /* V-bits load/store helpers */
808 /* Origin tag load/store helpers */
822 /* Functions defined in mc_translate.c */
832 /* Check some assertions to do with the instrumentation machinery. */
837 /*--------------------------------------------------------------------*/
838 /*--- end ---*/
839 /*--------------------------------------------------------------------*/