1
2 /*--------------------------------------------------------------------*/
3 /*--- Thread scheduling. scheduler.c ---*/
4 /*--------------------------------------------------------------------*/
5
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
9
10 Copyright (C) 2000-2011 Julian Seward
11 jseward@acm.org
12
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
17
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
26 02111-1307, USA.
27
28 The GNU General Public License is contained in the file COPYING.
29 */
30
31 /*
32 Overview
33
34 Valgrind tries to emulate the kernel's threading as closely as
35 possible. The client does all threading via the normal syscalls
36 (on Linux: clone, etc). Valgrind emulates this by creating exactly
37 the same process structure as would be created without Valgrind.
38 There are no extra threads.
39
40 The main difference is that Valgrind only allows one client thread
41 to run at once. This is controlled with the CPU Big Lock,
42 "the_BigLock". Any time a thread wants to run client code or
43 manipulate any shared state (which is anything other than its own
44 ThreadState entry), it must hold the_BigLock.
45
46 When a thread is about to block in a blocking syscall, it releases
47 the_BigLock, and re-takes it when it becomes runnable again (either
48 because the syscall finished, or we took a signal).
49
50 VG_(scheduler) therefore runs in each thread. It returns only when
51 the thread is exiting, either because it exited itself, or it was
52 told to exit by another thread.
53
54 This file is almost entirely OS-independent. The details of how
55 the OS handles threading and signalling are abstracted away and
56 implemented elsewhere. [Some of the functions have worked their
57 way back for the moment, until we do an OS port in earnest...]
58 */
59
60 #include "pub_core_basics.h"
61 #include "pub_core_debuglog.h"
62 #include "pub_core_vki.h"
63 #include "pub_core_vkiscnums.h" // __NR_sched_yield
64 #include "pub_core_libcsetjmp.h" // to keep _threadstate.h happy
65 #include "pub_core_threadstate.h"
66 #include "pub_core_aspacemgr.h"
67 #include "pub_core_clreq.h" // for VG_USERREQ__*
68 #include "pub_core_dispatch.h"
69 #include "pub_core_errormgr.h" // For VG_(get_n_errs_found)()
70 #include "pub_core_gdbserver.h" // for VG_(gdbserver) and VG_(gdbserver_activity)
71 #include "pub_core_libcbase.h"
72 #include "pub_core_libcassert.h"
73 #include "pub_core_libcprint.h"
74 #include "pub_core_libcproc.h"
75 #include "pub_core_libcsignal.h"
76 #if defined(VGO_darwin)
77 #include "pub_core_mach.h"
78 #endif
79 #include "pub_core_machine.h"
80 #include "pub_core_mallocfree.h"
81 #include "pub_core_options.h"
82 #include "pub_core_replacemalloc.h"
83 #include "pub_core_signals.h"
84 #include "pub_core_stacks.h"
85 #include "pub_core_stacktrace.h" // For VG_(get_and_pp_StackTrace)()
86 #include "pub_core_syscall.h"
87 #include "pub_core_syswrap.h"
88 #include "pub_core_tooliface.h"
89 #include "pub_core_translate.h" // For VG_(translate)()
90 #include "pub_core_transtab.h"
91 #include "pub_core_debuginfo.h" // VG_(di_notify_pdb_debuginfo)
92 #include "priv_sema.h"
93 #include "pub_core_scheduler.h" // self
94 #include "pub_core_redir.h"
95
96
97 /* ---------------------------------------------------------------------
98 Types and globals for the scheduler.
99 ------------------------------------------------------------------ */
100
101 /* ThreadId and ThreadState are defined elsewhere*/
102
103 /* Defines the thread-scheduling timeslice, in terms of the number of
104 basic blocks we attempt to run each thread for. Smaller values
105 give finer interleaving but much increased scheduling overheads. */
106 #define SCHEDULING_QUANTUM 100000
107
108 /* If False, a fault is Valgrind-internal (ie, a bug) */
109 Bool VG_(in_generated_code) = False;
110
111 /* Counts downwards in VG_(run_innerloop). */
112 UInt VG_(dispatch_ctr);
113
114 /* 64-bit counter for the number of basic blocks done. */
115 static ULong bbs_done = 0;
116
117 /* Counter to see if vgdb activity is to be verified.
118 When nr of bbs done reaches vgdb_next_poll, scheduler will
119 poll for gdbserver activity. VG_(force_vgdb_poll) and
120 VG_(disable_vgdb_poll) allows the valgrind core (e.g. m_gdbserver)
121 to control when the next poll will be done. */
122 static ULong vgdb_next_poll;
123
124 /* Forwards */
125 static void do_client_request ( ThreadId tid );
126 static void scheduler_sanity ( ThreadId tid );
127 static void mostly_clear_thread_record ( ThreadId tid );
128
129 /* Stats. */
130 static ULong n_scheduling_events_MINOR = 0;
131 static ULong n_scheduling_events_MAJOR = 0;
132
133 /* Sanity checking counts. */
134 static UInt sanity_fast_count = 0;
135 static UInt sanity_slow_count = 0;
136
VG_(print_scheduler_stats)137 void VG_(print_scheduler_stats)(void)
138 {
139 VG_(message)(Vg_DebugMsg,
140 "scheduler: %'llu jumps (bb entries).\n", bbs_done );
141 VG_(message)(Vg_DebugMsg,
142 "scheduler: %'llu/%'llu major/minor sched events.\n",
143 n_scheduling_events_MAJOR, n_scheduling_events_MINOR);
144 VG_(message)(Vg_DebugMsg,
145 " sanity: %d cheap, %d expensive checks.\n",
146 sanity_fast_count, sanity_slow_count );
147 }
148
149 /* CPU semaphore, so that threads can run exclusively */
150 static vg_sema_t the_BigLock;
151
152 // Base address of the NaCl sandbox.
153 UWord nacl_head;
154
155 // Path to NaCl nexe.
156 char *nacl_file;
157
158 /* ---------------------------------------------------------------------
159 Helper functions for the scheduler.
160 ------------------------------------------------------------------ */
161
162 static
print_sched_event(ThreadId tid,Char * what)163 void print_sched_event ( ThreadId tid, Char* what )
164 {
165 VG_(message)(Vg_DebugMsg, " SCHED[%d]: %s\n", tid, what );
166 }
167
168 /* For showing SB counts, if the user asks to see them. */
169 #define SHOW_SBCOUNT_EVERY (20ULL * 1000 * 1000)
170 static ULong bbs_done_lastcheck = 0;
171
172 static
maybe_show_sb_counts(void)173 void maybe_show_sb_counts ( void )
174 {
175 Long delta = bbs_done - bbs_done_lastcheck;
176 vg_assert(delta >= 0);
177 if (UNLIKELY(delta >= SHOW_SBCOUNT_EVERY)) {
178 VG_(umsg)("%'lld superblocks executed\n", bbs_done);
179 bbs_done_lastcheck = bbs_done;
180 }
181 }
182
183 static
name_of_sched_event(UInt event)184 HChar* name_of_sched_event ( UInt event )
185 {
186 switch (event) {
187 case VEX_TRC_JMP_SYS_SYSCALL: return "SYSCALL";
188 case VEX_TRC_JMP_SYS_INT32: return "INT32";
189 case VEX_TRC_JMP_SYS_INT128: return "INT128";
190 case VEX_TRC_JMP_SYS_INT129: return "INT129";
191 case VEX_TRC_JMP_SYS_INT130: return "INT130";
192 case VEX_TRC_JMP_SYS_SYSENTER: return "SYSENTER";
193 case VEX_TRC_JMP_CLIENTREQ: return "CLIENTREQ";
194 case VEX_TRC_JMP_YIELD: return "YIELD";
195 case VEX_TRC_JMP_YIELD_NOREDIR: return "YIELD_NOREDIR";
196 case VEX_TRC_JMP_NODECODE: return "NODECODE";
197 case VEX_TRC_JMP_MAPFAIL: return "MAPFAIL";
198 case VEX_TRC_JMP_NOREDIR: return "NOREDIR";
199 case VEX_TRC_JMP_EMWARN: return "EMWARN";
200 case VEX_TRC_JMP_TINVAL: return "TINVAL";
201 case VG_TRC_INVARIANT_FAILED: return "INVFAILED";
202 case VG_TRC_INNER_COUNTERZERO: return "COUNTERZERO";
203 case VG_TRC_INNER_FASTMISS: return "FASTMISS";
204 case VG_TRC_FAULT_SIGNAL: return "FAULTSIGNAL";
205 default: return "??UNKNOWN??";
206 }
207 }
208
209 /* Allocate a completely empty ThreadState record. */
VG_(alloc_ThreadState)210 ThreadId VG_(alloc_ThreadState) ( void )
211 {
212 Int i;
213 for (i = 1; i < VG_N_THREADS; i++) {
214 if (VG_(threads)[i].status == VgTs_Empty) {
215 VG_(threads)[i].status = VgTs_Init;
216 VG_(threads)[i].exitreason = VgSrc_None;
217 return i;
218 }
219 }
220 VG_(printf)("vg_alloc_ThreadState: no free slots available\n");
221 VG_(printf)("Increase VG_N_THREADS, rebuild and try again.\n");
222 VG_(core_panic)("VG_N_THREADS is too low");
223 /*NOTREACHED*/
224 }
225
226 /*
227 Mark a thread as Runnable. This will block until the_BigLock is
228 available, so that we get exclusive access to all the shared
229 structures and the CPU. Up until we get the_BigLock, we must not
230 touch any shared state.
231
232 When this returns, we'll actually be running.
233 */
VG_(acquire_BigLock)234 void VG_(acquire_BigLock)(ThreadId tid, HChar* who)
235 {
236 ThreadState *tst;
237
238 #if 0
239 if (VG_(clo_trace_sched)) {
240 HChar buf[100];
241 vg_assert(VG_(strlen)(who) <= 100-50);
242 VG_(sprintf)(buf, "waiting for lock (%s)", who);
243 print_sched_event(tid, buf);
244 }
245 #endif
246
247 /* First, acquire the_BigLock. We can't do anything else safely
248 prior to this point. Even doing debug printing prior to this
249 point is, technically, wrong. */
250 ML_(sema_down)(&the_BigLock, False/*not LL*/);
251
252 tst = VG_(get_ThreadState)(tid);
253
254 vg_assert(tst->status != VgTs_Runnable);
255
256 tst->status = VgTs_Runnable;
257
258 if (VG_(running_tid) != VG_INVALID_THREADID)
259 VG_(printf)("tid %d found %d running\n", tid, VG_(running_tid));
260 vg_assert(VG_(running_tid) == VG_INVALID_THREADID);
261 VG_(running_tid) = tid;
262
263 { Addr gsp = VG_(get_SP)(tid);
264 VG_(unknown_SP_update)(gsp, gsp, 0/*unknown origin*/);
265 }
266
267 if (VG_(clo_trace_sched)) {
268 HChar buf[150];
269 vg_assert(VG_(strlen)(who) <= 150-50);
270 VG_(sprintf)(buf, " acquired lock (%s)", who);
271 print_sched_event(tid, buf);
272 }
273 }
274
275 /*
276 Set a thread into a sleeping state, and give up exclusive access to
277 the CPU. On return, the thread must be prepared to block until it
278 is ready to run again (generally this means blocking in a syscall,
279 but it may mean that we remain in a Runnable state and we're just
280 yielding the CPU to another thread).
281 */
VG_(release_BigLock)282 void VG_(release_BigLock)(ThreadId tid, ThreadStatus sleepstate, HChar* who)
283 {
284 ThreadState *tst = VG_(get_ThreadState)(tid);
285
286 vg_assert(tst->status == VgTs_Runnable);
287
288 vg_assert(sleepstate == VgTs_WaitSys ||
289 sleepstate == VgTs_Yielding);
290
291 tst->status = sleepstate;
292
293 vg_assert(VG_(running_tid) == tid);
294 VG_(running_tid) = VG_INVALID_THREADID;
295
296 if (VG_(clo_trace_sched)) {
297 Char buf[200];
298 vg_assert(VG_(strlen)(who) <= 200-100);
299 VG_(sprintf)(buf, "releasing lock (%s) -> %s",
300 who, VG_(name_of_ThreadStatus)(sleepstate));
301 print_sched_event(tid, buf);
302 }
303
304 /* Release the_BigLock; this will reschedule any runnable
305 thread. */
306 ML_(sema_up)(&the_BigLock, False/*not LL*/);
307 }
308
309 /* See pub_core_scheduler.h for description */
VG_(acquire_BigLock_LL)310 void VG_(acquire_BigLock_LL) ( HChar* who )
311 {
312 ML_(sema_down)(&the_BigLock, True/*LL*/);
313 }
314
315 /* See pub_core_scheduler.h for description */
VG_(release_BigLock_LL)316 void VG_(release_BigLock_LL) ( HChar* who )
317 {
318 ML_(sema_up)(&the_BigLock, True/*LL*/);
319 }
320
321
322 /* Clear out the ThreadState and release the semaphore. Leaves the
323 ThreadState in VgTs_Zombie state, so that it doesn't get
324 reallocated until the caller is really ready. */
VG_(exit_thread)325 void VG_(exit_thread)(ThreadId tid)
326 {
327 vg_assert(VG_(is_valid_tid)(tid));
328 vg_assert(VG_(is_running_thread)(tid));
329 vg_assert(VG_(is_exiting)(tid));
330
331 mostly_clear_thread_record(tid);
332 VG_(running_tid) = VG_INVALID_THREADID;
333
334 /* There should still be a valid exitreason for this thread */
335 vg_assert(VG_(threads)[tid].exitreason != VgSrc_None);
336
337 if (VG_(clo_trace_sched))
338 print_sched_event(tid, "release lock in VG_(exit_thread)");
339
340 ML_(sema_up)(&the_BigLock, False/*not LL*/);
341 }
342
343 /* If 'tid' is blocked in a syscall, send it SIGVGKILL so as to get it
344 out of the syscall and onto doing the next thing, whatever that is.
345 If it isn't blocked in a syscall, has no effect on the thread. */
VG_(get_thread_out_of_syscall)346 void VG_(get_thread_out_of_syscall)(ThreadId tid)
347 {
348 vg_assert(VG_(is_valid_tid)(tid));
349 vg_assert(!VG_(is_running_thread)(tid));
350
351 if (VG_(threads)[tid].status == VgTs_WaitSys) {
352 if (VG_(clo_trace_signals)) {
353 VG_(message)(Vg_DebugMsg,
354 "get_thread_out_of_syscall zaps tid %d lwp %d\n",
355 tid, VG_(threads)[tid].os_state.lwpid);
356 }
357 # if defined(VGO_darwin)
358 {
359 // GrP fixme use mach primitives on darwin?
360 // GrP fixme thread_abort_safely?
361 // GrP fixme race for thread with WaitSys set but not in syscall yet?
362 extern kern_return_t thread_abort(mach_port_t);
363 thread_abort(VG_(threads)[tid].os_state.lwpid);
364 }
365 # else
366 {
367 __attribute__((unused))
368 Int r = VG_(tkill)(VG_(threads)[tid].os_state.lwpid, VG_SIGVGKILL);
369 /* JRS 2009-Mar-20: should we assert for r==0 (tkill succeeded)?
370 I'm really not sure. Here's a race scenario which argues
371 that we shoudn't; but equally I'm not sure the scenario is
372 even possible, because of constraints caused by the question
373 of who holds the BigLock when.
374
375 Target thread tid does sys_read on a socket and blocks. This
376 function gets called, and we observe correctly that tid's
377 status is WaitSys but then for whatever reason this function
378 goes very slowly for a while. Then data arrives from
379 wherever, tid's sys_read returns, tid exits. Then we do
380 tkill on tid, but tid no longer exists; tkill returns an
381 error code and the assert fails. */
382 /* vg_assert(r == 0); */
383 }
384 # endif
385 }
386 }
387
388 /*
389 Yield the CPU for a short time to let some other thread run.
390 */
VG_(vg_yield)391 void VG_(vg_yield)(void)
392 {
393 ThreadId tid = VG_(running_tid);
394
395 vg_assert(tid != VG_INVALID_THREADID);
396 vg_assert(VG_(threads)[tid].os_state.lwpid == VG_(gettid)());
397
398 VG_(release_BigLock)(tid, VgTs_Yielding, "VG_(vg_yield)");
399
400 /*
401 Tell the kernel we're yielding.
402 */
403 VG_(do_syscall0)(__NR_sched_yield);
404
405 VG_(acquire_BigLock)(tid, "VG_(vg_yield)");
406 }
407
408
409 /* Set the standard set of blocked signals, used whenever we're not
410 running a client syscall. */
block_signals(void)411 static void block_signals(void)
412 {
413 vki_sigset_t mask;
414
415 VG_(sigfillset)(&mask);
416
417 /* Don't block these because they're synchronous */
418 VG_(sigdelset)(&mask, VKI_SIGSEGV);
419 VG_(sigdelset)(&mask, VKI_SIGBUS);
420 VG_(sigdelset)(&mask, VKI_SIGFPE);
421 VG_(sigdelset)(&mask, VKI_SIGILL);
422 VG_(sigdelset)(&mask, VKI_SIGTRAP);
423
424 /* Can't block these anyway */
425 VG_(sigdelset)(&mask, VKI_SIGSTOP);
426 VG_(sigdelset)(&mask, VKI_SIGKILL);
427
428 VG_(sigprocmask)(VKI_SIG_SETMASK, &mask, NULL);
429 }
430
os_state_clear(ThreadState * tst)431 static void os_state_clear(ThreadState *tst)
432 {
433 tst->os_state.lwpid = 0;
434 tst->os_state.threadgroup = 0;
435 # if defined(VGO_linux)
436 /* no other fields to clear */
437 # elif defined(VGO_darwin)
438 tst->os_state.post_mach_trap_fn = NULL;
439 tst->os_state.pthread = 0;
440 tst->os_state.func_arg = 0;
441 VG_(memset)(&tst->os_state.child_go, 0, sizeof(tst->os_state.child_go));
442 VG_(memset)(&tst->os_state.child_done, 0, sizeof(tst->os_state.child_done));
443 tst->os_state.wq_jmpbuf_valid = False;
444 tst->os_state.remote_port = 0;
445 tst->os_state.msgh_id = 0;
446 VG_(memset)(&tst->os_state.mach_args, 0, sizeof(tst->os_state.mach_args));
447 # else
448 # error "Unknown OS"
449 # endif
450 }
451
os_state_init(ThreadState * tst)452 static void os_state_init(ThreadState *tst)
453 {
454 tst->os_state.valgrind_stack_base = 0;
455 tst->os_state.valgrind_stack_init_SP = 0;
456 os_state_clear(tst);
457 }
458
459 static
mostly_clear_thread_record(ThreadId tid)460 void mostly_clear_thread_record ( ThreadId tid )
461 {
462 vki_sigset_t savedmask;
463
464 vg_assert(tid >= 0 && tid < VG_N_THREADS);
465 VG_(cleanup_thread)(&VG_(threads)[tid].arch);
466 VG_(threads)[tid].tid = tid;
467
468 /* Leave the thread in Zombie, so that it doesn't get reallocated
469 until the caller is finally done with the thread stack. */
470 VG_(threads)[tid].status = VgTs_Zombie;
471
472 VG_(sigemptyset)(&VG_(threads)[tid].sig_mask);
473 VG_(sigemptyset)(&VG_(threads)[tid].tmp_sig_mask);
474
475 os_state_clear(&VG_(threads)[tid]);
476
477 /* start with no altstack */
478 VG_(threads)[tid].altstack.ss_sp = (void *)0xdeadbeef;
479 VG_(threads)[tid].altstack.ss_size = 0;
480 VG_(threads)[tid].altstack.ss_flags = VKI_SS_DISABLE;
481
482 VG_(clear_out_queued_signals)(tid, &savedmask);
483
484 VG_(threads)[tid].sched_jmpbuf_valid = False;
485 }
486
487 /*
488 Called in the child after fork. If the parent has multiple
489 threads, then we've inherited a VG_(threads) array describing them,
490 but only the thread which called fork() is actually alive in the
491 child. This functions needs to clean up all those other thread
492 structures.
493
494 Whichever tid in the parent which called fork() becomes the
495 master_tid in the child. That's because the only living slot in
496 VG_(threads) in the child after fork is VG_(threads)[tid], and it
497 would be too hard to try to re-number the thread and relocate the
498 thread state down to VG_(threads)[1].
499
500 This function also needs to reinitialize the_BigLock, since
501 otherwise we may end up sharing its state with the parent, which
502 would be deeply confusing.
503 */
sched_fork_cleanup(ThreadId me)504 static void sched_fork_cleanup(ThreadId me)
505 {
506 ThreadId tid;
507 vg_assert(VG_(running_tid) == me);
508
509 # if defined(VGO_darwin)
510 // GrP fixme hack reset Mach ports
511 VG_(mach_init)();
512 # endif
513
514 VG_(threads)[me].os_state.lwpid = VG_(gettid)();
515 VG_(threads)[me].os_state.threadgroup = VG_(getpid)();
516
517 /* clear out all the unused thread slots */
518 for (tid = 1; tid < VG_N_THREADS; tid++) {
519 if (tid != me) {
520 mostly_clear_thread_record(tid);
521 VG_(threads)[tid].status = VgTs_Empty;
522 VG_(clear_syscallInfo)(tid);
523 }
524 }
525
526 /* re-init and take the sema */
527 ML_(sema_deinit)(&the_BigLock);
528 ML_(sema_init)(&the_BigLock);
529 ML_(sema_down)(&the_BigLock, False/*not LL*/);
530 }
531
532
533 /* First phase of initialisation of the scheduler. Initialise the
534 bigLock, zeroise the VG_(threads) structure and decide on the
535 ThreadId of the root thread.
536 */
VG_(scheduler_init_phase1)537 ThreadId VG_(scheduler_init_phase1) ( void )
538 {
539 Int i;
540 ThreadId tid_main;
541
542 VG_(debugLog)(1,"sched","sched_init_phase1\n");
543
544 ML_(sema_init)(&the_BigLock);
545
546 for (i = 0 /* NB; not 1 */; i < VG_N_THREADS; i++) {
547 /* Paranoia .. completely zero it out. */
548 VG_(memset)( & VG_(threads)[i], 0, sizeof( VG_(threads)[i] ) );
549
550 VG_(threads)[i].sig_queue = NULL;
551
552 os_state_init(&VG_(threads)[i]);
553 mostly_clear_thread_record(i);
554
555 VG_(threads)[i].status = VgTs_Empty;
556 VG_(threads)[i].client_stack_szB = 0;
557 VG_(threads)[i].client_stack_highest_word = (Addr)NULL;
558 VG_(threads)[i].err_disablement_level = 0;
559 }
560
561 tid_main = VG_(alloc_ThreadState)();
562
563 /* Bleh. Unfortunately there are various places in the system that
564 assume that the main thread has a ThreadId of 1.
565 - Helgrind (possibly)
566 - stack overflow message in default_action() in m_signals.c
567 - definitely a lot more places
568 */
569 vg_assert(tid_main == 1);
570
571 return tid_main;
572 }
573
574
575 /* Second phase of initialisation of the scheduler. Given the root
576 ThreadId computed by first phase of initialisation, fill in stack
577 details and acquire bigLock. Initialise the scheduler. This is
578 called at startup. The caller subsequently initialises the guest
579 state components of this main thread.
580 */
VG_(scheduler_init_phase2)581 void VG_(scheduler_init_phase2) ( ThreadId tid_main,
582 Addr clstack_end,
583 SizeT clstack_size )
584 {
585 VG_(debugLog)(1,"sched","sched_init_phase2: tid_main=%d, "
586 "cls_end=0x%lx, cls_sz=%ld\n",
587 tid_main, clstack_end, clstack_size);
588
589 vg_assert(VG_IS_PAGE_ALIGNED(clstack_end+1));
590 vg_assert(VG_IS_PAGE_ALIGNED(clstack_size));
591
592 VG_(threads)[tid_main].client_stack_highest_word
593 = clstack_end + 1 - sizeof(UWord);
594 VG_(threads)[tid_main].client_stack_szB
595 = clstack_size;
596
597 VG_(atfork)(NULL, NULL, sched_fork_cleanup);
598 }
599
600
601 /* ---------------------------------------------------------------------
602 Helpers for running translations.
603 ------------------------------------------------------------------ */
604
605 /* Use gcc's built-in setjmp/longjmp. longjmp must not restore signal
606 mask state, but does need to pass "val" through. jumped must be a
607 volatile UWord. */
608 #define SCHEDSETJMP(tid, jumped, stmt) \
609 do { \
610 ThreadState * volatile _qq_tst = VG_(get_ThreadState)(tid); \
611 \
612 (jumped) = VG_MINIMAL_SETJMP(_qq_tst->sched_jmpbuf); \
613 if ((jumped) == ((UWord)0)) { \
614 vg_assert(!_qq_tst->sched_jmpbuf_valid); \
615 _qq_tst->sched_jmpbuf_valid = True; \
616 stmt; \
617 } else if (VG_(clo_trace_sched)) \
618 VG_(printf)("SCHEDSETJMP(line %d) tid %d, jumped=%ld\n", \
619 __LINE__, tid, jumped); \
620 vg_assert(_qq_tst->sched_jmpbuf_valid); \
621 _qq_tst->sched_jmpbuf_valid = False; \
622 } while(0)
623
624
625 /* Do various guest state alignment checks prior to running a thread.
626 Specifically, check that what we have matches Vex's guest state
627 layout requirements. See libvex.h for details, but in short the
628 requirements are: There must be no holes in between the primary
629 guest state, its two copies, and the spill area. In short, all 4
630 areas must have a 16-aligned size and be 16-aligned, and placed
631 back-to-back. */
do_pre_run_checks(ThreadState * tst)632 static void do_pre_run_checks ( ThreadState* tst )
633 {
634 Addr a_vex = (Addr) & tst->arch.vex;
635 Addr a_vexsh1 = (Addr) & tst->arch.vex_shadow1;
636 Addr a_vexsh2 = (Addr) & tst->arch.vex_shadow2;
637 Addr a_spill = (Addr) & tst->arch.vex_spill;
638 UInt sz_vex = (UInt) sizeof tst->arch.vex;
639 UInt sz_vexsh1 = (UInt) sizeof tst->arch.vex_shadow1;
640 UInt sz_vexsh2 = (UInt) sizeof tst->arch.vex_shadow2;
641 UInt sz_spill = (UInt) sizeof tst->arch.vex_spill;
642
643 if (0)
644 VG_(printf)("gst %p %d, sh1 %p %d, "
645 "sh2 %p %d, spill %p %d\n",
646 (void*)a_vex, sz_vex,
647 (void*)a_vexsh1, sz_vexsh1,
648 (void*)a_vexsh2, sz_vexsh2,
649 (void*)a_spill, sz_spill );
650
651 vg_assert(VG_IS_16_ALIGNED(sz_vex));
652 vg_assert(VG_IS_16_ALIGNED(sz_vexsh1));
653 vg_assert(VG_IS_16_ALIGNED(sz_vexsh2));
654 vg_assert(VG_IS_16_ALIGNED(sz_spill));
655
656 vg_assert(VG_IS_16_ALIGNED(a_vex));
657 vg_assert(VG_IS_16_ALIGNED(a_vexsh1));
658 vg_assert(VG_IS_16_ALIGNED(a_vexsh2));
659 vg_assert(VG_IS_16_ALIGNED(a_spill));
660
661 /* Check that the guest state and its two shadows have the same
662 size, and that there are no holes in between. The latter is
663 important because Memcheck assumes that it can reliably access
664 the shadows by indexing off a pointer to the start of the
665 primary guest state area. */
666 vg_assert(sz_vex == sz_vexsh1);
667 vg_assert(sz_vex == sz_vexsh2);
668 vg_assert(a_vex + 1 * sz_vex == a_vexsh1);
669 vg_assert(a_vex + 2 * sz_vex == a_vexsh2);
670 /* Also check there's no hole between the second shadow area and
671 the spill area. */
672 vg_assert(sz_spill == LibVEX_N_SPILL_BYTES);
673 vg_assert(a_vex + 3 * sz_vex == a_spill);
674
675 # if defined(VGA_amd64)
676 /* x86/amd64 XMM regs must form an array, ie, have no
677 holes in between. */
678 vg_assert(
679 (offsetof(VexGuestAMD64State,guest_XMM16)
680 - offsetof(VexGuestAMD64State,guest_XMM0))
681 == (17/*#regs*/-1) * 16/*bytes per reg*/
682 );
683 # endif
684
685 # if defined(VGA_ppc32) || defined(VGA_ppc64)
686 /* ppc guest_state vector regs must be 16 byte aligned for
687 loads/stores. This is important! */
688 vg_assert(VG_IS_16_ALIGNED(& tst->arch.vex.guest_VSR0));
689 vg_assert(VG_IS_16_ALIGNED(& tst->arch.vex_shadow1.guest_VSR0));
690 vg_assert(VG_IS_16_ALIGNED(& tst->arch.vex_shadow2.guest_VSR0));
691 /* be extra paranoid .. */
692 vg_assert(VG_IS_16_ALIGNED(& tst->arch.vex.guest_VSR1));
693 vg_assert(VG_IS_16_ALIGNED(& tst->arch.vex_shadow1.guest_VSR1));
694 vg_assert(VG_IS_16_ALIGNED(& tst->arch.vex_shadow2.guest_VSR1));
695 # endif
696
697 # if defined(VGA_arm)
698 /* arm guest_state VFP regs must be 8 byte aligned for
699 loads/stores. */
700 vg_assert(VG_IS_8_ALIGNED(& tst->arch.vex.guest_D0));
701 vg_assert(VG_IS_8_ALIGNED(& tst->arch.vex_shadow1.guest_D0));
702 vg_assert(VG_IS_8_ALIGNED(& tst->arch.vex_shadow2.guest_D0));
703 /* be extra paranoid .. */
704 vg_assert(VG_IS_8_ALIGNED(& tst->arch.vex.guest_D1));
705 vg_assert(VG_IS_8_ALIGNED(& tst->arch.vex_shadow1.guest_D1));
706 vg_assert(VG_IS_8_ALIGNED(& tst->arch.vex_shadow2.guest_D1));
707 # endif
708
709 # if defined(VGA_s390x)
710 /* no special requirements */
711 # endif
712 }
713
714 // NO_VGDB_POLL value ensures vgdb is not polled, while
715 // VGDB_POLL_ASAP ensures that the next scheduler call
716 // will cause a poll.
717 #define NO_VGDB_POLL 0xffffffffffffffffULL
718 #define VGDB_POLL_ASAP 0x0ULL
719
VG_(disable_vgdb_poll)720 void VG_(disable_vgdb_poll) (void )
721 {
722 vgdb_next_poll = NO_VGDB_POLL;
723 }
VG_(force_vgdb_poll)724 void VG_(force_vgdb_poll) ( void )
725 {
726 vgdb_next_poll = VGDB_POLL_ASAP;
727 }
728
729 /* Run the thread tid for a while, and return a VG_TRC_* value
730 indicating why VG_(run_innerloop) stopped. */
run_thread_for_a_while(ThreadId tid)731 static UInt run_thread_for_a_while ( ThreadId tid )
732 {
733 volatile UWord jumped;
734 volatile ThreadState* tst = NULL; /* stop gcc complaining */
735 volatile UInt trc;
736 volatile Int dispatch_ctr_SAVED;
737 volatile Int done_this_time;
738
739 /* Paranoia */
740 vg_assert(VG_(is_valid_tid)(tid));
741 vg_assert(VG_(is_running_thread)(tid));
742 vg_assert(!VG_(is_exiting)(tid));
743
744 tst = VG_(get_ThreadState)(tid);
745 do_pre_run_checks( (ThreadState*)tst );
746 /* end Paranoia */
747
748 trc = 0;
749 dispatch_ctr_SAVED = VG_(dispatch_ctr);
750
751 /* there should be no undealt-with signals */
752 //vg_assert(VG_(threads)[tid].siginfo.si_signo == 0);
753
754 if (0) {
755 vki_sigset_t m;
756 Int i, err = VG_(sigprocmask)(VKI_SIG_SETMASK, NULL, &m);
757 vg_assert(err == 0);
758 VG_(printf)("tid %d: entering code with unblocked signals: ", tid);
759 for (i = 1; i <= _VKI_NSIG; i++)
760 if (!VG_(sigismember)(&m, i))
761 VG_(printf)("%d ", i);
762 VG_(printf)("\n");
763 }
764
765 // Tell the tool this thread is about to run client code
766 VG_TRACK( start_client_code, tid, bbs_done );
767
768 vg_assert(VG_(in_generated_code) == False);
769 VG_(in_generated_code) = True;
770
771 SCHEDSETJMP(
772 tid,
773 jumped,
774 trc = (UInt)VG_(run_innerloop)( (void*)&tst->arch.vex,
775 VG_(clo_profile_flags) > 0 ? 1 : 0 )
776 );
777
778 vg_assert(VG_(in_generated_code) == True);
779 VG_(in_generated_code) = False;
780
781 if (jumped != (UWord)0) {
782 /* We get here if the client took a fault that caused our signal
783 handler to longjmp. */
784 vg_assert(trc == 0);
785 trc = VG_TRC_FAULT_SIGNAL;
786 block_signals();
787 }
788
789 done_this_time = (Int)dispatch_ctr_SAVED - (Int)VG_(dispatch_ctr) - 0;
790
791 vg_assert(done_this_time >= 0);
792 bbs_done += (ULong)done_this_time;
793
794 // Tell the tool this thread has stopped running client code
795 VG_TRACK( stop_client_code, tid, bbs_done );
796
797 if (bbs_done >= vgdb_next_poll) {
798 if (VG_(clo_vgdb_poll))
799 vgdb_next_poll = bbs_done + (ULong)VG_(clo_vgdb_poll);
800 else
801 /* value was changed due to gdbserver invocation via ptrace */
802 vgdb_next_poll = NO_VGDB_POLL;
803 if (VG_(gdbserver_activity) (tid))
804 VG_(gdbserver) (tid);
805 }
806
807 return trc;
808 }
809
810
811 /* Run a no-redir translation just once, and return the resulting
812 VG_TRC_* value. */
run_noredir_translation(Addr hcode,ThreadId tid)813 static UInt run_noredir_translation ( Addr hcode, ThreadId tid )
814 {
815 volatile UWord jumped;
816 volatile ThreadState* tst;
817 volatile UWord argblock[4];
818 volatile UInt retval;
819
820 /* Paranoia */
821 vg_assert(VG_(is_valid_tid)(tid));
822 vg_assert(VG_(is_running_thread)(tid));
823 vg_assert(!VG_(is_exiting)(tid));
824
825 tst = VG_(get_ThreadState)(tid);
826 do_pre_run_checks( (ThreadState*)tst );
827 /* end Paranoia */
828
829 # if defined(VGA_ppc32) || defined(VGA_ppc64)
830 /* I don't think we need to clear this thread's guest_RESVN here,
831 because we can only get here if run_thread_for_a_while() has
832 been used immediately before, on this same thread. */
833 # endif
834
835 /* There can be 3 outcomes from VG_(run_a_noredir_translation):
836
837 - a signal occurred and the sighandler longjmp'd. Then both [2]
838 and [3] are unchanged - hence zero.
839
840 - translation ran normally, set [2] (next guest IP) and set [3]
841 to whatever [1] was beforehand, indicating a normal (boring)
842 jump to the next block.
843
844 - translation ran normally, set [2] (next guest IP) and set [3]
845 to something different from [1] beforehand, which indicates a
846 TRC_ value.
847 */
848 argblock[0] = (UWord)hcode;
849 argblock[1] = (UWord)&VG_(threads)[tid].arch.vex;
850 argblock[2] = 0; /* next guest IP is written here */
851 argblock[3] = 0; /* guest state ptr afterwards is written here */
852
853 // Tell the tool this thread is about to run client code
854 VG_TRACK( start_client_code, tid, bbs_done );
855
856 vg_assert(VG_(in_generated_code) == False);
857 VG_(in_generated_code) = True;
858
859 SCHEDSETJMP(
860 tid,
861 jumped,
862 VG_(run_a_noredir_translation)( &argblock[0] )
863 );
864
865 VG_(in_generated_code) = False;
866
867 if (jumped != (UWord)0) {
868 /* We get here if the client took a fault that caused our signal
869 handler to longjmp. */
870 vg_assert(argblock[2] == 0); /* next guest IP was not written */
871 vg_assert(argblock[3] == 0); /* trc was not written */
872 block_signals();
873 retval = VG_TRC_FAULT_SIGNAL;
874 } else {
875 /* store away the guest program counter */
876 VG_(set_IP)( tid, argblock[2] );
877 if (argblock[3] == argblock[1])
878 /* the guest state pointer afterwards was unchanged */
879 retval = VG_TRC_BORING;
880 else
881 retval = (UInt)argblock[3];
882 }
883
884 bbs_done++;
885
886 // Tell the tool this thread has stopped running client code
887 VG_TRACK( stop_client_code, tid, bbs_done );
888
889 return retval;
890 }
891
892
893 /* ---------------------------------------------------------------------
894 The scheduler proper.
895 ------------------------------------------------------------------ */
896
handle_tt_miss(ThreadId tid)897 static void handle_tt_miss ( ThreadId tid )
898 {
899 Bool found;
900 Addr ip = VG_(get_IP)(tid);
901
902 /* Trivial event. Miss in the fast-cache. Do a full
903 lookup for it. */
904 found = VG_(search_transtab)( NULL, ip, True/*upd_fast_cache*/ );
905 if (UNLIKELY(!found)) {
906 /* Not found; we need to request a translation. */
907 if (VG_(translate)( tid, ip, /*debug*/False, 0/*not verbose*/,
908 bbs_done, True/*allow redirection*/ )) {
909 found = VG_(search_transtab)( NULL, ip, True );
910 vg_assert2(found, "VG_TRC_INNER_FASTMISS: missing tt_fast entry");
911
912 } else {
913 // If VG_(translate)() fails, it's because it had to throw a
914 // signal because the client jumped to a bad address. That
915 // means that either a signal has been set up for delivery,
916 // or the thread has been marked for termination. Either
917 // way, we just need to go back into the scheduler loop.
918 }
919 }
920 }
921
handle_syscall(ThreadId tid,UInt trc)922 static void handle_syscall(ThreadId tid, UInt trc)
923 {
924 ThreadState * volatile tst = VG_(get_ThreadState)(tid);
925 volatile UWord jumped;
926
927 /* Syscall may or may not block; either way, it will be
928 complete by the time this call returns, and we'll be
929 runnable again. We could take a signal while the
930 syscall runs. */
931
932 if (VG_(clo_sanity_level >= 3))
933 VG_(am_do_sync_check)("(BEFORE SYSCALL)",__FILE__,__LINE__);
934
935 SCHEDSETJMP(tid, jumped, VG_(client_syscall)(tid, trc));
936
937 if (VG_(clo_sanity_level >= 3))
938 VG_(am_do_sync_check)("(AFTER SYSCALL)",__FILE__,__LINE__);
939
940 if (!VG_(is_running_thread)(tid))
941 VG_(printf)("tid %d not running; VG_(running_tid)=%d, tid %d status %d\n",
942 tid, VG_(running_tid), tid, tst->status);
943 vg_assert(VG_(is_running_thread)(tid));
944
945 if (jumped != (UWord)0) {
946 block_signals();
947 VG_(poll_signals)(tid);
948 }
949 }
950
951 /* tid just requested a jump to the noredir version of its current
952 program counter. So make up that translation if needed, run it,
953 and return the resulting thread return code. */
handle_noredir_jump(ThreadId tid)954 static UInt/*trc*/ handle_noredir_jump ( ThreadId tid )
955 {
956 AddrH hcode = 0;
957 Addr ip = VG_(get_IP)(tid);
958
959 Bool found = VG_(search_unredir_transtab)( &hcode, ip );
960 if (!found) {
961 /* Not found; we need to request a translation. */
962 if (VG_(translate)( tid, ip, /*debug*/False, 0/*not verbose*/, bbs_done,
963 False/*NO REDIRECTION*/ )) {
964
965 found = VG_(search_unredir_transtab)( &hcode, ip );
966 vg_assert2(found, "unredir translation missing after creation?!");
967
968 } else {
969 // If VG_(translate)() fails, it's because it had to throw a
970 // signal because the client jumped to a bad address. That
971 // means that either a signal has been set up for delivery,
972 // or the thread has been marked for termination. Either
973 // way, we just need to go back into the scheduler loop.
974 return VG_TRC_BORING;
975 }
976
977 }
978
979 vg_assert(found);
980 vg_assert(hcode != 0);
981
982 /* Otherwise run it and return the resulting VG_TRC_* value. */
983 return run_noredir_translation( hcode, tid );
984 }
985
986
987 /*
988 Run a thread until it wants to exit.
989
990 We assume that the caller has already called VG_(acquire_BigLock) for
991 us, so we own the VCPU. Also, all signals are blocked.
992 */
VG_(scheduler)993 VgSchedReturnCode VG_(scheduler) ( ThreadId tid )
994 {
995 UInt trc = VG_TRC_BORING;
996 ThreadState *tst = VG_(get_ThreadState)(tid);
997 static Bool vgdb_startup_action_done = False;
998
999 if (VG_(clo_trace_sched))
1000 print_sched_event(tid, "entering VG_(scheduler)");
1001
1002 /* Do vgdb initialization (but once). Only the first (main) task
1003 starting up will do the below.
1004 Initialize gdbserver earlier than at the first
1005 thread VG_(scheduler) is causing problems:
1006 * at the end of VG_(scheduler_init_phase2) :
1007 The main thread is in VgTs_Init state, but in a not yet
1008 consistent state => the thread cannot be reported to gdb
1009 (e.g. causes an assert in LibVEX_GuestX86_get_eflags when giving
1010 back the guest registers to gdb).
1011 * at end of valgrind_main, just
1012 before VG_(main_thread_wrapper_NORETURN)(1) :
1013 The main thread is still in VgTs_Init state but in a
1014 more advanced state. However, the thread state is not yet
1015 completely initialized : a.o., the os_state is not yet fully
1016 set => the thread is then not properly reported to gdb,
1017 which is then confused (causing e.g. a duplicate thread be
1018 shown, without thread id).
1019 * it would be possible to initialize gdbserver "lower" in the
1020 call stack (e.g. in VG_(main_thread_wrapper_NORETURN)) but
1021 these are platform dependent and the place at which
1022 the thread state is completely initialized is not
1023 specific anymore to the main thread (so a similar "do it only
1024 once" would be needed).
1025
1026 => a "once only" initialization here is the best compromise. */
1027 if (!vgdb_startup_action_done) {
1028 vg_assert(tid == 1); // it must be the main thread.
1029 vgdb_startup_action_done = True;
1030 if (VG_(clo_vgdb) != Vg_VgdbNo) {
1031 /* If we have to poll, ensures we do an initial poll at first
1032 scheduler call. Otherwise, ensure no poll (unless interrupted
1033 by ptrace). */
1034 if (VG_(clo_vgdb_poll))
1035 VG_(force_vgdb_poll) ();
1036 else
1037 VG_(disable_vgdb_poll) ();
1038
1039 vg_assert (VG_(dyn_vgdb_error) == VG_(clo_vgdb_error));
1040 /* As we are initializing, VG_(dyn_vgdb_error) can't have been
1041 changed yet. */
1042
1043 VG_(gdbserver_prerun_action) (1);
1044 } else {
1045 VG_(disable_vgdb_poll) ();
1046 }
1047 }
1048
1049 /* set the proper running signal mask */
1050 block_signals();
1051
1052 vg_assert(VG_(is_running_thread)(tid));
1053
1054 VG_(dispatch_ctr) = SCHEDULING_QUANTUM + 1;
1055
1056 while (!VG_(is_exiting)(tid)) {
1057
1058 if (VG_(dispatch_ctr) == 1) {
1059
1060 /* Our slice is done, so yield the CPU to another thread. On
1061 Linux, this doesn't sleep between sleeping and running,
1062 since that would take too much time. */
1063
1064 /* 4 July 06: it seems that a zero-length nsleep is needed to
1065 cause async thread cancellation (canceller.c) to terminate
1066 in finite time; else it is in some kind of race/starvation
1067 situation and completion is arbitrarily delayed (although
1068 this is not a deadlock).
1069
1070 Unfortunately these sleeps cause MPI jobs not to terminate
1071 sometimes (some kind of livelock). So sleeping once
1072 every N opportunities appears to work. */
1073
1074 /* 3 Aug 06: doing sys__nsleep works but crashes some apps.
1075 sys_yield also helps the problem, whilst not crashing apps. */
1076
1077 VG_(release_BigLock)(tid, VgTs_Yielding,
1078 "VG_(scheduler):timeslice");
1079 /* ------------ now we don't have The Lock ------------ */
1080
1081 VG_(do_syscall0)(__NR_sched_yield);
1082
1083 VG_(acquire_BigLock)(tid, "VG_(scheduler):timeslice");
1084 /* ------------ now we do have The Lock ------------ */
1085
1086 /* OK, do some relatively expensive housekeeping stuff */
1087 scheduler_sanity(tid);
1088 VG_(sanity_check_general)(False);
1089
1090 /* Look for any pending signals for this thread, and set them up
1091 for delivery */
1092 VG_(poll_signals)(tid);
1093
1094 if (VG_(is_exiting)(tid))
1095 break; /* poll_signals picked up a fatal signal */
1096
1097 /* For stats purposes only. */
1098 n_scheduling_events_MAJOR++;
1099
1100 /* Figure out how many bbs to ask vg_run_innerloop to do. Note
1101 that it decrements the counter before testing it for zero, so
1102 that if tst->dispatch_ctr is set to N you get at most N-1
1103 iterations. Also this means that tst->dispatch_ctr must
1104 exceed zero before entering the innerloop. Also also, the
1105 decrement is done before the bb is actually run, so you
1106 always get at least one decrement even if nothing happens. */
1107 VG_(dispatch_ctr) = SCHEDULING_QUANTUM + 1;
1108
1109 /* paranoia ... */
1110 vg_assert(tst->tid == tid);
1111 vg_assert(tst->os_state.lwpid == VG_(gettid)());
1112 }
1113
1114 /* For stats purposes only. */
1115 n_scheduling_events_MINOR++;
1116
1117 if (0)
1118 VG_(message)(Vg_DebugMsg, "thread %d: running for %d bbs\n",
1119 tid, VG_(dispatch_ctr) - 1 );
1120
1121 if (trc == VEX_TRC_JMP_YIELD_NOREDIR) {
1122 trc = handle_noredir_jump(tid);
1123 } else {
1124 trc = run_thread_for_a_while ( tid );
1125 }
1126
1127 if (VG_(clo_trace_sched) && VG_(clo_verbosity) > 2) {
1128 Char buf[50];
1129 VG_(sprintf)(buf, "TRC: %s", name_of_sched_event(trc));
1130 print_sched_event(tid, buf);
1131 }
1132
1133 if (trc == VEX_TRC_JMP_NOREDIR) {
1134 /* If we got a request to run a no-redir version of
1135 something, do so now -- handle_noredir_jump just (creates
1136 and) runs that one translation. The flip side is that the
1137 noredir translation can't itself return another noredir
1138 request -- that would be nonsensical. It can, however,
1139 return VG_TRC_BORING, which just means keep going as
1140 normal. */
1141 trc = handle_noredir_jump(tid);
1142 vg_assert(trc != VEX_TRC_JMP_NOREDIR);
1143 }
1144
1145 switch (trc) {
1146 case VG_TRC_BORING:
1147 /* no special event, just keep going. */
1148 break;
1149
1150 case VG_TRC_INNER_FASTMISS:
1151 vg_assert(VG_(dispatch_ctr) > 1);
1152 handle_tt_miss(tid);
1153 break;
1154
1155 case VEX_TRC_JMP_CLIENTREQ:
1156 do_client_request(tid);
1157 break;
1158
1159 case VEX_TRC_JMP_SYS_INT128: /* x86-linux */
1160 case VEX_TRC_JMP_SYS_INT129: /* x86-darwin */
1161 case VEX_TRC_JMP_SYS_INT130: /* x86-darwin */
1162 case VEX_TRC_JMP_SYS_SYSCALL: /* amd64-linux, ppc32-linux, amd64-darwin */
1163 handle_syscall(tid, trc);
1164 if (VG_(clo_sanity_level) > 2)
1165 VG_(sanity_check_general)(True); /* sanity-check every syscall */
1166 break;
1167
1168 case VEX_TRC_JMP_YIELD:
1169 /* Explicit yield, because this thread is in a spin-lock
1170 or something. Only let the thread run for a short while
1171 longer. Because swapping to another thread is expensive,
1172 we're prepared to let this thread eat a little more CPU
1173 before swapping to another. That means that short term
1174 spins waiting for hardware to poke memory won't cause a
1175 thread swap. */
1176 if (VG_(dispatch_ctr) > 2000)
1177 VG_(dispatch_ctr) = 2000;
1178 break;
1179
1180 case VEX_TRC_JMP_YIELD_NOREDIR:
1181 VG_(dispatch_ctr) = 1;
1182 break;
1183
1184 case VG_TRC_INNER_COUNTERZERO:
1185 /* Timeslice is out. Let a new thread be scheduled. */
1186 vg_assert(VG_(dispatch_ctr) == 1);
1187 break;
1188
1189 case VG_TRC_FAULT_SIGNAL:
1190 /* Everything should be set up (either we're exiting, or
1191 about to start in a signal handler). */
1192 break;
1193
1194 case VEX_TRC_JMP_MAPFAIL:
1195 /* Failure of arch-specific address translation (x86/amd64
1196 segment override use) */
1197 /* jrs 2005 03 11: is this correct? */
1198 VG_(synth_fault)(tid);
1199 break;
1200
1201 case VEX_TRC_JMP_EMWARN: {
1202 static Int counts[EmWarn_NUMBER];
1203 static Bool counts_initted = False;
1204 VexEmWarn ew;
1205 HChar* what;
1206 Bool show;
1207 Int q;
1208 if (!counts_initted) {
1209 counts_initted = True;
1210 for (q = 0; q < EmWarn_NUMBER; q++)
1211 counts[q] = 0;
1212 }
1213 ew = (VexEmWarn)VG_(threads)[tid].arch.vex.guest_EMWARN;
1214 what = (ew < 0 || ew >= EmWarn_NUMBER)
1215 ? "unknown (?!)"
1216 : LibVEX_EmWarn_string(ew);
1217 show = (ew < 0 || ew >= EmWarn_NUMBER)
1218 ? True
1219 : counts[ew]++ < 3;
1220 if (show && VG_(clo_show_emwarns) && !VG_(clo_xml)) {
1221 VG_(message)( Vg_UserMsg,
1222 "Emulation warning: unsupported action:\n");
1223 VG_(message)( Vg_UserMsg, " %s\n", what);
1224 VG_(get_and_pp_StackTrace)( tid, VG_(clo_backtrace_size) );
1225 }
1226 break;
1227 }
1228
1229 case VEX_TRC_JMP_EMFAIL: {
1230 VexEmWarn ew;
1231 HChar* what;
1232 ew = (VexEmWarn)VG_(threads)[tid].arch.vex.guest_EMWARN;
1233 what = (ew < 0 || ew >= EmWarn_NUMBER)
1234 ? "unknown (?!)"
1235 : LibVEX_EmWarn_string(ew);
1236 VG_(message)( Vg_UserMsg,
1237 "Emulation fatal error -- Valgrind cannot continue:\n");
1238 VG_(message)( Vg_UserMsg, " %s\n", what);
1239 VG_(get_and_pp_StackTrace)( tid, VG_(clo_backtrace_size) );
1240 VG_(message)(Vg_UserMsg, "\n");
1241 VG_(message)(Vg_UserMsg, "Valgrind has to exit now. Sorry.\n");
1242 VG_(message)(Vg_UserMsg, "\n");
1243 VG_(exit)(1);
1244 break;
1245 }
1246
1247 case VEX_TRC_JMP_SIGTRAP:
1248 VG_(synth_sigtrap)(tid);
1249 break;
1250
1251 case VEX_TRC_JMP_SIGSEGV:
1252 VG_(synth_fault)(tid);
1253 break;
1254
1255 case VEX_TRC_JMP_SIGBUS:
1256 VG_(synth_sigbus)(tid);
1257 break;
1258
1259 case VEX_TRC_JMP_NODECODE:
1260 VG_(umsg)(
1261 "valgrind: Unrecognised instruction at address %#lx.\n",
1262 VG_(get_IP)(tid));
1263 VG_(get_and_pp_StackTrace)(tid, 50);
1264 #define M(a) VG_(umsg)(a "\n");
1265 M("Your program just tried to execute an instruction that Valgrind" );
1266 M("did not recognise. There are two possible reasons for this." );
1267 M("1. Your program has a bug and erroneously jumped to a non-code" );
1268 M(" location. If you are running Memcheck and you just saw a" );
1269 M(" warning about a bad jump, it's probably your program's fault.");
1270 M("2. The instruction is legitimate but Valgrind doesn't handle it,");
1271 M(" i.e. it's Valgrind's fault. If you think this is the case or");
1272 M(" you are not sure, please let us know and we'll try to fix it.");
1273 M("Either way, Valgrind will now raise a SIGILL signal which will" );
1274 M("probably kill your program." );
1275 #undef M
1276 VG_(synth_sigill)(tid, VG_(get_IP)(tid));
1277 break;
1278
1279 case VEX_TRC_JMP_TINVAL:
1280 VG_(discard_translations)(
1281 (Addr64)VG_(threads)[tid].arch.vex.guest_TISTART,
1282 VG_(threads)[tid].arch.vex.guest_TILEN,
1283 "scheduler(VEX_TRC_JMP_TINVAL)"
1284 );
1285 if (0)
1286 VG_(printf)("dump translations done.\n");
1287 break;
1288
1289 case VG_TRC_INVARIANT_FAILED:
1290 /* This typically happens if, after running generated code,
1291 it is detected that host CPU settings (eg, FPU/Vector
1292 control words) are not as they should be. Vex's code
1293 generation specifies the state such control words should
1294 be in on entry to Vex-generated code, and they should be
1295 unchanged on exit from it. Failure of this assertion
1296 usually means a bug in Vex's code generation. */
1297 //{ UInt xx;
1298 // __asm__ __volatile__ (
1299 // "\t.word 0xEEF12A10\n" // fmrx r2,fpscr
1300 // "\tmov %0, r2" : "=r"(xx) : : "r2" );
1301 // VG_(printf)("QQQQ new fpscr = %08x\n", xx);
1302 //}
1303 vg_assert2(0, "VG_(scheduler), phase 3: "
1304 "run_innerloop detected host "
1305 "state invariant failure", trc);
1306
1307 case VEX_TRC_JMP_SYS_SYSENTER:
1308 /* Do whatever simulation is appropriate for an x86 sysenter
1309 instruction. Note that it is critical to set this thread's
1310 guest_EIP to point at the code to execute after the
1311 sysenter, since Vex-generated code will not have set it --
1312 vex does not know what it should be. Vex sets the next
1313 address to zero, so if you don't set guest_EIP, the thread
1314 will jump to zero afterwards and probably die as a result. */
1315 # if defined(VGP_x86_linux)
1316 vg_assert2(0, "VG_(scheduler), phase 3: "
1317 "sysenter_x86 on x86-linux is not supported");
1318 # elif defined(VGP_x86_darwin)
1319 /* return address in client edx */
1320 VG_(threads)[tid].arch.vex.guest_EIP
1321 = VG_(threads)[tid].arch.vex.guest_EDX;
1322 handle_syscall(tid, trc);
1323 # else
1324 vg_assert2(0, "VG_(scheduler), phase 3: "
1325 "sysenter_x86 on non-x86 platform?!?!");
1326 # endif
1327 break;
1328
1329 default:
1330 vg_assert2(0, "VG_(scheduler), phase 3: "
1331 "unexpected thread return code (%u)", trc);
1332 /* NOTREACHED */
1333 break;
1334
1335 } /* switch (trc) */
1336
1337 if (0)
1338 maybe_show_sb_counts();
1339 }
1340
1341 if (VG_(clo_trace_sched))
1342 print_sched_event(tid, "exiting VG_(scheduler)");
1343
1344 vg_assert(VG_(is_exiting)(tid));
1345
1346 return tst->exitreason;
1347 }
1348
1349
1350 /*
1351 This causes all threads to forceably exit. They aren't actually
1352 dead by the time this returns; you need to call
1353 VG_(reap_threads)() to wait for them.
1354 */
VG_(nuke_all_threads_except)1355 void VG_(nuke_all_threads_except) ( ThreadId me, VgSchedReturnCode src )
1356 {
1357 ThreadId tid;
1358
1359 vg_assert(VG_(is_running_thread)(me));
1360
1361 for (tid = 1; tid < VG_N_THREADS; tid++) {
1362 if (tid == me
1363 || VG_(threads)[tid].status == VgTs_Empty)
1364 continue;
1365 if (0)
1366 VG_(printf)(
1367 "VG_(nuke_all_threads_except): nuking tid %d\n", tid);
1368
1369 VG_(threads)[tid].exitreason = src;
1370 if (src == VgSrc_FatalSig)
1371 VG_(threads)[tid].os_state.fatalsig = VKI_SIGKILL;
1372 VG_(get_thread_out_of_syscall)(tid);
1373 }
1374 }
1375
1376
1377 /* ---------------------------------------------------------------------
1378 Specifying shadow register values
1379 ------------------------------------------------------------------ */
1380
1381 #if defined(VGA_x86)
1382 # define VG_CLREQ_ARGS guest_EAX
1383 # define VG_CLREQ_RET guest_EDX
1384 #elif defined(VGA_amd64)
1385 # define VG_CLREQ_ARGS guest_RAX
1386 # define VG_CLREQ_RET guest_RDX
1387 #elif defined(VGA_ppc32) || defined(VGA_ppc64)
1388 # define VG_CLREQ_ARGS guest_GPR4
1389 # define VG_CLREQ_RET guest_GPR3
1390 #elif defined(VGA_arm)
1391 # define VG_CLREQ_ARGS guest_R4
1392 # define VG_CLREQ_RET guest_R3
1393 #elif defined (VGA_s390x)
1394 # define VG_CLREQ_ARGS guest_r2
1395 # define VG_CLREQ_RET guest_r3
1396 #else
1397 # error Unknown arch
1398 #endif
1399
1400 #define CLREQ_ARGS(regs) ((regs).vex.VG_CLREQ_ARGS)
1401 #define CLREQ_RET(regs) ((regs).vex.VG_CLREQ_RET)
1402 #define O_CLREQ_RET (offsetof(VexGuestArchState, VG_CLREQ_RET))
1403
1404 // These macros write a value to a client's thread register, and tell the
1405 // tool that it's happened (if necessary).
1406
1407 #define SET_CLREQ_RETVAL(zztid, zzval) \
1408 do { CLREQ_RET(VG_(threads)[zztid].arch) = (zzval); \
1409 VG_TRACK( post_reg_write, \
1410 Vg_CoreClientReq, zztid, O_CLREQ_RET, sizeof(UWord)); \
1411 } while (0)
1412
1413 #define SET_CLCALL_RETVAL(zztid, zzval, f) \
1414 do { CLREQ_RET(VG_(threads)[zztid].arch) = (zzval); \
1415 VG_TRACK( post_reg_write_clientcall_return, \
1416 zztid, O_CLREQ_RET, sizeof(UWord), f); \
1417 } while (0)
1418
1419
1420 /* ---------------------------------------------------------------------
1421 Handle client requests.
1422 ------------------------------------------------------------------ */
1423
1424 // OS-specific(?) client requests
os_client_request(ThreadId tid,UWord * args)1425 static Bool os_client_request(ThreadId tid, UWord *args)
1426 {
1427 Bool handled = True;
1428
1429 vg_assert(VG_(is_running_thread)(tid));
1430
1431 switch(args[0]) {
1432 case VG_USERREQ__LIBC_FREERES_DONE:
1433 /* This is equivalent to an exit() syscall, but we don't set the
1434 exitcode (since it might already be set) */
1435 if (0 || VG_(clo_trace_syscalls) || VG_(clo_trace_sched))
1436 VG_(message)(Vg_DebugMsg,
1437 "__libc_freeres() done; really quitting!\n");
1438 VG_(threads)[tid].exitreason = VgSrc_ExitThread;
1439 break;
1440
1441 default:
1442 handled = False;
1443 break;
1444 }
1445
1446 return handled;
1447 }
1448
1449
1450 /* Do a client request for the thread tid. After the request, tid may
1451 or may not still be runnable; if not, the scheduler will have to
1452 choose a new thread to run.
1453 */
1454 static
do_client_request(ThreadId tid)1455 void do_client_request ( ThreadId tid )
1456 {
1457 UWord* arg = (UWord*)(CLREQ_ARGS(VG_(threads)[tid].arch));
1458 UWord req_no = arg[0];
1459
1460 if (0)
1461 VG_(printf)("req no = 0x%llx, arg = %p\n", (ULong)req_no, arg);
1462 switch (req_no) {
1463
1464 case VG_USERREQ__CLIENT_CALL0: {
1465 UWord (*f)(ThreadId) = (void*)arg[1];
1466 if (f == NULL)
1467 VG_(message)(Vg_DebugMsg, "VG_USERREQ__CLIENT_CALL0: func=%p\n", f);
1468 else
1469 SET_CLCALL_RETVAL(tid, f ( tid ), (Addr)f);
1470 break;
1471 }
1472 case VG_USERREQ__CLIENT_CALL1: {
1473 UWord (*f)(ThreadId, UWord) = (void*)arg[1];
1474 if (f == NULL)
1475 VG_(message)(Vg_DebugMsg, "VG_USERREQ__CLIENT_CALL1: func=%p\n", f);
1476 else
1477 SET_CLCALL_RETVAL(tid, f ( tid, arg[2] ), (Addr)f );
1478 break;
1479 }
1480 case VG_USERREQ__CLIENT_CALL2: {
1481 UWord (*f)(ThreadId, UWord, UWord) = (void*)arg[1];
1482 if (f == NULL)
1483 VG_(message)(Vg_DebugMsg, "VG_USERREQ__CLIENT_CALL2: func=%p\n", f);
1484 else
1485 SET_CLCALL_RETVAL(tid, f ( tid, arg[2], arg[3] ), (Addr)f );
1486 break;
1487 }
1488 case VG_USERREQ__CLIENT_CALL3: {
1489 UWord (*f)(ThreadId, UWord, UWord, UWord) = (void*)arg[1];
1490 if (f == NULL)
1491 VG_(message)(Vg_DebugMsg, "VG_USERREQ__CLIENT_CALL3: func=%p\n", f);
1492 else
1493 SET_CLCALL_RETVAL(tid, f ( tid, arg[2], arg[3], arg[4] ), (Addr)f );
1494 break;
1495 }
1496
1497 // Nb: this looks like a circular definition, because it kind of is.
1498 // See comment in valgrind.h to understand what's going on.
1499 case VG_USERREQ__RUNNING_ON_VALGRIND:
1500 SET_CLREQ_RETVAL(tid, RUNNING_ON_VALGRIND+1);
1501 break;
1502
1503 case VG_USERREQ__PRINTF: {
1504 /* JRS 2010-Jan-28: this is DEPRECATED; use the
1505 _VALIST_BY_REF version instead */
1506 if (sizeof(va_list) != sizeof(UWord))
1507 goto va_list_casting_error_NORETURN;
1508 union {
1509 va_list vargs;
1510 unsigned long uw;
1511 } u;
1512 u.uw = (unsigned long)arg[2];
1513 Int count =
1514 VG_(vmessage)( Vg_ClientMsg, (char *)arg[1], u.vargs );
1515 VG_(message_flush)();
1516 SET_CLREQ_RETVAL( tid, count );
1517 break;
1518 }
1519
1520 case VG_USERREQ__PRINTF_BACKTRACE: {
1521 /* JRS 2010-Jan-28: this is DEPRECATED; use the
1522 _VALIST_BY_REF version instead */
1523 if (sizeof(va_list) != sizeof(UWord))
1524 goto va_list_casting_error_NORETURN;
1525 union {
1526 va_list vargs;
1527 unsigned long uw;
1528 } u;
1529 u.uw = (unsigned long)arg[2];
1530 Int count =
1531 VG_(vmessage)( Vg_ClientMsg, (char *)arg[1], u.vargs );
1532 VG_(message_flush)();
1533 VG_(get_and_pp_StackTrace)( tid, VG_(clo_backtrace_size) );
1534 SET_CLREQ_RETVAL( tid, count );
1535 break;
1536 }
1537
1538 case VG_USERREQ__PRINTF_VALIST_BY_REF: {
1539 va_list* vargsp = (va_list*)arg[2];
1540 Int count =
1541 VG_(vmessage)( Vg_ClientMsg, (char *)arg[1], *vargsp );
1542 VG_(message_flush)();
1543 SET_CLREQ_RETVAL( tid, count );
1544 break;
1545 }
1546
1547 case VG_USERREQ__PRINTF_BACKTRACE_VALIST_BY_REF: {
1548 va_list* vargsp = (va_list*)arg[2];
1549 Int count =
1550 VG_(vmessage)( Vg_ClientMsg, (char *)arg[1], *vargsp );
1551 VG_(message_flush)();
1552 VG_(get_and_pp_StackTrace)( tid, VG_(clo_backtrace_size) );
1553 SET_CLREQ_RETVAL( tid, count );
1554 break;
1555 }
1556
1557 case VG_USERREQ__INTERNAL_PRINTF_VALIST_BY_REF: {
1558 va_list* vargsp = (va_list*)arg[2];
1559 Int count =
1560 VG_(vmessage)( Vg_DebugMsg, (char *)arg[1], *vargsp );
1561 VG_(message_flush)();
1562 SET_CLREQ_RETVAL( tid, count );
1563 break;
1564 }
1565
1566 case VG_USERREQ__ADD_IFUNC_TARGET: {
1567 VG_(redir_add_ifunc_target)( arg[1], arg[2] );
1568 SET_CLREQ_RETVAL( tid, 0);
1569 break; }
1570
1571 case VG_USERREQ__STACK_REGISTER: {
1572 UWord sid = VG_(register_stack)((Addr)arg[1], (Addr)arg[2]);
1573 SET_CLREQ_RETVAL( tid, sid );
1574 break; }
1575
1576 case VG_USERREQ__STACK_DEREGISTER: {
1577 VG_(deregister_stack)(arg[1]);
1578 SET_CLREQ_RETVAL( tid, 0 ); /* return value is meaningless */
1579 break; }
1580
1581 case VG_USERREQ__STACK_CHANGE: {
1582 VG_(change_stack)(arg[1], (Addr)arg[2], (Addr)arg[3]);
1583 SET_CLREQ_RETVAL( tid, 0 ); /* return value is meaningless */
1584 break; }
1585
1586 case VG_USERREQ__GET_MALLOCFUNCS: {
1587 struct vg_mallocfunc_info *info = (struct vg_mallocfunc_info *)arg[1];
1588
1589 info->tl_malloc = VG_(tdict).tool_malloc;
1590 info->tl_calloc = VG_(tdict).tool_calloc;
1591 info->tl_realloc = VG_(tdict).tool_realloc;
1592 info->tl_memalign = VG_(tdict).tool_memalign;
1593 info->tl___builtin_new = VG_(tdict).tool___builtin_new;
1594 info->tl___builtin_vec_new = VG_(tdict).tool___builtin_vec_new;
1595 info->tl_free = VG_(tdict).tool_free;
1596 info->tl___builtin_delete = VG_(tdict).tool___builtin_delete;
1597 info->tl___builtin_vec_delete = VG_(tdict).tool___builtin_vec_delete;
1598 info->tl_malloc_usable_size = VG_(tdict).tool_malloc_usable_size;
1599
1600 info->mallinfo = VG_(mallinfo);
1601 info->clo_trace_malloc = VG_(clo_trace_malloc);
1602
1603 SET_CLREQ_RETVAL( tid, 0 ); /* return value is meaningless */
1604
1605 break;
1606 }
1607
1608 /* Requests from the client program */
1609
1610 case VG_USERREQ__DISCARD_TRANSLATIONS:
1611 if (VG_(clo_verbosity) > 2)
1612 VG_(printf)( "client request: DISCARD_TRANSLATIONS,"
1613 " addr %p, len %lu\n",
1614 (void*)arg[1], arg[2] );
1615
1616 VG_(discard_translations)(
1617 arg[1], arg[2], "scheduler(VG_USERREQ__DISCARD_TRANSLATIONS)"
1618 );
1619
1620 SET_CLREQ_RETVAL( tid, 0 ); /* return value is meaningless */
1621 break;
1622
1623 case VG_USERREQ__COUNT_ERRORS:
1624 SET_CLREQ_RETVAL( tid, VG_(get_n_errs_found)() );
1625 break;
1626
1627 case VG_USERREQ__LOAD_PDB_DEBUGINFO:
1628 VG_(di_notify_pdb_debuginfo)( arg[1], arg[2], arg[3], arg[4] );
1629 SET_CLREQ_RETVAL( tid, 0 ); /* return value is meaningless */
1630 break;
1631
1632 case VG_USERREQ__MAP_IP_TO_SRCLOC: {
1633 Addr ip = arg[1];
1634 UChar* buf64 = (UChar*)arg[2];
1635
1636 VG_(memset)(buf64, 0, 64);
1637 UInt linenum = 0;
1638 Bool ok = VG_(get_filename_linenum)(
1639 ip, &buf64[0], 50, NULL, 0, NULL, &linenum
1640 );
1641 if (ok) {
1642 /* Find the terminating zero in the first 50 bytes. */
1643 UInt i;
1644 for (i = 0; i < 50; i++) {
1645 if (buf64[i] == 0)
1646 break;
1647 }
1648 /* We must find a zero somewhere in 0 .. 49. Else
1649 VG_(get_filename_linenum) is not properly zero
1650 terminating. */
1651 vg_assert(i < 50);
1652 VG_(sprintf)(&buf64[i], ":%u", linenum);
1653 } else {
1654 buf64[0] = 0;
1655 }
1656
1657 SET_CLREQ_RETVAL( tid, 0 ); /* return value is meaningless */
1658 break;
1659 }
1660
1661 case VG_USERREQ__CHANGE_ERR_DISABLEMENT: {
1662 Word delta = arg[1];
1663 vg_assert(delta == 1 || delta == -1);
1664 ThreadState* tst = VG_(get_ThreadState)(tid);
1665 vg_assert(tst);
1666 if (delta == 1 && tst->err_disablement_level < 0xFFFFFFFF) {
1667 tst->err_disablement_level++;
1668 }
1669 else
1670 if (delta == -1 && tst->err_disablement_level > 0) {
1671 tst->err_disablement_level--;
1672 }
1673 SET_CLREQ_RETVAL( tid, 0 ); /* return value is meaningless */
1674 break;
1675 }
1676
1677 case VG_USERREQ__MALLOCLIKE_BLOCK:
1678 case VG_USERREQ__RESIZEINPLACE_BLOCK:
1679 case VG_USERREQ__FREELIKE_BLOCK:
1680 // Ignore them if the addr is NULL; otherwise pass onto the tool.
1681 if (!arg[1]) {
1682 SET_CLREQ_RETVAL( tid, 0 ); /* return value is meaningless */
1683 break;
1684 } else {
1685 goto my_default;
1686 }
1687
1688 case VG_USERREQ__NACL_MEM_START: {
1689 Addr mem_start = arg[1];
1690 nacl_head = mem_start;
1691 VG_(printf)("*********************** NaCl mem_start: %p\n", (void*)mem_start);
1692
1693 // At this point all segments in the sandbox belong to nacl_file (the
1694 // first untrusted binary loaded by sel_ldr), and have correct
1695 // permissions. Read its debug info.
1696 NSegment* seg = VG_(am_find_nsegment)(mem_start);
1697 int fnIdx = -1;
1698 while (seg) {
1699 if (seg->kind == SkFileC) {
1700 if (fnIdx == seg->fnIdx || fnIdx == -1) {
1701 fnIdx = seg->fnIdx;
1702 VG_(printf)("Segment at %p belongs to the loader\n", (void*)seg->start);
1703 VG_(di_notify_mmap)(seg->start, False, /*glider: don't use fd*/-1);
1704 }
1705 }
1706 seg = VG_(am_next_nsegment)((NSegment*)seg, True);
1707 }
1708 goto my_default;
1709 }
1710
1711 case VG_USERREQ__NACL_FILE: {
1712 VG_(printf)("*********************** NaCl nacl_file: %s\n", (void*)arg[1]);
1713 nacl_file = (char*) arg[1];
1714 goto my_default;
1715 }
1716
1717 case VG_USERREQ__NACL_MMAP: {
1718 // Simulate an mmap().
1719 UWord vma = arg[1]; // Base VMA of the mapping.
1720 UWord size = arg[2]; // Size of the mapping.
1721 UWord file_offset = arg[3]; // File offset.
1722 UWord access = arg[4]; // Access.
1723 UWord clone_vma = arg[5]; // Another mapping of the same; only used to find the file name.
1724 if (!access)
1725 access = VKI_PROT_READ | VKI_PROT_EXEC;
1726 VG_(printf)("*********************** NaCl nacl_mmap: %lx %lx %lx %lx\n", vma, size, file_offset, clone_vma);
1727
1728 char* file_name = NULL;
1729 if (clone_vma) {
1730 NSegment* seg = VG_(am_find_nsegment)(clone_vma);
1731 file_name = VG_(am_get_filename)(seg);
1732 VG_(printf)("*********************** NaCl DSO file_name: %s\n", file_name);
1733 }
1734
1735 UWord vma_end = vma + size;
1736 UWord vma_aligned = VG_PGROUNDDN(vma);
1737 UWord vma_end_aligned = VG_PGROUNDUP(vma_end);
1738 size = vma_end_aligned - vma_aligned;
1739 file_offset -= vma - vma_aligned;
1740 VG_(am_notify_fake_client_mmap)(vma_aligned, size, access,
1741 0, file_name ? file_name : (VG_(clo_nacl_file) ? VG_(clo_nacl_file) : nacl_file), file_offset);
1742 // If file_name == NULL, then this is the main (sel_ldr-mapped) nexe,
1743 // and has incorrect permissions at this point. In that case, wait for
1744 // NACL_MEM_START to read the debug info.
1745 if (file_name)
1746 VG_(di_notify_mmap)(vma_aligned, False, /*glider: don't use fd*/-1);
1747 goto my_default;
1748 }
1749
1750
1751 default:
1752 my_default:
1753 if (os_client_request(tid, arg)) {
1754 // do nothing, os_client_request() handled it
1755 } else if (VG_(needs).client_requests) {
1756 UWord ret;
1757
1758 if (VG_(clo_verbosity) > 2)
1759 VG_(printf)("client request: code %lx, addr %p, len %lu\n",
1760 arg[0], (void*)arg[1], arg[2] );
1761
1762 if ( VG_TDICT_CALL(tool_handle_client_request, tid, arg, &ret) )
1763 SET_CLREQ_RETVAL(tid, ret);
1764 } else {
1765 static Bool whined = False;
1766
1767 if (!whined && VG_(clo_verbosity) > 2) {
1768 // Allow for requests in core, but defined by tools, which
1769 // have 0 and 0 in their two high bytes.
1770 Char c1 = (arg[0] >> 24) & 0xff;
1771 Char c2 = (arg[0] >> 16) & 0xff;
1772 if (c1 == 0) c1 = '_';
1773 if (c2 == 0) c2 = '_';
1774 VG_(message)(Vg_UserMsg, "Warning:\n"
1775 " unhandled client request: 0x%lx (%c%c+0x%lx). Perhaps\n"
1776 " VG_(needs).client_requests should be set?\n",
1777 arg[0], c1, c2, arg[0] & 0xffff);
1778 whined = True;
1779 }
1780 }
1781 break;
1782 }
1783 return;
1784
1785 /*NOTREACHED*/
1786 va_list_casting_error_NORETURN:
1787 VG_(umsg)(
1788 "Valgrind: fatal error - cannot continue: use of the deprecated\n"
1789 "client requests VG_USERREQ__PRINTF or VG_USERREQ__PRINTF_BACKTRACE\n"
1790 "on a platform where they cannot be supported. Please use the\n"
1791 "equivalent _VALIST_BY_REF versions instead.\n"
1792 "\n"
1793 "This is a binary-incompatible change in Valgrind's client request\n"
1794 "mechanism. It is unfortunate, but difficult to avoid. End-users\n"
1795 "are expected to almost never see this message. The only case in\n"
1796 "which you might see this message is if your code uses the macros\n"
1797 "VALGRIND_PRINTF or VALGRIND_PRINTF_BACKTRACE. If so, you will need\n"
1798 "to recompile such code, using the header files from this version of\n"
1799 "Valgrind, and not any previous version.\n"
1800 "\n"
1801 "If you see this mesage in any other circumstances, it is probably\n"
1802 "a bug in Valgrind. In this case, please file a bug report at\n"
1803 "\n"
1804 " http://www.valgrind.org/support/bug_reports.html\n"
1805 "\n"
1806 "Will now abort.\n"
1807 );
1808 vg_assert(0);
1809 }
1810
1811
1812 /* ---------------------------------------------------------------------
1813 Sanity checking (permanently engaged)
1814 ------------------------------------------------------------------ */
1815
1816 /* Internal consistency checks on the sched structures. */
1817 static
scheduler_sanity(ThreadId tid)1818 void scheduler_sanity ( ThreadId tid )
1819 {
1820 Bool bad = False;
1821 static UInt lasttime = 0;
1822 UInt now;
1823 Int lwpid = VG_(gettid)();
1824
1825 if (!VG_(is_running_thread)(tid)) {
1826 VG_(message)(Vg_DebugMsg,
1827 "Thread %d is supposed to be running, "
1828 "but doesn't own the_BigLock (owned by %d)\n",
1829 tid, VG_(running_tid));
1830 bad = True;
1831 }
1832
1833 if (lwpid != VG_(threads)[tid].os_state.lwpid) {
1834 VG_(message)(Vg_DebugMsg,
1835 "Thread %d supposed to be in LWP %d, but we're actually %d\n",
1836 tid, VG_(threads)[tid].os_state.lwpid, VG_(gettid)());
1837 bad = True;
1838 }
1839
1840 #if !defined(VGO_darwin)
1841 // GrP fixme
1842 if (lwpid != the_BigLock.owner_lwpid) {
1843 VG_(message)(Vg_DebugMsg,
1844 "Thread (LWPID) %d doesn't own the_BigLock\n",
1845 tid);
1846 bad = True;
1847 }
1848 #endif
1849
1850 /* Periodically show the state of all threads, for debugging
1851 purposes. */
1852 now = VG_(read_millisecond_timer)();
1853 if (0 && (!bad) && (lasttime + 4000/*ms*/ <= now)) {
1854 lasttime = now;
1855 VG_(printf)("\n------------ Sched State at %d ms ------------\n",
1856 (Int)now);
1857 VG_(show_sched_status)();
1858 }
1859
1860 /* core_panic also shows the sched status, which is why we don't
1861 show it above if bad==True. */
1862 if (bad)
1863 VG_(core_panic)("scheduler_sanity: failed");
1864 }
1865
VG_(sanity_check_general)1866 void VG_(sanity_check_general) ( Bool force_expensive )
1867 {
1868 ThreadId tid;
1869
1870 static UInt next_slow_check_at = 1;
1871 static UInt slow_check_interval = 25;
1872
1873 if (VG_(clo_sanity_level) < 1) return;
1874
1875 /* --- First do all the tests that we can do quickly. ---*/
1876
1877 sanity_fast_count++;
1878
1879 /* Check stuff pertaining to the memory check system. */
1880
1881 /* Check that nobody has spuriously claimed that the first or
1882 last 16 pages of memory have become accessible [...] */
1883 if (VG_(needs).sanity_checks) {
1884 vg_assert(VG_TDICT_CALL(tool_cheap_sanity_check));
1885 }
1886
1887 /* --- Now some more expensive checks. ---*/
1888
1889 /* Once every now and again, check some more expensive stuff.
1890 Gradually increase the interval between such checks so as not to
1891 burden long-running programs too much. */
1892 if ( force_expensive
1893 || VG_(clo_sanity_level) > 1
1894 || (VG_(clo_sanity_level) == 1
1895 && sanity_fast_count == next_slow_check_at)) {
1896
1897 if (0) VG_(printf)("SLOW at %d\n", sanity_fast_count-1);
1898
1899 next_slow_check_at = sanity_fast_count - 1 + slow_check_interval;
1900 slow_check_interval++;
1901 sanity_slow_count++;
1902
1903 if (VG_(needs).sanity_checks) {
1904 vg_assert(VG_TDICT_CALL(tool_expensive_sanity_check));
1905 }
1906
1907 /* Look for stack overruns. Visit all threads. */
1908 for (tid = 1; tid < VG_N_THREADS; tid++) {
1909 SizeT remains;
1910 VgStack* stack;
1911
1912 if (VG_(threads)[tid].status == VgTs_Empty ||
1913 VG_(threads)[tid].status == VgTs_Zombie)
1914 continue;
1915
1916 stack
1917 = (VgStack*)
1918 VG_(get_ThreadState)(tid)->os_state.valgrind_stack_base;
1919 SizeT limit
1920 = 4096; // Let's say. Checking more causes lots of L2 misses.
1921 remains
1922 = VG_(am_get_VgStack_unused_szB)(stack, limit);
1923 if (remains < limit)
1924 VG_(message)(Vg_DebugMsg,
1925 "WARNING: Thread %d is within %ld bytes "
1926 "of running out of stack!\n",
1927 tid, remains);
1928 }
1929 }
1930
1931 if (VG_(clo_sanity_level) > 1) {
1932 /* Check sanity of the low-level memory manager. Note that bugs
1933 in the client's code can cause this to fail, so we don't do
1934 this check unless specially asked for. And because it's
1935 potentially very expensive. */
1936 VG_(sanity_check_malloc_all)();
1937 }
1938 }
1939
1940 /*--------------------------------------------------------------------*/
1941 /*--- end ---*/
1942 /*--------------------------------------------------------------------*/
1943