9

我一直在试图理解为什么 valgrind 抱怨这个使用 ucontexts 的小型测试程序“使用大小为 8 的未初始化值”。它基本上是一个创建“n_ucs”ucontexts 并在“max_switch”时间内切换它们的程序。

我了解“警告:客户端切换堆栈?” (这基本上是程序的全部内容),但我无法理解所有“使用大小为 8 的未初始化值”

如果 Valgrind 错误是误报,或者该程序是否存在根本性错误,我想获得一些帮助。(我在使用相同机制的更大程序上看到了很多,但我已将其提炼到最低限度,以便在此处发布)。

任何帮助表示赞赏。

谢谢,

杰克

#include <stdio.h>
#include <stdlib.h>
#include <sys/time.h>
#include <ucontext.h>

#define STACK_SIZE   (8*1024)

int n_ucs = 1;
int max_switchs = 10;
int n_switchs = 0;
int tid = 0;

ucontext_t *ucs;
static ucontext_t engine_uc;

static void func(int arg)
{
    while (n_switchs < max_switchs) {
        int c_tid = tid;
        int n_tid = (tid + 1) % n_ucs;
        n_switchs++;
        tid = n_tid;
        swapcontext(&ucs[c_tid], &ucs[n_tid]);
    }
}

int main(int argc, char **argv)
{
    if (argc > 1)
        n_ucs = atoi(argv[1]);
    if (argc > 2)
        max_switchs = atoi(argv[2]);

    ucs = malloc(sizeof(ucontext_t) * n_ucs);
    int i;
    for (i = 0; i < n_ucs; i++) {
        /* Create initial ucontext_t, including stack */
        getcontext(&ucs[i]);
        ucs[i].uc_stack.ss_sp = malloc(STACK_SIZE);
        ucs[i].uc_stack.ss_size = STACK_SIZE;
        ucs[i].uc_stack.ss_flags = 0;
        ucs[i].uc_link = &engine_uc;
        makecontext(&ucs[i], (void (*)())func, 1, i);
    }

    /* jump to the first uc */
    swapcontext(&engine_uc, &ucs[tid]);

    /* destroy stacks */
    for (i = 0; i < n_ucs; i++)
        free(ucs[i].uc_stack.ss_sp);
    free(ucs);
    return 0;
}

使用gcc main.c编译并使用./a.out 2 2运行

gcc -v

使用内置规范。COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.8/lto-wrapper 目标:x86_64-linux-gnu 配置:../src/configure -v --with-pkgversion='Ubuntu 4.8 .2-19ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-4.8/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj -c++ --prefix=/usr --program-suffix=-4.8 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads =posix --with-gxx-include-dir=/usr/include/c++/4.8 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable -libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-libmudflap --enable-plugin --with-system-zlib --disable-browser-plugin --enable- java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4。

ldd --版本

ldd (Ubuntu EGLIBC 2.19-0ubuntu6.3) 2.19 版权所有 (C) 2014 Free Software Foundation, Inc. 这是免费软件;查看复制条件的来源。没有保修;甚至不考虑适销性或特定用途的适用性。由 Roland McGrath 和 Ulrich Drepper 撰写。

valgrind --track-origins=yes ./a.out 2 2
==21949== Memcheck, a memory error detector
==21949== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==21949== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==21949== Command: ./a.out 2 2
==21949==
==21949== Warning: client switching stacks?  SP change: 0xffefffdd8 --> 0x51ff7b8
==21949==          to suppress, use: --max-stackframe=68616717856 or greater
==21949== Use of uninitialised value of size 8
==21949==    at 0x400738: func (main.c:25)
==21949==    by 0x4E58EC4: (below main) (libc-start.c:287)
==21949==  Uninitialised value was created by a stack allocation
==21949==    at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Conditional jump or move depends on uninitialised value(s)
==21949==    at 0x4E807A7: __start_context (__start_context.S:37)
==21949==    by 0x4E58EC4: (below main) (libc-start.c:287)
==21949==  Uninitialised value was created by a stack allocation
==21949==    at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Syscall param rt_sigprocmask(set) contains uninitialised byte(s)
==21949==    at 0x4E7E0EC: setcontext (setcontext.S:47)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==  Uninitialised value was created by a stack allocation
==21949==    at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Use of uninitialised value of size 8
==21949==    at 0x4E7E0F5: setcontext (setcontext.S:54)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==  Uninitialised value was created by a stack allocation
==21949==    at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Use of uninitialised value of size 8
==21949==    at 0x4E7E0FE: setcontext (setcontext.S:56)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==    by 0x4E807AD: __start_context (__start_context.S:39)
==21949==  Uninitialised value was created by a stack allocation
==21949==    at 0x4E7E445: swapcontext (swapcontext.S:92)
==21949==
==21949== Warning: client switching stacks?  SP change: 0x51ff7c0 --> 0xffefffde0
==21949==          to suppress, use: --max-stackframe=68616717856 or greater
==21949==
==21949== HEAP SUMMARY:
==21949==     in use at exit: 0 bytes in 0 blocks
==21949==   total heap usage: 3 allocs, 3 frees, 18,256 bytes allocated
==21949==
==21949== All heap blocks were freed -- no leaks are possible
==21949==
==21949== For counts of detected and suppressed errors, rerun with: -v
==21949== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
4

2 回答 2

3

You must notify valgrind about the stack's change. Read an example here https://github.com/lu-zero/valgrind/blob/master/memcheck/tests/linux/stack_changes.c

This is the correct code:

#include <stdio.h>
#include <stdlib.h>
#include <sys/time.h>
#include <ucontext.h>
#include <valgrind/valgrind.h>

#define STACK_SIZE   (8*1024)

int n_ucs = 1;
int max_switchs = 10;
int n_switchs = 0;
int tid = 0;

ucontext_t *ucs;
static ucontext_t engine_uc;

 void func(int arg)
{
    while (n_switchs < max_switchs) {
        int c_tid = tid;
        int n_tid = (tid + 1) % n_ucs;
        n_switchs++;
        tid = n_tid;
        swapcontext(&ucs[c_tid], &ucs[n_tid]);

    }
}

int main(int argc, char **argv)
{
    if (argc > 1)
        n_ucs = atoi(argv[1]);
    if (argc > 2)
        max_switchs = atoi(argv[2]);

    ucs = malloc(sizeof(ucontext_t) * n_ucs);

    //store the VALGRIND_STACK_REGISTER return values
    int* valgrind_ret = malloc(n_ucs*sizeof(int));

    int i;
    for (i = 0; i < n_ucs; i++) {
        /* Create initial ucontext_t, including stack */
        getcontext(&ucs[i]);

        //pass stack to valgrind
        void* mystack = malloc(STACK_SIZE);
        VALGRIND_STACK_REGISTER(mystack, mystack + STACK_SIZE);

        ucs[i].uc_stack.ss_sp = mystack;
        ucs[i].uc_stack.ss_size = STACK_SIZE;
        ucs[i].uc_stack.ss_flags = 0;
        ucs[i].uc_link = &engine_uc;
        makecontext(&ucs[i], (void (*)())func, 1, i);
    }

    /* jump to the first uc */
    swapcontext(&engine_uc, &ucs[tid]);

    /* destroy stacks */
    for (i = 0; i < n_ucs; i++) {
        //valgrind stack deregister 
        VALGRIND_STACK_DEREGISTER(valgrind_ret[i]);

        free(ucs[i].uc_stack.ss_sp);
    }
    free(ucs);
    return 0;
}
于 2017-03-04T18:57:28.283 回答
1

我仍然不完全理解为什么 valgrind 会准确地显示这些未初始化的错误但我会尽力解释我到目前为止所理解的;

在通过 valgrind 运行和分析程序并根据来自 swapcontext(3) 和 getcontext(3) 手册页的信息时,我认为它未能检测到某些上下文交换(未能看到交换上下文的堆栈指针从 tid 0 更改为tid 1 和从 tid 1 回到 tid 0 的交换上下文)

如下阅读:谁的堆栈[调用次数]:函数调用

所以,我认为函数调用跟踪是这样的:

main:swapcontext(main, tid 0) ->

main[tid 0 的第一次 func 调用]:func() ->

tid 0:swapcontext(tid 0, tid 1) -> { Stack => tiod 0 }

tid 1:func() ->

交换上下文(tid 1,tid 0)-> {堆栈 => tiod 1 }

tid 0[第二次调用]: func() ->

由于 n_switchs = 2 -> 立即返回

pop tid 0[2nd call]: func() stack frame from tid 1's stack -> {1st Uninitialized access based on valgrind}

tid 0[第二次调用]:func() 完成 -> 检查 uc_link;找到 engine_uc (主要上下文)设置在那里 - >

从这里开始对我来说事情变得不清楚,但以下似乎是可能的踪迹:

重置 sigprocmask -> {2nd Uninitialized access} setcontext()s 回到主上下文 -> {3rd Uinitialized access ?} { Stack => main }

返回时,[tid 0's 1st call] 的堆栈帧从 main 的堆栈中弹出->

main [tid 0's 1st call]:func() 也完成了,因为 n_switchs = 2 -> check uc_link; 再次找到 engine_uc -> 重置 sigprocmask -> {not uninitialized access ?}

返回时, main:swapcontext() 的堆栈帧从 main 的堆栈中弹出 ->

setcontext()s 返回主上下文 -> {4th Uninitialized access ?} { Stack => main }

我们回到 main(),释放东西并退出

一些参考资料:

https://www.gnu.org/software/libc/manual/html_node/System-V-contexts.html http://www.cs.uwm.edu/classes/cs315/Bacon/Lecture/HTML/ch10s07.html

注意:我知道这不是一个完整的答案,但我不想在评论部分发表这么长的解释;因此张贴在这里。

于 2017-02-04T16:52:58.233 回答