assertion failure in Callgrind: bbcc.c:585 (vgCallgrind_setup_bbcc):
Assertion 'passed <= last_bb->cjmp_count' failed
Background:
We want to detect the jump behavior of code, that is, the side exit
from a SB, as there can be many. For that, instrumented code writes
the exit number into a global variable (jmps_passed) before an eventual
exit.
With an exception happening in the first few instructions of an SB,
jmps_passed never was written, and still contained an old value. This
got saved/restored around the exception handler, and resulted in the
failed assertion.
Solution: always initialize jmps_passed to zero in setup_bbcc(), which
is called at the beginning of every SB.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@13712
Also without cache simulation, Callgrind maintains Ir cost.
This is done in setup_bbcc by incrementing an execution counter
for last_bbcc (the cost center for the previously executed BB
in current context) and the global cost counter.
However, we forgot to increment any counter if the currently
executing function should be ignored. We need to still update
costs, add attribute this to a not-ignored call site (as
given in CLG_(current_state).nonskipped).
Before this fix, there was a difference in Ir cost with vs. without
cache simulation. This was because ignored functions (e.g. PLT code)
contributed no cost when not doing cache simulation.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@13130
Performance improvements from 4 to 8% obtained on amd64 on the perf tests by:
1. using UNLIKELY inside tracing macros
2. avoid calling CLG_(switch_thread)(tid) on the hot patch setup_bbcc
unless tid differs from CLG_(current_tid).
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@12939
To detect calls and returns, Callgrind's heuristic
starts with using the jumpkind got from VEX for
a control flow change instruction. However, for
side exits, it always assumed a (conditional) jump,
which holds true for x86, but e.g. not for ARM.
This fixes Callgrind to use the jumpkind found
by VEX for all exits, which should help making
Callgrind work for ARM. It also moves the check
whether a boring jump is actually a fall-through
to instrumentation time. This changes (fixes) the
result for indirect jumps to the next instruction,
which should not be classified as fall-through
(anyway, this case is probably very rare).
This patch introduces an own enum for jump kinds
in Callgrind. This is less confusing than misusing
the VEX jump kind type, as Callgrinds wants
to distinguish BB fall-throughs from real jumps
(which both are Ijk_Boring in VEX).
Also, setup_bbcc now stores separately whether the
jump kind is conditional or not.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@12269
For calls (structure jCC), Callgrind maintains for the source
both the BBCC (counter array for the source context of the call, which
includes the BB of the source call position), as well as a jump
number in the source BB to reconstruct the guest instruction address
of the call. In setup_bbcc, this jump number is stored in <passed>, and
used when creating a new jCC on a call.
The value of <passed> got out of sync when we simulate a real jump
between different functions as return/call pair: the call source was
reset for the popped jCC, but not <passed>.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@11579
When unwinding needs to be done because the stack pointer is reset
(e.g. by a longjmp), it makes no sense to interprete the control
flow change as call, but should be seen as a return.
This indirectly fixes bug 246152. Unwinding potentially changes the
exec state, which is unique for threads, but also for signal handlers.
E.g. this is true for a longjmp out of a signal handler. Exec state
changes modify members of struct CLG_(current_state), such as
CLG_(current_state).bbcc and CLG_(current_state).jmps_passed, which
are backed in CLG_(setup_bbcc)() by last_bbcc and passed, respectivly.
On a exec state change, these local vars go out of sync, and lead
to invalid data passed to CLG_(push_call_stack)() for handling a call,
which triggered data corruption, and the symptoms seen in bug 246152.
As in the given situation, there is no call anymore, there is no call
into CLG_(push_call_stack)(), and the corruption (or since last commit
the failed assertion) is not triggered any more.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@11524
Callgrind now uses Cachegrind's command line option to switch
on simulation: "--branch-sim=yes/no" for branch prediction,
and "--cache-sim=yes/no" for cache simulation (for more
consistency and to avoid confusion). However, the previously
used "--simulate-cache=yes/no" still is supported but deprecated.
Included: according documentation and tests.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@11207
At beginning of each BB, Callgrind inserts a call to setup_bbcc,
which (among a lot other things), sets global vars needed for
the log_* helpers called afterwards in this BB.
These globals, bb_base and cost_base, previously we static declared
and only visible in sim.c. Make them visible also in the rest of
callgrind to allow for log_* handlers outside sim.c.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@11166
Offsets of groups within event sets are now
stored in a offset table as part of the event set, and
can be accessed directly. Before, offsets were hardcoded
all over the place. This should make addition of further
event groups much simpler.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@11165
(should fix bug 169505)
This uses the same event queue scheme as cachegrind and lackey, and
same kind of helpers (1/2/3 Ir events, Ir+Dr, Dr, Ir+Dw, Dw).
Note that in contrast to Cachegrind, Callgrind interpretes a modify event
as Dw (otherwise the cache model generating write back events would not work).
Callgrind uses per-(guest)instruction event sets for cost counters.
An per-instruction eventset is incrementally extended as events for the
same guest instruction are flushed. Event sets always start with Ir counters,
but depending on Dr/Dw order afterwards, there exist IrDr(Dw) and IrDw(Dr).
Per-instruction event sets now are consistently named according to event ordering.
Event set "sim" is a subset of "full", was never used and was removed.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@10321
relatively minor extensions to m_debuginfo, a major overhaul of
m_debuginfo/readdwarf3.c to get its space usage under control, and
changes throughout the system to enable heap-use profiling.
The majority of the merged changes were committed into
branches/PTRCHECK as the following revs: 8591 8595 8598 8599 8601 and
8161.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@8621
