Skip to content
GitLab
Closed
Issue created by Derek Bruening@derekbrueningContributor

drmemtrace function tracing assumes 64 bits are available for params+retvals

I just hit this failure in the burst_malloc test:

ASSERT FAILURE: /home/bruening/dr/git/src/clients/drcachesim/tracer/instru_offline.cpp:270: (unsigned long long)val < 1ULL << 48 ()

(gdb) bt
#0  dr_abort () at /home/bruening/dr/git/src/core/lib/instrument.c:2513
#1  0x0000555555876ebf in offline_instru_t::append_marker (this=0x5555155a06d8, buf_ptr=0x7ffff7fee6b0 "", type=TRACE_MARKER_TYPE_FUNC_RETVAL, 
    val=2306968917710846204) at /home/bruening/dr/git/src/clients/drcachesim/tracer/instru_offline.cpp:270
#2  0x000055555586f4cb in append_marker_seg_base (drcontext=0x7fff774d04c0, vec=0x5555155954c8)
    at /home/bruening/dr/git/src/clients/drcachesim/tracer/tracer.cpp:544
#3  0x000055555587cbd2 in func_post_hook (wrapcxt=0x7fff7751ad10, user_data=0x5) at /home/bruening/dr/git/src/clients/drcachesim/tracer/func_trace.cpp:138
#4  0x00005555558c20ff in drwrap_after_callee_func (drcontext=0x7fff774d04c0, pt=0x555515594480, mc=0x7fff7751add0, level=0, 
    retaddr=0x5555555af8fc <do_some_work(int)+328> "\203E\344\001\353\322H\213E\320H\211\307\350\342\372\377\377H\213E\330\362\017\020", unwind=0 '\000', 
    only_requested_unwind=0 '\000') at /home/bruening/dr/git/src/ext/drwrap/drwrap.c:2023
#5  0x00005555558c260c in drwrap_after_callee (
    retaddr=0x5555555af8fc <do_some_work(int)+328> "\203E\344\001\353\322H\213E\320H\211\307\350\342\372\377\377H\213E\330\362\017\020", xsp=140737488346144)
    at /home/bruening/dr/git/src/ext/drwrap/drwrap.c:2166

(gdb) p/x vec->entries[1]
$4 = {
  marker_type = 0x7, 
  marker_value = 0x200400020005b8fc
}

(gdb) p *wrap
$5 = {
  func = 0x7ffff7517180 <__GI___libc_free> "SH\203\354\020H\213\005lM3", 
  pre_cb = 0x55555587c8e6 <func_pre_hook(void*, void**)>, 
  post_cb = 0x55555587caa4 <func_post_hook(void*, void*)>, 
  enabled = 1 '\001', 
  flags = DRWRAP_FLAGS_NONE, 
  callconv = DRWRAP_CALLCONV_AMD64, 
  user_data = 0x5, 
  next = 0x0
}

Looks like just an uninit value: free has no return value.

Fundamentally we have a problem though: valueA for a marker is 48 bits. func_trace_entry_t.marker_value is uintptr_t and is passing all 64 bits in.

One solution is to truncate, which is fine for today's x86_64's canonical addresses, if we sign-extend on the other side? But memref_marker_t.marker_value is uintptr_t so no sign.