[Bug libmudflap/38766] New: mudflap cannot detect errors on stack of nptl thread

["anemo at mba dot ocn dot ne dot jp" <gcc-bugzilla@gcc.gnu.org>]

The mudflap do not report an error in this func() when called from
NPTL thread.  Same error on main thread is reported as expected.

#include <pthread.h>

void *func(void *arg)
{
        void *a[1];
        return a[2];
}

int main(int argc, char **argv)
{
        pthread_t tid;

        pthread_create(&tid, NULL, func, NULL);
        pthread_join(tid, NULL);
        return (int)func(NULL);
}

$ gcc -fmudflapth foo.c -lmudflapth -lpthread
$ ./a.out
*******
mudflap violation 1 (check/read): time=1231413729.194138 ptr=0xbfcc9030 size=12
pc=0x1f92a0 location=`foo.c:6:2 (func)'
      /usr/lib/libmudflapth.so.0(__mf_check+0x50) [0x1f92a0]
      ./a.out(func+0x97) [0x804884b]
      ./a.out(main+0x77) [0x80488e8]
Nearby object 1: checked region begins 0B into and ends 8B after
mudflap object 0x9a5ae88: name=`foo.c:5:8 (func) a'
bounds=[0xbfcc9030,0xbfcc9033] size=4 area=stack check=3r/0w liveness=3
alloc time=1231413729.194135 pc=0x1f89c0 thread=3087742672
number of nearby objects: 1
$ rpm -q gcc
gcc-4.3.0-8.i386


With -trace-calls:

$ MUDFLAP_OPTIONS=-trace-calls ./a.out
mf(3086894800): set options from `-trace-calls'
...
mf(3086894800): pthread_create
mf(3086894800): mmap
mf(3086894800): register ptr=0xb75e3000 size=4096 type=2 name='mmap page'
...
mf(3086894800): register ptr=0xb7fe3000 size=4096 type=2 name='mmap page'
mf(3086894800): calloc
mf(3086894800): register ptr=0x9830cb8 size=144 type=2 name='calloc region'
mf(3086891920): register ptr=0xb7fe3b54 size=4 type=5 name='errno area
(thread)'
mf(3086891920): register ptr=0xb7fe3370 size=4 type=3 name='foo.c:5:8 (func) a'
mf(3086891920): check ptr=0xb7fe3370 b=220 size=12 read location=`foo.c:6:2
(func)'
mf(3086891920): unregister ptr=0xb7fe3370 size=4 type=3
mf(3086891920): unregister ptr=0xb7fe3b54 size=4 type=5
mf(3086891920): free
mf(3086894800): register ptr=0xbf9f9540 size=4 type=3 name='foo.c:5:8 (func) a'
mf(3086894800): check ptr=0xbf9f9540 b=336 size=12 read location=`foo.c:6:2
(func)'
mf(3086894800): violation pc=0x1f92a0 location=foo.c:6:2 (func) type=1
ptr=0xbf9f9540 size=12
*******
mudflap violation 1 (check/read): time=1231413750.233228 ptr=0xbf9f9540 size=12
pc=0x1f92a0 location=`foo.c:6:2 (func)'
...

As this log shows, "ptr=0xb7fe3370 size=12" does not cause violation
because stack of NPTL thread is in mmapped area.

In the past, it seems mudflap wrapper for pthread_create allocate its
own thread stack, but the code was removed a while ago.

http://gcc.gnu.org/ml/gcc-patches/2005-07/msg01100.html

I'm not sure this problem could happen at that time.


-- 
           Summary: mudflap cannot detect errors on stack of nptl thread
           Product: gcc
           Version: 4.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libmudflap
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: anemo at mba dot ocn dot ne dot jp
GCC target triplet: *-linux


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38766