[valgrind] [Bug 493599] New: integer overflow in summary using callgrind client requests with --dump-every-bb, --dump-before, --dump-after

Tue, 24 Sep 2024 12:13:17 -0700 

https://bugs.kde.org/show_bug.cgi?id=493599

            Bug ID: 493599
           Summary: integer overflow in summary using callgrind client
                    requests with --dump-every-bb, --dump-before,
                    --dump-after
    Classification: Developer tools
           Product: valgrind
           Version: 3.23.0
          Platform: Arch Linux
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: callgrind
          Assignee: josef.weidendor...@gmx.de
          Reporter: gamma0...@posteo.de
  Target Milestone: ---

Created attachment 174042
  --> https://bugs.kde.org/attachment.cgi?id=174042&action=edit
The main program, headers and the output files

STEPS TO REPRODUCE
1. Compile main.c from the attachment. I used `clang main.c -o main -lm`. (The
actual point here is the usage of CALLGRIND_START_INSTRUMENTATION and
CALLGRIND_STOP_INSTRUMENTATION)
2. run `valgrind with valgrind --tool=callgrind --separate-threads=yes
--dump-after='find_primes' ./main`
3. Inspect the summary lines in the callgrind output files. One or some of them
show very high values close to the maximum ulong value.

(`--dump-before=find_primes` or `--dump-every-bb=100000` cause similar
overflow(s) in the summary line of one or more files. Running callgrind with
--cache-sim=yes causes the overflow in the cache metrics, too)

The output file `callgrind.out.3476195-02`

```
# callgrind format
version: 1
creator: callgrind-3.23.0
pid: 3476195
cmd:  ./main
part: 2
thread: 2


desc: I1 cache: 
desc: D1 cache: 
desc: LL cache: 

desc: Timerange: Basic block 683044 - 2542554
desc: Trigger: Program termination

positions: line
events: Ir
summary: 18446744073707324667


totals: 0
```

shows the overflow of the Instruction counts in the summary line. The summary
of the file `callgrind.out.3476195.1-02` shows `2226949` Instructions.

```
# callgrind format
version: 1
creator: callgrind-3.23.0
pid: 3476195
cmd:  ./main
part: 1
thread: 2


desc: I1 cache:
desc: D1 cache:
desc: LL cache:

desc: Timerange: Basic block 0 - 683044
desc: Trigger: --dump-after=find_primes

positions: line
events: Ir
summary: 2226949
...
```

I don't think it is a coincidence that `18446744073707324667 (Ir from
callgrind.out.3476195-02) + 2226949 (Ir from callgrind.out.3476195.1-02) = 0`.

EXPECTED BEHAVIOUR:

I guess the instruction counts in the summary of the
`ccallgrind.out.3476195-02` file should actually be 0.

ADDITIONAL INFORMATION

The original bug was observed in a rust program (iai-callgrind) using
valgrind/callgrind , and the `main.c` of the attachment is the quick and dirty
C implementation of the failing rust test. I hope the main.c suffices to track
down the bug.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to