[Bug-gsl] Uninitialized bytes in RNG state.

bug-gsl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-gsl] Uninitialized bytes in RNG state.

From:	M Joonas Pihlaja
Subject:	[Bug-gsl] Uninitialized bytes in RNG state.
Date:	Tue, 10 Feb 2009 01:42:56 +0200 (EET)

Ref: http://sourceware.org/ml/gsl-discuss/2009-q1/msg00005.html

Hi,

Valgrind complains about using uninitialised memory whenaccessing all gsl_rng_size() bytes of the gsl_rng_state() arraysreturned by some rng types.

One example is mt19937 whose state has lots of unsigned longsfollowed by an int. On a 64 bit machine the size of the state is5000 bytes of which 4 bytes are pad bytes inserted by thecompiler due to the mix of int/ulong.

Below is a script session of compiling and running an exampleprogram which triggers the valgrind complaint. The version ofGSL linked against is GSL 1.12 compiled from the source tarballusing gcc 4.3.2.


Cheers,

Joonas

Script started on Tue 10 Feb 2009 01:18:51 AM EET

0 gsl-rng-test $ gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.3.2-1.1' 
--with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs 
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared 
--with-system-zlib --libexecdir=/usr/lib --without-included-gettext 
--enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 
--program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug 
--enable-objc-gc --enable-mpfr --enable-cld --enable-checking=release 
--build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.3.2 (Debian 4.3.2-1.1)

0 gsl-rng-test $ valgrind --version
valgrind-3.3.1-Debian

0 gsl-rng-test $ uname -a
Linux taylor 2.6.18-6-amd64 #1 SMP Wed Oct 15 10:07:11 UTC 2008 x86_64 GNU/Linux

0 gsl-rng-test $ cat tmp.c
#include <stdio.h>
#include <gsl/gsl_rng.h>

int
main()
{
        gsl_rng *rng = gsl_rng_alloc(gsl_rng_mt19937);
        char *state = gsl_rng_state(rng);
        size_t size = gsl_rng_size(rng);
        size_t i;
        unsigned sum = 0;
        for (i=0; i<size; i++) {
                if (state[i] != 123) { /* conditional jump */
                        sum += state[i];
                }
        }
        printf("sum is %u\n", sum);
        return 0;
}

0 gsl-rng-test $ gcc -g tmp.c -lgsl -lgslcblas

0 gsl-rng-test $ valgrind --db-attach=yes ./a.out
==29037== Memcheck, a memory error detector.
==29037== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==29037== Using LibVEX rev 1854, a library for dynamic binary translation.
==29037== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==29037== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation 
framework.
==29037== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==29037== For more details, rerun with: -v

==29037====29037== Conditional jump or move depends on uninitialised value(s)

==29037==    at 0x40078F: main (tmp.c:13)

==29037====29037== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y

==29037== starting debugger with cmd: /usr/bin/gdb -nw /proc/29040/fd/1014 29040
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
Attaching to program: /proc/29040/fd/1014, process 29040
Reading symbols from /usr/lib/valgrind/amd64-linux/vgpreload_core.so...done.
Loaded symbols for /usr/lib/valgrind/amd64-linux/vgpreload_core.so
Reading symbols from /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so...done.
Loaded symbols for /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so
Reading symbols from /usr/lib/libgsl.so.0...done.
Loaded symbols for /usr/lib/libgsl.so.0
Reading symbols from /usr/lib/libgslcblas.so.0...done.
Loaded symbols for /usr/lib/libgslcblas.so.0
Reading symbols from /usr/lib/debug/libc.so.6...done.
Loaded symbols for /usr/lib/debug/libc.so.6
Reading symbols from /usr/lib/debug/libm.so.6...done.
Loaded symbols for /usr/lib/debug/libm.so.6
Reading symbols from /lib/ld-linux-x86-64.so.2...Reading symbols from 
/usr/lib/debug/lib/ld-2.7.so...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
0x000000000040078f in main () at tmp.c:13
13                      if (state[i] != 123) { /* conditional jump */
(gdb) p i
$1 = 4996
(gdb) p size
$2 = 5000
(gdb) quit
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /proc/29040/fd/1014, process 29040

==29037====29037== Debugger has detached. Valgrind regains control. We continue.==29037====29037== Use of uninitialised value of size 8

==29037==    at 0x52B2963: _itoa_word (_itoa.c:195)
==29037==    by 0x52B57DB: vfprintf (vfprintf.c:1559)
==29037==    by 0x52BCCA9: printf (printf.c:35)
==29037==    by 0x4007C5: main (tmp.c:17)

==29037====29037== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- c==29037====29037== Conditional jump or move depends on uninitialised value(s)

==29037==    at 0x52B296D: _itoa_word (_itoa.c:195)
==29037==    by 0x52B57DB: vfprintf (vfprintf.c:1559)
==29037==    by 0x52BCCA9: printf (printf.c:35)
==29037==    by 0x4007C5: main (tmp.c:17)

==29037====29037== Conditional jump or move depends on uninitialised value(s)

==29037==    at 0x52B5858: vfprintf (vfprintf.c:1559)
==29037==    by 0x52BCCA9: printf (printf.c:35)
==29037==    by 0x4007C5: main (tmp.c:17)
sum is 4294966056

==29037====29037== ERROR SUMMARY: 25 errors from 4 contexts (suppressed: 8 from 1)

==29037== malloc/free: in use at exit: 5,016 bytes in 2 blocks.
==29037== malloc/free: 2 allocs, 0 frees, 5,016 bytes allocated.
==29037== For counts of detected errors, rerun with: -v
==29037== searching for pointers to 2 not-freed blocks.
==29037== checked 138,368 bytes.

==29037====29037== LEAK SUMMARY:

==29037==    definitely lost: 5,016 bytes in 2 blocks.
==29037==      possibly lost: 0 bytes in 0 blocks.
==29037==    still reachable: 0 bytes in 0 blocks.
==29037==         suppressed: 0 bytes in 0 blocks.
==29037== Rerun with --leak-check=full to see details of leaked memory.

0 gsl-rng-test $ exit
Script done on Tue 10 Feb 2009 01:19:54 AM EET

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-gsl] Uninitialized bytes in RNG state., M Joonas Pihlaja <=
- Re: [Bug-gsl] Uninitialized bytes in RNG state., Brian Gough, 2009/02/10
  - Re: [Bug-gsl] Uninitialized bytes in RNG state., M Joonas Pihlaja, 2009/02/10
    - Re: [Bug-gsl] Uninitialized bytes in RNG state., Brian Gough, 2009/02/10
    - Re: [Bug-gsl] Uninitialized bytes in RNG state., M Joonas Pihlaja, 2009/02/10
  - Re: [Bug-gsl] Uninitialized bytes in RNG state., Julian Seward, 2009/02/10
    - Re: [Bug-gsl] Uninitialized bytes in RNG state., Brian Gough, 2009/02/10

Prev by Date: [Bug-gsl] [bug #25498] levy skew alpha-stable distribution documentation mis-plot
Next by Date: Re: [Bug-gsl] Uninitialized bytes in RNG state.
Previous by thread: [Bug-gsl] [bug #25498] levy skew alpha-stable distribution documentation mis-plot
Next by thread: Re: [Bug-gsl] Uninitialized bytes in RNG state.
Index(es):
- Date
- Thread