[PATCH] perf tools: fix off-by-one error in maps

[PATCH] perf tools: fix off-by-one error in maps

[Stephane Eranian]

This patch fixes off-by-one errors in the management
of maps.  A map is defined by start address and length
as implemented by map__new():

map__init(map, type, start, start + len, pgoff, dso);

map__init()
{
  map->start = addr;
  map->end = end;
}

Consequently, the actual address range is ]start; end[
map->end is the first byte outside the range. This patch
fixes two bugs where upper bounds were off-by-one.

Signed-off-by: Stephane Eranian <eranian@google.com>

diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
index b709059..9e2c71e 100644
--- a/tools/perf/util/map.c
+++ b/tools/perf/util/map.c
@@ -556,7 +556,7 @@ struct symbol *map_groups__find_symbol_by_name(struct map_groups *mg,
 
 int map_groups__find_ams(struct addr_map_symbol *ams, symbol_filter_t filter)
 {
-	if (ams->addr < ams->map->start || ams->addr > ams->map->end) {
+	if (ams->addr < ams->map->start || ams->addr >= ams->map->end) {
 		if (ams->map->groups == NULL)
 			return -1;
 		ams->map = map_groups__find(ams->map->groups, ams->map->type,
@@ -678,7 +678,7 @@ int map_groups__fixup_overlappings(struct map_groups *mg, struct map *map,
 				goto move_map;
 			}
 
-			after->start = map->end + 1;
+			after->start = map->end;
 			map_groups__insert(mg, after);
 			if (verbose >= 2)
 				map__fprintf(after, fp);

Re: [PATCH] perf tools: fix off-by-one error in maps

[Jiri Olsa]

On Fri, Oct 03, 2014 at 12:47:07PM +0200, Stephane Eranian wrote:
> 

SNIP

> Signed-off-by: Stephane Eranian <eranian@google.com>
> 
> diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
> index b709059..9e2c71e 100644
> --- a/tools/perf/util/map.c
> +++ b/tools/perf/util/map.c
> @@ -556,7 +556,7 @@ struct symbol *map_groups__find_symbol_by_name(struct map_groups *mg,
>  
>  int map_groups__find_ams(struct addr_map_symbol *ams, symbol_filter_t filter)
>  {
> -	if (ams->addr < ams->map->start || ams->addr > ams->map->end) {
> +	if (ams->addr < ams->map->start || ams->addr >= ams->map->end) {
>  		if (ams->map->groups == NULL)
>  			return -1;
>  		ams->map = map_groups__find(ams->map->groups, ams->map->type,
> @@ -678,7 +678,7 @@ int map_groups__fixup_overlappings(struct map_groups *mg, struct map *map,
>  				goto move_map;
>  			}
>  
> -			after->start = map->end + 1;
> +			after->start = map->end;
>  			map_groups__insert(mg, after);
>  			if (verbose >= 2)
>  				map__fprintf(after, fp);

hum, do we also need this one then?

---
diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
index 9e2c71e51fce..186418ba18db 100644
--- a/tools/perf/util/map.c
+++ b/tools/perf/util/map.c
@@ -664,7 +664,7 @@ int map_groups__fixup_overlappings(struct map_groups *mg, struct map *map,
 				goto move_map;
 			}
 
-			before->end = map->start - 1;
+			before->end = map->start;
 			map_groups__insert(mg, before);
 			if (verbose >= 2)
 				map__fprintf(before, fp);

Re: [PATCH] perf tools: fix off-by-one error in maps

[Stephane Eranian]

On Sun, Oct 5, 2014 at 9:23 PM, Jiri Olsa <jolsa@redhat.com> wrote:
> On Fri, Oct 03, 2014 at 12:47:07PM +0200, Stephane Eranian wrote:
>>
>
> SNIP
>
>> Signed-off-by: Stephane Eranian <eranian@google.com>
>>
>> diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
>> index b709059..9e2c71e 100644
>> --- a/tools/perf/util/map.c
>> +++ b/tools/perf/util/map.c
>> @@ -556,7 +556,7 @@ struct symbol *map_groups__find_symbol_by_name(struct map_groups *mg,
>>
>>  int map_groups__find_ams(struct addr_map_symbol *ams, symbol_filter_t filter)
>>  {
>> -     if (ams->addr < ams->map->start || ams->addr > ams->map->end) {
>> +     if (ams->addr < ams->map->start || ams->addr >= ams->map->end) {
>>               if (ams->map->groups == NULL)
>>                       return -1;
>>               ams->map = map_groups__find(ams->map->groups, ams->map->type,
>> @@ -678,7 +678,7 @@ int map_groups__fixup_overlappings(struct map_groups *mg, struct map *map,
>>                               goto move_map;
>>                       }
>>
>> -                     after->start = map->end + 1;
>> +                     after->start = map->end;
>>                       map_groups__insert(mg, after);
>>                       if (verbose >= 2)
>>                               map__fprintf(after, fp);
>
> hum, do we also need this one then?
>
> ---
> diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
> index 9e2c71e51fce..186418ba18db 100644
> --- a/tools/perf/util/map.c
> +++ b/tools/perf/util/map.c
> @@ -664,7 +664,7 @@ int map_groups__fixup_overlappings(struct map_groups *mg, struct map *map,
>                                 goto move_map;
>                         }
>
> -                       before->end = map->start - 1;
> +                       before->end = map->start;
Start is first byte of next range, so it is pointing to one byte after
the end of the before range.
So, yes, I think we need your fix as well. I missed it. Will repost.

>                         map_groups__insert(mg, before);
>                         if (verbose >= 2)
>                                 map__fprintf(before, fp);

Re: [PATCH] perf tools: fix off-by-one error in maps

[Arnaldo Carvalho de Melo]

Em Fri, Oct 03, 2014 at 12:47:07PM +0200, Stephane Eranian escreveu:
> 
> This patch fixes off-by-one errors in the management
> of maps.  A map is defined by start address and length
> as implemented by map__new():
> 
> map__init(map, type, start, start + len, pgoff, dso);
> 
> map__init()
> {
>   map->start = addr;
>   map->end = end;
> }
> 
> Consequently, the actual address range is ]start; end[
> map->end is the first byte outside the range. This patch

I thought map->end should be the end of the range, not something after
the end, is that really the case?

I.e. the bug would be in that call to map__init, that should instead be:

	map__init(map, type, start, start + len - 1, pgoff, dso);

no? Isn't that clearer, i.e. to keep the semantics of 'end'?

- Arnaldo

> fixes two bugs where upper bounds were off-by-one.
> 
> Signed-off-by: Stephane Eranian <eranian@google.com>
> 
> diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
> index b709059..9e2c71e 100644
> --- a/tools/perf/util/map.c
> +++ b/tools/perf/util/map.c
> @@ -556,7 +556,7 @@ struct symbol *map_groups__find_symbol_by_name(struct map_groups *mg,
>  
>  int map_groups__find_ams(struct addr_map_symbol *ams, symbol_filter_t filter)
>  {
> -	if (ams->addr < ams->map->start || ams->addr > ams->map->end) {
> +	if (ams->addr < ams->map->start || ams->addr >= ams->map->end) {
>  		if (ams->map->groups == NULL)
>  			return -1;
>  		ams->map = map_groups__find(ams->map->groups, ams->map->type,
> @@ -678,7 +678,7 @@ int map_groups__fixup_overlappings(struct map_groups *mg, struct map *map,
>  				goto move_map;
>  			}
>  
> -			after->start = map->end + 1;
> +			after->start = map->end;
>  			map_groups__insert(mg, after);
>  			if (verbose >= 2)
>  				map__fprintf(after, fp);

Re: [PATCH] perf tools: fix off-by-one error in maps

[Stephane Eranian]

Arnaldo,

On Mon, Oct 6, 2014 at 5:18 PM, Arnaldo Carvalho de Melo
<acme@redhat.com> wrote:
> Em Fri, Oct 03, 2014 at 12:47:07PM +0200, Stephane Eranian escreveu:
>>
>> This patch fixes off-by-one errors in the management
>> of maps.  A map is defined by start address and length
>> as implemented by map__new():
>>
>> map__init(map, type, start, start + len, pgoff, dso);
>>
>> map__init()
>> {
>>   map->start = addr;
>>   map->end = end;
>> }
>>
>> Consequently, the actual address range is ]start; end[
>> map->end is the first byte outside the range. This patch
>
> I thought map->end should be the end of the range, not something after
> the end, is that really the case?
>
map->start = start;
map->end = start + len;

Thus map->end is the first byte after the end.


> I.e. the bug would be in that call to map__init, that should instead be:
>
>         map__init(map, type, start, start + len - 1, pgoff, dso);

Yeah, that is the alternative. But are you sure this is the only place
where a map
is initialized. And this is not really C like.

>
> no? Isn't that clearer, i.e. to keep the semantics of 'end'?
>
Yeah, it all depends on what you meant by end: last byte or first byte after.
But then everything needs to be consistent. That is what I am trying to fix
in this patch.

> - Arnaldo
>
>> fixes two bugs where upper bounds were off-by-one.
>>
>> Signed-off-by: Stephane Eranian <eranian@google.com>
>>
>> diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
>> index b709059..9e2c71e 100644
>> --- a/tools/perf/util/map.c
>> +++ b/tools/perf/util/map.c
>> @@ -556,7 +556,7 @@ struct symbol *map_groups__find_symbol_by_name(struct map_groups *mg,
>>
>>  int map_groups__find_ams(struct addr_map_symbol *ams, symbol_filter_t filter)
>>  {
>> -     if (ams->addr < ams->map->start || ams->addr > ams->map->end) {
>> +     if (ams->addr < ams->map->start || ams->addr >= ams->map->end) {
>>               if (ams->map->groups == NULL)
>>                       return -1;
>>               ams->map = map_groups__find(ams->map->groups, ams->map->type,
>> @@ -678,7 +678,7 @@ int map_groups__fixup_overlappings(struct map_groups *mg, struct map *map,
>>                               goto move_map;
>>                       }
>>
>> -                     after->start = map->end + 1;
>> +                     after->start = map->end;
>>                       map_groups__insert(mg, after);
>>                       if (verbose >= 2)
>>                               map__fprintf(after, fp);