android-7.0.0_r1/s

/* This is really horrible.  It checks that the
   stack unwinder understands DW_CFA_def_cfa_expression.  It is
   the result of compiling this:

void bbb ( long x )
{
  __asm__ __volatile__(
      "cmp %0,%0\n\t"
      "jz .Lxyzzy\n"
      ".Lxyzzy:\n\t"
      : : "r"(x) : "cc"
      );
}

void aaa ( long x ) {
  bbb(x);
}

int main ( void )
{
  long *p = malloc(8);
  aaa( *p );
  return 0;
}

and bracketing the cmp/jz insns with a move down/up by 256 of %rsp.
The .jz causes memcheck to complain, hence unwind the stack, but
that cannot be successfully done unless the return address can
be found.  Hence the handwritten CFI below uses
DW_CFA_def_cfa_expression to make that possible.

The CFI below isn't really right in that aaa appears twice
in the backtrace

==12868== Conditional jump or move depends on uninitialised value(s)
==12868==    at 0x400512: bbb (in /home/sewardj/VgTRUNK/trunk/mad0)
==12868==    by 0x400520: aaa (in /home/sewardj/VgTRUNK/trunk/mad0)
==12868==    by 0x400520: aaa (in /home/sewardj/VgTRUNK/trunk/mad0)
==12868==    by 0x400538: main (in /home/sewardj/VgTRUNK/trunk/mad0)

but GDB behaves the same, so I'm not too concerned - indicates
the problem is with the handwritten CFI and not with
V's interpretation of it.
*/


	.file	"bad0.c"
	.text


.globl bbb
	.type	bbb, @function
bbb:
.LFB2:
.Lbbb1:
	subq $256,%rsp
.Lbbb2:
	cmp %rdi,%rdi
	jz .Lxyzzy
.Lxyzzy:
	addq $256,%rsp
.Lbbb3:
	ret
.Lbbb4:
.LFE2:
	.size	bbb, .-bbb


.globl aaa
	.type	aaa, @function
aaa:
.LFB3:
	call	bbb
	rep ; ret
.LFE3:
	.size	aaa, .-aaa
.globl main
	.type	main, @function
main:
.LFB4:
	subq	$8, %rsp
.LCFI0:
	movl	$8, %edi
	call	malloc
	movq	(%rax), %rdi
	call	aaa
	movl	$0, %eax
	addq	$8, %rsp
	ret
.LFE4:
	.size	main, .-main
	.section	.eh_frame,"a",@progbits
.Lframe1:
	.long	.LECIE1-.LSCIE1
.LSCIE1:
	.long	0x0
	.byte	0x1
	.string	"zR"
	.uleb128 0x1
	.sleb128 -8
	.byte	0x10
	.uleb128 0x1
	.byte	0x3
	.byte	0xc
	.uleb128 0x7
	.uleb128 0x8
	.byte	0x90
	.uleb128 0x1
	.align 8
.LECIE1:

/* start of the FDE for bbb */
.LSFDE1:
	.long	.LEFDE1-.LASFDE1	/* length of FDE */
.LASFDE1:
	.long	.LASFDE1-.Lframe1	/* CIE pointer */
	.long	.LFB2			/* & bbb */
	.long	.LFE2-.LFB2		/* sizeof(bbb) */
	.uleb128 0			/* augmentation length */
	.byte	0x40 + .Lbbb2 - .Lbbb1	/* _advance_loc to .Lbbb2 */

	/* For the section in between .Lbbb2 and .Lbbb3, set the
	CFA to be %rsp+256, and set the return address (dwarf r16)
	to be *(CFA+0). */
	.byte     0x0f	/* _def_cfa_expression */
	.uleb128  .Lexpr1e-.Lexpr1s /* length of expression */
.Lexpr1s:
	.byte	0x77	/* DW_OP_breg7 == %rsp + sleb128(0) */
	.sleb128 0
	.byte	0x40	/* DW_OP_lit16 */
	.byte	0x40	/* DW_OP_lit16 */
	.byte	0x1e	/* DW_OP_mul */
	.byte	0x22	/* DW_OP_plus */
.Lexpr1e:
	.byte 0x90	/* _cfa_offset:	r16 = *(cfa+0) */
	.uleb128 0

	.byte	0x40 + .Lbbb3 - .Lbbb2	/* _advance_loc to .Lbbb3 */

	/* For the section .Lbbb3 to .Lbbb4, should set CFA back to
	something sensible.  This tries to do it but still causes
	GDB to show an extraneous aaa frame on the stack.  Oh well. */
	/* Now set CFA back to %rsp+0 */
	.byte     0x0f	/* _def_cfa_expression */
	.uleb128  .Lexpr2e-.Lexpr2s /* length of expression */
.Lexpr2s:
	.byte	0x77	/* DW_OP_breg7 == %rsp + sleb128(0) */
	.sleb128 0
	.byte	0x30	/* DW_OP_lit0 */
	.byte	0x1c	/* DW_OP_minus */
.Lexpr2e:
	.byte 0x90	/* _cfa_offset:	r16 = *(cfa+0) */
	.uleb128 0

	.byte	0x40 + .Lbbb4 - .Lbbb3	/* _advance_loc to .Lbbb4 */
	.uleb128 0x0			/* ??? */
	.align 8
.LEFDE1:
/* end of the FDE for bbb */

.LSFDE3:
	.long	.LEFDE3-.LASFDE3
.LASFDE3:
	.long	.LASFDE3-.Lframe1
	.long	.LFB3
	.long	.LFE3-.LFB3
	.uleb128 0x0
	.align 8
.LEFDE3:
.LSFDE5:
	.long	.LEFDE5-.LASFDE5
.LASFDE5:
	.long	.LASFDE5-.Lframe1
	.long	.LFB4
	.long	.LFE4-.LFB4
	.uleb128 0x0
	.byte	0x4
	.long	.LCFI0-.LFB4
	.byte	0xe
	.uleb128 0x10
	.align 8
.LEFDE5:
	.ident	"GCC: (GNU) 4.1.2 20061115 (prerelease) (SUSE Linux)"
	.section	.note.GNU-stack,"",@progbits