fix(callgrind): aggregate (cxt==0) and underflow leaks under a sentinel cxt

not-matthias · not-matthias · commit 4a7c1d5fecbd · 2026-05-27T13:14:50.000+02:00
When setup_bbcc's (cxt==0) clause or handleUnderflow would force-push
a skipped fn into the current context, push a synthetic (skipped) fn
instead. The skipped fn keeps its costs (routed normally through the
sentinel cxt) but never surfaces as its own fn= block — the dump
shows a single ob=??? fl=(callgrind-internal) fn=(skipped) block
aggregating all leaked frames.

The sentinel itself has skip=False so the (cxt==0 &amp;&amp; skip) substitution
doesn't recurse on it. Created lazily on first need via a singleton
in fn.c, attached to the anonymous '???' obj.

Verified against both C reproducers (runtime_obj_skip_c and
runtime_obj_skip_underflow): no skipme_* fn= blocks appear, totals
are preserved. Verified against a non-skipped-attribution test that
main / do_main_work still emit normally; the sentinel only engages
on the leak paths.
diff --git a/callgrind/bbcc.c b/callgrind/bbcc.c
@@ -518,6 +518,13 @@ static void handleUnderflow(BB* bb)
                "obj='%s' skip=%d\n",
                bb_addr(bb), caller->name,
                caller->file->obj->name, caller->skip);
+
+  /* A (sentinel): if the fn we'd return into is itself skipped, push
+   * the (skipped) sentinel instead so the skipped fn doesn't surface
+   * as its own fn= block in the dump. */
+  if (caller->skip)
+    caller = CLG_(get_skipped_sentinel)();
+
   CLG_(push_cxt)( caller );
 
   if (!seen_before) {
@@ -837,6 +844,9 @@ void CLG_(setup_bbcc)(BB* bb)
                    push_fn->name,
                    push_fn->file->obj->name,
                    (int)jmpkind, (int)delayed_push);
+      /* A (sentinel): substitute the (skipped) sentinel so the
+       * skipped fn doesn't appear as its own fn= block in the dump. */
+      push_fn = CLG_(get_skipped_sentinel)();
     }
     CLG_(push_cxt)(push_fn);
   }
diff --git a/callgrind/fn.c b/callgrind/fn.c
@@ -336,6 +336,27 @@ static Bool name_contains(const HChar* hay, const HChar* needle)
     return False;
 }
 
+static fn_node* new_fn_node(const HChar *fnname,
+                            file_node* file, fn_node* next);
+
+/* Singleton sentinel fn_node used as a placeholder cxt when we'd
+ * otherwise be forced to push a skipped fn into an empty (cxt == 0)
+ * context. Keeping skip == False on the sentinel itself is crucial:
+ * the (cxt == 0 && skip) check that would push it must NOT recurse
+ * on the sentinel. */
+static fn_node* skipped_sentinel = NULL;
+
+fn_node* CLG_(get_skipped_sentinel)(void)
+{
+    if (skipped_sentinel) return skipped_sentinel;
+
+    obj_node* obj = CLG_(get_obj_node)(NULL);   /* anonymous "???" obj */
+    file_node* file = CLG_(get_file_node)(obj, "", "(callgrind-internal)");
+    skipped_sentinel = new_fn_node("(skipped)", file, NULL);
+    skipped_sentinel->skip = False;
+    return skipped_sentinel;
+}
+
 void CLG_(dump_python_fn_summary)(void)
 {
     Int total = 0, checked = 0, skipped = 0;
diff --git a/callgrind/global.h b/callgrind/global.h
@@ -725,6 +725,7 @@ UInt* CLG_(get_fn_entry)(Int n);
 void      CLG_(init_obj_table)(void);
 void      CLG_(count_obj_skip_checked_fns)(Int* checked, Int* skipped);
 void      CLG_(dump_python_fn_summary)(void);
+fn_node*  CLG_(get_skipped_sentinel)(void);
 obj_node* CLG_(get_obj_node)(DebugInfo* si);
 file_node* CLG_(get_file_node)(obj_node*, const HChar *dirname,
                                const HChar* filename);
