Improve memory safety

This commit makes numerous refinements to cosmopolitan memory handling.

The default stack size has been reduced from 2mb to 128kb. A new macro
is now provided so you can easily reconfigure the stack size to be any
value you want. Work around the breaking change by adding to your main:

    STATIC_STACK_SIZE(0x00200000);  // 2mb stack

If you're not sure how much stack you need, then you can use:

    STATIC_YOINK("stack_usage_logging");

After which you can `sort -nr o/$MODE/stack.log`. Based on the unit test
suite, nothing in the Cosmopolitan repository (except for Python) needs
a stack size greater than 30kb. There are also new macros for detecting
the size and address of the stack at runtime, e.g. GetStackAddr(). We
also now support sigaltstack() so if you want to see nice looking crash
reports whenever a stack overflow happens, you can put this in main():

    ShowCrashReports();

Under `make MODE=dbg` and `make MODE=asan` the unit testing framework
will now automatically print backtraces of memory allocations when
things like memory leaks happen. Bugs are now fixed in ASAN global
variable overrun detection. The memtrack and asan runtimes also handle
edge cases now. The new tools helped to identify a few memory leaks,
which are fixed by this change.

This change should fix an issue reported in #288 with ARG_MAX limits.
Fixing this doubled the performance of MKDEPS.COM and AR.COM yet again.

libc/sysv/calls/__sys_munmap.s

@@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall __sys_munmap,0x049049049204900b,globl,hidden

libc/sysv/calls/sigaltstack.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall sigaltstack,0x1191200352035083,globl

libc/sysv/calls/sys_munmap.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall sys_munmap,0x049049049204900b,globl,hidden

libc/sysv/calls/sys_sigaltstack.s

@@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall sys_sigaltstack,0x1191200352035083,globl,hidden

libc/sysv/consts.sh

@@ -225,6 +225,7 @@ syscon	mmap	MAP_SHARED				1			1			1			1			1			1			# forced consensus & faked nt
 syscon	mmap	MAP_PRIVATE				2			2			2			2			2			2			# forced consensus & faked nt
 syscon	mmap	MAP_TYPE				15			15			15			15			15			15			# mask for type of mapping
 syscon	mmap	MAP_FIXED				0x10			0x10			0x10			0x10			0x10			0x10			# unix consensus; openbsd appears to forbid; faked nt
+syscon	mmap	MAP_FIXED_NOREPLACE			0x8000000		0x8000000		0x8000000		0x8000000		0x8000000		0x8000000      		# handled and defined by cosmo runtime; 0x100000 on linux 4.7+
 syscon	mmap	MAP_ANONYMOUS				0x20			0x1000			0x1000			0x1000			0x1000			0x20			# bsd consensus; faked nt
 syscon	mmap	MAP_GROWSDOWN				0x0100			0			0x0400			0x4000			0x4000			0x100000		# mandatory for OpenBSD stacks; MAP_STACK on Free/OpenBSD; MEM_TOP_DOWN on NT
 syscon	mmap	MAP_CONCEAL				0			0			0x20000			0x8000			0x8000			0			# omit from core dumps; MAP_NOCORE on FreeBSD
@@ -506,7 +507,7 @@ syscon	rlimit	RLIMIT_RSS				5			5			5			5			5			127			# max physical memory size
 syscon	rlimit	RLIMIT_NPROC				6			7			7			7			7			127			# max number of processes; see fork()→EAGAIN; bsd consensus
 syscon	rlimit	RLIMIT_NOFILE				7			8			8			8			8			127			# max number of open files; see accept()→EMFILE/ENFILE; bsd consensus
 syscon	rlimit	RLIMIT_MEMLOCK				8			6			6			6			6			127			# max locked-in-memory address space; bsd consensus
-syscon	rlimit	RLIMIT_AS				9			5			10			127			10			127			# max virtual memory size in bytes
+syscon	rlimit	RLIMIT_AS				9			5			10			127			10			127			# max virtual memory size in bytes; this one actually works; we set this to RLIMIT_DATA on OpenBSD
 syscon	rlimit	RLIMIT_LOCKS				10			127			127			127			127			127			# max flock() / fcntl() locks; bsd consensus
 syscon	rlimit	RLIMIT_SIGPENDING			11			127			127			127			127			127			# max sigqueue() can enqueue; bsd consensus
 syscon	rlimit	RLIMIT_MSGQUEUE				12			127			127			127			127			127			# meh posix message queues; bsd consensus
@@ -592,10 +593,12 @@ syscon	sicode	POLL_ERR				4			4			4			4			4			4			# SIGIO; i/o error; unix conse
 syscon	sicode	POLL_PRI				5			5			5			5			5			5			# SIGIO; high priority input available; unix consensus
 syscon	sicode	POLL_HUP				6			6			6			6			6			6			# SIGIO; device disconnected; unix consensus
 
-#	sigalstack() values
+#	sigaltstack() values
 #
 #	group	name					GNU/Systemd		XNU's Not UNIX!		FreeBSD			OpenBSD			NetBSD			The New Technology	Commentary
 syscon	ss	SIGSTKSZ				0x2000			0x020000		0x8800			0x7000			0x7000			0x2000
+syscon	ss	SS_ONSTACK				1			1			1			1			1			1			# unix consensus
+syscon	ss	SS_DISABLE				2			4			4			4			4			2			# bsd consensus
 
 #	clock_{gettime,settime} timers
 #
@@ -1898,9 +1901,6 @@ syscon	misc	MT_ST_CAN_PARTITIONS			0x0400			0			0			0			0			0
 syscon	misc	MT_ST_HPLOADER_OFFSET			0x2710			0			0			0			0			0
 syscon	misc	MT_ST_SCSI2LOGICAL			0x0800			0			0			0			0			0
 
-syscon	misc	SS_ONSTACK				1			1			1			1			1			0			# unix consensus
-syscon	misc	SS_DISABLE				2			4			4			4			4			0			# bsd consensus
-
 syscon	misc	SYNC_FILE_RANGE_WAIT_AFTER		4			0			0			0			0			0
 syscon	misc	SYNC_FILE_RANGE_WAIT_BEFORE		1			0			0			0			0			0
 syscon	misc	SYNC_FILE_RANGE_WRITE			2			0			0			0			0			0

libc/sysv/consts/SS_DISABLE.S

@@ -1,2 +1,2 @@
 #include "libc/sysv/consts/syscon.internal.h"
-.syscon misc,SS_DISABLE,2,4,4,4,4,0
+.syscon ss,SS_DISABLE,2,4,4,4,4,2

libc/sysv/consts/SS_ONSTACK.S

@@ -1,2 +1,2 @@
 #include "libc/sysv/consts/syscon.internal.h"
-.syscon misc,SS_ONSTACK,1,1,1,1,1,0
+.syscon ss,SS_ONSTACK,1,1,1,1,1,1

libc/sysv/consts/map.h

@@ -26,11 +26,12 @@ extern const long MAP_CONCEAL;
 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
 
-#define MAP_FILE    0
-#define MAP_SHARED  1
-#define MAP_PRIVATE 2
-#define MAP_TYPE    15
-#define MAP_FIXED   16
+#define MAP_FILE            0
+#define MAP_SHARED          1
+#define MAP_PRIVATE         2
+#define MAP_TYPE            15
+#define MAP_FIXED           16
+#define MAP_FIXED_NOREPLACE 0x8000000
 
 #define MAP_32BIT      SYMBOLIC(MAP_32BIT)
 #define MAP_ANONYMOUS  SYMBOLIC(MAP_ANONYMOUS)

libc/sysv/consts/mremap.h

@@ -1,16 +1,7 @@
 #ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_MREMAP_H_
 #define COSMOPOLITAN_LIBC_SYSV_CONSTS_MREMAP_H_
-#include "libc/runtime/symbolic.h"
-#if !(__ASSEMBLER__ + __LINKER__ + 0)
-COSMOPOLITAN_C_START_
 
-extern const long MREMAP_FIXED;
-extern const long MREMAP_MAYMOVE;
-
-COSMOPOLITAN_C_END_
-#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
-
-#define MREMAP_MAYMOVE LITERALLY(1)
-#define MREMAP_FIXED   LITERALLY(2)
+#define MREMAP_MAYMOVE 1
+#define MREMAP_FIXED   2
 
 #endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_MREMAP_H_ */

libc/sysv/consts/sig.h

@@ -27,7 +27,6 @@ extern const long SIGRTMAX;
 extern const long SIGRTMIN;
 extern const long SIGSEGV;
 extern const long SIGSTKFLT;
-extern const long SIGSTKSZ;
 extern const long SIGSTOP;
 extern const long SIGSYS;
 extern const long SIGTERM;
@@ -75,7 +74,6 @@ COSMOPOLITAN_C_END_
 #define SIGRTMIN  SYMBOLIC(SIGRTMIN)
 #define SIGSEGV   LITERALLY(11)
 #define SIGSTKFLT SYMBOLIC(SIGSTKFLT)
-#define SIGSTKSZ  SYMBOLIC(SIGSTKSZ)
 #define SIGSTOP   SYMBOLIC(SIGSTOP)
 #define SIGSYS    SYMBOLIC(SIGSYS)
 #define SIGTERM   LITERALLY(15)

libc/sysv/consts/ss.h

@@ -0,0 +1,15 @@
+#ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_SS_H_
+#define COSMOPOLITAN_LIBC_SYSV_CONSTS_SS_H_
+#if !(__ASSEMBLER__ + __LINKER__ + 0)
+COSMOPOLITAN_C_START_
+
+extern const long SS_DISABLE;
+
+COSMOPOLITAN_C_END_
+#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
+
+#define SIGSTKSZ   STACKSIZE
+#define SS_ONSTACK 1
+#define SS_DISABLE SS_DISABLE
+
+#endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_SS_H_ */

libc/sysv/restorert.S

@@ -24,7 +24,7 @@
 __restore_bt:
 	nop
 	.endfn	__restore_bt,globl,hidden
-	nop	# gap so that GetSymbol(st, addr - 1) fails
+	nop	# gap so that __get_symbol(st, addr - 1) fails
 	.align	16
 __restore_rt:				# @see gdb/amd64-linux-tdep.c
 	mov	$0x000f,%rax		# [sic]

libc/sysv/syscalls.sh

@@ -47,7 +47,7 @@ scall	sys_lseek		0x0c70c71de20c7008	globl hidden # netbsd+openbsd:evilpad
 scall	__sys_mmap		0x0c50c51dd20c5009	globl hidden # netbsd+openbsd:pad
 scall	sys_msync		0x115100041204101a	globl hidden
 scall	sys_mprotect		0x04a04a04a204a00a	globl hidden
-scall	sys_munmap		0x049049049204900b	globl hidden
+scall	__sys_munmap		0x049049049204900b	globl hidden
 scall	sys_sigaction		0x15402e1a0202e00d	globl hidden # rt_sigaction on Lunix; it's complicated on NetBSD
 scall	sys_sigprocmask		0x125030154203000e	globl hidden # a.k.a. rt_sigprocmask, openbsd:byvalue
 scall	sys_ioctl		0x0360360362036010	globl hidden
@@ -164,7 +164,7 @@ scall	getresuid		0xfff119168ffff076	globl # semantics aren't well-defined
 scall	getresgid		0xfff11b169ffff078	globl # semantics aren't well-defined
 scall	sigpending		0x124034034203407f	globl # rt_sigpending on linux
 scall	sys_sigsuspend		0x12606f155206f082	globl hidden # openbsd:byvalue
-scall	sigaltstack		0x1191200352035083	globl
+scall	sys_sigaltstack		0x1191200352035083	globl hidden
 scall	sys_mknod		0x1c200e00e200e085	globl hidden
 scall	mknodat			0x1cc14022fffff103	globl # FreeBSD 12+
 scall	sys_mkfifo		0x0840840842084fff	globl hidden

libc/sysv/systemfive.S

@@ -21,6 +21,7 @@
 #include "libc/sysv/consts/nr.h"
 #include "libc/sysv/consts/map.h"
 #include "libc/macros.internal.h"
+#include "libc/sysv/consts/prot.h"
 #include "libc/nexgen32e/macros.h"
 
 /*                                           ▄▄▄
@@ -349,6 +350,34 @@ _init_systemfive_stack:					# determinism ftw!
 	syscall
 2:	test	%rax,%rax
 	js	1b
+
+//	prevent operating system from auto-mapping stack
+//	we guarantee stack overflows are always detected
+//	so long as you never use -DSTACK_FRAME_UNLIMITED
+//	TODO: Why does this fail sometimes with FreeBSD?
+	testb	IsFreebsd()
+	jnz	9f
+	push	%rax
+	push	%rdx
+	push	%r11
+	mov	__NR_mprotect,%eax
+	mov	$PAGESIZE,%esi
+	xor	%edx,%edx				# PROT_NONE
+	syscall
+	pop	%r11
+	pop	%rdx
+	pop	%rax
+9:	
+
+//	update the memory intervals
+//	m.i		0	4
+//	m.n		8	4
+//	m.p		16	8
+//	m.p[0].x	24	4
+//	m.p[0].y	28	4
+//	m.p[0].h	32	8
+//	m.p[0].prot	40	4
+//	m.p[0].flags	44	4
 	.weak	_mmi
 	ezlea	_mmi,cx
 	test	%rcx,%rcx
@@ -360,12 +389,14 @@ _init_systemfive_stack:					# determinism ftw!
 	movb	$1,(%rcx)				# _mmi.i
 	mov	%r11d,24(%rcx)				# _mmi.s[0].x
 	mov	%r9d,28(%rcx)				# _mmi.s[0].y
-	mov	%edx,36(%rcx)				# _mmi.s[0].prot
-	mov	%r10d,40(%rcx)				# _mmi.s[0].flags
+	orq	$-1,32(%rcx)				# _mmi.s[0].h
+	mov	%edx,40(%rcx)				# _mmi.s[0].prot
+	mov	%r10d,44(%rcx)				# _mmi.s[0].flags
 3:	pop	%r9					# restore stack size
 	pop	%rsi
 	pop	%rdi
 	leave
+//	switch stacks
 	pop	%rcx
 	lea	(%rax,%r9),%rsp
 	sub	$ape_stack_align,%rsp			# openbsd:stackbound