Improve memory safety

This commit makes numerous refinements to cosmopolitan memory handling.

The default stack size has been reduced from 2mb to 128kb. A new macro
is now provided so you can easily reconfigure the stack size to be any
value you want. Work around the breaking change by adding to your main:

    STATIC_STACK_SIZE(0x00200000);  // 2mb stack

If you're not sure how much stack you need, then you can use:

    STATIC_YOINK("stack_usage_logging");

After which you can `sort -nr o/$MODE/stack.log`. Based on the unit test
suite, nothing in the Cosmopolitan repository (except for Python) needs
a stack size greater than 30kb. There are also new macros for detecting
the size and address of the stack at runtime, e.g. GetStackAddr(). We
also now support sigaltstack() so if you want to see nice looking crash
reports whenever a stack overflow happens, you can put this in main():

    ShowCrashReports();

Under `make MODE=dbg` and `make MODE=asan` the unit testing framework
will now automatically print backtraces of memory allocations when
things like memory leaks happen. Bugs are now fixed in ASAN global
variable overrun detection. The memtrack and asan runtimes also handle
edge cases now. The new tools helped to identify a few memory leaks,
which are fixed by this change.

This change should fix an issue reported in #288 with ARG_MAX limits.
Fixing this doubled the performance of MKDEPS.COM and AR.COM yet again.
This commit is contained in:
Justine Tunney 2021-10-13 17:27:13 -07:00
parent a0b39f886c
commit 226aaf3547
317 changed files with 6474 additions and 3993 deletions

106
libc/testlib/leaks.c Normal file
View file

@ -0,0 +1,106 @@
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2021 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/bits/bits.h"
#include "libc/intrin/asan.internal.h"
#include "libc/log/libfatal.internal.h"
#include "libc/runtime/internal.h"
#include "libc/runtime/memtrack.internal.h"
#include "libc/runtime/runtime.h"
#include "libc/testlib/testlib.h"
static bool once;
static bool hasleaks;
static noasan void CheckLeak(void *x, void *y, size_t n, void *a) {
if (n) {
if (IsAsan()) {
if (__asan_get_heap_size(x)) {
hasleaks = true;
}
} else {
hasleaks = true;
}
}
}
static noasan void OnMemory(void *x, void *y, size_t n, void *a) {
static int i;
if (n) {
if (++i < 20) {
__printf("%p %,d bytes", x, n);
if (IsAsan()) {
__asan_print_trace(x);
}
__printf("\n");
}
if (i == 20) {
__printf("etc. etc.\n");
}
}
}
static noasan bool HasLeaks(void) {
malloc_inspect_all(CheckLeak, 0);
return hasleaks;
}
/**
* Tests for memory leaks.
*
* This function needs to call __cxa_finalize(). Therefore any runtime
* services that depend on malloc() cannot be used, after calling this
* function.
*/
noasan void testlib_checkformemoryleaks(void) {
struct mallinfo mi;
if (!cmpxchg(&once, false, true)) {
__printf("testlib_checkformemoryleaks() may only be called once\n");
_Exit(1);
}
__cxa_finalize(0);
if (!IsAsan()) {
/* TODO(jart): How can we make this work without ASAN? */
return;
}
malloc_trim(0);
if (HasLeaks()) {
mi = mallinfo();
__printf("\n"
"UNFREED MEMORY\n"
"%s\n"
"max allocated space %,*d\n"
"total allocated space %,*d\n"
"total free space %,*d\n"
"releasable space %,*d\n"
"mmaped space %,*d\n"
"non-mmapped space %,*d\n"
"\n",
__argv[0], 16l, mi.usmblks, 16l, mi.uordblks, 16l, mi.fordblks,
16l, mi.hblkhd, 16l, mi.keepcost, 16l, mi.arena);
if (!IsAsan()) {
__printf("# NOTE: Use `make -j8 MODE=dbg` for malloc() backtraces\n");
}
malloc_inspect_all(OnMemory, 0);
__printf("\n");
PrintMemoryIntervals(2, &_mmi);
/* PrintSystemMappings(2); */
/* PrintGarbage(); */
_Exit(78);
}
}

View file

@ -40,77 +40,56 @@ static noasan relegated uint64_t CountMappedBytes(void) {
return x;
}
static relegated void DieBecauseOfQuota(char *p, int rc, const char *message) {
int e;
static relegated void DieBecauseOfQuota(int rc, const char *message) {
int e = errno;
char hostname[32];
e = errno;
__restore_tty(2);
__stpcpy(hostname, "unknown");
gethostname(hostname, sizeof(hostname));
p = __stpcpy(p, message);
p = __stpcpy(p, " on ");
p = __stpcpy(p, hostname);
p = __stpcpy(p, " pid ");
p = __intcpy(p, __getpid());
p = __stpcpy(p, "\n");
__write(__fatalbuf, p - __fatalbuf);
__printf("%s on %s pid %d\n", message, hostname, (long)__getpid());
PrintBacktraceUsingSymbols(2, 0, GetSymbolTable());
exit(rc);
_Exit(rc);
}
static relegated void OnXcpu(int sig) {
DieBecauseOfQuota(__fatalbuf, 23, "\n\nSIGXCPU: ran out of cpu");
__restore_tty(2);
DieBecauseOfQuota(23, "\n\nSIGXCPU: ran out of cpu");
}
static relegated void OnXfsz(int sig) {
DieBecauseOfQuota(__fatalbuf, 25, "\n\nSIGXFSZ: exceeded maximum file size");
__restore_tty(2);
DieBecauseOfQuota(25, "\n\nSIGXFSZ: exceeded maximum file size");
}
relegated void __oom_hook(size_t request) {
int e;
char *p;
uint64_t toto, newlim;
struct MallocStats stats;
__restore_tty(2);
e = errno;
p = __fatalbuf;
toto = CountMappedBytes();
stats = dlmalloc_stats(g_dlmalloc);
p = __stpcpy(p, "\n");
p = __stpcpy(p, "\n");
p = __stpcpy(p, "WE REQUIRE MORE VESPENE GAS");
if (e != ENOMEM) {
p = __stpcpy(p, " (");
p = __stpcpy(p, strerror(e));
p = __stpcpy(p, ")");
}
p = __stpcpy(p, "\n");
p = __stpcpy(p, "mmap last request = ");
p = __intcpy(p, request);
p = __stpcpy(p, "\n");
p = __stpcpy(p, "mmapped system bytes = ");
p = __intcpy(p, toto);
p = __stpcpy(p, "\n");
p = __stpcpy(p, "malloc max system bytes = ");
p = __intcpy(p, stats.maxfp);
p = __stpcpy(p, "\n");
p = __stpcpy(p, "malloc system bytes = ");
p = __intcpy(p, stats.fp);
p = __stpcpy(p, "\n");
p = __stpcpy(p, "malloc in use bytes = ");
p = __intcpy(p, stats.used);
p = __stpcpy(p, "\n");
p = __stpcpy(p, "\n");
__printf("\n\nWE REQUIRE MORE VESPENE GAS");
if (e != ENOMEM) __printf(" (%s)", strerror(e));
__printf("\n"
"mmap last request = %d\n"
"mmapped system bytes = %d\n"
"malloc max system bytes = %d\n"
"malloc system bytes = %d\n"
"malloc in use bytes = %d\n"
"\n",
request, toto, stats.maxfp, stats.fp, stats.used);
if (IsRunningUnderMake()) {
newlim = toto + request;
newlim += newlim >> 1;
newlim = roundup2pow(newlim);
p = __stpcpy(p, "FIX CODE OR TUNE QUOTA += -M");
p = __intcpy(p, newlim / (1024 * 1024));
p = __stpcpy(p, "m\n");
__printf("FIX CODE OR TUNE QUOTA += -M%dm\n", newlim / (1024 * 1024));
}
p = __stpcpy(p, "\n");
p = __stpcpy(p, "THE STRAW THAT BROKE THE CAMEL'S BACK\n");
DieBecauseOfQuota(p, 42, "MAP_FAILED: exceeded memory quota");
__printf("\n");
PrintMemoryIntervals(2, &_mmi);
__printf("\nTHE STRAW THAT BROKE THE CAMEL'S BACK\n");
PrintBacktraceUsingSymbols(2, 0, GetSymbolTable());
PrintSystemMappings(2);
_Exit(42);
}
static textstartup void InstallQuotaHandlers(void) {

View file

@ -19,6 +19,7 @@
#include "libc/bits/safemacros.internal.h"
#include "libc/fmt/fmt.h"
#include "libc/log/color.internal.h"
#include "libc/log/internal.h"
#include "libc/log/libfatal.internal.h"
#include "libc/testlib/testlib.h"
@ -36,38 +37,18 @@ testonly void testlib_showerror(const char *file, int line, const char *func,
/* TODO(jart): Pay off tech debt re duplication */
__getpid(); /* make strace easier to read */
__getpid();
p = __fatalbuf;
p = __stpcpy(p, RED2);
p = __stpcpy(p, "error");
p = __stpcpy(p, UNBOLD);
p = __stpcpy(p, BLUE1);
p = __stpcpy(p, ":");
p = __stpcpy(p, file);
p = __stpcpy(p, ":");
p = __intcpy(p, line);
p = __stpcpy(p, RESET);
p = __stpcpy(p, ": ");
p = __stpcpy(p, method);
p = __stpcpy(p, "() in ");
p = __stpcpy(p, func);
p = __stpcpy(p, "(");
p = __stpcpy(p, g_fixturename);
p = __stpcpy(p, ")\n\t");
p = __stpcpy(p, code);
p = __stpcpy(p, "\n\t\tneed ");
p = __stpcpy(p, v1);
p = __stpcpy(p, " ");
p = __stpcpy(p, symbol);
p = __stpcpy(p, "\n\t\t got ");
p = __stpcpy(p, v2);
p = __stpcpy(p, "\n\t");
p = __stpcpy(p, SUBTLE);
p = __stpcpy(p, strerror(errno));
p = __stpcpy(p, "\n\t");
p = __stpcpy(p, program_invocation_name);
p = __stpcpy(p, RESET);
p = __stpcpy(p, "\n");
__write(__fatalbuf, p - __fatalbuf);
__printf("%serror%s:%s:%d%s: %s() in %s(%s)\n"
"\t%s\n"
"\t\tneed %s %s\n"
"\t\t got %s\n"
"\t%s%s\n"
"\t%s%s\n",
!g_isterminalinarticulate ? "\e[91;1m" : "",
!g_isterminalinarticulate ? "\e[22;94;49m" : "", file, (long)line,
!g_isterminalinarticulate ? "\e[0m" : "", method, func,
g_fixturename, code, v1, symbol, v2,
!g_isterminalinarticulate ? "\e[35m" : "", strerror(errno),
program_executable_name, !g_isterminalinarticulate ? "\e[0m" : "");
free_s(&v1);
free_s(&v2);
}

View file

@ -352,6 +352,7 @@ void thrashcodecache(void);
void testlib_finish(void);
void testlib_runalltests(void);
void testlib_runallbenchmarks(void);
void testlib_checkformemoryleaks(void);
void testlib_runtestcases(testfn_t *, testfn_t *, testfn_t);
void testlib_runcombos(testfn_t *, testfn_t *, const struct TestFixture *,
const struct TestFixture *);

View file

@ -59,6 +59,7 @@ LIBC_TESTLIB_A_SRCS_C = \
libc/testlib/comborunner.c \
libc/testlib/contains.c \
libc/testlib/endswith.c \
libc/testlib/leaks.c \
libc/testlib/yield.c \
libc/testlib/ezbenchcontrol.c \
libc/testlib/ezbenchreport.c \
@ -189,6 +190,7 @@ LIBC_TESTMAIN_DIRECTDEPS = \
LIBC_SYSV_CALLS \
LIBC_TESTLIB \
LIBC_TESTLIB_RUNNER \
THIRD_PARTY_DLMALLOC \
THIRD_PARTY_GETOPT
LIBC_TESTMAIN_DEPS := \

View file

@ -21,8 +21,15 @@
#include "libc/calls/calls.h"
#include "libc/calls/internal.h"
#include "libc/calls/struct/sigaction.h"
#include "libc/dce.h"
#include "libc/intrin/asan.internal.h"
#include "libc/log/libfatal.internal.h"
#include "libc/log/log.h"
#include "libc/mem/mem.h"
#include "libc/nexgen32e/x86feature.h"
#include "libc/runtime/internal.h"
#include "libc/runtime/memtrack.internal.h"
#include "libc/runtime/runtime.h"
#include "libc/runtime/symbols.internal.h"
#include "libc/stdio/stdio.h"
#include "libc/sysv/consts/ex.h"
@ -42,6 +49,7 @@ Flags:\n\
\n"
STATIC_YOINK("__die");
STATIC_YOINK("__get_symbol_by_addr");
STATIC_YOINK("testlib_quota_handlers");
static bool runbenchmarks_;
@ -75,7 +83,7 @@ void GetOpts(int argc, char *argv[]) {
/**
* Generic test program main function.
*/
int main(int argc, char *argv[]) {
noasan int main(int argc, char *argv[]) {
const char *comdbg;
__log_level = kLogInfo;
GetOpts(argc, argv);
@ -86,9 +94,14 @@ int main(int argc, char *argv[]) {
testlib_runalltests();
if (!g_testlib_failed && runbenchmarks_ && weaken(testlib_runallbenchmarks)) {
weaken(testlib_runallbenchmarks)();
if (!g_testlib_failed) {
testlib_checkformemoryleaks();
}
if (!g_testlib_failed && IsRunningUnderMake()) {
return 254; /* compile.com considers this 0 and propagates output */
}
} else if (!g_testlib_failed) {
testlib_checkformemoryleaks();
}
return min(255, g_testlib_failed);
_Exit(min(255, g_testlib_failed));
}