mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-07-29 14:00:29 +00:00
Improve memory safety
This commit makes numerous refinements to cosmopolitan memory handling. The default stack size has been reduced from 2mb to 128kb. A new macro is now provided so you can easily reconfigure the stack size to be any value you want. Work around the breaking change by adding to your main: STATIC_STACK_SIZE(0x00200000); // 2mb stack If you're not sure how much stack you need, then you can use: STATIC_YOINK("stack_usage_logging"); After which you can `sort -nr o/$MODE/stack.log`. Based on the unit test suite, nothing in the Cosmopolitan repository (except for Python) needs a stack size greater than 30kb. There are also new macros for detecting the size and address of the stack at runtime, e.g. GetStackAddr(). We also now support sigaltstack() so if you want to see nice looking crash reports whenever a stack overflow happens, you can put this in main(): ShowCrashReports(); Under `make MODE=dbg` and `make MODE=asan` the unit testing framework will now automatically print backtraces of memory allocations when things like memory leaks happen. Bugs are now fixed in ASAN global variable overrun detection. The memtrack and asan runtimes also handle edge cases now. The new tools helped to identify a few memory leaks, which are fixed by this change. This change should fix an issue reported in #288 with ARG_MAX limits. Fixing this doubled the performance of MKDEPS.COM and AR.COM yet again.
This commit is contained in:
parent
a0b39f886c
commit
226aaf3547
317 changed files with 6474 additions and 3993 deletions
106
libc/testlib/leaks.c
Normal file
106
libc/testlib/leaks.c
Normal file
|
@ -0,0 +1,106 @@
|
|||
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
||||
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
|
||||
╞══════════════════════════════════════════════════════════════════════════════╡
|
||||
│ Copyright 2021 Justine Alexandra Roberts Tunney │
|
||||
│ │
|
||||
│ Permission to use, copy, modify, and/or distribute this software for │
|
||||
│ any purpose with or without fee is hereby granted, provided that the │
|
||||
│ above copyright notice and this permission notice appear in all copies. │
|
||||
│ │
|
||||
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
||||
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
||||
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
||||
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
||||
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
||||
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
||||
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
||||
│ PERFORMANCE OF THIS SOFTWARE. │
|
||||
╚─────────────────────────────────────────────────────────────────────────────*/
|
||||
#include "libc/bits/bits.h"
|
||||
#include "libc/intrin/asan.internal.h"
|
||||
#include "libc/log/libfatal.internal.h"
|
||||
#include "libc/runtime/internal.h"
|
||||
#include "libc/runtime/memtrack.internal.h"
|
||||
#include "libc/runtime/runtime.h"
|
||||
#include "libc/testlib/testlib.h"
|
||||
|
||||
static bool once;
|
||||
static bool hasleaks;
|
||||
|
||||
static noasan void CheckLeak(void *x, void *y, size_t n, void *a) {
|
||||
if (n) {
|
||||
if (IsAsan()) {
|
||||
if (__asan_get_heap_size(x)) {
|
||||
hasleaks = true;
|
||||
}
|
||||
} else {
|
||||
hasleaks = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static noasan void OnMemory(void *x, void *y, size_t n, void *a) {
|
||||
static int i;
|
||||
if (n) {
|
||||
if (++i < 20) {
|
||||
__printf("%p %,d bytes", x, n);
|
||||
if (IsAsan()) {
|
||||
__asan_print_trace(x);
|
||||
}
|
||||
__printf("\n");
|
||||
}
|
||||
if (i == 20) {
|
||||
__printf("etc. etc.\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static noasan bool HasLeaks(void) {
|
||||
malloc_inspect_all(CheckLeak, 0);
|
||||
return hasleaks;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests for memory leaks.
|
||||
*
|
||||
* This function needs to call __cxa_finalize(). Therefore any runtime
|
||||
* services that depend on malloc() cannot be used, after calling this
|
||||
* function.
|
||||
*/
|
||||
noasan void testlib_checkformemoryleaks(void) {
|
||||
struct mallinfo mi;
|
||||
if (!cmpxchg(&once, false, true)) {
|
||||
__printf("testlib_checkformemoryleaks() may only be called once\n");
|
||||
_Exit(1);
|
||||
}
|
||||
__cxa_finalize(0);
|
||||
if (!IsAsan()) {
|
||||
/* TODO(jart): How can we make this work without ASAN? */
|
||||
return;
|
||||
}
|
||||
malloc_trim(0);
|
||||
if (HasLeaks()) {
|
||||
mi = mallinfo();
|
||||
__printf("\n"
|
||||
"UNFREED MEMORY\n"
|
||||
"%s\n"
|
||||
"max allocated space %,*d\n"
|
||||
"total allocated space %,*d\n"
|
||||
"total free space %,*d\n"
|
||||
"releasable space %,*d\n"
|
||||
"mmaped space %,*d\n"
|
||||
"non-mmapped space %,*d\n"
|
||||
"\n",
|
||||
__argv[0], 16l, mi.usmblks, 16l, mi.uordblks, 16l, mi.fordblks,
|
||||
16l, mi.hblkhd, 16l, mi.keepcost, 16l, mi.arena);
|
||||
if (!IsAsan()) {
|
||||
__printf("# NOTE: Use `make -j8 MODE=dbg` for malloc() backtraces\n");
|
||||
}
|
||||
malloc_inspect_all(OnMemory, 0);
|
||||
__printf("\n");
|
||||
PrintMemoryIntervals(2, &_mmi);
|
||||
/* PrintSystemMappings(2); */
|
||||
/* PrintGarbage(); */
|
||||
_Exit(78);
|
||||
}
|
||||
}
|
|
@ -40,77 +40,56 @@ static noasan relegated uint64_t CountMappedBytes(void) {
|
|||
return x;
|
||||
}
|
||||
|
||||
static relegated void DieBecauseOfQuota(char *p, int rc, const char *message) {
|
||||
int e;
|
||||
static relegated void DieBecauseOfQuota(int rc, const char *message) {
|
||||
int e = errno;
|
||||
char hostname[32];
|
||||
e = errno;
|
||||
__restore_tty(2);
|
||||
__stpcpy(hostname, "unknown");
|
||||
gethostname(hostname, sizeof(hostname));
|
||||
p = __stpcpy(p, message);
|
||||
p = __stpcpy(p, " on ");
|
||||
p = __stpcpy(p, hostname);
|
||||
p = __stpcpy(p, " pid ");
|
||||
p = __intcpy(p, __getpid());
|
||||
p = __stpcpy(p, "\n");
|
||||
__write(__fatalbuf, p - __fatalbuf);
|
||||
__printf("%s on %s pid %d\n", message, hostname, (long)__getpid());
|
||||
PrintBacktraceUsingSymbols(2, 0, GetSymbolTable());
|
||||
exit(rc);
|
||||
_Exit(rc);
|
||||
}
|
||||
|
||||
static relegated void OnXcpu(int sig) {
|
||||
DieBecauseOfQuota(__fatalbuf, 23, "\n\nSIGXCPU: ran out of cpu");
|
||||
__restore_tty(2);
|
||||
DieBecauseOfQuota(23, "\n\nSIGXCPU: ran out of cpu");
|
||||
}
|
||||
|
||||
static relegated void OnXfsz(int sig) {
|
||||
DieBecauseOfQuota(__fatalbuf, 25, "\n\nSIGXFSZ: exceeded maximum file size");
|
||||
__restore_tty(2);
|
||||
DieBecauseOfQuota(25, "\n\nSIGXFSZ: exceeded maximum file size");
|
||||
}
|
||||
|
||||
relegated void __oom_hook(size_t request) {
|
||||
int e;
|
||||
char *p;
|
||||
uint64_t toto, newlim;
|
||||
struct MallocStats stats;
|
||||
__restore_tty(2);
|
||||
e = errno;
|
||||
p = __fatalbuf;
|
||||
toto = CountMappedBytes();
|
||||
stats = dlmalloc_stats(g_dlmalloc);
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "WE REQUIRE MORE VESPENE GAS");
|
||||
if (e != ENOMEM) {
|
||||
p = __stpcpy(p, " (");
|
||||
p = __stpcpy(p, strerror(e));
|
||||
p = __stpcpy(p, ")");
|
||||
}
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "mmap last request = ");
|
||||
p = __intcpy(p, request);
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "mmapped system bytes = ");
|
||||
p = __intcpy(p, toto);
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "malloc max system bytes = ");
|
||||
p = __intcpy(p, stats.maxfp);
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "malloc system bytes = ");
|
||||
p = __intcpy(p, stats.fp);
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "malloc in use bytes = ");
|
||||
p = __intcpy(p, stats.used);
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "\n");
|
||||
__printf("\n\nWE REQUIRE MORE VESPENE GAS");
|
||||
if (e != ENOMEM) __printf(" (%s)", strerror(e));
|
||||
__printf("\n"
|
||||
"mmap last request = %d\n"
|
||||
"mmapped system bytes = %d\n"
|
||||
"malloc max system bytes = %d\n"
|
||||
"malloc system bytes = %d\n"
|
||||
"malloc in use bytes = %d\n"
|
||||
"\n",
|
||||
request, toto, stats.maxfp, stats.fp, stats.used);
|
||||
if (IsRunningUnderMake()) {
|
||||
newlim = toto + request;
|
||||
newlim += newlim >> 1;
|
||||
newlim = roundup2pow(newlim);
|
||||
p = __stpcpy(p, "FIX CODE OR TUNE QUOTA += -M");
|
||||
p = __intcpy(p, newlim / (1024 * 1024));
|
||||
p = __stpcpy(p, "m\n");
|
||||
__printf("FIX CODE OR TUNE QUOTA += -M%dm\n", newlim / (1024 * 1024));
|
||||
}
|
||||
p = __stpcpy(p, "\n");
|
||||
p = __stpcpy(p, "THE STRAW THAT BROKE THE CAMEL'S BACK\n");
|
||||
DieBecauseOfQuota(p, 42, "MAP_FAILED: exceeded memory quota");
|
||||
__printf("\n");
|
||||
PrintMemoryIntervals(2, &_mmi);
|
||||
__printf("\nTHE STRAW THAT BROKE THE CAMEL'S BACK\n");
|
||||
PrintBacktraceUsingSymbols(2, 0, GetSymbolTable());
|
||||
PrintSystemMappings(2);
|
||||
_Exit(42);
|
||||
}
|
||||
|
||||
static textstartup void InstallQuotaHandlers(void) {
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#include "libc/bits/safemacros.internal.h"
|
||||
#include "libc/fmt/fmt.h"
|
||||
#include "libc/log/color.internal.h"
|
||||
#include "libc/log/internal.h"
|
||||
#include "libc/log/libfatal.internal.h"
|
||||
#include "libc/testlib/testlib.h"
|
||||
|
||||
|
@ -36,38 +37,18 @@ testonly void testlib_showerror(const char *file, int line, const char *func,
|
|||
/* TODO(jart): Pay off tech debt re duplication */
|
||||
__getpid(); /* make strace easier to read */
|
||||
__getpid();
|
||||
p = __fatalbuf;
|
||||
p = __stpcpy(p, RED2);
|
||||
p = __stpcpy(p, "error");
|
||||
p = __stpcpy(p, UNBOLD);
|
||||
p = __stpcpy(p, BLUE1);
|
||||
p = __stpcpy(p, ":");
|
||||
p = __stpcpy(p, file);
|
||||
p = __stpcpy(p, ":");
|
||||
p = __intcpy(p, line);
|
||||
p = __stpcpy(p, RESET);
|
||||
p = __stpcpy(p, ": ");
|
||||
p = __stpcpy(p, method);
|
||||
p = __stpcpy(p, "() in ");
|
||||
p = __stpcpy(p, func);
|
||||
p = __stpcpy(p, "(");
|
||||
p = __stpcpy(p, g_fixturename);
|
||||
p = __stpcpy(p, ")\n\t");
|
||||
p = __stpcpy(p, code);
|
||||
p = __stpcpy(p, "\n\t\tneed ");
|
||||
p = __stpcpy(p, v1);
|
||||
p = __stpcpy(p, " ");
|
||||
p = __stpcpy(p, symbol);
|
||||
p = __stpcpy(p, "\n\t\t got ");
|
||||
p = __stpcpy(p, v2);
|
||||
p = __stpcpy(p, "\n\t");
|
||||
p = __stpcpy(p, SUBTLE);
|
||||
p = __stpcpy(p, strerror(errno));
|
||||
p = __stpcpy(p, "\n\t");
|
||||
p = __stpcpy(p, program_invocation_name);
|
||||
p = __stpcpy(p, RESET);
|
||||
p = __stpcpy(p, "\n");
|
||||
__write(__fatalbuf, p - __fatalbuf);
|
||||
__printf("%serror%s:%s:%d%s: %s() in %s(%s)\n"
|
||||
"\t%s\n"
|
||||
"\t\tneed %s %s\n"
|
||||
"\t\t got %s\n"
|
||||
"\t%s%s\n"
|
||||
"\t%s%s\n",
|
||||
!g_isterminalinarticulate ? "\e[91;1m" : "",
|
||||
!g_isterminalinarticulate ? "\e[22;94;49m" : "", file, (long)line,
|
||||
!g_isterminalinarticulate ? "\e[0m" : "", method, func,
|
||||
g_fixturename, code, v1, symbol, v2,
|
||||
!g_isterminalinarticulate ? "\e[35m" : "", strerror(errno),
|
||||
program_executable_name, !g_isterminalinarticulate ? "\e[0m" : "");
|
||||
free_s(&v1);
|
||||
free_s(&v2);
|
||||
}
|
||||
|
|
|
@ -352,6 +352,7 @@ void thrashcodecache(void);
|
|||
void testlib_finish(void);
|
||||
void testlib_runalltests(void);
|
||||
void testlib_runallbenchmarks(void);
|
||||
void testlib_checkformemoryleaks(void);
|
||||
void testlib_runtestcases(testfn_t *, testfn_t *, testfn_t);
|
||||
void testlib_runcombos(testfn_t *, testfn_t *, const struct TestFixture *,
|
||||
const struct TestFixture *);
|
||||
|
|
|
@ -59,6 +59,7 @@ LIBC_TESTLIB_A_SRCS_C = \
|
|||
libc/testlib/comborunner.c \
|
||||
libc/testlib/contains.c \
|
||||
libc/testlib/endswith.c \
|
||||
libc/testlib/leaks.c \
|
||||
libc/testlib/yield.c \
|
||||
libc/testlib/ezbenchcontrol.c \
|
||||
libc/testlib/ezbenchreport.c \
|
||||
|
@ -189,6 +190,7 @@ LIBC_TESTMAIN_DIRECTDEPS = \
|
|||
LIBC_SYSV_CALLS \
|
||||
LIBC_TESTLIB \
|
||||
LIBC_TESTLIB_RUNNER \
|
||||
THIRD_PARTY_DLMALLOC \
|
||||
THIRD_PARTY_GETOPT
|
||||
|
||||
LIBC_TESTMAIN_DEPS := \
|
||||
|
|
|
@ -21,8 +21,15 @@
|
|||
#include "libc/calls/calls.h"
|
||||
#include "libc/calls/internal.h"
|
||||
#include "libc/calls/struct/sigaction.h"
|
||||
#include "libc/dce.h"
|
||||
#include "libc/intrin/asan.internal.h"
|
||||
#include "libc/log/libfatal.internal.h"
|
||||
#include "libc/log/log.h"
|
||||
#include "libc/mem/mem.h"
|
||||
#include "libc/nexgen32e/x86feature.h"
|
||||
#include "libc/runtime/internal.h"
|
||||
#include "libc/runtime/memtrack.internal.h"
|
||||
#include "libc/runtime/runtime.h"
|
||||
#include "libc/runtime/symbols.internal.h"
|
||||
#include "libc/stdio/stdio.h"
|
||||
#include "libc/sysv/consts/ex.h"
|
||||
|
@ -42,6 +49,7 @@ Flags:\n\
|
|||
\n"
|
||||
|
||||
STATIC_YOINK("__die");
|
||||
STATIC_YOINK("__get_symbol_by_addr");
|
||||
STATIC_YOINK("testlib_quota_handlers");
|
||||
|
||||
static bool runbenchmarks_;
|
||||
|
@ -75,7 +83,7 @@ void GetOpts(int argc, char *argv[]) {
|
|||
/**
|
||||
* Generic test program main function.
|
||||
*/
|
||||
int main(int argc, char *argv[]) {
|
||||
noasan int main(int argc, char *argv[]) {
|
||||
const char *comdbg;
|
||||
__log_level = kLogInfo;
|
||||
GetOpts(argc, argv);
|
||||
|
@ -86,9 +94,14 @@ int main(int argc, char *argv[]) {
|
|||
testlib_runalltests();
|
||||
if (!g_testlib_failed && runbenchmarks_ && weaken(testlib_runallbenchmarks)) {
|
||||
weaken(testlib_runallbenchmarks)();
|
||||
if (!g_testlib_failed) {
|
||||
testlib_checkformemoryleaks();
|
||||
}
|
||||
if (!g_testlib_failed && IsRunningUnderMake()) {
|
||||
return 254; /* compile.com considers this 0 and propagates output */
|
||||
}
|
||||
} else if (!g_testlib_failed) {
|
||||
testlib_checkformemoryleaks();
|
||||
}
|
||||
return min(255, g_testlib_failed);
|
||||
_Exit(min(255, g_testlib_failed));
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue