diff options
author | Tim Peters <tim.peters@gmail.com> | 2002-03-23 10:03:50 (GMT) |
---|---|---|
committer | Tim Peters <tim.peters@gmail.com> | 2002-03-23 10:03:50 (GMT) |
commit | ddea208be9e2a8fa281e25ebbc890378dd2aa286 (patch) | |
tree | dfce6c87f4eaac29a358e4064cfb10600b18ba98 /Objects/obmalloc.c | |
parent | 91cc17d20e0ad668944fcf8ef9a6c523455d64d7 (diff) | |
download | cpython-ddea208be9e2a8fa281e25ebbc890378dd2aa286.zip cpython-ddea208be9e2a8fa281e25ebbc890378dd2aa286.tar.gz cpython-ddea208be9e2a8fa281e25ebbc890378dd2aa286.tar.bz2 |
Give Python a debug-mode pymalloc, much as sketched on Python-Dev.
When WITH_PYMALLOC is defined, define PYMALLOC_DEBUG to enable the debug
allocator. This can be done independent of build type (release or debug).
A debug build automatically defines PYMALLOC_DEBUG when pymalloc is
enabled. It's a detected error to define PYMALLOC_DEBUG when pymalloc
isn't enabled.
Two debugging entry points defined only under PYMALLOC_DEBUG:
+ _PyMalloc_DebugCheckAddress(const void *p) can be used (e.g., from gdb)
to sanity-check a memory block obtained from pymalloc. It sprays
info to stderr (see next) and dies via Py_FatalError if the block is
detectably damaged.
+ _PyMalloc_DebugDumpAddress(const void *p) can be used to spray info
about a debug memory block to stderr.
A tiny start at implementing "API family" checks isn't good for
anything yet.
_PyMalloc_DebugRealloc() has been optimized to do little when the new
size is <= old size. However, if the new size is larger, it really
can't call the underlying realloc() routine without either violating its
contract, or knowing something non-trivial about how the underlying
realloc() works. A memcpy is always done in this case.
This was a disaster for (and only) one of the std tests: test_bufio
creates single text file lines up to a million characters long. On
Windows, fileobject.c's get_line() uses the horridly funky
getline_via_fgets(), which keeps growing and growing a string object
hoping to find a newline. It grew the string object 1000 bytes each
time, so for a million-character string it took approximately forever
(I gave up after a few minutes).
So, also:
fileobject.c, getline_via_fgets(): When a single line is outrageously
long, grow the string object at a mildly exponential rate, instead of
just 1000 bytes at a time.
That's enough so that a debug-build test_bufio finishes in about 5 seconds
on my Win98SE box. I'm curious to try this on Win2K, because it has very
different memory behavior than Win9X, and test_bufio always took a factor
of 10 longer to complete on Win2K. It *could* be that the endless
reallocs were simply killing it on Win2K even in the release build.
Diffstat (limited to 'Objects/obmalloc.c')
-rw-r--r-- | Objects/obmalloc.c | 332 |
1 files changed, 315 insertions, 17 deletions
diff --git a/Objects/obmalloc.c b/Objects/obmalloc.c index 4e141c7..3e9465f 100644 --- a/Objects/obmalloc.c +++ b/Objects/obmalloc.c @@ -623,24 +623,10 @@ _PyMalloc_Realloc(void *p, size_t nbytes) return (void *)bp; } -/* calloc */ - -/* -- unused -- -void * -_PyMalloc_Calloc(size_t nbel, size_t elsz) -{ - void *p; - size_t nbytes; - - nbytes = nbel * elsz; - p = _PyMalloc_Malloc(nbytes); - if (p != NULL) - memset(p, 0, nbytes); - return p; -} -*/ - #else /* ! WITH_PYMALLOC */ + +/*==========================================================================*/ +/* pymalloc not enabled: Redirect the entry points to the PyMem family. */ void * _PyMalloc_Malloc(size_t n) { @@ -686,3 +672,315 @@ _PyMalloc_Del(PyObject *op) { _PyMalloc_FREE(op); } + +#ifdef PYMALLOC_DEBUG +/*==========================================================================*/ +/* A x-platform debugging allocator. */ + +#define PYMALLOC_CLEANBYTE 0xCB /* uninitialized memory */ +#define PYMALLOC_DEADBYTE 0xDB /* free()ed memory */ +#define PYMALLOC_FORBIDDENBYTE 0xFB /* unusable memory */ + +static ulong serialno = 0; /* incremented on each debug {m,re}alloc */ + +/* Read 4 bytes at p as a big-endian ulong. */ +static ulong +read4(const void *p) +{ + const unsigned char *q = (unsigned char *)p; + return ((ulong)q[0] << 24) | + ((ulong)q[1] << 16) | + ((ulong)q[2] << 8) | + (ulong)q[3]; +} + +/* Write the 4 least-significant bytes of n as a big-endian unsigned int, + MSB at address p, LSB at p+3. */ +static void +write4(void *p, ulong n) +{ + unsigned char *q = (unsigned char *)p; + q[0] = (unsigned char)((n >> 24) & 0xff); + q[1] = (unsigned char)((n >> 16) & 0xff); + q[2] = (unsigned char)((n >> 8) & 0xff); + q[3] = (unsigned char)( n & 0xff); +} + +static void +check_family(const void *p, int family) +{ + const uchar *q = (const uchar *)p; + int original_family; + char buf[200]; + + assert(p != NULL); + original_family = (int)*(q-4); + if (family != original_family) { + /* XXX better msg */ + PyOS_snprintf(buf, sizeof(buf), + "free or realloc from family #%d called, " + "but block was allocated by family #%d", + family, original_family); + _PyMalloc_DebugDumpAddress(p); + Py_FatalError(buf); + } +} + +/* The debug malloc asks for 16 extra bytes and fills them with useful stuff, + here calling the underlying malloc's result p: + +p[0:4] + Number of bytes originally asked for. 4-byte unsigned integer, + big-endian (easier to read in a memory dump). +p[4] + The API "family" this malloc call belongs to. XXX todo XXX +p[5:8] + Copies of PYMALLOC_FORBIDDENBYTE. Used to catch under- writes + and reads. +p[8:8+n] + The requested memory, filled with copies of PYMALLOC_CLEANBYTE. + Used to catch reference to uninitialized memory. + &p[8] is returned. Note that this is 8-byte aligned if PyMalloc + handled the request itself. +p[8+n:8+n+4] + Copies of PYMALLOC_FORBIDDENBYTE. Used to catch over- writes + and reads. +p[8+n+4:8+n+8] + A serial number, incremented by 1 on each call to _PyMalloc_DebugMalloc + and _PyMalloc_DebugRealloc. + 4-byte unsigned integer, big-endian. + If "bad memory" is detected later, the serial number gives an + excellent way to set a breakpoint on the next run, to capture the + instant at which this block was passed out. +*/ + +void * +_PyMalloc_DebugMalloc(size_t nbytes, int family) +{ + uchar *p; /* base address of malloc'ed block */ + uchar *q; /* p + 8 + nbytes + */ + size_t total; /* nbytes + 16 */ + + assert(family == 0); + + ++serialno; + total = nbytes + 16; + if (total < nbytes || (total >> 31) > 1) { + /* overflow, or we can't represent it in 4 bytes */ + /* Obscure: can't do (total >> 32) != 0 instead, because + C doesn't define what happens for a right-shift of 32 + when size_t is a 32-bit type. At least C guarantees + size_t is an unsigned type. */ + return NULL; + } + + p = _PyMalloc_Malloc(total); /* XXX derive from family */ + if (p == NULL) + return NULL; + + write4(p, nbytes); + p[4] = (uchar)family; + p[5] = p[6] = p[7] = PYMALLOC_FORBIDDENBYTE; + + if (nbytes > 0) + memset(p+8, PYMALLOC_CLEANBYTE, nbytes); + + q = p + 8 + nbytes; + q[0] = q[1] = q[2] = q[3] = PYMALLOC_FORBIDDENBYTE; + write4(q+4, serialno); + + return p+8; +} + +/* The debug free first uses the address to find the number of bytes + originally asked for, then checks the 8 bytes on each end for + sanity (in particular, that the PYMALLOC_FORBIDDENBYTEs are still + intact). + Then fills the original bytes with PYMALLOC_DEADBYTE. + Then calls the underlying free. +*/ +void +_PyMalloc_DebugFree(void *p, int family) +{ + uchar *q = (uchar*)p; + size_t nbytes; + + assert(family == 0); + + if (p == NULL) + return; + check_family(p, family); + _PyMalloc_DebugCheckAddress(p); + nbytes = read4(q-8); + if (nbytes > 0) + memset(q, PYMALLOC_DEADBYTE, nbytes); + _PyMalloc_Free(q-8); /* XXX derive from family */ +} + +void * +_PyMalloc_DebugRealloc(void *p, size_t nbytes, int family) +{ + uchar *q = (uchar *)p; + size_t original_nbytes; + uchar *fresh; /* new memory block, if needed */ + + assert(family == 0); + + if (p == NULL) + return _PyMalloc_DebugMalloc(nbytes, family); + + check_family(p, family); + _PyMalloc_DebugCheckAddress(p); + + original_nbytes = read4(q-8); + if (nbytes == original_nbytes) { + /* note that this case is likely to be common due to the + way Python appends to lists */ + ++serialno; + write4(q + nbytes + 4, serialno); + return p; + } + + if (nbytes < original_nbytes) { + /* shrinking -- leave the guts alone, except to + fill the excess with DEADBYTE */ + const size_t excess = original_nbytes - nbytes; + ++serialno; + write4(q-8, nbytes); + /* kill the excess bytes plus the trailing 8 pad bytes */ + memset(q + nbytes, PYMALLOC_DEADBYTE, excess + 8); + q += nbytes; + q[0] = q[1] = q[2] = q[3] = PYMALLOC_FORBIDDENBYTE; + write4(q+4, serialno); + return p; + } + + /* More memory is needed: get it, copy over the first original_nbytes + of the original data, and free the original memory. */ + fresh = (uchar *)_PyMalloc_DebugMalloc(nbytes, family); + if (fresh != NULL && original_nbytes > 0) + memcpy(fresh, p, original_nbytes); + _PyMalloc_DebugFree(p, family); + return fresh; +} + +void +_PyMalloc_DebugCheckAddress(const void *p) +{ + const uchar *q = (const uchar *)p; + char *msg = NULL; + + if (p == NULL) + msg = "didn't expect a NULL pointer"; + + else if (*(q-3) != PYMALLOC_FORBIDDENBYTE || + *(q-2) != PYMALLOC_FORBIDDENBYTE || + *(q-1) != PYMALLOC_FORBIDDENBYTE) + msg = "bad leading pad byte"; + + else { + const ulong nbytes = read4(q-8); + const uchar *tail = q + nbytes; + int i; + for (i = 0; i < 4; ++i) { + if (tail[i] != PYMALLOC_FORBIDDENBYTE) { + msg = "bad trailing pad byte"; + break; + } + } + } + + if (msg != NULL) { + _PyMalloc_DebugDumpAddress(p); + Py_FatalError(msg); + } +} + +void +_PyMalloc_DebugDumpAddress(const void *p) +{ + const uchar *q = (const uchar *)p; + const uchar *tail; + ulong nbytes, serial; + + fprintf(stderr, "Debug memory block at address p=%p:\n", p); + if (p == NULL) + return; + + nbytes = read4(q-8); + fprintf(stderr, " %lu bytes originally allocated\n", nbytes); + fprintf(stderr, " from API family #%d\n", *(q-4)); + + /* In case this is nuts, check the pad bytes before trying to read up + the serial number (the address deref could blow up). */ + + fprintf(stderr, " the 3 pad bytes at p-3 are "); + if (*(q-3) == PYMALLOC_FORBIDDENBYTE && + *(q-2) == PYMALLOC_FORBIDDENBYTE && + *(q-1) == PYMALLOC_FORBIDDENBYTE) { + fprintf(stderr, "PYMALLOC_FORBIDDENBYTE, as expected\n"); + } + else { + int i; + fprintf(stderr, "not all PYMALLOC_FORBIDDENBYTE (0x%02x):\n", + PYMALLOC_FORBIDDENBYTE); + for (i = 3; i >= 1; --i) { + const uchar byte = *(q-i); + fprintf(stderr, " at p-%d: 0x%02x", i, byte); + if (byte != PYMALLOC_FORBIDDENBYTE) + fputs(" *** OUCH", stderr); + fputc('\n', stderr); + } + } + + tail = q + nbytes; + fprintf(stderr, " the 4 pad bytes at tail=%p are ", tail); + if (tail[0] == PYMALLOC_FORBIDDENBYTE && + tail[1] == PYMALLOC_FORBIDDENBYTE && + tail[2] == PYMALLOC_FORBIDDENBYTE && + tail[3] == PYMALLOC_FORBIDDENBYTE) { + fprintf(stderr, "PYMALLOC_FORBIDDENBYTE, as expected\n"); + } + else { + int i; + fprintf(stderr, "not all PYMALLOC_FORBIDDENBYTE (0x%02x):\n", + PYMALLOC_FORBIDDENBYTE); + for (i = 0; i < 4; ++i) { + const uchar byte = tail[i]; + fprintf(stderr, " at tail+%d: 0x%02x", + i, byte); + if (byte != PYMALLOC_FORBIDDENBYTE) + fputs(" *** OUCH", stderr); + fputc('\n', stderr); + } + } + + serial = read4(tail+4); + fprintf(stderr, " the block was made by call #%lu to " + "debug malloc/realloc\n", serial); + + if (nbytes > 0) { + int i = 0; + fprintf(stderr, " data at p:"); + /* print up to 8 bytes at the start */ + while (q < tail && i < 8) { + fprintf(stderr, " %02x", *q); + ++i; + ++q; + } + /* and up to 8 at the end */ + if (q < tail) { + if (tail - q > 8) { + fprintf(stderr, " ..."); + q = tail - 8; + } + while (q < tail) { + fprintf(stderr, " %02x", *q); + ++q; + } + } + fprintf(stderr, "\n"); + } +} + +#endif /* PYMALLOC_DEBUG */ |