diff options
author | Kristján Valur Jónsson <kristjan@ccpgames.com> | 2009-09-28 13:12:38 (GMT) |
---|---|---|
committer | Kristján Valur Jónsson <kristjan@ccpgames.com> | 2009-09-28 13:12:38 (GMT) |
commit | 02ca57ce4c728c4a18d31a6a3f2681bcd1aea2da (patch) | |
tree | e8324025b807032f476c398675dc7a162c2440de /Objects | |
parent | d12f86ce96d3aeb91e9c7f010e303bbc1b8d14da (diff) | |
download | cpython-02ca57ce4c728c4a18d31a6a3f2681bcd1aea2da.zip cpython-02ca57ce4c728c4a18d31a6a3f2681bcd1aea2da.tar.gz cpython-02ca57ce4c728c4a18d31a6a3f2681bcd1aea2da.tar.bz2 |
http://bugs.python.org/issue6836
The debug memory api now keeps track of which external API (PyMem_* or PyObject_*) was used to allocate each block and treats any API violation as an error. Added separate _PyMem_DebugMalloc functions for the Py_Mem API instead of having it use the _PyObject_DebugMalloc functions.
Diffstat (limited to 'Objects')
-rw-r--r-- | Objects/obmalloc.c | 104 |
1 files changed, 87 insertions, 17 deletions
diff --git a/Objects/obmalloc.c b/Objects/obmalloc.c index d1586c2..b2c053f 100644 --- a/Objects/obmalloc.c +++ b/Objects/obmalloc.c @@ -1241,6 +1241,10 @@ PyObject_Free(void *p) #define DEADBYTE 0xDB /* dead (newly freed) memory */ #define FORBIDDENBYTE 0xFB /* untouchable bytes at each end of a block */ +/* We tag each block with an API ID in order to tag API violations */ +#define _PYMALLOC_MEM_ID 'm' /* the PyMem_Malloc() API */ +#define _PYMALLOC_OBJ_ID 'o' /* The PyObject_Malloc() API */ + static size_t serialno = 0; /* incremented on each debug {m,re}alloc */ /* serialno is always incremented via calling this routine. The point is @@ -1331,9 +1335,50 @@ p[2*S+n+S: 2*S+n+2*S] instant at which this block was passed out. */ +/* debug replacements for the PyMem_* memory API */ +void * +_PyMem_DebugMalloc(size_t nbytes) +{ + return _PyObject_DebugMallocApi(_PYMALLOC_MEM_ID, nbytes); +} +void * +_PyMem_DebugRealloc(void *p, size_t nbytes) +{ + return _PyObject_DebugReallocApi(_PYMALLOC_MEM_ID, p, nbytes); +} +void +_PyMem_DebugFree(void *p) +{ + _PyObject_DebugFreeApi(_PYMALLOC_MEM_ID, p); +} + +/* debug replacements for the PyObject_* memory API */ void * _PyObject_DebugMalloc(size_t nbytes) { + return _PyObject_DebugMallocApi(_PYMALLOC_OBJ_ID, nbytes); +} +void * +_PyObject_DebugRealloc(void *p, size_t nbytes) +{ + return _PyObject_DebugReallocApi(_PYMALLOC_OBJ_ID, p, nbytes); +} +void +_PyObject_DebugFree(void *p) +{ + _PyObject_DebugFreeApi(_PYMALLOC_OBJ_ID, p); +} +void +_PyObject_DebugCheckAddress(void *p) +{ + _PyObject_DebugCheckAddressApi(_PYMALLOC_OBJ_ID, p); +} + + +/* generic debug memory api, with an "id" to identify the API in use */ +void * +_PyObject_DebugMallocApi(char id, size_t nbytes) +{ uchar *p; /* base address of malloc'ed block */ uchar *tail; /* p + 2*SST + nbytes == pointer to tail pad bytes */ size_t total; /* nbytes + 4*SST */ @@ -1348,12 +1393,15 @@ _PyObject_DebugMalloc(size_t nbytes) if (p == NULL) return NULL; + /* at p, write size (SST bytes), id (1 byte), pad (SST-1 bytes) */ write_size_t(p, nbytes); - memset(p + SST, FORBIDDENBYTE, SST); + p[SST] = (uchar)id; + memset(p + SST + 1 , FORBIDDENBYTE, SST-1); if (nbytes > 0) memset(p + 2*SST, CLEANBYTE, nbytes); + /* at tail, write pad (SST bytes) and serialno (SST bytes) */ tail = p + 2*SST + nbytes; memset(tail, FORBIDDENBYTE, SST); write_size_t(tail + SST, serialno); @@ -1362,27 +1410,28 @@ _PyObject_DebugMalloc(size_t nbytes) } /* The debug free first checks the 2*SST bytes on each end for sanity (in - particular, that the FORBIDDENBYTEs are still intact). + particular, that the FORBIDDENBYTEs with the api ID are still intact). Then fills the original bytes with DEADBYTE. Then calls the underlying free. */ void -_PyObject_DebugFree(void *p) +_PyObject_DebugFreeApi(char api, void *p) { uchar *q = (uchar *)p - 2*SST; /* address returned from malloc */ size_t nbytes; if (p == NULL) return; - _PyObject_DebugCheckAddress(p); + _PyObject_DebugCheckAddressApi(api, p); nbytes = read_size_t(q); + nbytes += 4*SST; if (nbytes > 0) memset(q, DEADBYTE, nbytes); PyObject_Free(q); } void * -_PyObject_DebugRealloc(void *p, size_t nbytes) +_PyObject_DebugReallocApi(char api, void *p, size_t nbytes) { uchar *q = (uchar *)p; uchar *tail; @@ -1391,9 +1440,9 @@ _PyObject_DebugRealloc(void *p, size_t nbytes) int i; if (p == NULL) - return _PyObject_DebugMalloc(nbytes); + return _PyObject_DebugMallocApi(api, nbytes); - _PyObject_DebugCheckAddress(p); + _PyObject_DebugCheckAddressApi(api, p); bumpserialno(); original_nbytes = read_size_t(q - 2*SST); total = nbytes + 4*SST; @@ -1403,16 +1452,20 @@ _PyObject_DebugRealloc(void *p, size_t nbytes) if (nbytes < original_nbytes) { /* shrinking: mark old extra memory dead */ - memset(q + nbytes, DEADBYTE, original_nbytes - nbytes); + memset(q + nbytes, DEADBYTE, original_nbytes - nbytes + 2*SST); } - /* Resize and add decorations. */ + /* Resize and add decorations. We may get a new pointer here, in which + * case we didn't get the chance to mark the old memory with DEADBYTE, + * but we live with that. + */ q = (uchar *)PyObject_Realloc(q - 2*SST, total); if (q == NULL) return NULL; write_size_t(q, nbytes); - for (i = 0; i < SST; ++i) + assert(q[SST] == (uchar)api); + for (i = 1; i < SST; ++i) assert(q[SST + i] == FORBIDDENBYTE); q += 2*SST; tail = q + nbytes; @@ -1431,26 +1484,38 @@ _PyObject_DebugRealloc(void *p, size_t nbytes) /* Check the forbidden bytes on both ends of the memory allocated for p. * If anything is wrong, print info to stderr via _PyObject_DebugDumpAddress, * and call Py_FatalError to kill the program. + * The API id, is also checked. */ void -_PyObject_DebugCheckAddress(const void *p) +_PyObject_DebugCheckAddressApi(char api, const void *p) { const uchar *q = (const uchar *)p; + char msgbuf[64]; char *msg; size_t nbytes; const uchar *tail; int i; + char id; if (p == NULL) { msg = "didn't expect a NULL pointer"; goto error; } + /* Check the API id */ + id = (char)q[-SST]; + if (id != api) { + msg = msgbuf; + snprintf(msg, sizeof(msgbuf), "bad ID: Allocated using API '%c', verified using API '%c'", id, api); + msgbuf[sizeof(msgbuf)-1] = 0; + goto error; + } + /* Check the stuff at the start of p first: if there's underwrite * corruption, the number-of-bytes field may be nuts, and checking * the tail could lead to a segfault then. */ - for (i = SST; i >= 1; --i) { + for (i = SST-1; i >= 1; --i) { if (*(q-i) != FORBIDDENBYTE) { msg = "bad leading pad byte"; goto error; @@ -1482,19 +1547,24 @@ _PyObject_DebugDumpAddress(const void *p) size_t nbytes, serial; int i; int ok; + char id; - fprintf(stderr, "Debug memory block at address p=%p:\n", p); - if (p == NULL) + fprintf(stderr, "Debug memory block at address p=%p:", p); + if (p == NULL) { + fprintf(stderr, "\n"); return; + } + id = (char)q[-SST]; + fprintf(stderr, " API '%c'\n", id); nbytes = read_size_t(q - 2*SST); fprintf(stderr, " %" PY_FORMAT_SIZE_T "u bytes originally " "requested\n", nbytes); /* In case this is nuts, check the leading pad bytes first. */ - fprintf(stderr, " The %d pad bytes at p-%d are ", SST, SST); + fprintf(stderr, " The %d pad bytes at p-%d are ", SST-1, SST-1); ok = 1; - for (i = 1; i <= SST; ++i) { + for (i = 1; i <= SST-1; ++i) { if (*(q-i) != FORBIDDENBYTE) { ok = 0; break; @@ -1505,7 +1575,7 @@ _PyObject_DebugDumpAddress(const void *p) else { fprintf(stderr, "not all FORBIDDENBYTE (0x%02x):\n", FORBIDDENBYTE); - for (i = SST; i >= 1; --i) { + for (i = SST-1; i >= 1; --i) { const uchar byte = *(q-i); fprintf(stderr, " at p-%d: 0x%02x", i, byte); if (byte != FORBIDDENBYTE) |