Skip to content

Add a naked pointers dynamic checker, continued#9956

Merged
xavierleroy merged 16 commits intoocaml:trunkfrom
xavierleroy:nnp_checker
Oct 5, 2020
Merged

Add a naked pointers dynamic checker, continued#9956
xavierleroy merged 16 commits intoocaml:trunkfrom
xavierleroy:nnp_checker

Conversation

@xavierleroy
Copy link
Copy Markdown
Contributor

@xavierleroy xavierleroy commented Oct 3, 2020

This is a variant of #9947 where the check for "naked pointers" (dangerous out-of-heap pointers) is performed in a runtime system that supports naked pointers and will not crash early when it encounters one.

Also, the check is disabled in bytecode, as we don't catch SEGV signals in this case.

Tests were added to the test suite that exercise the three modes: naked pointers / naked pointers + dynamic checker / no naked pointers.

kayceesrk and others added 14 commits October 3, 2020 18:44
@kayceesrk @xavierleroy
Initial commit of naked pointer checker
a30aa08
@kayceesrk @xavierleroy
Atoms have black header. Objects must be reasonable sized.
adff654
@kayceesrk @xavierleroy
Disable optimisations for is_pointer_safe
a6aff81
@kayceesrk @xavierleroy
Convince clang to generate the correct code
06a91e9
@kayceesrk @xavierleroy
Use inline assembly to circumvent obstinate clang
24088a0
@dra27 @xavierleroy
Stephen's safe_load code for msvc64
8980d61
@dra27 @xavierleroy
SIZEOF_PTR != SIZEOF_LONG on Windows
f8aeac9
@abbysmal @xavierleroy
nnp checker: cherry-pick to trunk, update to support 4.12.0 and confi…
f754a9d 
…gure additions
@abbysmal @xavierleroy
Changes entry for naked pointers checker
3c246c4
@abbysmal @xavierleroy
nnp checker: checking_pointer_pc not used on _WIN32
2ae7899
@abbysmal @xavierleroy
update Changes entry
f3a6629
@xavierleroy
Revise the checker for naked pointers
a72b014 
- It must run in naked pointers mode, otherwise other parts of the runtime
  system will crash on naked pointers before they can be detected
- It cannot run in bytecode because catching SIGSEGV is done only in
  native code
@xavierleroy
--enable-naked-pointers-checker is incompatible with --disable-naked-…
cccbaea 
…pointers
@xavierleroy
Tests for naked pointer support and naked pointer checking
1332302 
np1 and np2 are valid uses of out-of-heap pointers even in
no-naked-pointers mode.  np2 will generate an alarm in checking mode, though.

np3 and np4 are OK only in naked-pointers mode.  They will generate alarms
in checking mode.
@xavierleroy xavierleroy mentioned this pull request Oct 3, 2020
Closed
kayceesrk
kayceesrk reviewed Oct 5, 2020
View reviewed changes
runtime/major_gc.c Outdated
/* For the pointer to be considered safe, either the given pointer is in heap
* or the (out of heap) pointer has a black header and its size is < 2 ** 40
* words (128 GB). If not, we report a warning. */
if (Is_in_heap (v) ||
Copy link
Copy Markdown
Contributor

@kayceesrk kayceesrk Oct 5, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC check_pointer_safe is only invoked when !Is_in_heap(v) && !Is_young(v). check_pointer_safe should not be called on a pointer in the minor heap since OCaml does not define what the colour of minor objects is.

Would it be useful to rename this function to caml_is_naked_pointer_safe, with an assertion CAMLassert (!Is_in_heap(v) && !Is_young(v)) to make these assumptions explicit?

Copy link
Copy Markdown
Contributor Author

@xavierleroy xavierleroy Oct 5, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you're absolutely right! I renamed to is_naked_pointer_safe (it's a static function, so no need for caml_), added the assertion, and removed the Is_in_heap test within.

@kayceesrk
Copy link
Copy Markdown
Contributor

kayceesrk commented Oct 5, 2020

I've reviewed the changes and it looks good to me. In particular, having the test in naked pointers mode makes sense to me.

@nojb
Copy link
Copy Markdown
Contributor

nojb commented Oct 5, 2020

@kayceesrk Just to make sure I understand, in this comment it is written that safe_load is no longer needed, but the function is still present in the code. Did I misunderstand the comment?

@kayceesrk
Copy link
Copy Markdown
Contributor

kayceesrk commented Oct 5, 2020

I should have clarified that safe_load was no longer needed in mark_stack_push since we no longer load the header since #9951. See https://github.com/ocaml/ocaml/pull/9951/files#diff-554731eb45f6f98a2ad012dfbe66f9caL244.

@nojb
Copy link
Copy Markdown
Contributor

nojb commented Oct 5, 2020

Thanks for the explanation, I understand now.

@xavierleroy
Take review comments into account
8190e10 
- Rename `check_pointer_safe` -> `is_naked_pointer_safe`
- Make it clear that it is called only on out-of-heap pointers
  (neither Is_young nor Is_in_heap), as checked by the caller.
@kayceesrk
Copy link
Copy Markdown
Contributor

kayceesrk commented Oct 5, 2020

Lgtm!

@xavierleroy xavierleroy merged commit af48d9f into ocaml:trunk Oct 5, 2020
@xavierleroy xavierleroy deleted the nnp_checker branch October 5, 2020 12:44
@ctk21 ctk21 mentioned this pull request Nov 29, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kayceesrk kayceesrk kayceesrk left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@xavierleroy @kayceesrk @nojb @dra27 @abbysmal