From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: Alejandro Colomar <alx.manpages@gmail.com>,
Mingye Wang <arthur200126@gmail.com>
Cc: linux-man@vger.kernel.org,
GNU C Library <libc-alpha@sourceware.org>,
DJ Delorie <dj@redhat.com>, Sam James <sam@gentoo.org>
Subject: Re: [RFC PATCH] malloc_usable_size.3: Warn about _FORTIFY_SOURCE interaction
Date: Wed, 5 Apr 2023 08:58:09 -0400 [thread overview]
Message-ID: <c2de29e8-8d79-c754-0eb2-99e55d8c60cc@gotplt.org> (raw)
In-Reply-To: <62c2e2dd-fe20-774d-cecb-3c629336e87c@gmail.com>
On 2023-04-04 22:35, Alejandro Colomar wrote:
> This might be useful to you: I happen to comaintain a code base that
> uses malloc_usable_size(3). I have no idea why it was added, and it
> seems to be used in a test, but not in the actual program, which makes
> me happy to not have to fix that :). Maybe it is useful to you to check
> that code to see why would some heavily-optimized code base want to use
> it. You may very well find that it was not really used for anything
> useful; there's a lot of dead code which I haven't been able to remove
> yet due to discrepancies.
>
> Here are all the mentions I see to this API:
>
> $ grep -rn malloc_usable_size
> src/test/nxt_malloc_test.c:54: nxt_malloc_usable_size(p[i], s);
> src/nxt_malloc.h:37: * memory than is requested, so malloc_usable_size() allows to use all
> src/nxt_malloc.h:52: * with small cutback and then to adjust size with malloc_usable_size().
> src/nxt_malloc.h:53: * Glibc malloc_usable_size() is fast operation.
> src/nxt_malloc.h:56:#define nxt_malloc_usable_size(p, size) \
> src/nxt_malloc.h:57: size = malloc_usable_size(p)
> src/nxt_malloc.h:77: * FreeBSD 7.0 malloc_usable_size() is fast for allocations, which
> src/nxt_malloc.h:81:#define nxt_malloc_usable_size(p, size) \
> src/nxt_malloc.h:82: size = malloc_usable_size(p)
> src/nxt_malloc.h:101:#define nxt_malloc_usable_size(p, size) \
> src/nxt_malloc.h:108:#define nxt_malloc_usable_size(p, size)
> src/nxt_unix.h:32:#include <malloc.h> /* malloc_usable_size(). */
> src/nxt_unix.h:49:#include <malloc_np.h> /* malloc_usable_size(). */
> auto/malloc:53:# Linux malloc_usable_size().
> auto/malloc:55:nxt_feature="Linux malloc_usable_size()"
> auto/malloc:66: if (malloc_usable_size(p) < 4096)
> auto/malloc:75: # FreeBSD malloc_usable_size().
> auto/malloc:77: nxt_feature="FreeBSD malloc_usable_size()"
> auto/malloc:89: if (malloc_usable_size(p) < 4096)
>
> The only ones that may be interesting to you are the single use (the
> commit that added the line says "Initial version.", so it won't help):
>
> <https://github.com/nginx/unit/blob/c54331fa3d9597ba6bc85e7b7242981f00ed25c2/src/test/nxt_malloc_test.c#L54>
>
> and the header where we define a wrapper macro, which contains several
> comments about assumptions made about different libc implementations:
>
> <https://github.com/nginx/unit/blob/c54331fa3d9597ba6bc85e7b7242981f00ed25c2/src/nxt_malloc.h#L35>
>
> I hope that tells you something. It doesn't tell me anything, but I'm
> not used to fiddling with allocators. :)
I'm sorry it doesn't, I can't tell from a quick peek what that test is
trying to do :/
>> This amendment that DJ wrote is probably the most precise description of
>> the current malloc_usage_size situation:
>>
>> The value returned by malloc_usable_size() may be greater than the
>> requested size of the allocation because of various internal
>> implementation details, none of which the programmer should rely on.
>> This function is intended to only be used for diagnostics and
>> statistics; writing to the excess memory without first calling
>> realloc() to resize the allocation is not supported. The returned
>> value is only valid at the time of the call; any other call to a
>> malloc family API may invalidate it.
I should probably add that I'm trying to come up with something that
will provide the functionality most people depend on malloc_usable_size
for but with more defined semantics that doesn't simply leak internals
like malloc_usable_size does. However it's too early for me to promise
anything and whatever solution that comes up will likely be ABI
incompatible anyway. So the above is the most precise description of
the situation and whatever happens, we'll only end up adding to it, not
replacing it.
Thanks,
Sid
next prev parent reply other threads:[~2023-04-05 12:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAD66C+YQKWJQNv2i=8+BuL3Z5NzDQsG-1izhVxZ549xhMTTUjA@mail.gmail.com>
2023-04-04 11:42 ` Siddhesh Poyarekar
2023-04-05 0:51 ` Sam James
2023-04-05 2:35 ` Alejandro Colomar
2023-04-05 12:58 ` Siddhesh Poyarekar [this message]
2023-04-05 13:55 Wilco Dijkstra
2023-04-05 21:00 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c2de29e8-8d79-c754-0eb2-99e55d8c60cc@gotplt.org \
--to=siddhesh@gotplt.org \
--cc=alx.manpages@gmail.com \
--cc=arthur200126@gmail.com \
--cc=dj@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-man@vger.kernel.org \
--cc=sam@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).