From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Dumper issue, revisited; invalid realloc/free Date: Wed, 04 Feb 2015 21:21:03 +0200 Message-ID: <83oap9fppc.fsf@gnu.org> References: <20150204175709.GX23507@brightrain.aerifal.cx> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1423077686 6851 80.91.229.3 (4 Feb 2015 19:21:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 4 Feb 2015 19:21:26 +0000 (UTC) Cc: emacs-devel@gnu.org To: Rich Felker Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Feb 04 20:21:25 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1YJ5Vs-0000LF-PV for ged-emacs-devel@m.gmane.org; Wed, 04 Feb 2015 20:21:24 +0100 Original-Received: from localhost ([::1]:38272 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YJ5Vo-0005DI-Tl for ged-emacs-devel@m.gmane.org; Wed, 04 Feb 2015 14:21:20 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41841) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YJ5Vl-0005DD-TX for emacs-devel@gnu.org; Wed, 04 Feb 2015 14:21:18 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YJ5Vg-0006pu-TV for emacs-devel@gnu.org; Wed, 04 Feb 2015 14:21:17 -0500 Original-Received: from mtaout24.012.net.il ([80.179.55.180]:41777) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YJ5Vg-0006pk-Kx for emacs-devel@gnu.org; Wed, 04 Feb 2015 14:21:12 -0500 Original-Received: from conversion-daemon.mtaout24.012.net.il by mtaout24.012.net.il (HyperSendmail v2007.08) id <0NJ900O00HAFRV00@mtaout24.012.net.il> for emacs-devel@gnu.org; Wed, 04 Feb 2015 21:12:57 +0200 (IST) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by mtaout24.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NJ900GWJHDLAJ70@mtaout24.012.net.il>; Wed, 04 Feb 2015 21:12:57 +0200 (IST) In-reply-to: <20150204175709.GX23507@brightrain.aerifal.cx> X-012-Sender: halo1@inter.net.il X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 80.179.55.180 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:182389 Archived-At: > Date: Wed, 4 Feb 2015 12:57:09 -0500 > From: Rich Felker > > Last summer I started a thread about the ever-recurring dumper > portability problem and how it was blocking use of emacs on systems > based on musl libc. Recently I've been working with several people > interested in getting emacs working on Alpine Linux and musl-based > Gentoo, and I made some progress working around the issue: > > http://www.openwall.com/lists/musl/2015/02/03/1 I suggest that you take a look at src/w32heap.c on Emacs's master branch. There' you will see a simple solution of a very similar (if not identical) problem we have on MS-Windows. It even includes a simple handling of large allocations. The only disadvantage of this scheme is that it wastes space in the final binary, because the space reserved for the build-time allocations needs to be large enough to support the building of bootstrap-emacs, which is built before the Lisp files are compiled, and thus needs roughly twice the space -- which is then wasted in the next binary the build produces. It would be nice to solve this at some point, but it's not a catastrophe. > However, on further examination, the workaround I did is insufficient. > >From what I can tell, emacs is making an additional assumption on > malloc: not only that malloc results will be contiguous with > data/bss/brk so they can be dumped, but also that calling free() or > realloc() on these objects in the new process after dumping is valid. Either that, or realloc/free are never called on the objects allocated before dumping. On some platforms, the second assumption actually holds. > IMO this is utter nonsense, even with glibc or other widely-used > systems. It imposes an assumption that the heap structures in the > malloc version used at dump time match the heap structures in the > malloc version used at runtime, and that the runtime malloc is not > doing any sanity checks to catch and abort when a pointer into .data > is passed to realloc/free. Or that the libc memory allocation routines can gracefully handle these situations.