Ivan Maidanski [Thu, 30 Mar 2017 21:11:04 +0000 (00:11 +0300)]
Fix gc.h compliance to strict ANSI (pthreads)
(Cherry-pick commits 1554297, 0970110 from 'master' branch.)
If -std=cXX option is passed to gcc/clang then sigset_t is undefined,
thus GC_pthread_sigmask declaration should be omitted. However, this
symbol should be available during GC source code audit by cppcheck.
* include/gc_pthread_redirects.h [!GC_NO_PTHREAD_SIGMASK]
(GC_pthread_sigmask): Declare only if GC_PTHREAD_SIGMASK_NEEDED or
_POSIX_C_SOURCE >= 199506 or _XOPEN_SOURCE >= 500, or _BSD_SOURCE
or _GNU_SOURCE.
* tests/test.c [CPPCHECK && !_GNU_SOURCE && GC_PTHREADS] (_GNU_SOURCE):
Likewise.
Ivan Maidanski [Thu, 30 Mar 2017 19:06:09 +0000 (22:06 +0300)]
Fix mixed include of GC public header and gc_priv.h in disclaim bench/test
Include gc_priv.h should be avoided in tests (if possible) or, at
least, this include should not precede include of the public GC
headers (because, e.g., gc_priv.h define GC_BUILD which influences
declspec of the GC public symbols in case of a shared library).
* tests/disclaim_bench.c: Move include gc_priv.h to be after
gc_disclaim.h; add comment .
* tests/disclaim_bench.c [HAVE_CONFIG_H]: Include "config.h" (before
include gc_disclaim.h).
* tests/disclaim_test.c [LINT2]: Do not include gc_priv.h; include
config.h instead.
* tests/disclaim_test.c [LINT2] (GC_API_PRIV): Define.
* tests/disclaim_test.c [LINT2] (GC_random): Declare the function
(instead of including gc_priv.h to get the prototype).
Ivan Maidanski [Thu, 23 Mar 2017 20:12:07 +0000 (23:12 +0300)]
Fix finalize.c compilation in 'strict ANSI' mode
This and some other GC .c files include gc_pmark.h directly (not
gc_priv.h), so the compiler complains that sigset_t (used in
gc_pthread_redirects.h) is undefined if 'strict ANSI' mode is on and
_GNU_SOURCE is not defined before including system headers.
* include/private/gc_pmark.h [(__linux__ || __GLIBC__ || __GNU__)
&& GC_PTHREADS && !GC_NO_PTHREAD_SIGMASK] (_GNU_SOURCE): Define (before
including other headers).
Ivan Maidanski [Thu, 23 Mar 2017 19:44:11 +0000 (22:44 +0300)]
Fix static assertion violation in LONG_MULT for 64-bit targets
* include/private/gc_pmark.h [MARK_BIT_PER_OBJ] (PUSH_CONTENTS_HDR):
Cast displ to unsigned32 when passed to LONG_MULT (it is safe because
displ is less than HBLKSIZE).
Ivan Maidanski [Tue, 14 Mar 2017 22:58:41 +0000 (01:58 +0300)]
Fix GC_SIZE_MAX definition (Linux/musl-gcc)
* include/private/gc_priv.h [SIZE_MAX && !CPPCHECK] (GC_SIZE_MAX): Cast
SIZE_MAX to size_t explicitly (to workaround incorrect definition
of SIZE_MAX - e.g. it is defined as ~0ULL in musl-tools which is not
correct for a 32-bit target).
* include/private/gc_pmark.h [MARK_BIT_PER_OBJ] (PUSH_CONTENTS_HDR):
Declare "obj_displ" local variable at the beginning of the block (not
after GC_STATIC_ASSERT).
Ivan Maidanski [Wed, 1 Mar 2017 08:10:00 +0000 (11:10 +0300)]
Move libraries version info to the beginning of Makefile.am
(code refactoring)
* Makefile.am (LIBGC_VER_INFO, LIBGCCPP_VER_INFO): New variable; add
comment about the version update rule.
* cord/cord.am (LIBCORD_VER_INFO): Likewise.
* Makefile.am (libgc_la_LDFLAGS, libgccpp_la_LDFLAGS): Use
LIBGC[CPP]_VER_INFO instead the direct hard-coding of version info.
* cord/cord.am (libcord_la_LDFLAGS): Likewise.
Ivan Maidanski [Tue, 31 Jan 2017 23:30:18 +0000 (02:30 +0300)]
Fix enable_parallel_mark condition in CMake script
* CMakeLists.txt [enable_parallel_mark] (ADD_DEFINITIONS): Add
-DPARALLEL_MARK; remove ADD_DEFINITIONS("-DPARALLEL_MARK") in other
places; remove ${} for enable_parallel_mark in IF.
Ivan Maidanski [Mon, 5 Dec 2016 22:38:49 +0000 (01:38 +0300)]
Test GCJ object creation with length-based descriptor (gctest)
* tests/test.c [GC_GCJ_SUPPORT] (gcj_cons): Define new static variable
obj_cnt; increment obj_cnt on each call; if obj_cnt is odd then pass
gcj_class_struct1 to GC_GCJ_MALLOC instead of gcj_class_struct2.
Ivan Maidanski [Thu, 22 Dec 2016 22:00:28 +0000 (01:00 +0300)]
Eliminate 'array vs singleton' code defect in typed_test (gctest)
Taking address of bmX yields a singleton pointer but GC_make_descriptor
expects an array (of words).
* tests/test.c (typed_test): Define bm3, bm2, bm_large as 1-element
arrays (instead of values of a primitive type), and remove
"&" operator when passing them to GC_make_descriptor.
Ivan Maidanski [Tue, 20 Dec 2016 07:41:40 +0000 (10:41 +0300)]
Workaround 'resource leak' false positives in alloc_MS, bl/envfile_init
* blacklst.c (GC_bl_init): Add assertion that GC_old_stack_bl and
GC_incomplete_stack_bl are both null prior to their assignment (to the
result of GC_scratch_alloc).
* mark.c (alloc_mark_stack): Replace GC_mark_stack_size!=0 with
GC_mark_stack!=NULL (to ensure no memory leak when GC_mark_stack is
assigned for the first time).
* misc.c [GC_READ_ENV_FILE && (MSWIN32 || MSWINCE || CYGWIN32)]
(GC_envfile_init): Add assertion that GC_envfile_content is null prior
to its assignment.
The tool complains whether (alloc(size)+ofs) is intentional instead of
(alloc(size+ofs)). In our case, it is a false alarm (the offset is
added to the result to align the allocation at HBLKSIZE boundary).
* os_dep.c [USE_WINALLOC && MSWIN32] (GC_win32_get_mem): Store result
of GlobalAlloc() to "result" local variable first (then, perform result
alignment in a standalone statement); add comment.
Ivan Maidanski [Fri, 16 Dec 2016 22:01:06 +0000 (01:01 +0300)]
Eliminate 'integer shift by a negative amount' code defect in finalize
* finalize.c (GC_register_disappearing_link_inner): Add assertion that
dl_hashtbl->log_size is non-negative after GC_grow_table() call.
* finalize.c (GC_unregister_disappearing_link_inner): If
dl_hashtbl->log_size is negative then return immediately (to avoid an
integer value shift by log_size==-1 in HASH2).
* finalize.c [!GC_MOVE_DISAPPEARING_LINK_NOT_NEEDED]
(GC_move_disappearing_link_inner): Likewise.
* finalize.c (GC_register_finalizer_inner): Add assertion that
log_fo_table_size is non-negative after GC_grow_table() call.
* finalize.c (GC_finalize): Add assertion that log_fo_table_size is
non-negative unless GC_fnlz_roots.finalize_now is null.
Ivan Maidanski [Fri, 9 Dec 2016 22:54:05 +0000 (01:54 +0300)]
Eliminate 'use of vulnerable sprintf' code defect in de_win test (cord)
* cord/tests/de_win.c (WinMain): Do not call sprintf() on RegisterClass
and CreateWindow failure; invoke de_error() with the immediate error
message strings (without the error code).
Ivan Maidanski [Fri, 9 Dec 2016 21:57:39 +0000 (00:57 +0300)]
Workaround 'potential multiplication overflow' code defect in de_win (cord)
* cord/tests/de_win.c (get_line_rect): Cast (extend) char_height to
LONG when multiplied by line (otherwise only the result of the
multiplication is extended to LONG implicitly).
Ivan Maidanski [Wed, 7 Dec 2016 07:40:15 +0000 (10:40 +0300)]
Workaround 'pointer used before comparison to null' code defect (pthread)
(fix commit 31b3afc)
* pthread_support.c [GC_PTHREADS && !GC_WIN32_THREADS && DEBUG_THREADS]
(GC_pthread_create): Do not check new_thread is non-NULL (because
new_thread is first passed to the underlying pthread_create() where
the argument is marked with "nonnull" attribute).
Ivan Maidanski [Wed, 7 Dec 2016 07:22:09 +0000 (10:22 +0300)]
Fix '32-bit value shift followed by expansion to 64-bit' code defect
* gcj_mlc.c [GC_GCJ_SUPPORT] (GC_core_gcj_malloc,
GC_gcj_malloc_ignore_off_page): Cast lg local variable to word before
passing it to GRANULES_TO_BYTES (so that value type widening does not
occur after the value left shift).
* malloc.c (GC_generic_malloc_inner, GC_malloc_kind_global,
GC_generic_malloc_uncollectable): Likewise.
* typd_mlc.c (GC_malloc_explicitly_typed_ignore_off_page): Likewise.
* misc.c (block_add_size): Cast hhdr->hb_sz to word before passing it
to WORDS_TO_BYTES; cast HBLKSIZE-1 to word before "~" operation.
Ivan Maidanski [Fri, 9 Dec 2016 23:07:25 +0000 (02:07 +0300)]
Workaround 'index out of bounds' UBSan false warning in push_marked
* mark.c (GC_push_marked): Cast (h+1)->hb_body to word before
subtraction of sz value (and cast the result back to ptr_t).
* mark.c [ENABLE_DISCLAIM] (GC_push_unconditionally): Likewise.
* tools/if_mach.c (main): Cast the 2nd argument of execvp to void* (to
avoid compiler warning as the argument of execvp() prototype could be
of "const char* const*" or "char**" type).
* tools/if_not_there.c (main): Likewise.
Ivan Maidanski [Tue, 20 Dec 2016 07:21:07 +0000 (10:21 +0300)]
Fix (adjust) GC_scratch_alloc actual argument type
* dyn_load.c [IRIX5 || USE_PROC_FOR_LIBRARIES && !LINUX]
(GC_register_dynamic_libraries): Do not cast GC_scratch_alloc argument
to word type (it should be of size_t).
* headers.c (alloc_hdr, GC_init_headers, get_index): Likewise.
* os_dep.c [PROC_VDB] (GC_proc_buf_size): Change type from word to size_t.
* os_dep.c [PROC_VDB] (GC_read_dirty): Change type of new_size local
variable (which is passed to GC_scratch_alloc) from word to size_t.
Ivan Maidanski [Wed, 11 Jan 2017 08:26:11 +0000 (11:26 +0300)]
Fix gc_backptr.h, gc_mark.h, GC_DS_TAGS names in documentation
* doc/debugging.html: Rename backptr.h to gc_backptr.h.
* include/gc_mark.h (GC_DS_PER_OBJECT): Rename DS_TAGS to GC_DS_TAGS in
the comment.
* include/private/gc_priv.h (hblkhdr.hb_descr): Rename mark.h to
gc_mark.h in the comment.
Ivan Maidanski [Mon, 12 Dec 2016 22:02:29 +0000 (01:02 +0300)]
Put invariant name in quotes to make mark_state comments clearer
* include/private/gc_pmark.h (mark_state_t, MS_NONE, MS_PUSH_RESCUERS,
MS_PUSH_UNCOLLECTABLE, MS_ROOTS_PUSHED, MS_PARTIALLY_INVALID,
MS_INVALID): Replace I with "I" in comment.
Ivan Maidanski [Mon, 12 Dec 2016 23:34:28 +0000 (02:34 +0300)]
Fix GC_noop6 definition to avoid its calls to be optimized away
(fix commits e3ec4a5, 1586a21)
* include/private/gc_priv.h (GC_ATTR_NOINLINE): New macro (effective
for GCC/Clang and MS VC currently).
* mark.c (GC_noop6): Use GC_ATTR_NOINLINE attribute; call
AO_compiler_barrier if PARALLEL_MARK (or GC_PTHREADS and not
GC_WIN32_THREADS), otherwise call GC_noop1(0); add
comment.
Ivan Maidanski [Thu, 22 Dec 2016 21:39:10 +0000 (00:39 +0300)]
Fix bm_huge initialization for 64-bit targets (gctest)
* tests/test.c (bm_huge): Make array size depend on word size
(5 elements for 64-bit targets); initialize elements (except the last
one) to -1 instead of 0xffffffff (so that all bits are ones even on
a 64-bit target); initialize last element to ((word)-1)>>8 instead of
0x00ffffff value.
* tests/test.c (typed_test): Fail if bm_huge descriptor contains wrong
bit values at certain positions (as it had before this fix).
Ivan Maidanski [Mon, 19 Dec 2016 21:54:32 +0000 (00:54 +0300)]
Fix storage class of local variable in register_dynamic_libraries (Irix)
* dyn_load.c [IRIX5 || USE_PROC_FOR_LIBRARIES && !LINUX]
(GC_register_dynamic_libraries): Remove "static" for needed_sz local
variable (and initialize it to zero).
Ivan Maidanski [Sat, 17 Dec 2016 15:15:02 +0000 (18:15 +0300)]
Disable implicit multi-threaded mode for Win32 to avoid LOCK crash
(fix commit d5c6531)
* include/private/gc_locks.h [GC_ALWAYS_MULTITHREADED] (GC_need_to_lock):
Do not define to TRUE unless USE_PTHREAD_LOCKS or USE_SPIN_LOCK; issue
#error otherwise (excluding CPPCHECK case) as PCR and Windows-based
lock implementation requires it to be initialized first.
* include/private/gc_locks.h [UNCOND_LOCK && !LOCK && LINT2] (LOCK,
UNLOCK): Define (to UNCOND_[UN]LOCK) only if USE_PTHREAD_LOCKS.
Ivan Maidanski [Sat, 10 Dec 2016 07:37:04 +0000 (10:37 +0300)]
Fix GC_mark_stack_top assertion violation properly in mark_local
(fix commit a563b883)
* mark.c (GC_mark_local): Remove assertion checking that
global_first_nonempty is not greater than GC_mark_stack_top+1 (because
global_first_nonempty could be bigger slightly more at some moments due
to concurrency between the markers); replace n_on_stack==0 with
my_top<my_first_nonempty (the latter is equivalent to
(signed_word)n_on_stack<=0).
Ivan Maidanski [Sat, 10 Dec 2016 07:14:39 +0000 (10:14 +0300)]
Fix assertion in GC_steal_mark_stack for non-heap regions
(similar to commit da2fcda)
* mark.c (GC_steal_mark_stack): Replace top->mse_descr.w with descr
in assertion; relax assertion condition for descr (length-containing
mse_descr.w could be larger than the current GC heap size if
mse_start points to a region in a stack or a program data root;
e.g. it could happen if MemorySanitizer is used).
Ivan Maidanski [Fri, 9 Dec 2016 23:19:32 +0000 (02:19 +0300)]
Fix gc_cleanup destructor for non-heap objects (gc_cpp)
* include/gc_cpp.h (gc_cleanup::~gc_cleanup): If GC_base(this) returns
null (could be if the object is not allocated dynamically) then do not
call GC_register_finalizer_ignore_self.
Ivan Maidanski [Wed, 7 Dec 2016 08:32:30 +0000 (11:32 +0300)]
Fix '~' operator application to unsigned values shorter than word
Without the fix, unsigned result of "~" operator is zero-extended
to a wide type (word) thus the result has leading zeros (which is
not expected to be).
* dyn_load.c [HAVE_DL_ITERATE_PHDR] (GC_register_dynlib_callback):
Cast (sizeof(word)-1) to word before "~" operation.
* mark.c (GC_mark_from): Likewise.
* mark_rts.c (GC_add_roots_inner, GC_exclude_static_roots): Likewise.
* mark_rts.c [!MSWIN32 && !MSWINCE && !CYGWIN32]
(GC_remove_roots_inner): Likewise.
* os_dep.c [SVR4 || AUX || DGUX || LINUX && SPARC]
(GC_SysVGetDataStart): Likewise.
* os_dep.c [!MSWIN32 && DATASTART_USES_BSDGETDATASTART]
(GC_FreeBSDGetDataStart): Likewise.
* dyn_load.c [(MSWIN32 || MSWINCE || CYGWIN32) && !GC_WIN32_THREADS]
(GC_cond_add_roots): Cast (dwAllocationGranularity-1) to word before
"~" operation.
* include/private/gc_priv.h (HBLKPTR): Cast (HBLKSIZE-1) to word
before "~" operation.
* os_dep.c [USE_WINALLOC || CYGWIN32] (GC_win32_get_mem): Likewise.
* mark.c (GC_mark_from): Change type of new_size local variable from
int to word.
* os_dep.c [OPENBSD] (GC_find_limit_openbsd, GC_skip_hole_openbsd):
Change type of pgsz local variable from size_t to word (to avoid
implicit unsigned value extension after "~" operation).
* os_dep.c [PROC_VDB] (GC_read_dirty): Cast (sizeof(long)-1) to word
before "~" operation.
Ivan Maidanski [Wed, 7 Dec 2016 08:02:59 +0000 (11:02 +0300)]
Fix 'bogus LR' detection in FindTopOfStack (Darwin)
(fix commit 5742f86)
* darwin_stop_world.c [!DARWIN_DONT_PARSE_STACK] (GC_FindTopOfStack):
Use "UL" suffix (instead of "U") for 0x3 (on the right side of the
comparison) to avoid implicit unsigned int-to-long value extension
of "~" operator result.
Ivan Maidanski [Mon, 5 Dec 2016 23:06:36 +0000 (02:06 +0300)]
Fix message of VDB implementation used if MPROTECT_VDB+GWW_VDB (gctest)
* tests/test.c [!PCR && !GC_WIN32_THREADS && !GC_PTHREADS
&& !NO_INCREMENTAL] (main): If MPROTECT_VDB and GWW_VDB are both
defined then also print "Using GetWriteWatch-based implementation"
message.
Ivan Maidanski [Mon, 5 Dec 2016 21:49:33 +0000 (00:49 +0300)]
Fix potential data race in GC_SysVGetDataStart (SPARC)
* os_dep.c [SVR4 || AUX || DGUX || LINUX && SPARC]
(GC_SysVGetDataStart): Use AO_fetch_and_add(p,0) if available instead
of non-atomic read/write in *p = *p statement (thus, to avoid data race
though it is highly unlikely).
Because it breaks gctest "list reversal" if compiled with
GC_GCJ_SUPPORT for MinGW/x86. This is caused by the fact that static
data roots could be between two GC heap regions thus GC with the patch
skips scanning of a reachable GCJ object with a descriptor located in
the static data roots.
To fix the issue (#92) of mistaking the free list pointers in free
objects for being type descriptor pointers, another approach should be
taken (e.g. marking objects in free lists).
Ivan Maidanski [Fri, 25 Nov 2016 11:10:37 +0000 (14:10 +0300)]
Suppress 'taking address of label non-standard' GCC/Clang pedantic warning
* mark.c [WRAP_MARK_SOME && __GNUC__ && (MSWIN32 || MSWINCE)]
(GC_mark_some): Use pragma "GCC diagnostic ignored" to temporarily
suppress gcc 4.7+ "taking the address of a label is non-standard"
(and clang 3.3+ "use of GNU address-of-label extension") warnings for
"&&handle_ex" expression.
Ivan Maidanski [Tue, 22 Nov 2016 12:18:36 +0000 (15:18 +0300)]
Report gcc/clang pedantic warnings (configure)
* configure.ac [GCC] (WPEDANTIC): New variable (set to
"-Wpedantic -Wno-long-long" if supported by the compiler).
* configure.ac [GCC] (CFLAGS): Add $WPEDANTIC.
Ivan Maidanski [Wed, 23 Nov 2016 01:47:19 +0000 (04:47 +0300)]
Fix Solaris/sparc detection in case of strict C compliance is enforced
* include/gc_config_macros.h [__i386__ || __amd64__] (GC_SOLARIS_THREADS):
Define also if __sun is defined (treat __sun as a synonym to sun).
* include/private/gcconfig.h [__i386__ || __amd64] (SOLARIS):
Likewise.
* include/gc_config_macros.h [sun] (GC_SOLARIS_THREADS): Define also
if __amd64 is defined (treat __amd64 as a synonym to __amd64__).
* include/gc_config_macros.h [sparc && unix] (DRSNX): Do not define if
SPARC and SOLARIS are already defined.
Ivan Maidanski [Tue, 15 Nov 2016 07:48:31 +0000 (10:48 +0300)]
Suppress 'tainted string passed to vulnerable operation' false defects
* include/private/gc_priv.h (TRUSTED_STRING): New tagging macro; add
comment.
* misc.c (GC_init): Process the result of GETENV("GC_LOG_FILE") by
TRUSTED_STRING.
* tools/if_mach.c (main): Process argv[3] by TRUSTED_STRING (before
passing the string to execvp).
* tools/if_not_there.c (main): Declare "fname" local variable;
process argv[1] and argv[2] by TRUSTED_STRING (before passing the
strings to fopen/opendir and execvp, respectively).
Ivan Maidanski [Mon, 14 Nov 2016 07:58:26 +0000 (10:58 +0300)]
Eliminate 'GC_record_fault is never used' cppcheck style warning
* checksums.c [CHECKSUMS] (GC_record_fault): Do not define unless
MPROTECT_VDB and not DARWIN.
* os_dep.c [MPROTECT_VDB && CHECKSUMS] (GC_record_fault): Do not
declare if DARWIN.