Add CRYPTO_get_alloc_counts.#4467
Add CRYPTO_get_alloc_counts.#4467richsalz wants to merge 1 commit intoopenssl:masterfrom richsalz:count-mallocs
Conversation
richsalz
added
branch: master
|
Should these be public? I'm not seeing an obvious need. For memory allocation failure testing, it would be sufficient for the test suite to define its own local malloc/realloc/free that keep the counts without polluting the public interface. You might also want to consider a reset/zero the counters capability. If they are going to be public, they really should use atomic add operations for thread safety. |
|
Yes it can be done that way. Or it can be put under MEM_DEBUG ifdef if you prefer. And we don't guarantee thread-safety of our malloc so the guarantee isn't changed. Want it ifdef'd? |
|
I'm somewhat ambivalent about conditioning them using MEM_DEBUG or including the counting implementation in test. It just doesn't feel like making them a public and supported API is right, I really am having difficulty coming up with a meaningful use case outside of memory stressing. I still think a reset the counters command would be worthwhile -- this could be rolled into the query making it a query and zero operation. I'm happy to go either way on the atomics -- the tests will have control over what happens and should be able to avoid nastinesses. Memory stress testing won't (initially) be hunting for concurrency issues. |
|
PS: I do like this idea from a stability and leak catching viewpoint. |
|
I think it makes sense, given the likely use-case, to make this only visible during MEM_DEBUG. |
doc/man3/OPENSSL_malloc.pod
Outdated
There was a problem hiding this comment.
"two two". One "two" is redundant.
There was a problem hiding this comment.
And what's with period after available?
doc/man3/OPENSSL_malloc.pod
Outdated
There was a problem hiding this comment.
Is it actually right spot for inserting this? I mean it's inserted between strongly related sentences, one that says that there are environment variables and one that describes just mentioned variables...
There was a problem hiding this comment.
I'd swap value for pointer here. The pointer is NULL, the value is undefined.
There was a problem hiding this comment.
I'm not sure. @dot-asm has a point but it isn't unreadable as it stands.
How about splitting so that the added function is mentioned and described first and then the addition of the two environment variable after?
If the library is built with the C option, an addition function is defined...
If the library is built with the C option, two additional environment variable modify the operation...
doc/man3/OPENSSL_malloc.pod
Outdated
crypto/mem.c
Outdated
There was a problem hiding this comment.
You do realize that CRYPTO_atomic_add(&x, 1, &dummy, malloc_lock) doesn't use malloc_lock on contemporary platforms. I mean the referred lock doesn't prevent rest of the code from modifying values. On contemporary platforms. In other words if accurate counters are all-important, then one shouldn't use CRYPTO_atomic_add.
There was a problem hiding this comment.
It's the best we have, isn't it? Is there any other portable choice for atomic increment?
There was a problem hiding this comment.
It's the best we have, isn't it?
What do you mean? What I'm trying to say is that maybe it's not right application for CRYPTO_atomic_add, in which case it doesn't matter if it's best or not. And if you can't use it, then you've obliged to do it the "usual way", i.e. lock, counter++, unlock. If we insist of atomic, then there would have to be atomic_compare_exchange, that would zero corresponding counter. So that there could be only one CRYPTO_get_alloc_counts caller and would be its responsibility to accumulate values if it calls CRYPTO_get_alloc_counts multiple times. Alternatively you can always say that in MEM_DEBUG scenario there will one call at the end, after everything is done, so it doesn't matter if it's locked or not...
There was a problem hiding this comment.
I am not worried about multiple threads doing simultaneous allocation operations and the counts being off by a few. If someone has a better definition of INCREMENT for me to put in this PR, great.
There was a problem hiding this comment.
I find it jarring as a reader when the formal thread-safety rules are not adhered to (at least without a comment attempting to explain the rule violation). Not mixing direct accesses to a variable and CRYPTO_atomic_add is one such rule.
There was a problem hiding this comment.
so you like the code as-is
I can't quite tell what you're actually asking about, so I'll be a little flippant and note that there are some parts of the OpenSSL master source tree that I like. The current state of this pull request falls under the "jarring to read" category, though.
There was a problem hiding this comment.
What do you think this PR is doing wrong? The values are set and fetched under the malloc_lock, even if some implementations don't use that lock.
There was a problem hiding this comment.
The values are set and fetched under the malloc lock
But they are not set under the malloc_lock! INCREMENT(), aka. CRYPTO_atomic_add(&x, 1, &dummy, malloc_lock) expands to dummy = __atomic_add_fetch(&x, 1, __ATOMIC_ACQ_REL) on "most modern" systems, without ever acquiring malloc_lock. So, holding a write lock on malloc_lock does not block any concurrent INCREMENT calls.
|
updated doc-fix commit pushed. thanks for the feedback so far! |
|
Okay, everything is written in terms of |
|
I've reinstated #4414 for consideration. It adds a |
paulidale
left a comment
paulidale
left a comment
There was a problem hiding this comment.
I'm happy. The documentation change is trivial and not essential. The other outstanding is to use the CRYPRO_atomic_read for GET if that PR is accepted.
doc/man3/OPENSSL_malloc.pod
Outdated
There was a problem hiding this comment.
I'd say s/the/corresponding/
There was a problem hiding this comment.
the corresponding is better again.
paulidale
left a comment
paulidale
left a comment
There was a problem hiding this comment.
Pending the atomic read ticket perhaps being first.
paulidale
added
approval: done
crypto/mem.c
Outdated
There was a problem hiding this comment.
On side note I find malloc_lock name extremely confusing, memdbg_lock would be better...
There was a problem hiding this comment.
I can change it if you want. There are to malloc-lock and malloc-lock-long. additional commit tomorrow
|
Additional commit to rename the lock pushed. |
|
A few changes, needs reconfirm. All commits will be squashed. |
doc/man3/OPENSSL_malloc.pod
Outdated
There was a problem hiding this comment.
This kind of asks for what's German for "correspondingcount"?
kaduk
left a comment
kaduk
left a comment
There was a problem hiding this comment.
This seems okay, though it will introduce some churn into whatever solution to the global lock question we end up with. (That is, I am inclined to basically revert the addition of global locks, and if this lands first, 'git revert' will have conflicts. But they should be easily resolvable.)
Use atomic operations for the counters Rename malloc_lock to memdbg_lock Also fix some style errors in mem_dbg.c
|
Thanks for the feedback and improvements all. Merged. |
4 participants
No description provided.