tor-commits June 2018

tor-commits@lists.torproject.org

16 participants
2190 discussions

[tor/master] Remove dmalloc support; closes #26426
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit 9fa73003fca5e884c0c663c2035ce6e60994c339 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 10:19:56 2018 -0400 Remove dmalloc support; closes #26426 Dmalloc hasn't seen a release in over a decade, and there are much better tools to use these days. --- changes/ticket26426 | 4 +++ configure.ac | 20 ------------- doc/HACKING/HelpfulTools.md | 10 ------- src/common/crypto.c | 13 -------- src/common/crypto.h | 4 --- src/common/util.c | 73 ++++++++++----------------------------------- src/common/util.h | 61 +++++++++++-------------------------- src/or/main.c | 26 +--------------- src/test/testing_common.c | 18 +---------- 9 files changed, 40 insertions(+), 189 deletions(-) diff --git a/changes/ticket26426 b/changes/ticket26426 new file mode 100644 index 000000000..05fa97494 --- /dev/null +++ b/changes/ticket26426 @@ -0,0 +1,4 @@ + o Removed features: + - Tor no longer supports building with the dmalloc library. For debugging + memory issues, we suggest using gperftools or msan instead. + Closes ticket 26426. diff --git a/configure.ac b/configure.ac index 8a0d135c5..d46bcf8a9 100644 --- a/configure.ac +++ b/configure.ac @@ -1726,26 +1726,6 @@ if test "$tor_cv_uint8_uchar" = "no"; then AC_MSG_ERROR([We assume that uint8_t is the same type as unsigned char, but your compiler disagrees.]) fi -# Whether we should use the dmalloc memory allocation debugging library. -AC_MSG_CHECKING(whether to use dmalloc (debug memory allocation library)) -AC_ARG_WITH(dmalloc, -AS_HELP_STRING(--with-dmalloc, [use debug memory allocation library]), -[if [[ "$withval" = "yes" ]]; then - dmalloc=1 - AC_MSG_RESULT(yes) -else - dmalloc=1 - AC_MSG_RESULT(no) -fi], [ dmalloc=0; AC_MSG_RESULT(no) ] -) - -if [[ $dmalloc -eq 1 ]]; then - AC_CHECK_HEADERS(dmalloc.h, , AC_MSG_ERROR(dmalloc header file not found. Do you have the development files for dmalloc installed?)) - AC_SEARCH_LIBS(dmalloc_malloc, [dmallocth dmalloc], , AC_MSG_ERROR(Libdmalloc library not found. If you enable it you better have it installed.)) - AC_DEFINE(USE_DMALLOC, 1, [Debug memory allocation library]) - AC_CHECK_FUNCS(dmalloc_strdup dmalloc_strndup) -fi - AC_ARG_WITH(tcmalloc, AS_HELP_STRING(--with-tcmalloc, [use tcmalloc memory allocation library]), [ tcmalloc=yes ], [ tcmalloc=no ]) diff --git a/doc/HACKING/HelpfulTools.md b/doc/HACKING/HelpfulTools.md index a0795076e..eb068a91f 100644 --- a/doc/HACKING/HelpfulTools.md +++ b/doc/HACKING/HelpfulTools.md @@ -25,16 +25,6 @@ Jenkins https://jenkins.torproject.org -Dmalloc -------- - -The dmalloc library will keep track of memory allocation, so you can find out -if we're leaking memory, doing any double-frees, or so on. - - dmalloc -l -/dmalloc.log - (run the commands it tells you) - ./configure --with-dmalloc - Valgrind -------- diff --git a/src/common/crypto.c b/src/common/crypto.c index 14129086e..57eb9c64c 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -506,16 +506,3 @@ crypto_global_cleanup(void) } /** @} */ - -#ifdef USE_DMALLOC -/** Tell the crypto library to use Tor's allocation functions rather than - * calling libc's allocation functions directly. Return 0 on success, -1 - * on failure. */ -int -crypto_use_tor_alloc_functions(void) -{ - int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_); - return r ? 0 : -1; -} -#endif /* defined(USE_DMALLOC) */ - diff --git a/src/common/crypto.h b/src/common/crypto.h index 1a88a3d2f..e7d86eaf0 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -40,9 +40,6 @@ int crypto_early_init(void) ATTR_WUR; int crypto_global_init(int hardwareAccel, const char *accelName, const char *accelPath) ATTR_WUR; -#ifdef USE_DMALLOC -int crypto_use_tor_alloc_functions(void); -#endif void crypto_thread_cleanup(void); int crypto_global_cleanup(void); @@ -77,4 +74,3 @@ int crypto_cipher_decrypt_with_iv(const char *key, void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in); #endif /* !defined(TOR_CRYPTO_H) */ - diff --git a/src/common/util.c b/src/common/util.c index b3fdc8a43..5bf70c6b5 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -103,35 +103,13 @@ /* ===== * Memory management * ===== */ -#ifdef USE_DMALLOC - #undef strndup - #include <dmalloc.h> - /* Macro to pass the extra dmalloc args to another function. */ - #define DMALLOC_FN_ARGS , file, line - - #if defined(HAVE_DMALLOC_STRDUP) - /* the dmalloc_strdup should be fine as defined */ - #elif defined(HAVE_DMALLOC_STRNDUP) - #define dmalloc_strdup(file, line, string, xalloc_b) \ - dmalloc_strndup(file, line, (string), -1, xalloc_b) - #else - #error "No dmalloc_strdup or equivalent" -#endif /* defined(HAVE_DMALLOC_STRDUP) || ... */ - -#else /* !(defined(USE_DMALLOC)) */ - - #define DMALLOC_FN_ARGS -#endif /* defined(USE_DMALLOC) */ /** Allocate a chunk of size bytes of memory, and return a pointer to * result. On error, log and terminate the process. (Same as malloc(size), * but never returns NULL.) - * - * file and line are used if dmalloc is enabled, and - * ignored otherwise. */ void * -tor_malloc_(size_t size DMALLOC_PARAMS) +tor_malloc_(size_t size) { void *result; @@ -144,11 +122,7 @@ tor_malloc_(size_t size DMALLOC_PARAMS) } #endif /* !defined(MALLOC_ZERO_WORKS) */ -#ifdef USE_DMALLOC - result = dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0); -#else result = raw_malloc(size); -#endif if (PREDICT_UNLIKELY(result == NULL)) { /* LCOV_EXCL_START */ @@ -167,7 +141,7 @@ tor_malloc_(size_t size DMALLOC_PARAMS) * the process on error. (Same as calloc(size,1), but never returns NULL.) */ void * -tor_malloc_zero_(size_t size DMALLOC_PARAMS) +tor_malloc_zero_(size_t size) { /* You may ask yourself, "wouldn't it be smart to use calloc instead of * malloc+memset? Perhaps libc's calloc knows some nifty optimization trick @@ -175,7 +149,7 @@ tor_malloc_zero_(size_t size DMALLOC_PARAMS) * we're allocating something very big (it knows if it just got the memory * from the OS in a pre-zeroed state). We don't want to use tor_malloc_zero * for big stuff, so we don't bother with calloc. */ - void *result = tor_malloc_(size DMALLOC_FN_ARGS); + void *result = tor_malloc_(size); memset(result, 0, size); return result; } @@ -211,10 +185,10 @@ size_mul_check(const size_t x, const size_t y) * and a compile-time constant. */ void * -tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS) +tor_calloc_(size_t nmemb, size_t size) { tor_assert(size_mul_check(nmemb, size)); - return tor_malloc_zero_((nmemb * size) DMALLOC_FN_ARGS); + return tor_malloc_zero_((nmemb * size)); } /** Change the size of the memory block pointed to by ptr to size @@ -222,7 +196,7 @@ tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS) * terminate. (Like realloc(ptr,size), but never returns NULL.) */ void * -tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS) +tor_realloc_(void *ptr, size_t size) { void *result; @@ -235,11 +209,7 @@ tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS) } #endif /* !defined(MALLOC_ZERO_WORKS) */ -#ifdef USE_DMALLOC - result = dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0); -#else result = raw_realloc(ptr, size); -#endif if (PREDICT_UNLIKELY(result == NULL)) { /* LCOV_EXCL_START */ @@ -255,13 +225,13 @@ tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS) * overflow. Unlike other allocation functions, return NULL on overflow. */ void * -tor_reallocarray_(void *ptr, size_t sz1, size_t sz2 DMALLOC_PARAMS) +tor_reallocarray_(void *ptr, size_t sz1, size_t sz2) { /* XXXX we can make this return 0, but we would need to check all the * reallocarray users. */ tor_assert(size_mul_check(sz1, sz2)); - return tor_realloc(ptr, (sz1 * sz2) DMALLOC_FN_ARGS); + return tor_realloc(ptr, (sz1 * sz2)); } /** Return a newly allocated copy of the NUL-terminated string s. On @@ -269,16 +239,13 @@ tor_reallocarray_(void *ptr, size_t sz1, size_t sz2 DMALLOC_PARAMS) * NULL.) */ char * -tor_strdup_(const char *s DMALLOC_PARAMS) +tor_strdup_(const char *s) { char *duplicate; tor_assert(s); -#ifdef USE_DMALLOC - duplicate = dmalloc_strdup(file, line, s, 0); -#else duplicate = raw_strdup(s); -#endif + if (PREDICT_UNLIKELY(duplicate == NULL)) { /* LCOV_EXCL_START */ log_err(LD_MM,"Out of memory on strdup(). Dying."); @@ -295,12 +262,12 @@ tor_strdup_(const char *s DMALLOC_PARAMS) * NULL.) */ char * -tor_strndup_(const char *s, size_t n DMALLOC_PARAMS) +tor_strndup_(const char *s, size_t n) { char *duplicate; tor_assert(s); tor_assert(n < SIZE_T_CEILING); - duplicate = tor_malloc_((n+1) DMALLOC_FN_ARGS); + duplicate = tor_malloc_((n+1)); /* Performance note: Ordinarily we prefer strlcpy to strncpy. But * this function gets called a whole lot, and platform strncpy is * much faster than strlcpy when strlen(s) is much longer than n. @@ -313,12 +280,12 @@ tor_strndup_(const char *s, size_t n DMALLOC_PARAMS) /** Allocate a chunk of len bytes, with the same contents as the * len bytes starting at mem. */ void * -tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS) +tor_memdup_(const void *mem, size_t len) { char *duplicate; tor_assert(len < SIZE_T_CEILING); tor_assert(mem); - duplicate = tor_malloc_(len DMALLOC_FN_ARGS); + duplicate = tor_malloc_(len); memcpy(duplicate, mem, len); return duplicate; } @@ -326,12 +293,12 @@ tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS) /** As tor_memdup(), but add an extra 0 byte at the end of the resulting * memory. */ void * -tor_memdup_nulterm_(const void *mem, size_t len DMALLOC_PARAMS) +tor_memdup_nulterm_(const void *mem, size_t len) { char *duplicate; tor_assert(len < SIZE_T_CEILING+1); tor_assert(mem); - duplicate = tor_malloc_(len+1 DMALLOC_FN_ARGS); + duplicate = tor_malloc_(len+1); memcpy(duplicate, mem, len); duplicate[len] = '\0'; return duplicate; @@ -365,13 +332,6 @@ tor_log_mallinfo(int severity) #else /* !(defined(HAVE_MALLINFO)) */ (void)severity; #endif /* defined(HAVE_MALLINFO) */ -#ifdef USE_DMALLOC - dmalloc_log_changed(0, /* Since the program started. */ - 1, /* Log info about non-freed pointers. */ - 0, /* Do not log info about freed pointers. */ - 0 /* Do not log individual pointers. */ - ); -#endif /* defined(USE_DMALLOC) */ } ENABLE_GCC_WARNING(aggregate-return) @@ -5375,4 +5335,3 @@ tor_ntohll(uint64_t a) { return tor_htonll(a); } - diff --git a/src/common/util.h b/src/common/util.h index dcfa55f8f..7921357ac 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -34,45 +34,22 @@ #define O_NOFOLLOW 0 #endif -/* If we're building with dmalloc, we want all of our memory allocation - * functions to take an extra file/line pair of arguments. If not, not. - * We define DMALLOC_PARAMS to the extra parameters to insert in the - * function prototypes, and DMALLOC_ARGS to the extra arguments to add - * to calls. */ -#ifdef USE_DMALLOC -#define DMALLOC_PARAMS , const char *file, const int line -#define DMALLOC_ARGS , SHORT_FILE__, __LINE__ -#else -#define DMALLOC_PARAMS -#define DMALLOC_ARGS -#endif /* defined(USE_DMALLOC) */ - /* Memory management */ -void *tor_malloc_(size_t size DMALLOC_PARAMS) ATTR_MALLOC; -void *tor_malloc_zero_(size_t size DMALLOC_PARAMS) ATTR_MALLOC; -void *tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS) ATTR_MALLOC; -void *tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS); -void *tor_reallocarray_(void *ptr, size_t size1, size_t size2 DMALLOC_PARAMS); -char *tor_strdup_(const char *s DMALLOC_PARAMS) ATTR_MALLOC ATTR_NONNULL((1)); -char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS) +void *tor_malloc_(size_t size) ATTR_MALLOC; +void *tor_malloc_zero_(size_t size) ATTR_MALLOC; +void *tor_calloc_(size_t nmemb, size_t size) ATTR_MALLOC; +void *tor_realloc_(void *ptr, size_t size); +void *tor_reallocarray_(void *ptr, size_t size1, size_t size2); +char *tor_strdup_(const char *s) ATTR_MALLOC ATTR_NONNULL((1)); +char *tor_strndup_(const char *s, size_t n) ATTR_MALLOC ATTR_NONNULL((1)); -void *tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS) +void *tor_memdup_(const void *mem, size_t len) ATTR_MALLOC ATTR_NONNULL((1)); -void *tor_memdup_nulterm_(const void *mem, size_t len DMALLOC_PARAMS) +void *tor_memdup_nulterm_(const void *mem, size_t len) ATTR_MALLOC ATTR_NONNULL((1)); void tor_free_(void *mem); uint64_t tor_htonll(uint64_t a); uint64_t tor_ntohll(uint64_t a); -#ifdef USE_DMALLOC -extern int dmalloc_free(const char *file, const int line, void *pnt, - const int func_id); -#define tor_free(p) STMT_BEGIN \ - if (PREDICT_LIKELY((p)!=NULL)) { \ - dmalloc_free(SHORT_FILE__, __LINE__, (p), 0); \ - (p)=NULL; \ - } \ - STMT_END -#else /* !(defined(USE_DMALLOC)) */ /** Release memory allocated by tor_malloc, tor_realloc, tor_strdup, * etc. Unlike the free() function, the tor_free() macro sets the * pointer value to NULL after freeing it. @@ -97,18 +74,17 @@ extern int dmalloc_free(const char *file, const int line, void *pnt, (p)=NULL; \ STMT_END #endif -#endif /* defined(USE_DMALLOC) */ -#define tor_malloc(size) tor_malloc_(size DMALLOC_ARGS) -#define tor_malloc_zero(size) tor_malloc_zero_(size DMALLOC_ARGS) -#define tor_calloc(nmemb,size) tor_calloc_(nmemb, size DMALLOC_ARGS) -#define tor_realloc(ptr, size) tor_realloc_(ptr, size DMALLOC_ARGS) +#define tor_malloc(size) tor_malloc_(size) +#define tor_malloc_zero(size) tor_malloc_zero_(size) +#define tor_calloc(nmemb,size) tor_calloc_(nmemb, size) +#define tor_realloc(ptr, size) tor_realloc_(ptr, size) #define tor_reallocarray(ptr, sz1, sz2) \ - tor_reallocarray_((ptr), (sz1), (sz2) DMALLOC_ARGS) -#define tor_strdup(s) tor_strdup_(s DMALLOC_ARGS) -#define tor_strndup(s, n) tor_strndup_(s, n DMALLOC_ARGS) -#define tor_memdup(s, n) tor_memdup_(s, n DMALLOC_ARGS) -#define tor_memdup_nulterm(s, n) tor_memdup_nulterm_(s, n DMALLOC_ARGS) + tor_reallocarray_((ptr), (sz1), (sz2)) +#define tor_strdup(s) tor_strdup_(s) +#define tor_strndup(s, n) tor_strndup_(s, n) +#define tor_memdup(s, n) tor_memdup_(s, n) +#define tor_memdup_nulterm(s, n) tor_memdup_nulterm_(s, n) /* Aliases for the underlying system malloc/realloc/free. Only use * them to indicate "I really want the underlying system function, I know @@ -569,4 +545,3 @@ int size_mul_check(const size_t x, const size_t y); #define ARRAY_LENGTH(x) ((sizeof(x)) / sizeof(x[0])) #endif /* !defined(TOR_UTIL_H) */ - diff --git a/src/or/main.c b/src/or/main.c index a1d7a5e9a..55ff41fd9 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -110,9 +110,6 @@ #include "or/tor_api_internal.h" #include "common/util_process.h" #include "or/ext_orport.h" -#ifdef USE_DMALLOC -#include <dmalloc.h> -#endif #include "common/memarea.h" #include "common/sandbox.h" @@ -2695,11 +2692,6 @@ do_hup(void) { const or_options_t *options = get_options(); -#ifdef USE_DMALLOC - dmalloc_log_stats(); - dmalloc_log_changed(0, 1, 0, 0); -#endif - log_notice(LD_GENERAL,"Received reload signal (hup). Reloading config and " "resetting internal state."); if (accounting_is_enabled(options)) @@ -3639,7 +3631,7 @@ release_lockfile(void) * only the parts of memory that we won't touch. If !postfork, * Tor is shutting down and we should free everything. * - * Helps us find the real leaks with dmalloc and the like. Also valgrind + * Helps us find the real leaks with sanitizers and the like. Also valgrind * should then report 0 reachable in its leak report (in an ideal world -- * in practice libevent, SSL, libc etc never quite free everything). */ void @@ -3795,18 +3787,11 @@ tor_cleanup(void) timers_shutdown(); -#ifdef USE_DMALLOC - dmalloc_log_stats(); -#endif tor_free_all(0); /* We could move tor_free_all back into the ifdef below later, if it makes shutdown unacceptably slow. But for now, leave it here: it's helped us catch bugs in the past. */ crypto_global_cleanup(); -#ifdef USE_DMALLOC - dmalloc_log_unfreed(); - dmalloc_shutdown(); -#endif } /** Read/create keys as needed, and echo our fingerprint to stdout. */ @@ -4237,14 +4222,6 @@ tor_run_main(const tor_main_configuration_t *tor_cfg) tor_compress_init(); init_logging(0); monotime_init(); -#ifdef USE_DMALLOC - { - /* Instruct OpenSSL to use our internal wrappers for malloc, - realloc and free. */ - int r = crypto_use_tor_alloc_functions(); - tor_assert(r == 0); - } -#endif /* defined(USE_DMALLOC) */ #ifdef NT_SERVICE { int done = 0; @@ -4313,4 +4290,3 @@ tor_run_main(const tor_main_configuration_t *tor_cfg) tor_cleanup(); return result; } - diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 18b5b6106..8b83265d8 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -32,11 +32,6 @@ #include <dirent.h> #endif /* defined(_WIN32) */ -#ifdef USE_DMALLOC -#include <dmalloc.h> -#include "or/main.h" -#endif - /** Temporary directory (set up by setup_directory) under which we store all * our files during testing. */ static char temp_dir[256]; @@ -231,13 +226,6 @@ main(int c, const char **v) /* We must initialise logs before we call tor_assert() */ init_logging(1); -#ifdef USE_DMALLOC - { - int r = crypto_use_tor_alloc_functions(); - tor_assert(r == 0); - } -#endif /* defined(USE_DMALLOC) */ - update_approx_time(time(NULL)); options = options_new(); tor_threads_init(); @@ -319,10 +307,7 @@ main(int c, const char **v) int have_failed = (tinytest_main(c, v, testgroups) != 0); free_pregenerated_keys(); -#ifdef USE_DMALLOC - tor_free_all(0); - dmalloc_log_unfreed(); -#endif + crypto_global_cleanup(); if (have_failed) @@ -330,4 +315,3 @@ main(int c, const char **v) else return 0; } -

1 0

[tor/master] Remove all use of the assert.h header
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit 90aeaa53cd3f6cf347cc0629db38079bc90ea80b Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 10:39:07 2018 -0400 Remove all use of the assert.h header Nothing in Tor has actually called assert() for some while. --- configure.ac | 3 +-- src/common/address.c | 1 - src/common/aes.c | 1 - src/common/compat.c | 1 - src/common/compress.c | 1 - src/common/container.c | 1 - src/common/log.c | 1 - src/common/tortls.c | 1 - src/common/util.c | 1 - src/or/or.h | 4 ---- src/tools/tor-gencert.c | 1 - src/tools/tor-resolve.c | 1 - 12 files changed, 1 insertion(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac index d46bcf8a9..f94258fbb 100644 --- a/configure.ac +++ b/configure.ac @@ -1312,8 +1312,7 @@ AC_SUBST(CURVE25519_LIBS) dnl Make sure to enable support for large off_t if available. AC_SYS_LARGEFILE -AC_CHECK_HEADERS([assert.h \ - errno.h \ +AC_CHECK_HEADERS([errno.h \ fcntl.h \ signal.h \ string.h \ diff --git a/src/common/address.c b/src/common/address.c index 2e8b5fc9f..f135f1ffd 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -83,7 +83,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <assert.h> /* tor_addr_is_null() and maybe other functions rely on AF_UNSPEC being 0 to * work correctly. Bail out here if we've found a platform where AF_UNSPEC diff --git a/src/common/aes.c b/src/common/aes.c index c0851c542..bdefc2b55 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -26,7 +26,6 @@ DISABLE_GCC_WARNING(redundant-decls) -#include <assert.h> #include <stdlib.h> #include <string.h> #include <openssl/aes.h> diff --git a/src/common/compat.c b/src/common/compat.c index 9b1a4d860..dece798bc 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -111,7 +111,6 @@ SecureZeroMemory(PVOID ptr, SIZE_T cnt) #endif #include <stdio.h> #include <stdlib.h> -#include <assert.h> #ifdef HAVE_SIGNAL_H #include <signal.h> #endif diff --git a/src/common/compress.c b/src/common/compress.c index 204529a54..44bb891af 100644 --- a/src/common/compress.c +++ b/src/common/compress.c @@ -12,7 +12,6 @@ #include <stdlib.h> #include <stdio.h> -#include <assert.h> #include <string.h> #include "common/torint.h" diff --git a/src/common/container.c b/src/common/container.c index 03324c873..b1a2ac799 100644 --- a/src/common/container.c +++ b/src/common/container.c @@ -19,7 +19,6 @@ #include <stdlib.h> #include <string.h> -#include <assert.h> #include "ht.h" diff --git a/src/common/log.c b/src/common/log.c index 2f5fdbc17..6aa2203a5 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -11,7 +11,6 @@ #include "orconfig.h" #include <stdarg.h> -#include <assert.h> // #include <stdio.h> #include <stdlib.h> #include <string.h> diff --git a/src/common/tortls.c b/src/common/tortls.c index b22a5aa7c..419d9c931 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -19,7 +19,6 @@ #define TORTLS_PRIVATE #define TORTLS_OPENSSL_PRIVATE -#include <assert.h> #ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/ #include <winsock2.h> #include <ws2tcpip.h> diff --git a/src/common/util.c b/src/common/util.c index 5bf70c6b5..7d10a9e24 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -45,7 +45,6 @@ #include <stdlib.h> #include <stdio.h> #include <string.h> -#include <assert.h> #include <signal.h> #ifdef HAVE_NETINET_IN_H diff --git a/src/or/or.h b/src/or/or.h index dc6d353cd..33a674d14 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -51,9 +51,6 @@ #ifdef HAVE_ERRNO_H #include <errno.h> #endif -#ifdef HAVE_ASSERT_H -#include <assert.h> -#endif #ifdef HAVE_TIME_H #include <time.h> #endif @@ -3331,4 +3328,3 @@ typedef enum was_router_added_t { typedef struct tor_version_t tor_version_t; #endif /* !defined(TOR_OR_H) */ - diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index e1d3e54d8..07db3624b 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -33,7 +33,6 @@ ENABLE_GCC_WARNING(redundant-decls) #if 0 #include <stdlib.h> #include <stdarg.h> -#include <assert.h> #endif #include "common/util.h" diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c index dfca7d792..85ff14167 100644 --- a/src/tools/tor-resolve.c +++ b/src/tools/tor-resolve.c @@ -14,7 +14,6 @@ #include <stdlib.h> #include <stdarg.h> #include <string.h> -#include <assert.h> #ifdef HAVE_NETINET_IN_H #include <netinet/in.h>

1 0

[tor/master] Add raw_assert() variants for cases where we cannot log.
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit ae01864b5d3bc8a5e3b069025d9d7972ff1a21c3 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 10:35:40 2018 -0400 Add raw_assert() variants for cases where we cannot log. Remove a different raw_assert() macro declared in log.c --- src/common/log.c | 9 +++------ src/common/util_bug.h | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/src/common/log.c b/src/common/log.c index 7ba669818..2f5fdbc17 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -50,8 +50,6 @@ #define TRUNCATED_STR_LEN 14 /** @} */ -#define raw_assert(x) assert(x) // assert OK - /** Defining compile-time constants for Tor log levels (used by the Rust * log wrapper at src/rust/tor_log) */ const int LOG_WARN_ = LOG_WARN; @@ -89,9 +87,9 @@ sev_to_string(int severity) case LOG_NOTICE: return "notice"; case LOG_WARN: return "warn"; case LOG_ERR: return "err"; - default: /* Call assert, not tor_assert, since tor_assert - * calls log on failure. */ - raw_assert(0); return "UNKNOWN"; // LCOV_EXCL_LINE + default: /* Call assert, not tor_assert, since tor_assert + * calls log on failure. */ + raw_assert_unreached(); return "UNKNOWN"; // LCOV_EXCL_LINE } } @@ -1536,4 +1534,3 @@ truncate_logs(void) } } } - diff --git a/src/common/util_bug.h b/src/common/util_bug.h index 70a28eb15..0e1af2da1 100644 --- a/src/common/util_bug.h +++ b/src/common/util_bug.h @@ -55,6 +55,21 @@ #error "Sorry; we don't support building with NDEBUG." #endif /* defined(NDEBUG) */ +/* The raw_assert...() variants are for use within code that can't call + * tor_assertion_failed_() because of call circularity issues. */ +#define raw_assert(expr) STMT_BEGIN \ + if (!(expr)) { \ + fprintf(stderr, "RAW ASSERTION FAILURE AT %s:%d: %s\n", \ + __FILE__, __LINE__, #expr); \ + abort(); \ + } \ + STMT_END +#define raw_assert_unreached(expr) raw_assert(0) +#define raw_assert_unreached_msg(msg) STMT_BEGIN \ + fprintf(stderr, "ERROR: %s\n", (msg)); \ + raw_assert_unreached(); \ + STMT_END + /* Sometimes we don't want to use assertions during branch coverage tests; it * leads to tons of unreached branches which in reality are only assertions we * didn't hit. */ @@ -199,4 +214,3 @@ void tor_set_failed_assertion_callback(void (*fn)(void)); #endif /* defined(TOR_UNIT_TESTS) */ #endif /* !defined(TOR_UTIL_BUG_H) */ -

1 0

[tor/master] Split compiler-compatibility parts of compat.h
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit aa490e971b95517b75875f5b1ef8c521bfae4040 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 13:49:03 2018 -0400 Split compiler-compatibility parts of compat.h --- src/common/compat.h | 188 +---------------------------------------- src/common/compat_compiler.h | 197 +++++++++++++++++++++++++++++++++++++++++++ src/common/include.am | 1 + 3 files changed, 199 insertions(+), 187 deletions(-) diff --git a/src/common/compat.h b/src/common/compat.h index 3b451dd10..da9bd8bcc 100644 --- a/src/common/compat.h +++ b/src/common/compat.h @@ -45,199 +45,14 @@ #include <netinet6/in6.h> #endif +#include "common/compat_compiler.h" #include "common/compat_time.h" -#if defined(__has_feature) -# if __has_feature(address_sanitizer) -/* Some of the fancy glibc strcmp() macros include references to memory that - * clang rejects because it is off the end of a less-than-3. Clang hates this, - * even though those references never actually happen. */ -# undef strcmp -#endif /* __has_feature(address_sanitizer) */ -#endif /* defined(__has_feature) */ - #include <stdio.h> #include <errno.h> -#ifndef NULL_REP_IS_ZERO_BYTES -#error "It seems your platform does not represent NULL as zero. We can't cope." -#endif - -#ifndef DOUBLE_0_REP_IS_ZERO_BYTES -#error "It seems your platform does not represent 0.0 as zeros. We can't cope." -#endif - -#if 'a'!=97 || 'z'!=122 || 'A'!=65 || ' '!=32 -#error "It seems that you encode characters in something other than ASCII." -#endif - /* ===== Compiler compatibility */ -/* GCC can check printf and scanf types on arbitrary functions. */ -#ifdef __GNUC__ -#define CHECK_PRINTF(formatIdx, firstArg) \ - __attribute__ ((format(printf, formatIdx, firstArg))) -#else -#define CHECK_PRINTF(formatIdx, firstArg) -#endif /* defined(__GNUC__) */ -#ifdef __GNUC__ -#define CHECK_SCANF(formatIdx, firstArg) \ - __attribute__ ((format(scanf, formatIdx, firstArg))) -#else -#define CHECK_SCANF(formatIdx, firstArg) -#endif /* defined(__GNUC__) */ - -/* What GCC do we have? */ -#ifdef __GNUC__ -#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__) -#else -#define GCC_VERSION 0 -#endif - -/* Temporarily enable and disable warnings. */ -#ifdef __GNUC__ -# define PRAGMA_STRINGIFY_(s) #s -# define PRAGMA_JOIN_STRINGIFY_(a,b) PRAGMA_STRINGIFY_(a ## b) -/* Support for macro-generated pragmas (c99) */ -# define PRAGMA_(x) _Pragma (#x) -# ifdef __clang__ -# define PRAGMA_DIAGNOSTIC_(x) PRAGMA_(clang diagnostic x) -# else -# define PRAGMA_DIAGNOSTIC_(x) PRAGMA_(GCC diagnostic x) -# endif -# if defined(__clang__) || GCC_VERSION >= 406 -/* we have push/pop support */ -# define DISABLE_GCC_WARNING(warningopt) \ - PRAGMA_DIAGNOSTIC_(push) \ - PRAGMA_DIAGNOSTIC_(ignored PRAGMA_JOIN_STRINGIFY_(-W,warningopt)) -# define ENABLE_GCC_WARNING(warningopt) \ - PRAGMA_DIAGNOSTIC_(pop) -#else /* !(defined(__clang__) || GCC_VERSION >= 406) */ -/* older version of gcc: no push/pop support. */ -# define DISABLE_GCC_WARNING(warningopt) \ - PRAGMA_DIAGNOSTIC_(ignored PRAGMA_JOIN_STRINGIFY_(-W,warningopt)) -# define ENABLE_GCC_WARNING(warningopt) \ - PRAGMA_DIAGNOSTIC_(warning PRAGMA_JOIN_STRINGIFY_(-W,warningopt)) -#endif /* defined(__clang__) || GCC_VERSION >= 406 */ -#else /* !(defined(__GNUC__)) */ -/* not gcc at all */ -# define DISABLE_GCC_WARNING(warning) -# define ENABLE_GCC_WARNING(warning) -#endif /* defined(__GNUC__) */ - -/* inline is __inline on windows. */ -#ifdef _WIN32 -#define inline __inline -#endif - -/* Try to get a reasonable __func__ substitute in place. */ -#if defined(_MSC_VER) - -#define __func__ __FUNCTION__ - -#else -/* For platforms where autoconf works, make sure __func__ is defined - * sanely. */ -#ifndef HAVE_MACRO__func__ -#ifdef HAVE_MACRO__FUNCTION__ -#define __func__ __FUNCTION__ -#elif HAVE_MACRO__FUNC__ -#define __func__ __FUNC__ -#else -#define __func__ "???" -#endif /* defined(HAVE_MACRO__FUNCTION__) || ... */ -#endif /* !defined(HAVE_MACRO__func__) */ -#endif /* defined(_MSC_VER) */ - -#define U64_TO_DBL(x) ((double) (x)) -#define DBL_TO_U64(x) ((uint64_t) (x)) - -#ifdef ENUM_VALS_ARE_SIGNED -#define ENUM_BF(t) unsigned -#else -/** Wrapper for having a bitfield of an enumerated type. Where possible, we - * just use the enumerated type (so the compiler can help us and notice - * problems), but if enumerated types are unsigned, we must use unsigned, - * so that the loss of precision doesn't make large values negative. */ -#define ENUM_BF(t) t -#endif /* defined(ENUM_VALS_ARE_SIGNED) */ - -/* GCC has several useful attributes. */ -#if defined(__GNUC__) && __GNUC__ >= 3 -#define ATTR_NORETURN __attribute__((noreturn)) -#define ATTR_CONST __attribute__((const)) -#define ATTR_MALLOC __attribute__((malloc)) -#define ATTR_NORETURN __attribute__((noreturn)) -#define ATTR_WUR __attribute__((warn_unused_result)) -/* Alas, nonnull is not at present a good idea for us. We'd like to get - * warnings when we pass NULL where we shouldn't (which nonnull does, albeit - * spottily), but we don't want to tell the compiler to make optimizations - * with the assumption that the argument can't be NULL (since this would make - * many of our checks go away, and make our code less robust against - * programming errors). Unfortunately, nonnull currently does both of these - * things, and there's no good way to split them up. - * - * #define ATTR_NONNULL(x) __attribute__((nonnull x)) */ -#define ATTR_NONNULL(x) -#define ATTR_UNUSED __attribute__ ((unused)) - -/** Macro: Evaluates to exp and hints the compiler that the value - * of exp will probably be true. - * - * In other words, "if (PREDICT_LIKELY(foo))" is the same as "if (foo)", - * except that it tells the compiler that the branch will be taken most of the - * time. This can generate slightly better code with some CPUs. - */ -#define PREDICT_LIKELY(exp) __builtin_expect(!!(exp), 1) -/** Macro: Evaluates to exp and hints the compiler that the value - * of exp will probably be false. - * - * In other words, "if (PREDICT_UNLIKELY(foo))" is the same as "if (foo)", - * except that it tells the compiler that the branch will usually not be - * taken. This can generate slightly better code with some CPUs. - */ -#define PREDICT_UNLIKELY(exp) __builtin_expect(!!(exp), 0) -#else /* !(defined(__GNUC__) && __GNUC__ >= 3) */ -#define ATTR_NORETURN -#define ATTR_CONST -#define ATTR_MALLOC -#define ATTR_NORETURN -#define ATTR_NONNULL(x) -#define ATTR_UNUSED -#define ATTR_WUR -#define PREDICT_LIKELY(exp) (exp) -#define PREDICT_UNLIKELY(exp) (exp) -#endif /* defined(__GNUC__) && __GNUC__ >= 3 */ - -/** Expands to a syntactically valid empty statement. */ -#define STMT_NIL (void)0 - -/** Expands to a syntactically valid empty statement, explicitly (void)ing its - * argument. */ -#define STMT_VOID(a) while (0) { (void)(a); } - -#ifdef __GNUC__ -/** STMT_BEGIN and STMT_END are used to wrap blocks inside macros so that - * the macro can be used as if it were a single C statement. */ -#define STMT_BEGIN (void) ({ -#define STMT_END }) -#elif defined(sun) || defined(__sun__) -#define STMT_BEGIN if (1) { -#define STMT_END } else STMT_NIL -#else -#define STMT_BEGIN do { -#define STMT_END } while (0) -#endif /* defined(__GNUC__) || ... */ - -/* Some tools (like coccinelle) don't like to see operators as macro - * arguments. */ -#define OP_LT < -#define OP_GT > -#define OP_GE >= -#define OP_LE <= -#define OP_EQ == -#define OP_NE != - /* ===== String compatibility */ #ifdef _WIN32 /* Windows names string functions differently from most other platforms. */ @@ -754,4 +569,3 @@ ssize_t tor_getpass(const char *prompt, char *output, size_t buflen); #include "common/compat_threads.h" #endif /* !defined(TOR_COMPAT_H) */ - diff --git a/src/common/compat_compiler.h b/src/common/compat_compiler.h new file mode 100644 index 000000000..a9a326616 --- /dev/null +++ b/src/common/compat_compiler.h @@ -0,0 +1,197 @@ +/* Copyright (c) 2003-2004, Roger Dingledine + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_COMPAT_COMPILER_H +#define TOR_COMPAT_COMPILER_H + +#include "orconfig.h" + +#if defined(__has_feature) +# if __has_feature(address_sanitizer) +/* Some of the fancy glibc strcmp() macros include references to memory that + * clang rejects because it is off the end of a less-than-3. Clang hates this, + * even though those references never actually happen. */ +# undef strcmp +#endif /* __has_feature(address_sanitizer) */ +#endif /* defined(__has_feature) */ + +#ifndef NULL_REP_IS_ZERO_BYTES +#error "It seems your platform does not represent NULL as zero. We can't cope." +#endif + +#ifndef DOUBLE_0_REP_IS_ZERO_BYTES +#error "It seems your platform does not represent 0.0 as zeros. We can't cope." +#endif + +#if 'a'!=97 || 'z'!=122 || 'A'!=65 || ' '!=32 +#error "It seems that you encode characters in something other than ASCII." +#endif + +/* GCC can check printf and scanf types on arbitrary functions. */ +#ifdef __GNUC__ +#define CHECK_PRINTF(formatIdx, firstArg) \ + __attribute__ ((format(printf, formatIdx, firstArg))) +#else +#define CHECK_PRINTF(formatIdx, firstArg) +#endif /* defined(__GNUC__) */ +#ifdef __GNUC__ +#define CHECK_SCANF(formatIdx, firstArg) \ + __attribute__ ((format(scanf, formatIdx, firstArg))) +#else +#define CHECK_SCANF(formatIdx, firstArg) +#endif /* defined(__GNUC__) */ + +/* What GCC do we have? */ +#ifdef __GNUC__ +#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__) +#else +#define GCC_VERSION 0 +#endif + +/* Temporarily enable and disable warnings. */ +#ifdef __GNUC__ +# define PRAGMA_STRINGIFY_(s) #s +# define PRAGMA_JOIN_STRINGIFY_(a,b) PRAGMA_STRINGIFY_(a ## b) +/* Support for macro-generated pragmas (c99) */ +# define PRAGMA_(x) _Pragma (#x) +# ifdef __clang__ +# define PRAGMA_DIAGNOSTIC_(x) PRAGMA_(clang diagnostic x) +# else +# define PRAGMA_DIAGNOSTIC_(x) PRAGMA_(GCC diagnostic x) +# endif +# if defined(__clang__) || GCC_VERSION >= 406 +/* we have push/pop support */ +# define DISABLE_GCC_WARNING(warningopt) \ + PRAGMA_DIAGNOSTIC_(push) \ + PRAGMA_DIAGNOSTIC_(ignored PRAGMA_JOIN_STRINGIFY_(-W,warningopt)) +# define ENABLE_GCC_WARNING(warningopt) \ + PRAGMA_DIAGNOSTIC_(pop) +#else /* !(defined(__clang__) || GCC_VERSION >= 406) */ +/* older version of gcc: no push/pop support. */ +# define DISABLE_GCC_WARNING(warningopt) \ + PRAGMA_DIAGNOSTIC_(ignored PRAGMA_JOIN_STRINGIFY_(-W,warningopt)) +# define ENABLE_GCC_WARNING(warningopt) \ + PRAGMA_DIAGNOSTIC_(warning PRAGMA_JOIN_STRINGIFY_(-W,warningopt)) +#endif /* defined(__clang__) || GCC_VERSION >= 406 */ +#else /* !(defined(__GNUC__)) */ +/* not gcc at all */ +# define DISABLE_GCC_WARNING(warning) +# define ENABLE_GCC_WARNING(warning) +#endif /* defined(__GNUC__) */ + +/* inline is __inline on windows. */ +#ifdef _WIN32 +#define inline __inline +#endif + +/* Try to get a reasonable __func__ substitute in place. */ +#if defined(_MSC_VER) + +#define __func__ __FUNCTION__ + +#else +/* For platforms where autoconf works, make sure __func__ is defined + * sanely. */ +#ifndef HAVE_MACRO__func__ +#ifdef HAVE_MACRO__FUNCTION__ +#define __func__ __FUNCTION__ +#elif HAVE_MACRO__FUNC__ +#define __func__ __FUNC__ +#else +#define __func__ "???" +#endif /* defined(HAVE_MACRO__FUNCTION__) || ... */ +#endif /* !defined(HAVE_MACRO__func__) */ +#endif /* defined(_MSC_VER) */ + +#define U64_TO_DBL(x) ((double) (x)) +#define DBL_TO_U64(x) ((uint64_t) (x)) + +#ifdef ENUM_VALS_ARE_SIGNED +#define ENUM_BF(t) unsigned +#else +/** Wrapper for having a bitfield of an enumerated type. Where possible, we + * just use the enumerated type (so the compiler can help us and notice + * problems), but if enumerated types are unsigned, we must use unsigned, + * so that the loss of precision doesn't make large values negative. */ +#define ENUM_BF(t) t +#endif /* defined(ENUM_VALS_ARE_SIGNED) */ + +/* GCC has several useful attributes. */ +#if defined(__GNUC__) && __GNUC__ >= 3 +#define ATTR_NORETURN __attribute__((noreturn)) +#define ATTR_CONST __attribute__((const)) +#define ATTR_MALLOC __attribute__((malloc)) +#define ATTR_NORETURN __attribute__((noreturn)) +#define ATTR_WUR __attribute__((warn_unused_result)) +/* Alas, nonnull is not at present a good idea for us. We'd like to get + * warnings when we pass NULL where we shouldn't (which nonnull does, albeit + * spottily), but we don't want to tell the compiler to make optimizations + * with the assumption that the argument can't be NULL (since this would make + * many of our checks go away, and make our code less robust against + * programming errors). Unfortunately, nonnull currently does both of these + * things, and there's no good way to split them up. + * + * #define ATTR_NONNULL(x) __attribute__((nonnull x)) */ +#define ATTR_NONNULL(x) +#define ATTR_UNUSED __attribute__ ((unused)) + +/** Macro: Evaluates to exp and hints the compiler that the value + * of exp will probably be true. + * + * In other words, "if (PREDICT_LIKELY(foo))" is the same as "if (foo)", + * except that it tells the compiler that the branch will be taken most of the + * time. This can generate slightly better code with some CPUs. + */ +#define PREDICT_LIKELY(exp) __builtin_expect(!!(exp), 1) +/** Macro: Evaluates to exp and hints the compiler that the value + * of exp will probably be false. + * + * In other words, "if (PREDICT_UNLIKELY(foo))" is the same as "if (foo)", + * except that it tells the compiler that the branch will usually not be + * taken. This can generate slightly better code with some CPUs. + */ +#define PREDICT_UNLIKELY(exp) __builtin_expect(!!(exp), 0) +#else /* !(defined(__GNUC__) && __GNUC__ >= 3) */ +#define ATTR_NORETURN +#define ATTR_CONST +#define ATTR_MALLOC +#define ATTR_NORETURN +#define ATTR_NONNULL(x) +#define ATTR_UNUSED +#define ATTR_WUR +#define PREDICT_LIKELY(exp) (exp) +#define PREDICT_UNLIKELY(exp) (exp) +#endif /* defined(__GNUC__) && __GNUC__ >= 3 */ + +/** Expands to a syntactically valid empty statement. */ +#define STMT_NIL (void)0 + +/** Expands to a syntactically valid empty statement, explicitly (void)ing its + * argument. */ +#define STMT_VOID(a) while (0) { (void)(a); } + +#ifdef __GNUC__ +/** STMT_BEGIN and STMT_END are used to wrap blocks inside macros so that + * the macro can be used as if it were a single C statement. */ +#define STMT_BEGIN (void) ({ +#define STMT_END }) +#elif defined(sun) || defined(__sun__) +#define STMT_BEGIN if (1) { +#define STMT_END } else STMT_NIL +#else +#define STMT_BEGIN do { +#define STMT_END } while (0) +#endif /* defined(__GNUC__) || ... */ + +/* Some tools (like coccinelle) don't like to see operators as macro + * arguments. */ +#define OP_LT < +#define OP_GT > +#define OP_GE >= +#define OP_LE <= +#define OP_EQ == +#define OP_NE != + +#endif /* !defined(TOR_COMPAT_H) */ diff --git a/src/common/include.am b/src/common/include.am index 67b60d3ee..93fef6b93 100644 --- a/src/common/include.am +++ b/src/common/include.am @@ -167,6 +167,7 @@ COMMONHEADERS = \ src/common/aes.h \ src/common/ciphers.inc \ src/common/compat.h \ + src/common/compat_compiler.h \ src/common/compat_libevent.h \ src/common/compat_openssl.h \ src/common/compat_threads.h \

1 0

[tor/master] Move horrible-emergency handling into torerr.[ch]
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit 5ecd1fec1583b8aa865ac5cae0cece42451395bd Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 13:02:05 2018 -0400 Move horrible-emergency handling into torerr.[ch] Previously we had code like this for bad things happening from signal handlers, but it makes sense to use the same logic to handle cases when something is happening at a level too low for log.c to be involved. My raw_assert*() stuff now uses this code. --- src/common/backtrace.c | 2 +- src/common/compat_time.c | 1 + src/common/include.am | 2 + src/common/log.c | 89 ++++--------------- src/common/sandbox.c | 4 +- src/common/torerr.c | 222 +++++++++++++++++++++++++++++++++++++++++++++++ src/common/torerr.h | 45 ++++++++++ src/common/torlog.h | 3 - src/common/util.c | 79 ----------------- src/common/util.h | 4 +- src/common/util_bug.h | 15 ---- src/test/test_logging.c | 2 +- 12 files changed, 291 insertions(+), 177 deletions(-) diff --git a/src/common/backtrace.c b/src/common/backtrace.c index c3c0b77ab..56cefdf93 100644 --- a/src/common/backtrace.c +++ b/src/common/backtrace.c @@ -17,6 +17,7 @@ #include "common/compat.h" #include "common/util.h" #include "common/torlog.h" +#include "common/torerr.h" #ifdef HAVE_EXECINFO_H #include <execinfo.h> @@ -245,4 +246,3 @@ clean_up_backtrace_handler(void) tor_free(bt_version); } - diff --git a/src/common/compat_time.c b/src/common/compat_time.c index 5c7067461..913fa666e 100644 --- a/src/common/compat_time.c +++ b/src/common/compat_time.c @@ -34,6 +34,7 @@ #include <mach/mach_time.h> #endif +#include "common/torerr.h" #include "common/torlog.h" #include "common/util.h" #include "common/container.h" diff --git a/src/common/include.am b/src/common/include.am index 724473c14..67b60d3ee 100644 --- a/src/common/include.am +++ b/src/common/include.am @@ -99,6 +99,7 @@ LIBOR_A_SRC = \ src/common/sandbox.c \ src/common/storagedir.c \ src/common/token_bucket.c \ + src/common/torerr.c \ src/common/workqueue.c \ $(libor_extra_source) \ $(threads_impl_source) \ @@ -201,6 +202,7 @@ COMMONHEADERS = \ src/common/testsupport.h \ src/common/timers.h \ src/common/token_bucket.h \ + src/common/torerr.c \ src/common/torint.h \ src/common/torlog.h \ src/common/tortls.h \ diff --git a/src/common/log.c b/src/common/log.c index 6aa2203a5..6dba5bf4b 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -34,6 +34,8 @@ #define LOG_PRIVATE #include "common/torlog.h" #include "common/container.h" +#include "common/torerr.h" + #ifdef HAVE_ANDROID_LOG_H #include <android/log.h> #endif // HAVE_ANDROID_LOG_H. @@ -265,6 +267,7 @@ void set_log_time_granularity(int granularity_msec) { log_time_granularity = granularity_msec; + tor_log_sigsafe_err_set_granularity(granularity_msec); } /** Helper: Write the standard prefix for log lines to a @@ -631,71 +634,6 @@ tor_log(int severity, log_domain_mask_t domain, const char *format, ...) va_end(ap); } -/** Maximum number of fds that will get notifications if we crash */ -#define MAX_SIGSAFE_FDS 8 -/** Array of fds to log crash-style warnings to. */ -static int sigsafe_log_fds[MAX_SIGSAFE_FDS] = { STDERR_FILENO }; -/** The number of elements used in sigsafe_log_fds */ -static int n_sigsafe_log_fds = 1; - -/** Write s to each element of sigsafe_log_fds. Return 0 on success, -1 - * on failure. */ -static int -tor_log_err_sigsafe_write(const char *s) -{ - int i; - ssize_t r; - size_t len = strlen(s); - int err = 0; - for (i=0; i < n_sigsafe_log_fds; ++i) { - r = write(sigsafe_log_fds[i], s, len); - err += (r != (ssize_t)len); - } - return err ? -1 : 0; -} - -/** Given a list of string arguments ending with a NULL, writes them - * to our logs and to stderr (if possible). This function is safe to call - * from within a signal handler. */ -void -tor_log_err_sigsafe(const char *m, ...) -{ - va_list ap; - const char *x; - char timebuf[33]; - time_t now = time(NULL); - - if (!m) - return; - if (log_time_granularity >= 2000) { - int g = log_time_granularity / 1000; - now -= now % g; - } - timebuf[0] = now < 0 ? '-' : ' '; - if (now < 0) now = -now; - timebuf[1] = '\0'; - format_dec_number_sigsafe(now, timebuf+1, sizeof(timebuf)-1); - tor_log_err_sigsafe_write("\n==========================================" - "================== T="); - tor_log_err_sigsafe_write(timebuf); - tor_log_err_sigsafe_write("\n"); - tor_log_err_sigsafe_write(m); - va_start(ap, m); - while ((x = va_arg(ap, const char*))) { - tor_log_err_sigsafe_write(x); - } - va_end(ap); -} - -/** Set *out to a pointer to an array of the fds to log errors to from - * inside a signal handler. Return the number of elements in the array. */ -int -tor_log_get_sigsafe_err_fds(const int **out) -{ - *out = sigsafe_log_fds; - return n_sigsafe_log_fds; -} - /** Helper function; return true iff the n-element array array * contains item. */ static int @@ -717,11 +655,14 @@ tor_log_update_sigsafe_err_fds(void) const logfile_t *lf; int found_real_stderr = 0; + int fds[TOR_SIGSAFE_LOG_MAX_FDS]; + int n_fds; + LOCK_LOGS(); /* Reserve the first one for stderr. This is safe because when we daemonize, * we dup2 /dev/null to stderr, */ - sigsafe_log_fds[0] = STDERR_FILENO; - n_sigsafe_log_fds = 1; + fds[0] = STDERR_FILENO; + n_fds = 1; for (lf = logfiles; lf; lf = lf->next) { /* Don't try callback to the control port, or syslogs: We can't @@ -735,22 +676,24 @@ tor_log_update_sigsafe_err_fds(void) if (lf->fd == STDERR_FILENO) found_real_stderr = 1; /* Avoid duplicates */ - if (int_array_contains(sigsafe_log_fds, n_sigsafe_log_fds, lf->fd)) + if (int_array_contains(fds, n_fds, lf->fd)) continue; - sigsafe_log_fds[n_sigsafe_log_fds++] = lf->fd; - if (n_sigsafe_log_fds == MAX_SIGSAFE_FDS) + fds[n_fds++] = lf->fd; + if (n_fds == TOR_SIGSAFE_LOG_MAX_FDS) break; } } if (!found_real_stderr && - int_array_contains(sigsafe_log_fds, n_sigsafe_log_fds, STDOUT_FILENO)) { + int_array_contains(fds, n_fds, STDOUT_FILENO)) { /* Don't use a virtual stderr when we're also logging to stdout. */ - raw_assert(n_sigsafe_log_fds >= 2); /* Don't tor_assert inside log fns */ - sigsafe_log_fds[0] = sigsafe_log_fds[--n_sigsafe_log_fds]; + raw_assert(n_fds >= 2); /* Don't tor_assert inside log fns */ + fds[0] = fds[--n_fds]; } UNLOCK_LOGS(); + + tor_log_set_sigsafe_err_fds(fds, n_fds); } /** Add to out a copy of every currently configured log file name. Used diff --git a/src/common/sandbox.c b/src/common/sandbox.c index cba63e04f..3679037f8 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1,4 +1,4 @@ - /* Copyright (c) 2001 Matej Pfajfar. +/* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. * Copyright (c) 2007-2018, The Tor Project, Inc. */ @@ -34,6 +34,7 @@ #include "common/sandbox.h" #include "common/container.h" +#include "common/torerr.h" #include "common/torlog.h" #include "common/torint.h" #include "common/util.h" @@ -1974,4 +1975,3 @@ sandbox_disable_getaddrinfo_cache(void) { } #endif /* !defined(USE_LIBSECCOMP) */ - diff --git a/src/common/torerr.c b/src/common/torerr.c new file mode 100644 index 000000000..c22526254 --- /dev/null +++ b/src/common/torerr.c @@ -0,0 +1,222 @@ +/* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file torerr.c + * + * \brief Handling code for unrecoverable emergencies, at a lower level + * than the logging code. + */ + +#include "orconfig.h" +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#endif +#ifdef HAVE_TIME_H +#include <time.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#include "common/torerr.h" + +/** Array of fds to log crash-style warnings to. */ +static int sigsafe_log_fds[TOR_SIGSAFE_LOG_MAX_FDS] = { STDERR_FILENO }; +/** The number of elements used in sigsafe_log_fds */ +static int n_sigsafe_log_fds = 1; +/** Log granularity in milliseconds. */ +static int log_granularity = 1000; + +/** Write s to each element of sigsafe_log_fds. Return 0 on success, -1 + * on failure. */ +static int +tor_log_err_sigsafe_write(const char *s) +{ + int i; + ssize_t r; + size_t len = strlen(s); + int err = 0; + for (i=0; i < n_sigsafe_log_fds; ++i) { + r = write(sigsafe_log_fds[i], s, len); + err += (r != (ssize_t)len); + } + return err ? -1 : 0; +} + +/** Given a list of string arguments ending with a NULL, writes them + * to our logs and to stderr (if possible). This function is safe to call + * from within a signal handler. */ +void +tor_log_err_sigsafe(const char *m, ...) +{ + va_list ap; + const char *x; + char timebuf[33]; + time_t now = time(NULL); + + if (!m) + return; + if (log_granularity >= 2000) { + int g = log_granularity / 1000; + now -= now % g; + } + timebuf[0] = now < 0 ? '-' : ' '; + if (now < 0) now = -now; + timebuf[1] = '\0'; + format_dec_number_sigsafe(now, timebuf+1, sizeof(timebuf)-1); + tor_log_err_sigsafe_write("\n==========================================" + "================== T="); + tor_log_err_sigsafe_write(timebuf); + tor_log_err_sigsafe_write("\n"); + tor_log_err_sigsafe_write(m); + va_start(ap, m); + while ((x = va_arg(ap, const char*))) { + tor_log_err_sigsafe_write(x); + } + va_end(ap); +} + +/** Set *out to a pointer to an array of the fds to log errors to from + * inside a signal handler or other emergency condition. Return the number of + * elements in the array. */ +int +tor_log_get_sigsafe_err_fds(const int **out) +{ + *out = sigsafe_log_fds; + return n_sigsafe_log_fds; +} + +/** + * Update the list of fds that get errors from inside a signal handler or + * other emergency condition. Ignore any beyond the first + * TOR_SIGSAFE_LOG_MAX_FDS. + */ +void +tor_log_set_sigsafe_err_fds(const int *fds, int n) +{ + if (n > TOR_SIGSAFE_LOG_MAX_FDS) { + n = TOR_SIGSAFE_LOG_MAX_FDS; + } + + memcpy(sigsafe_log_fds, fds, n * sizeof(int)); + n_sigsafe_log_fds = n; +} + +/** + * Set the granularity (in ms) to use when reporting fatal errors outside + * the logging system. + */ +void +tor_log_sigsafe_err_set_granularity(int ms) +{ + log_granularity = ms; +} + +/** + * Log an emergency assertion failure message. + * + * This kind of message is safe to send from within a log handler, + * a signal handler, or other emergency situation. + */ +void +tor_raw_assertion_failed_msg_(const char *file, int line, const char *expr, + const char *msg) +{ + char linebuf[16]; + format_dec_number_sigsafe(line, linebuf, sizeof(linebuf)); + tor_log_err_sigsafe("INTERNAL ERROR: Raw assertion failed at ", + file, ":", linebuf, ": ", expr, NULL); + if (msg) { + tor_log_err_sigsafe_write(msg); + tor_log_err_sigsafe_write("\n"); + } +} + +/* As format_{hex,dex}_number_sigsafe, but takes a radix argument + * in range 2..16 inclusive. */ +static int +format_number_sigsafe(unsigned long x, char *buf, int buf_len, + unsigned int radix) +{ + unsigned long tmp; + int len; + char *cp; + + /* NOT tor_assert. This needs to be safe to run from within a signal handler, + * and from within the 'tor_assert() has failed' code. */ + if (radix < 2 || radix > 16) + return 0; + + /* Count how many digits we need. */ + tmp = x; + len = 1; + while (tmp >= radix) { + tmp /= radix; + ++len; + } + + /* Not long enough */ + if (!buf || len >= buf_len) + return 0; + + cp = buf + len; + *cp = '\0'; + do { + unsigned digit = (unsigned) (x % radix); + raw_assert(cp > buf); + --cp; + *cp = "0123456789ABCDEF"[digit]; + x /= radix; + } while (x); + + /* NOT tor_assert; see above. */ + if (cp != buf) { + abort(); // LCOV_EXCL_LINE + } + + return len; +} + +/** + * Helper function to output hex numbers from within a signal handler. + * + * Writes the nul-terminated hexadecimal digits of x into a buffer + * buf of size buf_len, and return the actual number of digits + * written, not counting the terminal NUL. + * + * If there is insufficient space, write nothing and return 0. + * + * This accepts an unsigned int because format_helper_exit_status() needs to + * call it with a signed int and an unsigned char, and since the C standard + * does not guarantee that an int is wider than a char (an int must be at + * least 16 bits but it is permitted for a char to be that wide as well), we + * can't assume a signed int is sufficient to accommodate an unsigned char. + * Thus, format_helper_exit_status() will still need to emit any require '-' + * on its own. + * + * For most purposes, you'd want to use tor_snprintf("%x") instead of this + * function; it's designed to be used in code paths where you can't call + * arbitrary C functions. + */ +int +format_hex_number_sigsafe(unsigned long x, char *buf, int buf_len) +{ + return format_number_sigsafe(x, buf, buf_len, 16); +} + +/** As format_hex_number_sigsafe, but format the number in base 10. */ +int +format_dec_number_sigsafe(unsigned long x, char *buf, int buf_len) +{ + return format_number_sigsafe(x, buf, buf_len, 10); +} diff --git a/src/common/torerr.h b/src/common/torerr.h new file mode 100644 index 000000000..09d8eeb76 --- /dev/null +++ b/src/common/torerr.h @@ -0,0 +1,45 @@ +/* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file torerr.h + * + * \brief Headers for torerr.c. + **/ + +#ifndef TOR_TORERR_H +#define TOR_TORERR_H + +/* The raw_assert...() variants are for use within code that can't call + * tor_assertion_failed_() because of call circularity issues. */ +#define raw_assert(expr) do { \ + if (!(expr)) { \ + tor_raw_assertion_failed_msg_(__FILE__, __LINE__, #expr, NULL); \ + abort(); \ + } \ + } while (0) +#define raw_assert_unreached(expr) raw_assert(0) +#define raw_assert_unreached_msg(msg) do { \ + tor_raw_assertion_failed_msg_(__FILE__, __LINE__, "0", (msg)); \ + abort(); \ + } while (0) + +void tor_raw_assertion_failed_msg_(const char *file, int line, + const char *expr, + const char *msg); + +/** Maximum number of fds that will get notifications if we crash */ +#define TOR_SIGSAFE_LOG_MAX_FDS 8 + +void tor_log_err_sigsafe(const char *m, ...); +int tor_log_get_sigsafe_err_fds(const int **out); +void tor_log_set_sigsafe_err_fds(const int *fds, int n); +void tor_log_sigsafe_err_set_granularity(int ms); + +int format_hex_number_sigsafe(unsigned long x, char *buf, int max_len); +int format_dec_number_sigsafe(unsigned long x, char *buf, int max_len); + +#endif /* !defined(TOR_TORLOG_H) */ diff --git a/src/common/torlog.h b/src/common/torlog.h index 65921c7b0..56f922d40 100644 --- a/src/common/torlog.h +++ b/src/common/torlog.h @@ -175,8 +175,6 @@ void truncate_logs(void); void tor_log(int severity, log_domain_mask_t domain, const char *format, ...) CHECK_PRINTF(3,4); -void tor_log_err_sigsafe(const char *m, ...); -int tor_log_get_sigsafe_err_fds(const int **out); void tor_log_update_sigsafe_err_fds(void); struct smartlist_t; @@ -272,4 +270,3 @@ MOCK_DECL(STATIC void, logv, (int severity, log_domain_mask_t domain, # define TOR_TORLOG_H #endif /* !defined(TOR_TORLOG_H) */ - diff --git a/src/common/util.c b/src/common/util.c index 7d10a9e24..5a477eeba 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -3865,85 +3865,6 @@ tor_join_win_cmdline(const char *argv[]) return joined_argv; } -/* As format_{hex,dex}_number_sigsafe, but takes a radix argument - * in range 2..16 inclusive. */ -static int -format_number_sigsafe(unsigned long x, char *buf, int buf_len, - unsigned int radix) -{ - unsigned long tmp; - int len; - char *cp; - - /* NOT tor_assert. This needs to be safe to run from within a signal handler, - * and from within the 'tor_assert() has failed' code. */ - if (radix < 2 || radix > 16) - return 0; - - /* Count how many digits we need. */ - tmp = x; - len = 1; - while (tmp >= radix) { - tmp /= radix; - ++len; - } - - /* Not long enough */ - if (!buf || len >= buf_len) - return 0; - - cp = buf + len; - *cp = '\0'; - do { - unsigned digit = (unsigned) (x % radix); - tor_assert(cp > buf); - --cp; - *cp = "0123456789ABCDEF"[digit]; - x /= radix; - } while (x); - - /* NOT tor_assert; see above. */ - if (cp != buf) { - abort(); // LCOV_EXCL_LINE - } - - return len; -} - -/** - * Helper function to output hex numbers from within a signal handler. - * - * Writes the nul-terminated hexadecimal digits of x into a buffer - * buf of size buf_len, and return the actual number of digits - * written, not counting the terminal NUL. - * - * If there is insufficient space, write nothing and return 0. - * - * This accepts an unsigned int because format_helper_exit_status() needs to - * call it with a signed int and an unsigned char, and since the C standard - * does not guarantee that an int is wider than a char (an int must be at - * least 16 bits but it is permitted for a char to be that wide as well), we - * can't assume a signed int is sufficient to accommodate an unsigned char. - * Thus, format_helper_exit_status() will still need to emit any require '-' - * on its own. - * - * For most purposes, you'd want to use tor_snprintf("%x") instead of this - * function; it's designed to be used in code paths where you can't call - * arbitrary C functions. - */ -int -format_hex_number_sigsafe(unsigned long x, char *buf, int buf_len) -{ - return format_number_sigsafe(x, buf, buf_len, 16); -} - -/** As format_hex_number_sigsafe, but format the number in base 10. */ -int -format_dec_number_sigsafe(unsigned long x, char *buf, int buf_len) -{ - return format_number_sigsafe(x, buf, buf_len, 10); -} - #ifndef _WIN32 /** Format child_state and saved_errno as a hex string placed in * hex_errno. Called between fork and _exit, so must be signal-handler diff --git a/src/common/util.h b/src/common/util.h index 7921357ac..a5e6c4d46 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -22,6 +22,7 @@ /* for the correct alias to struct stat */ #include <sys/stat.h> #endif +#include "common/torerr.h" #include "common/util_bug.h" #ifndef O_BINARY @@ -522,9 +523,6 @@ int32_t tor_weak_random_range(tor_weak_rng_t *rng, int32_t top); * n */ #define tor_weak_random_one_in_n(rng, n) (0==tor_weak_random_range((rng),(n))) -int format_hex_number_sigsafe(unsigned long x, char *buf, int max_len); -int format_dec_number_sigsafe(unsigned long x, char *buf, int max_len); - #ifdef UTIL_PRIVATE /* Prototypes for private functions only used by util.c (and unit tests) */ diff --git a/src/common/util_bug.h b/src/common/util_bug.h index 0e1af2da1..1d499a197 100644 --- a/src/common/util_bug.h +++ b/src/common/util_bug.h @@ -55,21 +55,6 @@ #error "Sorry; we don't support building with NDEBUG." #endif /* defined(NDEBUG) */ -/* The raw_assert...() variants are for use within code that can't call - * tor_assertion_failed_() because of call circularity issues. */ -#define raw_assert(expr) STMT_BEGIN \ - if (!(expr)) { \ - fprintf(stderr, "RAW ASSERTION FAILURE AT %s:%d: %s\n", \ - __FILE__, __LINE__, #expr); \ - abort(); \ - } \ - STMT_END -#define raw_assert_unreached(expr) raw_assert(0) -#define raw_assert_unreached_msg(msg) STMT_BEGIN \ - fprintf(stderr, "ERROR: %s\n", (msg)); \ - raw_assert_unreached(); \ - STMT_END - /* Sometimes we don't want to use assertions during branch coverage tests; it * leads to tons of unreached branches which in reality are only assertions we * didn't hit. */ diff --git a/src/test/test_logging.c b/src/test/test_logging.c index aebfd3606..eaad7ed13 100644 --- a/src/test/test_logging.c +++ b/src/test/test_logging.c @@ -3,6 +3,7 @@ #include "orconfig.h" #include "or/or.h" +#include "common/torerr.h" #include "common/torlog.h" #include "test/test.h" @@ -170,4 +171,3 @@ struct testcase_t logging_tests[] = { { "ratelim", test_ratelim, 0, NULL, NULL }, END_OF_TESTCASES }; -

1 0

[tor/master] Use raw_assert in tor_gettimeofday
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit 8865972a0b18a2fdcf42b55149989d0705c85577 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 10:42:06 2018 -0400 Use raw_assert in tor_gettimeofday We don't want to actually be calling logs when gettimeofday() fails, since we need gettimeofday() to log. --- src/common/compat_time.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/common/compat_time.c b/src/common/compat_time.c index ed0a1550f..5c7067461 100644 --- a/src/common/compat_time.c +++ b/src/common/compat_time.c @@ -99,10 +99,9 @@ tor_gettimeofday, (struct timeval *timeval)) #elif defined(HAVE_GETTIMEOFDAY) if (gettimeofday(timeval, NULL)) { /* LCOV_EXCL_START */ - log_err(LD_GENERAL,"gettimeofday failed."); /* If gettimeofday dies, we have either given a bad timezone (we didn't), or segfaulted.*/ - exit(1); // exit ok: gettimeofday failed. + raw_assert_unreached_msg("gettimeofday failed"); /* LCOV_EXCL_STOP */ } #elif defined(HAVE_FTIME) @@ -900,4 +899,3 @@ monotime_msec_to_approx_coarse_stamp_units(uint64_t msec) return (msec * STAMP_TICKS_PER_SECOND) / 1000; } #endif -

1 0

[tor/master] Use compat_compiler to restore macros in torerr.h
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit 3246c9648c796ebfd591d0d1225fc6124413520b Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 13:51:21 2018 -0400 Use compat_compiler to restore macros in torerr.h --- src/common/torerr.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/common/torerr.h b/src/common/torerr.h index 09d8eeb76..10d9f481c 100644 --- a/src/common/torerr.h +++ b/src/common/torerr.h @@ -13,19 +13,21 @@ #ifndef TOR_TORERR_H #define TOR_TORERR_H +#include "common/compat_compiler.h" + /* The raw_assert...() variants are for use within code that can't call * tor_assertion_failed_() because of call circularity issues. */ -#define raw_assert(expr) do { \ +#define raw_assert(expr) STMT_BEGIN \ if (!(expr)) { \ tor_raw_assertion_failed_msg_(__FILE__, __LINE__, #expr, NULL); \ abort(); \ } \ - } while (0) + STMT_END #define raw_assert_unreached(expr) raw_assert(0) -#define raw_assert_unreached_msg(msg) do { \ +#define raw_assert_unreached_msg(msg) STMT_BEGIN \ tor_raw_assertion_failed_msg_(__FILE__, __LINE__, "0", (msg)); \ abort(); \ - } while (0) + STMT_END void tor_raw_assertion_failed_msg_(const char *file, int line, const char *expr,

1 0

[tor/master] Remove log dependency from backtrace.[ch]
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit a969ce464dc23db39725a891d60537f3d3e51b50 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 13:51:49 2018 -0400 Remove log dependency from backtrace.[ch] --- src/common/backtrace.c | 78 +++++++++++++++++++++++++++++--------------------- src/common/backtrace.h | 11 +++++-- src/or/main.c | 8 +++++- 3 files changed, 62 insertions(+), 35 deletions(-) diff --git a/src/common/backtrace.c b/src/common/backtrace.c index 56cefdf93..af939b0a8 100644 --- a/src/common/backtrace.c +++ b/src/common/backtrace.c @@ -14,9 +14,6 @@ */ #include "orconfig.h" -#include "common/compat.h" -#include "common/util.h" -#include "common/torlog.h" #include "common/torerr.h" #ifdef HAVE_EXECINFO_H @@ -31,6 +28,9 @@ #ifdef HAVE_SIGNAL_H #include <signal.h> #endif +#include <errno.h> +#include <stdlib.h> +#include <string.h> #ifdef HAVE_CYGWIN_SIGNAL_H #include <cygwin/signal.h> @@ -40,8 +40,13 @@ #include <ucontext.h> #endif /* defined(HAVE_CYGWIN_SIGNAL_H) || ... */ +#ifdef HAVE_PTHREAD_H +#include <pthread.h> +#endif + #define EXPOSE_CLEAN_BACKTRACE #include "common/backtrace.h" +#include "common/torerr.h" #if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \ defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION) @@ -52,17 +57,21 @@ #define NO_BACKTRACE_IMPL #endif -/** Version of Tor to report in backtrace messages. */ -static char *bt_version = NULL; +// Redundant with util.h, but doing it here so we can avoid that dependency. +#define raw_free free #ifdef USE_BACKTRACE +/** Version of Tor to report in backtrace messages. */ +static char bt_version[128] = ""; + /** Largest stack depth to try to dump. */ #define MAX_DEPTH 256 /** Static allocation of stack to dump. This is static so we avoid stack * pressure. */ static void *cb_buf[MAX_DEPTH]; -/** Protects cb_buf from concurrent access */ -static tor_mutex_t cb_buf_mutex; +/** Protects cb_buf from concurrent access. Pthreads, since this code + * is Unix-only, and since this code needs to be lowest-level. */ +static pthread_mutex_t cb_buf_mutex = PTHREAD_MUTEX_INITIALIZER; /** Change a stacktrace in stack of depth depth so that it will * log the correct function from which a signal was received with context @@ -95,33 +104,35 @@ clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx) } /** Log a message msg at severity in domain, and follow - * that with a backtrace log. */ + * that with a backtrace log. Send messages via the tor_log function at + * logger". */ void -log_backtrace(int severity, int domain, const char *msg) +log_backtrace_impl(int severity, int domain, const char *msg, + tor_log_fn logger) { size_t depth; char **symbols; size_t i; - tor_mutex_acquire(&cb_buf_mutex); + pthread_mutex_lock(&cb_buf_mutex); depth = backtrace(cb_buf, MAX_DEPTH); symbols = backtrace_symbols(cb_buf, (int)depth); - tor_log(severity, domain, "%s. Stack trace:", msg); + logger(severity, domain, "%s. Stack trace:", msg); if (!symbols) { /* LCOV_EXCL_START -- we can't provoke this. */ - tor_log(severity, domain, " Unable to generate backtrace."); + logger(severity, domain, " Unable to generate backtrace."); goto done; /* LCOV_EXCL_STOP */ } for (i=0; i < depth; ++i) { - tor_log(severity, domain, " %s", symbols[i]); + logger(severity, domain, " %s", symbols[i]); } raw_free(symbols); done: - tor_mutex_release(&cb_buf_mutex); + pthread_mutex_unlock(&cb_buf_mutex); } static void crash_handler(int sig, siginfo_t *si, void *ctx_) @@ -157,17 +168,18 @@ crash_handler(int sig, siginfo_t *si, void *ctx_) } /** Install signal handlers as needed so that when we crash, we produce a - * useful stack trace. Return 0 on success, -1 on failure. */ + * useful stack trace. Return 0 on success, -errno on failure. */ static int -install_bt_handler(void) +install_bt_handler(const char *software) { int trap_signals[] = { SIGSEGV, SIGILL, SIGFPE, SIGBUS, SIGSYS, SIGIO, -1 }; int i, rv=0; - struct sigaction sa; + strncpy(bt_version, software, sizeof(bt_version) - 1); + bt_version[sizeof(bt_version) - 1] = 0; - tor_mutex_init(&cb_buf_mutex); + struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = crash_handler; @@ -177,8 +189,7 @@ install_bt_handler(void) for (i = 0; trap_signals[i] >= 0; ++i) { if (sigaction(trap_signals[i], &sa, NULL) == -1) { /* LCOV_EXCL_START */ - log_warn(LD_BUG, "Sigaction failed: %s", strerror(errno)); - rv = -1; + rv = -errno; /* LCOV_EXCL_STOP */ } } @@ -201,20 +212,21 @@ install_bt_handler(void) static void remove_bt_handler(void) { - tor_mutex_uninit(&cb_buf_mutex); } #endif /* defined(USE_BACKTRACE) */ #ifdef NO_BACKTRACE_IMPL void -log_backtrace(int severity, int domain, const char *msg) +log_backtrace_impl(int severity, int domain, const char *msg, + tor_log_fn logger) { - tor_log(severity, domain, "%s. (Stack trace not available)", msg); + logger(severity, domain, "%s. (Stack trace not available)", msg); } static int -install_bt_handler(void) +install_bt_handler(const char *software) { + (void) software; return 0; } @@ -228,13 +240,17 @@ remove_bt_handler(void) int configure_backtrace_handler(const char *tor_version) { - tor_free(bt_version); - if (tor_version) - tor_asprintf(&bt_version, "Tor %s", tor_version); - else - tor_asprintf(&bt_version, "Tor"); + char version[128]; + strncpy(version, "Tor", sizeof(version)-1); + + if (tor_version) { + strncat(version, " ", sizeof(version)-1); + strncat(version, tor_version, sizeof(version)-1); + } + + version[sizeof(version) - 1] = 0; - return install_bt_handler(); + return install_bt_handler(version); } /** Perform end-of-process cleanup for code that generates error messages on @@ -243,6 +259,4 @@ void clean_up_backtrace_handler(void) { remove_bt_handler(); - - tor_free(bt_version); } diff --git a/src/common/backtrace.h b/src/common/backtrace.h index 8c4390e98..7182aeb07 100644 --- a/src/common/backtrace.h +++ b/src/common/backtrace.h @@ -5,11 +5,19 @@ #define TOR_BACKTRACE_H #include "orconfig.h" +#include "common/compat_compiler.h" -void log_backtrace(int severity, int domain, const char *msg); +typedef void (*tor_log_fn)(int, unsigned, const char *fmt, ...) + CHECK_PRINTF(3,4); + +void log_backtrace_impl(int severity, int domain, const char *msg, + tor_log_fn logger); int configure_backtrace_handler(const char *tor_version); void clean_up_backtrace_handler(void); +#define log_backtrace(sev, dom, msg) \ + log_backtrace_impl((sev), (dom), (msg), tor_log) + #ifdef EXPOSE_CLEAN_BACKTRACE #if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \ defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION) @@ -18,4 +26,3 @@ void clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx); #endif /* defined(EXPOSE_CLEAN_BACKTRACE) */ #endif /* !defined(TOR_BACKTRACE_H) */ - diff --git a/src/or/main.c b/src/or/main.c index 55ff41fd9..b2856d3f8 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -4214,7 +4214,13 @@ tor_run_main(const tor_main_configuration_t *tor_cfg) } #endif /* defined(_WIN32) */ - configure_backtrace_handler(get_version()); + { + int bt_err = configure_backtrace_handler(get_version()); + if (bt_err < 0) { + log_warn(LD_BUG, "Unable to install backtrace handler: %s", + strerror(-bt_err)); + } + } init_protocol_warning_severity_level(); update_approx_time(time(NULL));

1 0

[tor/master] Use raw_assert in mutex functions to avoid circularity in logs.
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit 17ba51a30a87b554093781a3becc6e39e9573684 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 14:15:00 2018 -0400 Use raw_assert in mutex functions to avoid circularity in logs. --- src/common/compat_pthreads.c | 22 ++++++++-------------- src/common/compat_winthreads.c | 3 +-- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/src/common/compat_pthreads.c b/src/common/compat_pthreads.c index 6d5f84677..c2f8609db 100644 --- a/src/common/compat_pthreads.c +++ b/src/common/compat_pthreads.c @@ -106,8 +106,7 @@ tor_mutex_init(tor_mutex_t *mutex) const int err = pthread_mutex_init(&mutex->mutex, &attr_recursive); if (PREDICT_UNLIKELY(err)) { // LCOV_EXCL_START - log_err(LD_GENERAL, "Error %d creating a mutex.", err); - tor_assert_unreached(); + raw_assert_unreached_msg("Error creating a mutex."); // LCOV_EXCL_STOP } } @@ -123,8 +122,7 @@ tor_mutex_init_nonrecursive(tor_mutex_t *mutex) err = pthread_mutex_init(&mutex->mutex, NULL); if (PREDICT_UNLIKELY(err)) { // LCOV_EXCL_START - log_err(LD_GENERAL, "Error %d creating a mutex.", err); - tor_assert_unreached(); + raw_assert_unreached_msg("Error creating a mutex."); // LCOV_EXCL_STOP } } @@ -134,12 +132,11 @@ void tor_mutex_acquire(tor_mutex_t *m) { int err; - tor_assert(m); + raw_assert(m); err = pthread_mutex_lock(&m->mutex); if (PREDICT_UNLIKELY(err)) { // LCOV_EXCL_START - log_err(LD_GENERAL, "Error %d locking a mutex.", err); - tor_assert_unreached(); + raw_assert_unreached_msg("Error locking a mutex."); // LCOV_EXCL_STOP } } @@ -148,12 +145,11 @@ void tor_mutex_release(tor_mutex_t *m) { int err; - tor_assert(m); + raw_assert(m); err = pthread_mutex_unlock(&m->mutex); if (PREDICT_UNLIKELY(err)) { // LCOV_EXCL_START - log_err(LD_GENERAL, "Error %d unlocking a mutex.", err); - tor_assert_unreached(); + raw_assert_unreached_msg("Error unlocking a mutex."); // LCOV_EXCL_STOP } } @@ -164,12 +160,11 @@ void tor_mutex_uninit(tor_mutex_t *m) { int err; - tor_assert(m); + raw_assert(m); err = pthread_mutex_destroy(&m->mutex); if (PREDICT_UNLIKELY(err)) { // LCOV_EXCL_START - log_err(LD_GENERAL, "Error %d destroying a mutex.", err); - tor_assert_unreached(); + raw_assert_unreached_msg("Error destroying a mutex."); // LCOV_EXCL_STOP } } @@ -347,4 +342,3 @@ tor_threads_init(void) set_main_thread(); } } - diff --git a/src/common/compat_winthreads.c b/src/common/compat_winthreads.c index 9d07e1798..95e70d06b 100644 --- a/src/common/compat_winthreads.c +++ b/src/common/compat_winthreads.c @@ -74,7 +74,7 @@ tor_mutex_uninit(tor_mutex_t *m) void tor_mutex_acquire(tor_mutex_t *m) { - tor_assert(m); + raw_assert(m); EnterCriticalSection(&m->mutex); } void @@ -248,4 +248,3 @@ tor_threads_init(void) } #endif /* defined(_WIN32) */ -

1 0

[tor/master] Use raw_assert() in write_all().
by nickm＠torproject.org 20 Jun '18

20 Jun '18

commit 057d838409be7d908ce14979a2b486601fad8c08 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 20 15:09:42 2018 -0400 Use raw_assert() in write_all(). This makes tor_log() finally non-circular. --- src/common/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/util.c b/src/common/util.c index cee6a4a23..4fd07fabc 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -2102,7 +2102,7 @@ write_all(tor_socket_t fd, const char *buf, size_t count, int isSocket) { size_t written = 0; ssize_t result; - tor_assert(count < SSIZE_MAX); + raw_assert(count < SSIZE_MAX); while (written != count) { if (isSocket)

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits June 2018