config/check_vanilla_allocations.py

   1 # vim: set ts=8 sts=4 et sw=4 tw=79:
   2 # This Source Code Form is subject to the terms of the Mozilla Public
   3 # License, v. 2.0. If a copy of the MPL was not distributed with this
   4 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
   5
   6 # ----------------------------------------------------------------------------
   7 # All heap allocations in SpiderMonkey must go through js_malloc, js_calloc,
   8 # js_realloc, and js_free.  This is so that any embedder who uses a custom
   9 # allocator (by defining JS_USE_CUSTOM_ALLOCATOR) will see all heap allocation
  10 # go through that custom allocator.
  11 #
  12 # Therefore, the presence of any calls to "vanilla" allocation/free functions
  13 # from within SpiderMonkey itself (e.g. malloc(), free()) is a bug.  Calls from
  14 # within mozglue and non-SpiderMonkey locations are fine; there is a list of
  15 # exceptions that can be added to as the need arises.
  16 #
  17 # This script checks for the presence of such disallowed vanilla
  18 # allocation/free function in SpiderMonkey when it's built as a library.  It
  19 # relies on |nm| from the GNU binutils, and so only works on Linux, but one
  20 # platform is good enough to catch almost all violations.
  21 #
  22 # This checking is only 100% reliable in a JS_USE_CUSTOM_ALLOCATOR build in
  23 # which the default definitions of js_malloc et al (in Utility.h) -- which call
  24 # malloc et al -- are replaced with empty definitions.  This is because the
  25 # presence and possible inlining of the default js_malloc et al can cause
  26 # malloc/calloc/realloc/free calls show up in unpredictable places.
  27 #
  28 # Unfortunately, that configuration cannot be tested on Mozilla's standard
  29 # testing infrastructure.  Instead, by default this script only tests that none
  30 # of the other vanilla allocation/free functions (operator new, memalign, etc)
  31 # are present.  If given the --aggressive flag, it will also check for
  32 # malloc/calloc/realloc/free.
  33 #
  34 # Note:  We don't check for |operator delete| and |operator delete[]|.  These
  35 # can be present somehow due to virtual destructors, but this is not too
  36 # because vanilla delete/delete[] calls don't make sense without corresponding
  37 # vanilla new/new[] calls, and any explicit calls will be caught by Valgrind's
  38 # mismatched alloc/free checking.
  39 # ----------------------------------------------------------------------------
  40
  41 import argparse
  42 import re
  43 import subprocess
  44 import sys
  45
  46 import buildconfig
  47
  48 # The obvious way to implement this script is to search for occurrences of
  49 # malloc et al, succeed if none are found, and fail is some are found.
  50 # However, "none are found" does not necessarily mean "none are present" --
  51 # this script could be buggy.  (Or the output format of |nm| might change in
  52 # the future.)
  53 #
  54 # So util/Utility.cpp deliberately contains a (never-called) function that
  55 # contains a single use of all the vanilla allocation/free functions.  And this
  56 # script fails if it (a) finds uses of those functions in files other than
  57 # util/Utility.cpp, *or* (b) fails to find them in util/Utility.cpp.
  58
  59 # Tracks overall success of the test.
  60 has_failed = False
  61
  62
  63 def fail(msg):
  64     print("TEST-UNEXPECTED-FAIL | check_vanilla_allocations.py |", msg)
  65     global has_failed
  66     has_failed = True
  67
  68
  69 def main():
  70     parser = argparse.ArgumentParser()
  71     parser.add_argument(
  72         "--aggressive",
  73         action="store_true",
  74         help="also check for malloc, calloc, realloc and free",
  75     )
  76     parser.add_argument("file", type=str, help="name of the file to check")
  77     args = parser.parse_args()
  78
  79     # Run |nm|.  Options:
  80     # -u: show only undefined symbols
  81     # -C: demangle symbol names
  82     # -A: show an object filename for each undefined symbol
  83     nm = buildconfig.substs.get("NM") or "nm"
  84     cmd = [nm, "-u", "-C", "-A", args.file]
  85     lines = subprocess.check_output(
  86         cmd, universal_newlines=True, stderr=subprocess.PIPE
  87     ).split("\n")
  88
  89     # alloc_fns contains all the vanilla allocation/free functions that we look
  90     # for. Regexp chars are escaped appropriately.
  91
  92     alloc_fns = [
  93         # Matches |operator new(unsigned T)|, where |T| is |int| or |long|.
  94         r"operator new\(unsigned",
  95         # Matches |operator new[](unsigned T)|, where |T| is |int| or |long|.
  96         r"operator new\[\]\(unsigned",
  97         r"memalign",
  98         # These three aren't available on all Linux configurations.
  99         # r'posix_memalign',
 100         # r'aligned_alloc',
 101         # r'valloc',
 102     ]
 103
 104     if args.aggressive:
 105         alloc_fns += [r"malloc", r"calloc", r"realloc", r"free", r"strdup"]
 106
 107     # This is like alloc_fns, but regexp chars are not escaped.
 108     alloc_fns_unescaped = [fn.replace("\\", "") for fn in alloc_fns]
 109
 110     # This regexp matches the relevant lines in the output of |nm|, which look
 111     # like the following.
 112     #
 113     #   js/src/libjs_static.a:Utility.o:              U malloc
 114     #
 115     alloc_fns_re = r"([^:/ ]+):\s+U (" + r"|".join(alloc_fns) + r")"
 116
 117     # This tracks which allocation/free functions have been seen in
 118     # util/Utility.cpp.
 119     util_Utility_cpp = set([])
 120
 121     # Would it be helpful to emit detailed line number information after a failure?
 122     emit_line_info = False
 123
 124     for line in lines:
 125         m = re.search(alloc_fns_re, line)
 126         if m is None:
 127             continue
 128
 129         filename = m.group(1)
 130
 131         # The stdc++compat library has an implicit call to operator new in
 132         # thread::_M_start_thread.
 133         if "stdc++compat" in filename:
 134             continue
 135
 136         # The memory allocator code contains calls to memalign. These are ok, so
 137         # we whitelist them.
 138         if "_memory_" in filename:
 139             continue
 140
 141         # Ignore the fuzzing code imported from m-c
 142         if "Fuzzer" in filename:
 143             continue
 144
 145         # Ignore the profiling pseudo-stack, since it needs to run even when
 146         # SpiderMonkey's allocator isn't initialized.
 147         if "ProfilingStack" in filename:
 148             continue
 149
 150         # Ignore implicit call to operator new in std::condition_variable_any.
 151         #
 152         # From intl/icu/source/common/umutex.h:
 153         # On Linux, the default constructor of std::condition_variable_any
 154         # produces an in-line reference to global operator new(), [...].
 155         if filename == "umutex.o":
 156             continue
 157
 158         # Ignore allocations from decimal conversion functions inside mozglue.
 159         if filename == "Decimal.o":
 160             continue
 161
 162         # Ignore allocations from the m-c intl/components implementations.
 163         if "intl_components" in filename:
 164             continue
 165
 166         # Ignore use of std::string in regexp AST debug output.
 167         if filename == "regexp-ast.o":
 168             continue
 169
 170         fn = m.group(2)
 171         if filename == "Utility.o":
 172             util_Utility_cpp.add(fn)
 173         else:
 174             # An allocation is present in a non-special file.  Fail!
 175             fail("'" + fn + "' present in " + filename)
 176             # Try to give more precise information about the offending code.
 177             emit_line_info = True
 178
 179     # Check that all functions we expect are used in util/Utility.cpp.  (This
 180     # will fail if the function-detection code breaks at any point.)
 181     for fn in alloc_fns_unescaped:
 182         if fn not in util_Utility_cpp:
 183             fail("'" + fn + "' isn't used as expected in util/Utility.cpp")
 184         else:
 185             util_Utility_cpp.remove(fn)
 186
 187     # This should never happen, but check just in case.
 188     if util_Utility_cpp:
 189         fail(
 190             "unexpected allocation fns used in util/Utility.cpp: "
 191             + ", ".join(util_Utility_cpp)
 192         )
 193
 194     # If we found any improper references to allocation functions, try to use
 195     # DWARF debug info to get more accurate line number information about the
 196     # bad calls. This is a lot slower than 'nm -A', and it is not always
 197     # precise when building with --enable-optimized.
 198     if emit_line_info:
 199         print("check_vanilla_allocations.py: Source lines with allocation calls:")
 200         print(
 201             "check_vanilla_allocations.py: Accurate in unoptimized builds; "
 202             "util/Utility.cpp expected."
 203         )
 204
 205         # Run |nm|.  Options:
 206         # -u: show only undefined symbols
 207         # -C: demangle symbol names
 208         # -l: show line number information for each undefined symbol
 209         cmd = ["nm", "-u", "-C", "-l", args.file]
 210         lines = subprocess.check_output(
 211             cmd, universal_newlines=True, stderr=subprocess.PIPE
 212         ).split("\n")
 213
 214         # This regexp matches the relevant lines in the output of |nm -l|,
 215         # which look like the following.
 216         #
 217         #       U malloc util/Utility.cpp:117
 218         #
 219         alloc_lines_re = r"U ((" + r"|".join(alloc_fns) + r").*)\s+(\S+:\d+)$"
 220
 221         for line in lines:
 222             m = re.search(alloc_lines_re, line)
 223             if m:
 224                 print(
 225                     "check_vanilla_allocations.py:", m.group(1), "called at", m.group(3)
 226                 )
 227
 228     if has_failed:
 229         sys.exit(1)
 230
 231     print("TEST-PASS | check_vanilla_allocations.py | ok")
 232     sys.exit(0)
 233
 234
 235 if __name__ == "__main__":
 236     main()