From: Jeff King <peff@peff.net>
To: Stefan Beller <sbeller@google.com>
Cc: "Martin Ågren" <martin.agren@gmail.com>,
gitgitgadget@gmail.com, git <git@vger.kernel.org>,
"Junio C Hamano" <gitster@pobox.com>,
"Derrick Stolee" <dstolee@microsoft.com>
Subject: Re: [PATCH 1/2] commit-graph: clean up leaked memory during write
Date: Tue, 2 Oct 2018 18:34:35 -0400 [thread overview]
Message-ID: <20181002223434.GA5588@sigill.intra.peff.net> (raw)
In-Reply-To: <CAGZ79kb2pE3pFQx4A=oo-mYORjN1ubCgV6Gotc78i7d+BqZdBw@mail.gmail.com>
On Tue, Oct 02, 2018 at 12:44:09PM -0700, Stefan Beller wrote:
> > My worry is that one of these would seem to be true:
> >
> > * UNLEAK is unsuitable for the job. Whenever we have a `die()` as we do
> > here, we can UNLEAK the variables we know of, but we can't do anything
> > about the allocations we have made higher up the call-chain.
>
> IMHO that is the issue of the functions higher up the call chain and ought
> to not affect this patch. By doing the right thing here locally the code base
> will approach a good state eventually.
But it's impossible. If I do this:
foo = xstrdup(bar);
subfunction(foo);
then I cannot protect myself from leaking "foo" when subfunction() calls
die(). It must be valid when I enter the function, and I have no
opportunity to run code when it leaves (because it never does).
> > * We add code with no purpose. In this case, we're not talking a lot of
> > lines, but across the code base, if they bring no gain, they are bound
> > to provide a negative net value given enough time.
>
> I see. I did not estimate its negative impact to be high enough, as the
> UNLEAK near a die() call was obvious good thing (locally).
>
> I don't know what the best way to proceed is in this case.
My preference is to avoid them in the name of simplicity. If you're
using "make SANITIZE=leak test" to check for leaks, it will skip these
cases. If you're using valgrind, I think these may be reported as
"reachable". But that number already isn't useful for finding real
leaks, because it includes cases like the "foo" above as well as
program-lifetime globals.
The only argument (IMHO) for such an UNLEAK() is that it annotates the
location for when somebody later changes the function to "return -1"
instead of dying. But if we are going to do such annotation, we may as
well actually call free(), which is what the "return" version will
ultimately have to do.
I'd actually be _more_ favorable to calling free() instead of UNLEAK()
there, but I'm still mildly negative, just because it may go stale (and
our leak-checking wouldn't usefully notice these cases). Anybody
converting that die() to a return needs to re-analyze the function for
what might need to be released (and that includes non-memory bits like
descriptors, too).
-Peff
next prev parent reply other threads:[~2018-10-02 22:34 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-02 14:58 [PATCH 0/2] Clean up leaks in commit-graph.c Derrick Stolee via GitGitGadget
2018-10-02 14:58 ` [PATCH 1/2] commit-graph: clean up leaked memory during write Derrick Stolee via GitGitGadget
2018-10-02 15:40 ` Martin Ågren
2018-10-02 17:59 ` Stefan Beller
2018-10-02 19:08 ` Martin Ågren
2018-10-02 19:44 ` Stefan Beller
2018-10-02 22:34 ` Jeff King [this message]
2018-10-02 22:44 ` Stefan Beller
2018-10-03 12:04 ` Derrick Stolee
2018-10-03 15:36 ` [PATCH 0/2] commit-graph: more leak fixes Martin Ågren
2018-10-03 15:36 ` [PATCH 1/2] commit-graph: free `struct packed_git` after closing it Martin Ågren
2018-10-03 15:36 ` [PATCH 2/2] builtin/commit-graph.c: UNLEAK variables Martin Ågren
2018-10-03 16:19 ` [PATCH 0/2] commit-graph: more leak fixes Derrick Stolee
2018-10-03 16:24 ` Martin Ågren
2018-10-02 22:37 ` [PATCH 1/2] commit-graph: clean up leaked memory during write Jeff King
2018-10-02 14:58 ` [PATCH 2/2] commit-graph: reduce initial oid allocation Derrick Stolee via GitGitGadget
2018-10-03 17:12 ` [PATCH v2 0/3] Clean up leaks in commit-graph.c Derrick Stolee via GitGitGadget
2018-10-03 17:12 ` [PATCH v2 1/3] commit-graph: clean up leaked memory during write Derrick Stolee via GitGitGadget
2018-10-03 17:12 ` [PATCH v2 2/3] builtin/commit-graph.c: UNLEAK variables Martin Ågren via GitGitGadget
2018-10-03 17:12 ` [PATCH v2 3/3] commit-graph: reduce initial oid allocation Derrick Stolee via GitGitGadget
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181002223434.GA5588@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=dstolee@microsoft.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gitster@pobox.com \
--cc=martin.agren@gmail.com \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).