[CHECKER] bugs in FreeBSD

Mike Silbersack silby at silby.com
Sun Jan 18 23:47:03 PST 2004

On Sun, 18 Jan 2004, Matthew Dillon wrote:

>     Well, this is fun.  There are over 460 files in the 5.x source tree
>     (360 in DFly) that make calls to malloc(... M_NOWAIT), and so far
>     about 80% of the calls that I've reviewed generate inappropriate
>     side effects when/if a failure occurs.  CAM is the biggest violator...
>     it even has a few panic() conditionals if a malloc(... M_NOWAIT) fails.
>     Not Fun!

I keep getting the urge to write a simple failure generator for malloc /
m_get / etc that would compare the caller's address to a linked list of
previous callers so that you could ensure that you would get exactly one
failure returned to malloc() call in the system.  This would guarantee
better coverage than random failures, which aren't likely to find the bulk
of the failure cases.

Another interesting debug idea would be to extend the above idea, and have
seperate malloc buckets for each caller, along with cookies / canary
values before and after each piece of data; this could be used to figure
out *exactly* which function is causing memory corruption.

Of course, I found so many problems when I wrote the MBUF_STRESS_TEST code
that I really don't want to think about how long fixing all the bugs
exposed by the above two tests would take.

Mike "Silby" Silbersack

More information about the freebsd-hackers mailing list