Catching memory corruption "in the act"

@msteed

Quote:
I've tried that of course; crashes anyway

@trixie

Are you speaking of a client / server option, so it sends TCP packets Well as long as OS does not completely freezes because of corruption.

Back to the original topic, I was finally able to try the MMU protection method. Here's my example program:

This works in my simple test case, but there's one catch: the actual project does a metric ton of small memory allocations. The 4KB overhead plus the alignment requirement makes the memory fragmented to the point where the allocations start to fail, even with a 512MB Z3 RAM expansion. I tried smaller guard blocks while keeping the alignment as 4KB, but that ended up causing all sorts of freezes and crashes.
I guess my only option is Linux? :(

Quote:

If a PPC binary of the program exists: you can run 32bit or 64bit PPC big endian programs on little endian 64 bit x64 Linux with qemu user mode emulatation ("qemu-ppc" instead of "qemu-system-ppc"). You don't need to have PPC Linux installed, only download some Linux PPC iso and loop-mount it (and likely some filesytem image inside that as well) so you can tell qemu with "-L" where to pick up some PPC versions of libs the PPC binary needs.

I recently tried this with old (2011) version of 32 bit AROS PPC hosted on Linux version and it works pretty well. On old PC here (10 years old?) it "boots" into WB in 3 to 4 seconds (x86 AROS hosted debug version "boots" in maybe 0.5 seconds).

That sounds promising, because I had a terrible luck trying to install recent PPC Linux distros in QEMU. The project can be built for i386 Linux I think I could make a PPC executable with reasonable effort.
I saw that GDB is supported via user mode emulation, but I guess I'm going to need Valgrind too to catch the illegal writes outside the allocated blocks?

@BSzili
I don't know if valgrind works with user mode emulation (I've only found old tickets that said it did not work but could be fixed since). Otherwise there are docs at https://www.qemu.org/docs/master/system/ppc/amigang.html about running Linux on my boards in QEMU. Or for Linux any other PPC board may be used which can probably run more recent distros but PPC emulation is quite neglected. But you can use up to 2GB memory with AmigaOS on QEMU.
Another idea, if you can replace the allocation in the code you're debugging (e.g. with some preprocessor #defines) to call your own wrapper you could allocate more memory for some guard bytes before and after the address returned to the application then you can check it on free or when a crash occurs.

@BSzili

What are you trying to do?

If I read your code correct, you allocated memory, you protect it, and then return memory after the MEM_GUARD_SIZE? what is that supposed to do?

Typically, if you have broken for loop or while loop… it’s the end of the memory you need to protect, not the beginning of memory. even if did protect end of memory. you have problem with the memory page size, [protected][data][alignment][protected]… you might not catch bug sense you likely to write into alignment part.

pointer are not well understood by many developers, a pointer is a element.
“Ptr+=10;” is the offset: “sizeof(*ptr) * 10”; 10 is not in bytes its number of elements of the pointer to increment, this why always need to cast to byte pointers, before doing any additions, unless you intend something else.


wont it be better to create a memory copy protect, concept instead..

APTR DoublicateAsReadOnly(APTR src, size_s size);
void FreeReadOnly(APTR addr);

1. Allocate memory,
2. copy memory,
3. protect memory.

Crashes are often caused by non-initialized offsets, or pointers. Random crap in memory, causing pointers to be set, or offsets being set to something else than 0. It should be one of the prime suspects. Besides making sure you actually got memory after an allocation. Also, se lot developers who do not set pointer to NULL after freeing. yeh sure it faster if you don’t but it’s not uncommon to create a cleanup routine and accidentally call it twice because you forgot a return or a break.
stack corruption can be a issue, lets say you array with 10 items, it’s easy to accidently writ 11 items into it and corrupt next variable in the stack, its easy add extra variable after the array with 0xCAFECAFE or something like that, if want to check that array do not overwrite next variable on the stack..

Crashes on addresses like 0xFFFFF424, is good indication of zero pointer somewhere in the code.