utils,spad: add spad handholding

Author: jumpsiegel

src/discof/rpcserver/fd_methods.c

@@ -192,6 +192,9 @@ void json_add_value(struct json_values* values, struct json_path* path, const vo
       values->buf_alloc <<= 1;
     } while (new_buf_sz > values->buf_alloc);
     char* newbuf = (char*)fd_spad_alloc( spad, 1, values->buf_alloc);
+    if ( FD_UNLIKELY( NULL == newbuf ) ) {
+      FD_LOG_ERR(( "out of spad scratch space" ));
+    }
     fd_memcpy(newbuf, values->buf, values->buf_sz);
     values->buf = newbuf;
   }

src/discof/rpcserver/fd_rpc_history.c

@@ -92,6 +92,9 @@ fd_rpc_history_t *
 fd_rpc_history_create(fd_rpcserver_args_t * args) {
   fd_spad_t * spad = args->spad;
   fd_rpc_history_t * hist = (fd_rpc_history_t *)fd_spad_alloc( spad, alignof(fd_rpc_history_t), sizeof(fd_rpc_history_t) );
+  if ( FD_UNLIKELY ( NULL == hist ) ) {
+    FD_LOG_ERR(( "out of spad scratch space" ));
+  }
   memset(hist, 0, sizeof(fd_rpc_history_t));
   hist->spad = spad;
 

src/discof/rpcserver/json_lex.c

@@ -387,6 +387,10 @@ static char* json_lex_append_prepare(json_lex_state_t* lex, ulong sz) {
     } while (new_sz + 1 > lex->last_str_alloc);
     char* oldstr = lex->last_str;
     lex->last_str = (char*)fd_spad_alloc( lex->spad, 1, lex->last_str_alloc);
+    if ( FD_UNLIKELY ( NULL == lex->last_str ) ) {
+      // TODO: what should we do?
+      return NULL;
+    }
     // Copy the old content to the new space
     fd_memcpy(lex->last_str, oldstr, lex->last_str_sz);
   }

src/flamenco/runtime/fd_executor.c

@@ -919,6 +919,9 @@ fd_executor_create_rollback_fee_payer_account( fd_exec_txn_ctx_t * txn_ctx,
 
     ulong  data_len       = fd_txn_account_get_data_len( &txn_ctx->accounts[FD_FEE_PAYER_TXN_IDX] );
     void * fee_payer_data = fd_spad_alloc( txn_ctx->spad, FD_ACCOUNT_REC_ALIGN, sizeof(fd_account_meta_t) + data_len );
+    if( FD_UNLIKELY( NULL == fee_payer_data ) ) {
+      FD_LOG_CRIT(( "out of spad scratch space" ));
+    }
     fd_memcpy( fee_payer_data, (uchar *)meta, sizeof(fd_account_meta_t) + data_len );
     if( FD_UNLIKELY( !fd_txn_account_join( fd_txn_account_new(
           txn_ctx->rollback_fee_payer_account,
@@ -1408,6 +1411,9 @@ fd_executor_setup_txn_account( fd_exec_txn_ctx_t * txn_ctx,
        initialize a new metadata. */
 
     uchar * new_raw_data = fd_spad_alloc( txn_ctx->spad, FD_ACCOUNT_REC_ALIGN, FD_ACC_TOT_SZ_MAX );
+    if( FD_UNLIKELY( NULL == new_raw_data ) ) {
+      FD_LOG_CRIT(( "out of spad scratch space" ));
+    }
     ulong   dlen         = !!meta ? meta->dlen : 0UL;
 
     if( FD_LIKELY( meta ) ) {
@@ -1432,6 +1438,9 @@ fd_executor_setup_txn_account( fd_exec_txn_ctx_t * txn_ctx,
       data_wksp    = fd_funk_wksp( txn_ctx->funk );
     } else {
       uchar * mem = fd_spad_alloc( txn_ctx->spad, FD_TXN_ACCOUNT_ALIGN, sizeof(fd_account_meta_t) );
+      if( FD_UNLIKELY( NULL == mem ) ) {
+        FD_LOG_CRIT(( "out of spad scratch space" ));
+      }
       account_meta = (fd_account_meta_t *)mem;
       data_wksp    = txn_ctx->spad_wksp;
       fd_account_meta_init( account_meta );

src/flamenco/runtime/fd_txncache.c

@@ -1064,6 +1064,9 @@ fd_txncache_get_entries( fd_txncache_t *         tc,
 
       status_pair->value.statuses_len = num_statuses;
       status_pair->value.statuses     = fd_spad_alloc( spad, FD_CACHE_STATUS_ALIGN, num_statuses * sizeof(fd_cache_status_t) );
+      if( FD_UNLIKELY( NULL == status_pair->value.statuses )) {
+        FD_LOG_CRIT(( "out of spad scratch space" ));
+      }
       fd_memset( status_pair->value.statuses, 0, num_statuses * sizeof(fd_cache_status_t) );
 
       /* Copy over every entry for the given slot into the slot deltas. */

src/flamenco/runtime/program/fd_system_program.c

@@ -20,6 +20,9 @@
 static inline char *
 fd_log_address_type( fd_spad_t * spad, fd_pubkey_t const * pubkey, fd_pubkey_t const * base ) {
   char * out = fd_spad_alloc( spad, alignof(char), 125UL );
+  if ( FD_UNLIKELY ( NULL == out ) )  {
+    FD_LOG_ERR(( "out of spad scratch spaced during logging" ));
+  }
   char base_addr[52];
   if( FD_UNLIKELY( base ) ) {
     snprintf( base_addr, 52UL, "Some(%s)", FD_BASE58_ENC_32_ALLOCA( base ) );

src/flamenco/runtime/tests/fd_dump_pb.c

@@ -201,6 +201,9 @@ dump_vote_accounts( fd_exec_slot_ctx_t const *        slot_ctx,
   fd_exec_test_vote_account_t * vote_account_out = fd_spad_alloc( spad,
                                                                   alignof(fd_exec_test_vote_account_t),
                                                                   vote_account_t_cnt * sizeof(fd_exec_test_vote_account_t) );
+  if( FD_UNLIKELY( NULL == vote_account_out ) ) {
+    FD_LOG_CRIT(( "out of spad scratch space" ));
+  }
 
   for( fd_vote_accounts_pair_global_t_mapnode_t const * curr = fd_vote_accounts_pair_global_t_map_minimum_const(
           vote_accounts_pool,
@@ -1041,6 +1044,10 @@ fd_dump_block_to_protobuf_tx_only( fd_runtime_block_info_t const * block_info,
     /* Output to file */
     ulong out_buf_size = 5UL<<30UL; /* 5 GB */
     uint8_t * out = fd_spad_alloc( spad, alignof(uint8_t), out_buf_size );
+    if( FD_UNLIKELY( NULL == out ) ) {
+      FD_LOG_CRIT(( "out of spad scratch space" ));
+    }
+
     pb_ostream_t stream = pb_ostream_from_buffer( out, out_buf_size );
     if( pb_encode( &stream, FD_EXEC_TEST_BLOCK_CONTEXT_FIELDS, block_context_msg ) ) {
       char output_filepath[256]; fd_memset( output_filepath, 0, sizeof(output_filepath) );
@@ -1227,6 +1234,9 @@ FD_SPAD_FRAME_BEGIN( txn_ctx->spad ) {
   /* Output to file */
   ulong out_buf_size = 1UL<<29UL; /* 128 MB */
   uint8_t * out = fd_spad_alloc( txn_ctx->spad, alignof(uint8_t), out_buf_size );
+  if( FD_UNLIKELY( NULL == out ) ) {
+    FD_LOG_CRIT(( "out of spad scratch space" ));
+  }
   pb_ostream_t stream = pb_ostream_from_buffer( out, out_buf_size );
   if( pb_encode( &stream, FD_EXEC_TEST_ELF_LOADER_CTX_FIELDS, &elf_ctx ) ) {
     FILE * file = fopen(filename, "wb");

src/util/log/fd_log.h

@@ -266,6 +266,11 @@
 
 #define FD_TEST_CUSTOM(c,err) do { if( FD_UNLIKELY( !(c) ) ) FD_LOG_ERR(( "FAIL: %s", (err) )); } while(0)
 
+/* FD_TEST_BRK is like FD_TEST but drops into a debugger on failure. */
+
+#define FD_TEST_BRK(c) do { if( FD_UNLIKELY( !(c) ) ) FD_LOG_WARNING(( "FAIL: %s", #c )); __asm__("int $3"); } while(0)
+
+
 /* Macros for doing hexedit / tcpdump-like logging of memory regions.
    E.g.
 

src/util/spad/fd_spad.c

@@ -69,10 +69,17 @@ fd_spad_frame_hi_debug( fd_spad_t * spad ) {
   return SELECT_DEBUG_IMPL(fd_spad_frame_hi)( spad );
 }
 
-void
+fd_spad_debug_state_t
 fd_spad_push_debug( fd_spad_t * spad ) {
+  fd_spad_debug_state_t state;
+  state.frame_free = spad->frame_free;
+  state.mem_used = spad->mem_used;
+  state.spad = spad;
+
   if( FD_UNLIKELY( !fd_spad_frame_free( spad ) ) ) FD_LOG_CRIT(( "too many frames" ));
   SELECT_DEBUG_IMPL(fd_spad_push)( spad );
+
+  return state;
 }
 
 void
@@ -81,17 +88,6 @@ fd_spad_pop_debug( fd_spad_t * spad ) {
   SELECT_DEBUG_IMPL(fd_spad_pop)( spad );
 }
 
-void *
-fd_spad_alloc_check( fd_spad_t * spad,
-                     ulong       align,
-                     ulong       sz ) {
-  if( FD_UNLIKELY( !fd_spad_frame_used( spad )               ) ) FD_LOG_CRIT(( "not in a frame"  ));
-  if( FD_UNLIKELY( (!!align) & (!fd_ulong_is_pow2( align ) ) ) ) FD_LOG_CRIT(( "bad align"       ));
-  ulong alloc_max = fd_spad_alloc_max( spad, align );
-  if( FD_UNLIKELY( alloc_max<sz ) ) FD_LOG_CRIT(( "out of memory: attempted to allocate %lu bytes, but only %lu available", sz, alloc_max ));
-  return SELECT_DEBUG_IMPL(fd_spad_alloc)( spad, align, sz );
-}
-
 void
 fd_spad_trim_debug( fd_spad_t * spad,
                     void *      hi ) {
@@ -314,3 +310,17 @@ fd_spad_vtable = {
   .malloc = fd_spad_valloc_malloc,
   .free   = fd_spad_valloc_free
 };
+
+void
+fd_spad_private_frame_end_debug( fd_spad_debug_state_t * _spad_state ) {
+  fd_spad_pop( _spad_state->spad );
+
+  if(_spad_state->frame_free != _spad_state->spad->frame_free ) {
+    FD_LOG_WARNING(("%lu != %lu", _spad_state->frame_free, _spad_state->spad->frame_free));
+    FD_TEST_BRK( _spad_state->frame_free == _spad_state->spad->frame_free );
+  }
+  if( _spad_state->mem_used != _spad_state->spad->mem_used ) {
+    FD_LOG_WARNING(("%lu != %lu", _spad_state->mem_used, _spad_state->spad->mem_used));
+    FD_TEST_BRK( _spad_state->mem_used == _spad_state->spad->mem_used );
+  }
+}

src/util/spad/fd_spad.h

@@ -30,6 +30,7 @@
 
 #include "../bits/fd_bits.h"
 #include "../valloc/fd_valloc.h" // For valloc wrapper interface
+#include "../log/fd_log.h"
 
 /* FD_SPAD_{ALIGN,FOOTPRINT} give the alignment and footprint of a
    fd_spad_t.  ALIGN is an integer power of 2.  FOOTPRINT is a multiple
@@ -93,6 +94,13 @@ FD_STATIC_ASSERT( FD_SPAD_ALLOC_ALIGN_DEFAULT >= FD_MSAN_ALIGN,
 
 /* spad internals */
 
+struct fd_spad_debug_state {
+  ulong frame_free; /* number of frames free, in [0,FD_SPAD_FRAME_MAX] */
+  ulong mem_used;   /* number of spad memory bytes used, in [0,mem_max] */
+  fd_spad_t *spad;
+};
+typedef struct fd_spad_debug_state fd_spad_debug_state_t;
+
 struct __attribute__((aligned(FD_SPAD_ALIGN))) fd_spad_private {
 
   /* This point is FD_SPAD_ALIGN aligned */
@@ -360,13 +368,29 @@ fd_spad_private_frame_end( fd_spad_t ** _spad ) { /* declared here to avoid a fd
   fd_spad_pop( *_spad );
 }
 
+void fd_spad_private_frame_end_debug( fd_spad_debug_state_t * _spad_state);
+
+#if defined(FD_SPAD_USE_HANDHOLDING)
+
+#define FD_SPAD_FRAME_BEGIN(spad) do {                                            \
+  __attribute__((cleanup(fd_spad_private_frame_end_debug))) fd_spad_debug_state_t _spad_state; \
+  _spad_state = fd_spad_push_debug( spad );                                      \
+  do
+
+#define FD_SPAD_FRAME_END while(0); } while(0)
+
+#else
+
 #define FD_SPAD_FRAME_BEGIN(spad) do {                                            \
   fd_spad_t * _spad __attribute__((cleanup(fd_spad_private_frame_end))) = (spad); \
   fd_spad_push( _spad );                                                          \
   do
 
 #define FD_SPAD_FRAME_END while(0); } while(0)
 
+#endif
+
+
 /* fd_spad_alloc allocates sz bytes with alignment align from spad.
    Returns a pointer in the caller's address space to the first byte of
    the allocation (will be non-NULL with alignment align).  Assumes spad
@@ -387,6 +411,40 @@ fd_spad_alloc( fd_spad_t * spad,
                ulong       align,
                ulong       sz );
 
+/* fd_spad_check confirms you can allocates sz bytes with alignment align
+   from spad.
+*/
+
+static inline int
+fd_spad_check( fd_spad_t * spad,
+                     ulong       align,
+                     ulong       sz );
+
+/* fd_spad_alloc_check allocates sz bytes with alignment align from spad.
+   Returns a pointer in the caller's address space to the first byte of
+   the allocation (will be non-NULL with alignment align).  Assumes spad
+   is a current local join and in a frame, align is an integer power of
+   2 in [1,FD_SPAD_ALIGN] or 0 (indicates to use
+   FD_SPAD_ALLOC_ALIGN_DEFAULT) and sz is in [0,alloc_max].  Implicitly
+   cancels any in progress prepare.  On return, spad will be in a frame
+   and not in a prepare.  Fast O(1).
+
+   The lifetime of the returned region will be until the next pop or
+   delete and of the returned pointer until pop, delete or leave.  The
+   allocated region will be in the region backing the spad (e.g. if the
+   spad is backed by wksp memory, the returned value will be a laddr
+   that can be shared with threads in other processes using that wksp).
+
+   Additonal checks are introduced that will cause it to return NULL
+   if the total size of the spad object have been exceeded or it has
+   run out of frame space.
+*/
+
+static inline void *
+fd_spad_alloc_check( fd_spad_t * spad,
+                     ulong       align,
+                     ulong       sz );
+
 /* fd_spad_trim trims trims frame_hi to end at hi where hi is given the
    caller's local address space.  Assumes spad is a current local join
    in a frame and hi is in [frame_lo,frame_hi] (FIXME: consider
@@ -492,7 +550,7 @@ void * fd_spad_delete_debug   ( void            * shspad
 ulong  fd_spad_alloc_max_debug( fd_spad_t const * spad, ulong  align            );
 void * fd_spad_frame_lo_debug ( fd_spad_t       * spad                          );
 void * fd_spad_frame_hi_debug ( fd_spad_t       * spad                          );
-void   fd_spad_push_debug     ( fd_spad_t       * spad                          );
+fd_spad_debug_state_t   fd_spad_push_debug     ( fd_spad_t       * spad                          );
 void   fd_spad_pop_debug      ( fd_spad_t       * spad                          );
 void * fd_spad_alloc_check    ( fd_spad_t       * spad, ulong  align, ulong sz  );
 #define fd_spad_alloc_debug fd_spad_alloc_check
@@ -677,6 +735,32 @@ fd_spad_alloc( fd_spad_t * spad,
   return SELECT_IMPL(fd_spad_alloc)(spad, align, sz);
 }
 
+int
+fd_spad_check( fd_spad_t * spad,
+         ulong       align,
+         ulong       sz ) {
+
+  if( FD_UNLIKELY( ( !fd_spad_frame_used( spad ) ) |
+                   ( (!!align) & (!fd_ulong_is_pow2( align ) ) ) |
+                   ( fd_spad_alloc_max( spad, align )<sz )
+                 ) ) return 0;
+
+  return 1;
+}
+
+void *
+fd_spad_alloc_check( fd_spad_t * spad,
+         ulong       align,
+         ulong       sz ) {
+
+  if( FD_UNLIKELY( ( !fd_spad_frame_used( spad ) ) |
+                   ( (!!align) & (!fd_ulong_is_pow2( align ) ) ) |
+                   ( fd_spad_alloc_max( spad, align )<sz )
+                 ) ) return NULL;
+
+  return SELECT_IMPL(fd_spad_alloc)(spad, align, sz);
+}
+
 void
 fd_spad_trim( fd_spad_t * spad,
               void *      hi ) {