Fixing a double-free error introduced in 1.2.13

pmeunier

Nov 26, 2021, 10:55 PM

RLVQDUPYOWVNHTVFCHKNIQYNBRLOFY2UGIJPLD6U5S22AMEF5YSAC

Dependencies

• [2] OHG5NX6K Refactoring, drop and the Check trait
• [3] YXKP4AIW New file locks, with multiple sets of free pages
• [4] VRAQTH26 Fixing two crashes on corrupted files
• [5] 2ZRCQBXP Version bump
• [6] WTXLZDYI Fixing bus errors on a full disk
• [7] G7K2WSVY Fixing unsized iterators
• [8] 4Z4GEJTF Version bump
• [9] W2MIZD5B Single file databases + CRC for the root pages (checking the other pages makes everything very slow)
• [10] M6PHQUGL fallocate only when necessary
• [11] PRDUE4YA Cleanup + published on crates.io
• [12] 5LSYTRQ6 More docs, example, and fixing the free page diagnostic function for mutable transactions
• [13] OFINGD26 implementing prev() on cursors (+ some cleanup)
• [14] S4V4QZ5C Debugging reference-counting for put
• [15] OP6SVMOD Resetting history
• [16] OHUZ73MK Versions
• [17] DASFQGOR Debugging
• [18] BPR2HVMR Version bump
• [19] P5NWMJ2H Version bump
• [20] TJ2R4HAZ Accessing the root pages (unsafely, of course)
• [21] WS4ZQM4R Debugging, tests, etc.
• [22] YWFYZNLZ Cleanup + inter-process concurrency
• [23] FQ567GAX Version bumps
• [24] E4MD6T3L Proofreading and commenting of this crate (massive bug fixes included)
• [25] 3QM7P3RR Writing the reference counts when committing
• [26] ACB4A27Z Code coverage
• [*] T7QB6QEP Adding debug.rs

Change contents

• add root
  [1.1]
  [0.1]
• file move: sanakirja-core (d--r------) → sanakirja-core (d--r------)
  [0.2]

  [3.17]
• file move: sanakirja (d--r------) → sanakirja (d--r------)
  [0.2]

  [3.71001]
• replacement in sanakirja/src/environment/muttxn.rs at line 49
  [2.8165]→[2.8165:8265](∅→∅)
  − /// Offsets of pages free at the start of the transaction.

  − initial_free: (usize, Vec<u64>),
  [2.8165]

  [2.8265]
  + /// Offsets of pages that were free at the start of the

  + /// transaction, and are still free.

  + initial_free: Vec<u64>,

  + /// Offsets of pages that were free at the start of the

  + /// transaction, but have been allocated since then.

  + initial_allocated: Vec<u64>,
• replacement in sanakirja/src/environment/muttxn.rs at line 101
  [3.602]→[2.8358:8411](∅→∅)
  − parent.initial_free.0 = self.initial_free.0;
  [3.602]

  [3.81773]
  + parent.initial_free = std::mem::replace(&mut self.initial_free, Vec::new());

  + parent.initial_allocated = std::mem::replace(&mut self.initial_allocated, Vec::new());
• replacement in sanakirja/src/environment/muttxn.rs at line 188
  [3.10473]→[2.8412:8413](∅→∅)
  −
  [3.10473]

  [2.8413]
  + debug!("initial free_page {:x}", header.free_db);
• replacement in sanakirja/src/environment/muttxn.rs at line 207
  [3.83993]→[2.8449:8496](∅→∅)
  − initial_free: (0, Vec::new()),
  [3.83993]

  [3.3330]
  + initial_free: Vec::new(),

  + initial_allocated: Vec::new(),
• replacement in sanakirja/src/environment/muttxn.rs at line 216
  [2.8770]→[2.8770:8804](∅→∅)
  − init.push(*p)
  [2.8770]

  [2.8804]
  + init.push(*p);
• replacement in sanakirja/src/environment/muttxn.rs at line 218
  [2.8822]→[2.8822:8876](∅→∅)
  − txn.initial_free = (init.len(), init)
  [2.8822]

  [2.8876]
  + txn.initial_free = init;
• edit in sanakirja/src/environment/muttxn.rs at line 245
  [3.11202]

  [3.11202]
  + assert!(self.initial_free.is_empty());

  + assert!(self.initial_allocated.is_empty());
• replacement in sanakirja/src/environment/muttxn.rs at line 256
  [2.8966]→[2.8966:9127](∅→∅)
  − {

  − for p in btree::iter(&self, &free_db, None).unwrap() {

  − debug!("was free: p = {:x}", p.unwrap().0);
  [2.8966]

  [2.9127]
  + if cfg!(debug_assertions) {

  + // Deleting the pages allocated during this

  + // transaction from the free db. Note that the call to

  + // `del` may add pages to `self.initial_allocated`.

  + for p in self.initial_free.iter() {

  + debug!("initial_free {:x}", p);
• replacement in sanakirja/src/environment/muttxn.rs at line 263
  [2.9149]→[2.9149:9293](∅→∅)
  − for p in self.free_pages.iter().chain(self.free_owned_pages.iter()) {

  − debug!("free_pages {:x}", p);
  [2.9149]

  [2.9293]
  + for p in self.initial_allocated.iter() {

  + debug!("initial_alloc {:x}", p);
• replacement in sanakirja/src/environment/muttxn.rs at line 267
  [2.9333]→[2.9333:9590](∅→∅)
  −

  − // Deleting the pages allocated during this transaction.

  − let mut f = self.initial_free.1.len();

  − while f > self.initial_free.0 {

  − f -= 1;

  − let p = self.initial_free.1[f];
  [2.9333]

  [2.9590]
  + let mut n = 0;

  + // Delete the pages allocated during this transaction

  + // from the free db. If these pages have been freed

  + // again, they will be reinserted below.

  + while let Some(p) = self.initial_allocated.pop() {

  + debug!("del initial {} {:x} {:x}", n, free_db.db, p);
• edit in sanakirja/src/environment/muttxn.rs at line 274
  [2.9666]

  [2.9666]
  + if cfg!(debug_assertions) {

  + crate::debug::debug(&self, &[&free_db], &format!("/tmp/free_{}", n), true);

  + n += 1;

  + }
• edit in sanakirja/src/environment/muttxn.rs at line 287
  [3.12656]

  [3.12656]
  + debug!("put free {} {:x}", n, p);
• edit in sanakirja/src/environment/muttxn.rs at line 289
  [3.12735]

  [3.12735]
  + if cfg!(debug_assertions) {

  + crate::debug::debug(&self, &[&free_db], &format!("/tmp/free_{}", n), true);

  + n += 1;

  + }
• edit in sanakirja/src/environment/muttxn.rs at line 296
  [3.12871]

  [3.12871]
  + debug!("put owned free {} {:x}", n, p);
• edit in sanakirja/src/environment/muttxn.rs at line 298
  [3.12950]

  [3.12950]
  + if cfg!(debug_assertions) {

  + crate::debug::debug(&self, &[&free_db], &format!("/tmp/free_{}", n), true);

  + n += 1;

  + }
• edit in sanakirja/src/environment/muttxn.rs at line 304
  [3.85039]

  [3.12973]
  +

  + // Delete the pages allocated during in the calls to

  + // `put` just above. Note that this is the same code

  + // as just before the `put`s. We need this duplication

  + // because doing this only here could potentially

  + // delete pages we just inserted, causing leaks.

  + //

  + // Conversely, doing it only above could result in

  + // pages being allocated in the calls to `put` above,

  + // and still counted as free.

  + while let Some(p) = self.initial_allocated.pop() {

  + debug!("del initial {} {:x} {:x}", n, free_db.db, p);

  + btree::del(&mut self, &mut free_db, &p.to_le(), None)?;

  + if cfg!(debug_assertions) {

  + crate::debug::debug(&self, &[&free_db], &format!("/tmp/free_{}", n), true);

  + n += 1;

  + }

  + }

  +
• replacement in sanakirja/src/environment/muttxn.rs at line 339
  [2.9721]→[2.9721:9745](∅→∅)
  − debug!(
  [2.9721]

  [2.9745]
  + trace!(
• replacement in sanakirja/src/environment/muttxn.rs at line 452
  [3.16496]→[2.9904:10044](∅→∅),[2.10044]→[3.16802:16841](∅→∅),[3.16802]→[3.16802:16841](∅→∅),[3.16841]→[2.10045:10081](∅→∅)
  − while self.initial_free.0 > 0 {

  − self.initial_free.0 -= 1;

  − let f = self.initial_free.1[self.initial_free.0];

  − if self.free_for_all(f)? {

  − return Ok(Some(f));
  [3.16496]

  [3.17049]
  + while let Some(p) = self.initial_free.pop() {

  + if self.free_for_all(p)? {

  + self.initial_allocated.push(p);

  + return Ok(Some(p));
• edit in sanakirja/src/debug.rs at line 170
  [2.11680]

  [2.11680]
  + // Test whether the elements on the page are in order.
• edit in sanakirja/src/debug.rs at line 271
  [28.3072]

  [28.3072]
  + if let Some(ref db_free) = db_free {

  + let mut free = HashSet::new();

  + for p in iter(txn, db_free, None).unwrap() {

  + assert!(free.insert(*p.unwrap().0))

  + }

  + }
• replacement in sanakirja/Cargo.toml at line 3
  [3.108441]→[3.67:86](∅→∅)
  − version = "1.2.12"
  [3.108441]

  [3.108459]
  + version = "1.2.14"
• replacement in sanakirja/Cargo.toml at line 32
  [3.84]→[3.87:155](∅→∅)
  − sanakirja-core = { path = "../sanakirja-core", version = "1.2.14" }
  [3.84]

  [3.5528]
  + sanakirja-core = { path = "../sanakirja-core", version = "1.2.16" }
• file move: cover (---r------) → cover (---r------)
  [0.2]

  [3.8]
• file move: Cargo.toml (----------) → Cargo.toml (----------)
  [0.2]

  [3.108835]