u3a_loom_sane()

2024-09-11 11:55:31 +03:00 · 2023-02-24 11:18:49 -05:00 · 2023-02-24 11:18:49 -05:00 · c08ada2524
commit c08ada2524
parent 65328d762a
4 changed files with 44 additions and 0 deletions
--- a/pkg/noun/allocate.c
+++ b/pkg/noun/allocate.c
@ -2711,3 +2711,34 @@ u3a_string(u3_atom a)
  str_c[met_w] = 0;
  return str_c;
 }
+
+/* u3a_loom_sane(): sanity checks the state of the loom for obvious corruption
+ */
+void
+u3a_loom_sane()
+{
+  /*
+    Only checking validity of freelists for now. Other checks could be added,
+    e.g. noun HAMT traversal, boxwise traversal of loom validating `siz_w`s,
+    `use_w`s, no empty space, etc. If added, some of that may need to be guarded
+    behind C3DBG flags. Freelist traversal is probably fine to always do though.
+  */
+  for (c3_w i_w = 0; i_w < u3a_fbox_no; i_w++) {
+    u3p(u3a_fbox) this_p = u3R->all.fre_p[i_w];
+    u3a_fbox     *this_u = u3to(u3a_fbox, this_p);
+    for (; this_p
+           ; this_p = this_u->nex_p
+           , this_u = u3to(u3a_fbox, this_p)) {
+      u3p(u3a_fbox) pre_p = this_u->pre_p
+        ,           nex_p = this_u->nex_p;
+      u3a_fbox *pre_u = u3to(u3a_fbox, this_u->pre_p)
+        ,      *nex_u = u3to(u3a_fbox, this_u->nex_p);
+
+      if (nex_p && nex_u->pre_p != this_p) c3_assert(!"loom: wack");
+      if (pre_p && pre_u->nex_p != this_p) c3_assert(!"loom: wack");
+      if (!pre_p                /* this must be the head of a freelist */
+          && u3R->all.fre_p[_box_slot(this_u->box_u.siz_w)] != this_p)
+        c3_assert(!"loom: wack");
+    }
+  }
+}
--- a/pkg/noun/allocate.h
+++ b/pkg/noun/allocate.h
@ -748,4 +748,9 @@
          c3_c*
          u3a_string(u3_atom a);

+        /* u3a_loom_sane(): sanity checks the state of the loom for obvious corruption
+        */
+          void
+          u3a_loom_sane();
+
 #endif /* ifndef U3_ALLOCATE_H */
--- a/pkg/noun/events.c
+++ b/pkg/noun/events.c
@ -1078,6 +1078,9 @@ u3e_save(void)
    return;
  }

+  /* attempt to avoid propagating anything insane to disk */
+  u3a_loom_sane();
+
  // u3a_print_memory(stderr, "sync: save", 4096 * pat_u->con_u->pgs_w);

  _ce_patch_sync(pat_u);
--- a/pkg/noun/manage.c
+++ b/pkg/noun/manage.c
@ -605,6 +605,9 @@ _find_home(void)
  //  this looks risky, but there are no legitimate scenarios where it's wrong
  u3R->cap_p = u3R->mat_p = u3C.wor_i - c3_wiseof(*u3H);

+  /* As a further guard against any sneaky loom corruption */
+  u3a_loom_sane();
+
  if (U3V_VERLAT > ver_w) {
    u3m_migrate(U3V_VERLAT);
    u3a_config_loom(U3V_VERLAT);
@ -2162,5 +2165,7 @@ u3m_migrate(u3v_version ver_w)

  /* finally update the version and commit to disk */
  u3H->ver_w = ver_w;
+  /* extra assurance we haven't corrupted the loom before writing to disk */
+  u3a_loom_sane();
  u3e_save();
 }