Rus
  1. HOME
  2. BLOG

Atavisms in large systems

Andrey Karpov
Articles: 379


Large old program systems developing for tens of years contain a lot of various atavisms and code sections which have been simply written with the use of popular paradigms and styles of different ages. You can watch evolution of programming languages - the oldest code sections are written in C and the most recent contain complex templates in Alexandrescu style.

There are atavisms relating to 64-bit mode as well. To be more exact, they are atavisms which prevent modern 64-bit code from correct operation. I will give you two examples I have learned recently.

The interesting error relates to an old version of Mac OS X system and is situated inside the function malloc_zone_calloc:

// beyond this, assume a programming error
#define MAX_ALLOCATION 0xc0000000 
// Allocate cleared (zero-filled) memory from
// the given zone for num_items objects,
// each of which is size bytes large
void *malloc_zone_calloc(malloc_zone_t *zone,
  size_t num_items, size_t size)
{
  void  *ptr;
  if (malloc_check_start &&
      (malloc_check_counter++ >= malloc_check_start))
  {
    internal_check();
  }
  if (((unsigned)num_items >= MAX_ALLOCATION) ||
      ((unsigned)size >= MAX_ALLOCATION) ||
      ((long long)size * num_items >=
       (long long) MAX_ALLOCATION))
  {
    /* Probably a programming error */
    fprintf(stderr,
      "*** malloc_zone_calloc[%d]: arguments too large: %d,%d\n",
      getpid(), (unsigned)num_items, (unsigned)size);
    return NULL;
  }
  ptr = zone->calloc(zone, num_items, size);
  if (malloc_logger)
    malloc_logger(MALLOC_LOG_TYPE_ALLOCATE |
                  MALLOC_LOG_TYPE_HAS_ZONE |
                  MALLOC_LOG_TYPE_CLEARED,
                  (unsigned)zone,
                  num_items * size, 0,
                  (unsigned)ptr, 0);
  return ptr;
}

Firstly, the function's code contains check of the sizes of memory being allocated strange for the 64-bit system. And secondly, the diagnostic warning you see is incorrect for if we ask to allocate memory for 4 400 000 000 items, due to explicit conversion of the type to unsigned, we will see a strange diagnostic warning about impossibility to allocate memory only for 105 032 704 items.

As far as I understood the note, this strange check was removed from the function only in 2006. Although I may be wrong about the date of correction, this example shows rather well how easy it is to forget about something old.


Use PVS-Studio to search for bugs in C, C++, C# and Java

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;
Previous
Next

Andrey Karpov
Articles: 379

Similar Posts

Free PVS-Studio for those who develops open source projects

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source ...

Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error ...

PVS-Studio for Java

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a ...
All articles →

Bugs Found

Checked Projects
372
Collected Errors
13 634

Recent Posts

All articles →

Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++, C# and Java

goto PVS-Studio;