William Cohen [Thu, 21 Feb 2019 17:21:13 +0000 (12:21 -0500)]
Add more __NR_* for missing defines on aarch64 (and ppc64)
There are a number of syscall defines (__NR_*) on the x86_64 that are
not on aarch64 (or ppc64). They need to have something defined for
those undefine constants, so the kernel module code for the fallback
tp_syscall.* and tp_syscall.*.return probes compile and do not throw
"'__NR_blah' undeclared" errors.
Most of the added __NR_* defines are for aarch64, but the ppc64 also
needs the __NR_compat_bdflush.
Frank Ch. Eigler [Wed, 20 Feb 2019 22:51:43 +0000 (17:51 -0500)]
PR24239: avoid symbol/type resolution of unused globals/functions
From the earliest days of stap tapset support, the logic in the
symbol-resolution pass has been to select the entire contents of a
tapset file for processing, if any single part was referenced from the
end-user script. This meant that if just one string-processing
function, one time-fetcher, or one syscall flag decoder was needed,
stap still spent time symbol-processing all their neighbours ... only
to throw them away in semantic_pass_opt1.
New code avoids doing that, by moving individual globals & functions
to the session.globals/.functions list during symbol resolution's
find_var() / find_functions() calls. Some conflict resolution must
similarly be pulled to this point, but that's minor.
There should be no semantic change visible to scripts. Diagnostics
at verbosity 3 now trace resolution a little better.
William Cohen [Wed, 20 Feb 2019 19:42:21 +0000 (14:42 -0500)]
Correct the at_register.exp test
The fix for PR23359 in commit c664daa requires guru mode for
@kregister use. Turning guru mode on so the at_register.stp test will
build and run. Also corrected the register name to get the correctly
sized values for i386 (32-bit) and x86_64 (64-bit).
William Cohen [Tue, 19 Feb 2019 21:15:37 +0000 (16:15 -0500)]
Group initialization using the same string literal together in syscall_num.stp
On arm64 and powerpc instruction sequences are required to create a
pointer to an arbitrary memory address. The compiler attempts to
minimize the number of times a particular address value is created and
will store that value in the stack frame rather than regenerating it.
There are a lot of pointer to literal strings being used in the
syscall_num.stp initialization code. This results in large stack
frames being created. The kerrnel module will then fail to compile due
to an error like the following:
[root@apm-mustang-b0-03 general]# stap -kp4 stopwatches.stp
/tmp/stapCwv6n4/stap_17506_src.c: In function ‘probe_6233’:
/tmp/stapCwv6n4/stap_17506_src.c:19796:1: error: the frame size of 2480 bytes is larger than 512 bytes [-Werror=frame-larger-than=]
}
^
cc1: all warnings being treated as errors
make[1]: *** [scripts/Makefile.build:291: /tmp/stapCwv6n4/stap_17506_src.o] Error 1
make: *** [Makefile:1566: _module_/tmp/stapCwv6n4] Error 2
WARNING: kbuild exited with status: 2
The dump-syscalls.sh script now groups all the initialization using
the same string literal together and localize its use. This reduces
the size of the stack frame on arm64 and powerpc.
William Cohen [Mon, 18 Feb 2019 14:58:37 +0000 (09:58 -0500)]
Regenerate the syscall mapping information to add aarch32 to aarch64 syscalls
The kernel CONFIG_COMPAT flag enables aarch32 syscalls on aarch64.
Need to generate those mappings as they are needed for some kernels.
As a side effect of the regeneration all the syscall mappings will get
the recently added kernel syscalls.
William Cohen [Mon, 18 Feb 2019 14:52:49 +0000 (09:52 -0500)]
Update dump-syscalls.sh to generate 32-bit syscalls for aarch64
The aarch64 kernel can support aarch32 syscalls when CONFIG_COMPAT is set
in the kernel configuration (https://cateee.net/lkddb/web-lkddb/COMPAT.html).
This is set on the the aarch64 Fedora 29 kernels and causes builds to
fail with:
OUT semantic error: unresolved arity-1 global array __syscall_32_num2name, missing global declaration?: identifier '__syscall_32_num2name' at /usr/share/systemtap/tapset/linux/syscall_table.stp:8:16
source: return __syscall_32_num2name[num]
^
Pass 2: analysis failed. [man error::pass2]
Adding generation of the 32-bit syscall information for aarch64 to
address this.
William Cohen [Mon, 18 Feb 2019 04:05:12 +0000 (23:05 -0500)]
Match arm64 non-dwarf syscall probe points
The x86_64 linux 4.17 prefixes the syscall function names. The
systemtap tapsets use the arch_syscall_prefix macro to get the proper
prefix. The arm64 kernel also has prefixes for the syscall function
names, but the arch_syscall_prefix needs to be __arm64_ not __x86_64_
or __ia32_. Adjusted syscalls.stpm to pick the appropriate prefix for
the architecture. This patch makes it easier to do the same for any
other architectures that prefix the syscall names.
Frank Ch. Eigler [Fri, 15 Feb 2019 19:44:47 +0000 (14:44 -0500)]
PR24199: don't use exceptions to signal type-resolution failures
Most callbacks in typeresolution_info::visit_FOO() do the right thing
when there is a type check/inference error: call down to mismatch() or
such, incrementing an error count and printing a message. However, a
group of $context-var-related callbacks have copied a pattern of
throwing semantic-errors. The impact of that is to stop the error
reporting process at the -first- type error. This could hide
useful messages if for some reason they would have come temporally
behind junky ones (miscellaneous tapset function problems).
Frank Ch. Eigler [Thu, 14 Feb 2019 17:49:12 +0000 (12:49 -0500)]
PR24199: at pass-2 verbosity > 3, trace $var error-chaining events
The $context variable mappings may incur errors that are routinely
quietly absorbed, as within @defined() conditionals or "?" probe
points. At verbosity > 3, there is now a trace message printed
into the firehose. For example:
chaining to identifier '$count' at [...] tapset/linux/vfs.stp:982:18
semantic error: conditional branches not supported in DWARF expression [8] at 33 (40: 1, 0)
thrown from: ../systemtap2/loc2stap.cxx:433
William Cohen [Wed, 13 Feb 2019 15:20:46 +0000 (10:20 -0500)]
Adjust noptrace.stp to avoid modifying ptrace syscall arguments
SystemTap has mutiple mechanisms to instrument the syscalls. For newer
kernels the non-dwarf versions are more likely to be used than the
dwarf-based ones. Target variables are not available in the non-dwarf
version, making it impossible to change the value of a target variable
$request in syscall.ptrace. An alternative way of forcing the ptrace
calls to fail is now used in noptrace.stp. The capability checks are
instrumented. When the ptrace syscall calls the capability check, the
capability checks are forced to return -EPERM, causing the ptrace
syscalls to fail.
William Cohen [Tue, 12 Feb 2019 21:36:10 +0000 (16:36 -0500)]
Update pfiles.stp to work with Linux 4.17 and newer
The ABI for getname was changed in Linux 4.17 by commit 9b2c45d479d to
eliminate passing in a pointer to the store length information. For
the newer version of the getname function negative return values are
errors and non-negative return value are the length. The changes to
the pfiles.stp script picks the appropriate ABI based on the kernel
version.
Scripts that probe syscall.*.return involve @entry() computations due
to recent syscall machinery changes. These @entry() features in turn
expand to script-level global variables, by the hundreds (one or two
per probe). Then, the probe-condition processing logic that matches
up all globals read in conditions to all globals written in probes is
forced to make O(n**2) searches.
Some improvements:
- previous string-substring-search memoization code
- globals created for @entry() are marked with vardecl->synthetic
- vardecl->unmangled_name set & asserted more frequently
- those globals are excluded from probe-condition processing, since
they can't have been referred to by a user-given condition expression
- condition processing as a whole is shortcut in the typical case of
there being no probe conditions at all
Altogether, these essentially remove the condition processing pass
from the profile of this script, and take -p2 processing time from the
original 70+ seconds to 13.
Martin Cermak [Tue, 12 Feb 2019 15:34:14 +0000 (16:34 +0100)]
Conditionally define __NR_bdflush in systemtap runtime.
The kernel-headers-4.17.0-0.rc6.1.el8+7.aarch64.rpm dropped
__NR_bdflush define, so let's define it conditionally in
compat_unistd.h so that stap scripts can -p4 without
complaints on those kernels.
It turns out that scripts like "--example errsnoop.stp" involves tens
of millions (!) of substring searches, as combinatorial & nesting
factors cause many embedded-c function/statement bodies to be searched
for "/* pragma */" type tags.
We probably do this too much - see the number (166417+70699) of times
varuse_collecting_visitor::visit_embedded* end up being called in
optimization/relaxation loops. But even without delving into that, we
can improve the constant factor: the actual string searching speed.
This patch adds a little memoization widget to interned_string
substring searching. It takes pass-2 runtime from 71s to 22s on my
workstation and costs practically no extra memory. (Storing copies of
interned_strings is cheap.)
David Ward [Wed, 30 Jan 2019 05:37:56 +0000 (00:37 -0500)]
Handle installation without stapusr group
Do not cause "make install" to return an error if the stapusr group
cannot be found or created (even as root); continue without setting
the ownership or mode of the installed executables. This may happen
when building distribution packages using fakeroot (it was observed
on Arch Linux). This step is often performed directly in the build
files of the distribution package instead (such as systemtap.spec).
David Ward [Wed, 30 Jan 2019 05:37:55 +0000 (00:37 -0500)]
Simplify creation of groups during installation
Use the "-f" option of "groupadd", rather than calling it a second
time if the desired GID is already in use.
Do not call "getent" twice. We know that a group exists if the first
call to "getent" returned successfully, or otherwise if "groupadd"
returned successfully.
This removes the 'write' and 'force' from get_user_pages() and replaces
them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers
as use of this flag can result in surprising behaviour (and hence bugs)
within the mm subsystem.
And it changes the function signature of get_user_pages(), so introduce
an extra flag STAPCONF_GET_USER_PAGES_FLAGS and the corresponding test program
to fix it.
Adapt to access_ok() kapi change in commit 96d4f267e40.
Adapt to changes in kbuild dependency automation.
Adapt to a gcc9 false-positive warning about empty array iteration.
Serhei Makarov [Wed, 16 Jan 2019 18:56:23 +0000 (13:56 -0500)]
PR10280 initial fix: force vermagic for guru-mode scripts
Current version checking based on kernel ABI and build-ids is not
strict enough to prevent launching a stap module on a kernel version
it wasn't compiled for. This has the potential to crash a running
kernel, since ABI compatibility may not give a sufficient guarantee of
real compatibility.
Initial fix, should investigate what other scenarios should have
tighter checking.
Martin Cermak [Thu, 6 Dec 2018 12:52:20 +0000 (13:52 +0100)]
Make sysc_bdflush.stp compatible with 4.17+ kernels.
The bdflush syscall itself appears to be obsolete since 2.6,
but this way we at least won't end up with pass 1 "resolution
failed in alias expansion builder" when randomly probing for it.
There is an old customer rh bz 544960 related to bdflush.
Frank Ch. Eigler [Mon, 26 Nov 2018 15:36:28 +0000 (10:36 -0500)]
PR23866 part: expose raw syscall tracepoint to bpf
Support TRACE_EVENT_FN() type tracepoints in bpf target, since those
too define trace-event structures that bpf callbacks have access to.
(We do not yet decode nor explose Synthetic cooked per-syscall
trace-event structs. Those aren't statically extractable from headers,
as the kernel builds them at boot time.)
PR23891: Make sure stap and staprun respond to SIGTERM when stderr/stdout are blocked
When stderr/stdout are blocked (the write buffers are full), write()
syscalls in stap's signal handler and staprun's stp_main_loop() might
prevent these processes from responding to signals like SIGTERM.
Also make staprun respond to SIGPIPE just like SIGTERM.
We introduce the kill_relayfs() function to kill the reader thread in
staprun without waiting for the readers (which might alreayd be blocked
on writing to stdout).
Our local stress tests have confirmed that this patch indeed fixes the
hanging issues in stap and staprun.
Make opeartor @var() no longer assume @entry() in return probes.
The old behavior would yield stale values when the function being probed
changes the global variables being read via @var() in the return probe
handler.
Added tests to cover this fix (and the old behavior for compatibility).
William Cohen [Mon, 19 Nov 2018 20:17:10 +0000 (15:17 -0500)]
Adjust tcp_trace.stp example to work with newer Linux kernel's timers
The newer Linux kernels removed the data field from struct timer_list
and now derive that equivalent information using the container_of
macro to find the data structure the struct timer_list is embedded in.
This patch makes tcp_trace.stp flexible and allows it to get the
needed information when the struct timer_list data field and the
associated $data target variable for timer functions are not
available.
William Cohen [Mon, 19 Nov 2018 19:23:15 +0000 (14:23 -0500)]
Adjust the vfs_open to provide cred variable with 4.18 kernels
The kernel's git commit ae2bb293a3e8adbc54d08cede5afc22929030c03
removed the cred argument from the vfs_open. Thus, there is no $cred
target variable available. This missing target variable lives on as a
field in the $file target variable. The patch makes the tapset use
that field if the $cred target variable is not available. Fixing this
allows the slowvfs.stp example to work with newer linux 4.18 kernels.
Frank Ch. Eigler [Fri, 16 Nov 2018 01:22:34 +0000 (20:22 -0500)]
PR23890 bonus: show nicer messages upon a buildid mismatch
Instead of producing only a one-byte error, we now compute the entire
builds into hex text strings, and report the whole shebang on an
error. (Also, ditch some 2.6.27 kernel-bug compatibiltiy fossil
in the area.)
Frank Ch. Eigler [Thu, 15 Nov 2018 21:27:58 +0000 (16:27 -0500)]
PR23890: tolerate f29+ style ELF files
Reported by kenj@pcp, with mjw et al.'s help, we found out why
systemtap on fedora 29+ routinely fails to verify build-ids for
userspace programs. F29 adds a separate loadable segment with the
relevante .note's, before the main text segment. The runtime code
that listens to mmaps-in-progress now accepts this configuration.
As long as the .note section is loaded (time-wise and space-wise)
before the .text one(s), we're good.
Mark Wielaard [Wed, 14 Nov 2018 18:28:04 +0000 (13:28 -0500)]
PR23747: tolerate symbols with odd section#s
In f29+ kernels, some note-related symbols are not found in our
usual section# search, when collecting unwind/symbol data. As
these symbols are now ignored instead of causing an error.
William Cohen [Mon, 12 Nov 2018 22:24:44 +0000 (17:24 -0500)]
Adjust the periodic.stp example to work with newer Linux kernels
The data field in the timer_list struct was removed in newer kernels.
The various functions executed when a timer expires now use
container_of macros to find the struct that the timer_list was
embedded in. The periodic.stp script has been modified to use
container_of when the data field is not available.
Serhei Makarov [Fri, 9 Nov 2018 21:24:09 +0000 (16:24 -0500)]
PR23860: reduce stack pressure from format strings
Reduce stack pressure created by the earlier commits by allocating
format strings in a predictable location in the top half of the stack
[-BPF_MAXSTRINGLEN*2..0) as long as they fit in there. This works
since only one format string is active at a time and no ordinary
strings are being allocated in that region of the stack now.
* bpf-opt.cxx (alloc_literal_str): Store format_str in top half.
Serhei Makarov [Fri, 9 Nov 2018 19:36:19 +0000 (14:36 -0500)]
PR23860: additional ugly stack/clobber protection for strings
In addition to prior commit, emit_string_copy() does not work for
overlapping source/destination. So, make sure strings are not
allocated in a way which overlaps map key/value arguments.
This increases space pressure, inducing a couple of bpf-asm.exp
testcase failures.
* bpf-internal.h (value::format_str): New flag.
(value::value): Take format_str flag.
(value::mk_str): Take format_str flag.
(program::format_map): New field, caches format_str separately.
(program::new_str): Take format_str flag.
* bpf-base.cxx (program::new_str): Cache format_str separately.
* bpf-opt.cxx (alloc_literal_str): Store non-format str in lower half.
* bpf-translate.cxx (emit_string_copy): Comment -- doesn't support overlap.
(emit_string_copy): DEBUG_CODEGEN -- identify if zero-padding was done.
(emit_print_format): Set format_str flag.
Serhei Makarov [Thu, 8 Nov 2018 21:40:40 +0000 (16:40 -0500)]
PR23860: additional stack protection for strings
Fixes for verifier rejection of some cases requiring string copy,
since the verifier would reject string copy code extending beyond the
end of the string even if it was not reachable.
* bpf-opt.cxx (alloc_literal_str): make sure the offset for a short
string is at least BPF_MAXSTRINGLEN.
(zero_stack): New function.
(program::generate): Use zero_stack() to zero temporary area and
prevent verifier complaints.
* testsuite/systemtap.bpf/asm_tests/pr23860.stp: New testcase.
Serhei Makarov [Wed, 7 Nov 2018 18:07:51 +0000 (13:07 -0500)]
pr23860 verifier workaround :: be sure to delete all mov rN,rN
An apparent bug in the eBPF verifier fails to preserve register state
when MOVing a register to itself, marking rN as 'unknown scalar'.
Previously bpf-opt.cxx failed to remove spurious MOVs if they were the
final instruction in a basic block. This would fail verification if
the register holds a pointer.
Jafeer Uddin [Wed, 7 Nov 2018 14:41:45 +0000 (09:41 -0500)]
PR23761: generalized @entry
With the changes to the syscall tapset for kernel 4.17+, it is now
possible for non-[uk]retprobes to trap return events. This means that
the @entry mechanism to access entry probe target variables in return
probes is not guaranteed to work. To get around this issue, a collection
of 8 global variables have been added to the tapset which can be used
to save variables in the entry probe and retrieve them later in return
probes. The global variables can be accessed using the @this1, .., @this8
macros.
standardize ktime_get_ns() across lkm, bpf runtimes
Make sure ktime_get_ns() is available across runtimes. In the case of
bpf, add a userspace helper to implement the function. Add test case.
Add a systemtap.bpf/nobpf.exp test driver, which runs all the
bpf_tests but specifically without "--bpf", in the hope that all those
scripts should run on the normal backend too. PR23866 blocks some of
that at the moment.
Stan Cox [Tue, 6 Nov 2018 17:09:58 +0000 (12:09 -0500)]
Always use nssInit for http and nss server.
* nsscommon.h (db_init_types): Add db_init_types
* nsscommon.cxx (add_client_cert): Use it to differentiate type of
db init. Change all callers.
* client-http.cxx (fill_in_server_info): Use http server default
port if none specified.
Frank Ch. Eigler [Fri, 26 Oct 2018 15:24:05 +0000 (11:24 -0400)]
prometheus-exporter samples: change reported metric name
When prometheus scrapes metrics, by default it'll simply preserve
the incoming names. This doesn't work well when many different
stap scripts use the same metric name ("count"), or if the name
happens to be a reserved keyword in the promql language ("count").
Victor Kamensky [Wed, 31 Oct 2018 06:15:15 +0000 (23:15 -0700)]
aarch64: add missing system call defines
A set of system call defines like __NR_alarm, __NR_ioperm,
__NR_modify_ldt, __NR_time, __NR_utime is missing in aarch64
kernel as of 4.18 kernel version.
Add corresponding definitions so system call related probes
would compile. Tested with nd_syscalls-all-probes.stp.
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Jafeer Uddin [Tue, 30 Oct 2018 20:07:05 +0000 (16:07 -0400)]
Fix miscellaneous errors/typos in syscall tapset
* tapset/linux/sysc_pkey_*.stp: properly cast target variables in dw_syscall probe
* runtime/linux/compat_unistd.h: fix typos and errors in __NR_* definitions
* testsuite/systemtap.syscall/pkey.c: remove empty first line in file
Victor Kamensky [Tue, 30 Oct 2018 19:58:24 +0000 (15:58 -0400)]
On aarch64 Linux system calls related SystemTap scripts
compilation fail with "__NR_compat_[exit|read|write] redefined"
errors after following two commits:
7abf0aee9 PR23160,PR14690: remove references to ia32 and x86 to make sysc_* files as arch-independent as possible cd84aedca PR23160,PR14690: adapt 13 more syscalls for 4.17 __ARCH_sys_FOO and sys_enter/exit
aarch64 kernel defines __NR_compat_[exit|read|write] after a1ae65b21941 arm64: add seccomp support
aarch64 kernel define __NR_compat_restart_syscall after f3e5c847ec3d arm64: Add __NR_* definitions for compat syscalls
Fix by adding proper conditional compilation based on current
architecture and kernel version.
William Cohen [Tue, 30 Oct 2018 18:20:46 +0000 (14:20 -0400)]
Adjust the BPF translate error report formatting to work on 32-bit architectures
The 32-bit architectures such as arm and i686 had arguments in the
error reporting that did not match up with the %lu or %ld formatting.
Used type casting and %llu and %lld to avoid variation between 32-bit
and 64-bit architectures.
Serhei Makarov [Wed, 24 Oct 2018 20:04:30 +0000 (16:04 -0400)]
Merge branch 'serhei/bpf_asm' -- kernel_string() tapset and experimental bpf assembler
Note the big comment in bpf-translate.cxx explaining the new assembler.
Major changes:
- Embedded-code assembler
- TODO Embedded-code tapset function call support is incomplete, only enabled for exit()
- TODO Token adjustment for assembler diagnostics needs work.
- Refactor bpf_unparser
- Improved metadata about helpers
- String handling changes
- Misc cleanup/notes
Tapset for kernel_string:
* tapset/bpf/conversions.stp: New file.
(kernel_string): New function.
(kernel_string): New function (err_msg version), in assembly.
(kernel_string_n): New function, in assembly.
* testsuite/systemtap.bpf/bpf_tests/context_vars3.stp: New testcase.
Embedded-code assembler:
* bpf-translate.cxx (bpf_unparser::parse_imm): New function.
(bpf_unparser::parse_asm_stmt): New function.
(bpf_unparser::emit_asm_arg): New function.
(bpf_unparser::parse_reg): Removed.
(bpf_unparser::emit_asm_reg): New function.
(bpf_unparser::get_asm_reg): New function.
(bpf_unparser::emit_asm_opcode): New function.
(bpf_unparser::visit_embeddedcode): Process new assembly format.
(BPF_ASM_DEBUG): New (disabled) macro for diagnostics.
(struct asm_stmt): New structure.
(operator <<): New function -- print logic for asm_stmt.
(is_numeric): New function.
* testsuite/systemtap.bpf/asm_tests/*: New testcases for embedded-code assembler.
* testsuite/systemtap.bpf/bpf-asm.exp: TODO Initial test driver for embedded-code assembler.
TODO Embedded-code tapset function call support is incomplete, only enabled for exit():
* bpf-translate.cxx (translate_bpf_pass): Pass systemtap_session to assembler globals.
* bpf-internal.h (globals::session): New field to pass systemtap_session to assembler.
TODO Token adjustment for assembler diagnostics needs work:
* parse.h (token::adjust_location): New function.
Refactor bpf_unparser:
* bpf-translate.cxx (bpf_unparser::emit_functioncall): New function.
(bpf_unparser::visit_functioncall): Use emit_functioncall.
(print_format_add_tag): New function on std::string.
(bpf_unparser::emit_print_format): New function.
(bpf_unparser::visit_print_format): Use print_format_add_tag, emit_print_format.
Improved metadata about helpers:
* bpf-base.cxx (bpf_func_name_map): New structure -- id->name map.
(bpf_func_id_map): New structure -- name->id map.
(init_bpf_helper_tables): New function -- populate name->id and id->name map.
(bpf_function_name): Change to use the maps.
(bpf_function_id): New function -- map from name to helper id.
(bpf_function_nargs): TODO Still need to expand the list of helpers.
* bpf-translate.cxx (translate_bpf_pass): Call init_bpf_helper_tables to populate info.
* bpf-internal.h (init_bpf_helper_table): New function.
(bpf_function_id): New function.
(__STAPBPF_FUNC_MAPPER): New macro -- like __BPF_FUNC_MAPPER for userspace-only helpers.
String handling changes:
* bpf-translate.cxx (bpf_unparser::emit_literal_str): New function.
(bpf_unparser::visit_literal_str): Use emit_literal_str.
(emit_simple_literal_str): Renamed from emit_literal_str.
(bpf_unparser::emit_string_copy): Renamed from emit_copied_str;
rename emit_literal_str to emit_simple_literal_str.
(bpf_unparser::emit_str_arg): Rename emit_copied_str to emit_string_copy.
(translate_escapes): Takes a const string now.
* bpf-opt.cxx (alloc_literal_str): Rename emit_literal_str to emit_simple_literal_str.
* bpf-internal.h (emit_simple_literal_str): Renamed from emit_literal_str.
Misc cleanup/notes:
* bpf-internal.h (BPF_MAXSTRINGLEN): TODO Someday this will be increased.
(program::use_tmp_space): Assert to catch miscalulations.
* tapset/logging.stp (abort): TODO Could abort immediately with assembly in future.