This is an archive of the discontinued LLVM Phabricator instance.

Differential D100239

[compiler-rt] assert max virtual address is <= mmap range size
ClosedPublic

Authored by aralisza on Apr 9 2021, 5:48 PM.

Details

Reviewers
delcypher
yln
kubamracek
Commits
rGcc2b62a06e61: [compiler-rt] assert max virtual address is <= mmap range size
Summary

If these sizes do not match, asan will not work as expected.

If possible, assert at compile time that the vm size is less than or equal to mmap range.
If a compile time assert is not possible, check at run time (for iOS)

rdar://76477969

Diff Detail

Event Timeline

aralisza created this revision.Apr 9 2021, 5:48 PM
Herald added a subscriber: dberris. · View Herald TranscriptApr 9 2021, 5:48 PM
aralisza requested review of this revision.Apr 9 2021, 5:48 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 9 2021, 5:48 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B98088: Diff 336587.Apr 9 2021, 6:24 PM
aralisza updated this revision to Diff 337938.Apr 15 2021, 4:27 PM

static

aralisza updated this revision to Diff 337942.Apr 15 2021, 4:41 PM

rebase

aralisza retitled this revision from [draft][compiler-rt]assert max virtual address is less than mmap range size to [compiler-rt] assert max virtual address is <= mmap range size.Apr 15 2021, 4:43 PM
aralisza edited the summary of this revision. (Show Details)
aralisza added reviewers: delcypher, yln.
aralisza added a reviewer: kubamracek.
aralisza added a parent revision: D100234: [compiler-rt][asan] use full vm range on apple silicon macs.
aralisza updated this revision to Diff 337944.Apr 15 2021, 4:46 PM

remove trailing whitesepace

Harbormaster completed remote builds in B99055: Diff 337944.Apr 15 2021, 4:47 PM
Harbormaster completed remote builds in B99050: Diff 337938.Apr 15 2021, 5:19 PM
Harbormaster completed remote builds in B99054: Diff 337942.Apr 15 2021, 5:43 PM
yln added inline comments.Apr 15 2021, 6:14 PM
compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
1187–1189

Needs braces or CHECK_LE moved before if.

aralisza updated this revision to Diff 338175.Apr 16 2021, 11:24 AM

fix bug

delcypher requested changes to this revision.Apr 16 2021, 12:48 PM
delcypher added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
1188–1189

There's an inconsistency here. The static checks are checking with -1 already subtracted. The runtime check here is testing without -1 subtracted.

I think we should be checking whatever we are going to return at runtime.

1193

Why do we we need the static keyword here?

This revision now requires changes to proceed.Apr 16 2021, 12:48 PM
Harbormaster completed remote builds in B99218: Diff 338175.Apr 16 2021, 1:36 PM
yln added inline comments.Apr 16 2021, 1:47 PM
compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
1188–1189

I think we should be checking whatever we are going to return at runtime.

+1

While I usually really like the idea of compile-time checks (always better to catch mistakes earlier rather than later), I don't think it's worth the complexity/visual noise in this specific case.

Having one check for the final runtime value seems the clearest expression of intent here.

aralisza updated this revision to Diff 338596.Apr 19 2021, 12:18 PM

remove runtime check for ios

aralisza added inline comments.Apr 19 2021, 12:28 PM
compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
1188–1189

moved the runtime check to separate diff per offline discussion. should I still remove the static checks? I think they still add value, especially if we're not going to add the runtime checks until a later time

aralisza added a child revision: D100784: [compiler-rt] check max address from kernel is <= mmap range size.Apr 19 2021, 12:31 PM
aralisza updated this revision to Diff 338609.Apr 19 2021, 12:47 PM

remove static keyword for max vm constants

delcypher added a comment.Apr 19 2021, 12:50 PM

LGTM apart from the static keyword which "I think" shouldn't be necessary here.

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
1188–1189

I'm fine with the static checks here. I think failing earlier at compile time when the constants are wrong is a good thing :)

delcypher added a comment.Apr 19 2021, 12:52 PM

LGTM

delcypher accepted this revision.Apr 19 2021, 12:56 PM
This revision is now accepted and ready to land.Apr 19 2021, 12:56 PM
Harbormaster completed remote builds in B99535: Diff 338596.Apr 19 2021, 1:32 PM
yln accepted this revision.Apr 19 2021, 1:35 PM
This revision was landed with ongoing or failed builds.Apr 19 2021, 2:01 PM
Closed by commit rGcc2b62a06e61: [compiler-rt] assert max virtual address is <= mmap range size (authored by aralisza). · Explain Why
This revision was automatically updated to reflect the committed changes.
aralisza added a commit: rGcc2b62a06e61: [compiler-rt] assert max virtual address is <= mmap range size.
Harbormaster completed remote builds in B99545: Diff 338609.Apr 19 2021, 2:13 PM

Revision Contents

PathSize
compiler-rt/
lib/
sanitizer_common/
17 lines

Diff 338632

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp

Show First 20 LinesShow All 1,178 Lines▼ Show 20 Linesstatic uptr GetTaskInfoMaxAddress() {
__sanitizer_task_vm_info vm_info = {} /* zero initialize */; __sanitizer_task_vm_info vm_info = {} /* zero initialize */;
mach_msg_type_number_t count = __SANITIZER_TASK_VM_INFO_COUNT; mach_msg_type_number_t count = __SANITIZER_TASK_VM_INFO_COUNT;
int err = task_info(mach_task_self(), TASK_VM_INFO, (int *)&vm_info, &count); int err = task_info(mach_task_self(), TASK_VM_INFO, (int *)&vm_info, &count);
return err ? 0 : vm_info.max_address; return err ? 0 : vm_info.max_address;
} }
uptr GetMaxUserVirtualAddress() { uptr GetMaxUserVirtualAddress() {
static uptr max_vm = GetTaskInfoMaxAddress(); static uptr max_vm = GetTaskInfoMaxAddress();
if (max_vm != 0) if (max_vm != 0) {
return max_vm - 1; return max_vm - 1;
}
ylnUnsubmitted
Not Done
ReplyInline Actions

Needs braces or CHECK_LE moved before if.

yln: Needs braces or `CHECK_LE` moved before `if`.
delcypherUnsubmitted
Not Done
ReplyInline Actions

There's an inconsistency here. The static checks are checking with -1 already subtracted. The runtime check here is testing without -1 subtracted.

I think we should be checking whatever we are going to return at runtime.

delcypher: There's an inconsistency here. The `static` checks are checking with `-1` already subtracted.
ylnUnsubmitted
Not Done
ReplyInline Actions

I think we should be checking whatever we are going to return at runtime.

+1

While I usually really like the idea of compile-time checks (always better to catch mistakes earlier rather than later), I don't think it's worth the complexity/visual noise in this specific case.

Having one check for the final runtime value seems the clearest expression of intent here.

yln: > I think we should be checking whatever we are going to return at runtime. +1 While I usually…
araliszaAuthorUnsubmitted
Done
ReplyInline Actions

moved the runtime check to separate diff per offline discussion. should I still remove the static checks? I think they still add value, especially if we're not going to add the runtime checks until a later time

aralisza: moved the runtime check to separate diff per offline discussion. should I still remove the…
delcypherUnsubmitted
Not Done
ReplyInline Actions

I'm fine with the static checks here. I think failing earlier at compile time when the constants are wrong is a good thing :)

delcypher: I'm fine with the static checks here. I think failing earlier at compile time when the…
// xnu cannot provide vm address limit // xnu cannot provide vm address limit
# if SANITIZER_WORDSIZE == 32 # if SANITIZER_WORDSIZE == 32
return 0xffe00000 - 1; constexpr uptr fallback_max_vm = 0xffe00000 - 1;
delcypherUnsubmitted
Not Done
ReplyInline Actions

Why do we we need the static keyword here?

delcypher: Why do we we need the `static` keyword here?
# else # else
return 0x200000000 - 1; constexpr uptr fallback_max_vm = 0x200000000 - 1;
# endif # endif
static_assert(fallback_max_vm <= SANITIZER_MMAP_RANGE_SIZE,
"Max virtual address must be less than mmap range size.");
return fallback_max_vm;
} }
#else // !SANITIZER_IOS #else // !SANITIZER_IOS
uptr GetMaxUserVirtualAddress() { uptr GetMaxUserVirtualAddress() {
# if SANITIZER_WORDSIZE == 64 # if SANITIZER_WORDSIZE == 64
return (1ULL << 47) - 1; // 0x00007fffffffffffUL; constexpr uptr max_vm = (1ULL << 47) - 1; // 0x00007fffffffffffUL;
# else // SANITIZER_WORDSIZE == 32 # else // SANITIZER_WORDSIZE == 32
static_assert(SANITIZER_WORDSIZE == 32, "Wrong wordsize"); static_assert(SANITIZER_WORDSIZE == 32, "Wrong wordsize");
return (1ULL << 32) - 1; // 0xffffffff; constexpr uptr max_vm = (1ULL << 32) - 1; // 0xffffffff;
# endif # endif
static_assert(max_vm <= SANITIZER_MMAP_RANGE_SIZE,
"Max virtual address must be less than mmap range size.");
return max_vm;
} }
#endif #endif
uptr GetMaxVirtualAddress() { uptr GetMaxVirtualAddress() {
return GetMaxUserVirtualAddress(); return GetMaxUserVirtualAddress();
} }
uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale, uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale,
▲ Show 20 LinesShow All 210 LinesShow Last 20 Lines