This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/dfsan/
-
lib/
-
dfsan/
6/6
dfsan.cpp
-
dfsan_interceptors.cpp

Differential D89199

Release pages to OS when setting 0 label
ClosedPublic

Authored by stephan.yichao.zhao on Oct 10 2020, 6:36 PM.

Download Raw Diff

Details

Reviewers

morehouse
eugenis

Commits

rGcc07fbe37dc8: Release pages to OS when setting 0 label

Summary

This is a follow up patch of https://reviews.llvm.org/D88755.

When set 0 label for an address range, we can release pages within the
corresponding shadow address range to OS, and set only addresses outside
the pages to be 0.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

stephan.yichao.zhao created this revision.Oct 10 2020, 6:36 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 10 2020, 6:36 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

stephan.yichao.zhao requested review of this revision.Oct 10 2020, 6:36 PM

Harbormaster completed remote builds in B74714: Diff 297437.Oct 10 2020, 7:01 PM

morehouse added inline comments.Oct 12 2020, 10:57 AM

compiler-rt/lib/dfsan/dfsan.cpp
277–280	Nit: Let's rename this something more descriptive. e.g., `WriteShadowIfDifferent`.
278	Every call site seems to cast a `uptr` to `dfsan_label *`. Let's move the cast into this function and rename the parameter something more descriptive (e.g., `shadow_addr`).
307	Both MSan and ASan do the release only when `size` is larger than 16 pages. Should we have similar logic here? Maybe it's less important to avoid the system call in this case for DFSan... ASan/MSan can use `memset` to clear a small number of pages, which can use vector instructions for efficiency. But DFSan has to use a loop since shadow labels take up 2 bytes. So maybe the threshold where `madvise` becomes faster is lower for DFSan. @eugenis WDYT?

eugenis added inline comments.Oct 12 2020, 11:10 AM

compiler-rt/lib/dfsan/dfsan.cpp
307	If you have a specific application in mind, I suggest directly measuring run time and process RSS. Otherwise, the 16 page threshold makes sense to me, AFAIR it had the best trade-off for ASan.

stephan.yichao.zhao marked 4 inline comments as done.Oct 18 2020, 10:18 AM

stephan.yichao.zhao added inline comments.

compiler-rt/lib/dfsan/dfsan.cpp
307	It seems that 32k is the boundary between calls from malloc/free and utility zero-out. Added comments.

addressed comments

Harbormaster completed remote builds in B75457: Diff 298884.Oct 18 2020, 10:50 AM

morehouse accepted this revision.Oct 19 2020, 3:21 PM

morehouse added inline comments.

compiler-rt/lib/dfsan/dfsan.cpp
318	Since `kNumPagesThreshold` is only used here, let's define it here instead.

This revision is now accepted and ready to land.Oct 19 2020, 3:21 PM

moved constant definition.

Harbormaster completed remote builds in B75615: Diff 299196.Oct 19 2020, 4:28 PM

Closed by commit rGcc07fbe37dc8: Release pages to OS when setting 0 label (authored by Jianzhou Zhao <jianzhouzh@google.com>). · Explain WhyOct 20 2020, 9:23 AM

This revision was automatically updated to reflect the committed changes.

Jianzhou Zhao <jianzhouzh@google.com> added a commit: rGcc07fbe37dc8: Release pages to OS when setting 0 label.

Revision Contents

Path

Size

compiler-rt/

lib/

dfsan/

dfsan.cpp

39 lines

dfsan_interceptors.cpp

17 lines

Diff 299382

compiler-rt/lib/dfsan/dfsan.cpp

Show First 20 Lines • Show All 268 Lines • ▼ Show 20 Lines	dfsan_label label =
atomic_fetch_add(&__dfsan_last_label, 1, memory_order_relaxed) + 1;		atomic_fetch_add(&__dfsan_last_label, 1, memory_order_relaxed) + 1;
dfsan_check_label(label);		dfsan_check_label(label);
__dfsan_label_info[label].l1 = __dfsan_label_info[label].l2 = 0;		__dfsan_label_info[label].l1 = __dfsan_label_info[label].l2 = 0;
__dfsan_label_info[label].desc = desc;		__dfsan_label_info[label].desc = desc;
__dfsan_label_info[label].userdata = userdata;		__dfsan_label_info[label].userdata = userdata;
return label;		return label;
}		}

extern "C" SANITIZER_INTERFACE_ATTRIBUTE		static void WriteShadowIfDifferent(dfsan_label label, uptr shadow_addr,
void __dfsan_set_label(dfsan_label label, void *addr, uptr size) {		uptr size) {
		morehouseUnsubmitted Done Reply Inline Actions Every call site seems to cast a `uptr` to `dfsan_label `. Let's move the cast into this function and rename the parameter something more descriptive (e.g., `shadow_addr`). morehouse:* Every call site seems to cast a `uptr` to `dfsan_label *`. Let's move the cast into this…
for (dfsan_label *labelp = shadow_for(addr); size != 0; --size, ++labelp) {		dfsan_label labelp = (dfsan_label )shadow_addr;
		for (; size != 0; --size, ++labelp) {
		morehouseUnsubmitted Done Reply Inline Actions Nit: Let's rename this something more descriptive. e.g., `WriteShadowIfDifferent`. morehouse: Nit: Let's rename this something more descriptive. e.g., `WriteShadowIfDifferent`.
// Don't write the label if it is already the value we need it to be.		// Don't write the label if it is already the value we need it to be.
// In a program where most addresses are not labeled, it is common that		// In a program where most addresses are not labeled, it is common that
// a page of shadow memory is entirely zeroed. The Linux copy-on-write		// a page of shadow memory is entirely zeroed. The Linux copy-on-write
// implementation will share all of the zeroed pages, making a copy of a		// implementation will share all of the zeroed pages, making a copy of a
// page when any value is written. The un-sharing will happen even if		// page when any value is written. The un-sharing will happen even if
// the value written does not change the value in memory. Avoiding the		// the value written does not change the value in memory. Avoiding the
// write when both \|label\| and \|*labelp\| are zero dramatically reduces		// write when both \|label\| and \|*labelp\| are zero dramatically reduces
// the amount of real memory used by large programs.		// the amount of real memory used by large programs.
if (label == *labelp)		if (label == *labelp)
continue;		continue;

*labelp = label;		*labelp = label;
}		}
}		}

		extern "C" SANITIZER_INTERFACE_ATTRIBUTE void __dfsan_set_label(
		dfsan_label label, void *addr, uptr size) {
		const uptr beg_shadow_addr = (uptr)__dfsan::shadow_for(addr);

		if (0 != label) {
		WriteShadowIfDifferent(label, beg_shadow_addr, size);
		return;
		}

		// If label is 0, releases the pages within the shadow address range, and sets
		// the shadow addresses not on the pages to be 0.
		const void end_addr = (void )((uptr)addr + size);
		morehouseUnsubmitted Done Reply Inline Actions Both MSan and ASan do the release only when `size` is larger than 16 pages. Should we have similar logic here? Maybe it's less important to avoid the system call in this case for DFSan... ASan/MSan can use `memset` to clear a small number of pages, which can use vector instructions for efficiency. But DFSan has to use a loop since shadow labels take up 2 bytes. So maybe the threshold where `madvise` becomes faster is lower for DFSan. @eugenis WDYT? morehouse: Both MSan and ASan do the release only when `size` is larger than 16 pages. Should we have…
		eugenisUnsubmitted Done Reply Inline Actions If you have a specific application in mind, I suggest directly measuring run time and process RSS. Otherwise, the 16 page threshold makes sense to me, AFAIR it had the best trade-off for ASan. eugenis: If you have a specific application in mind, I suggest directly measuring run time and process…
		stephan.yichao.zhaoAuthorUnsubmitted Done Reply Inline Actions It seems that 32k is the boundary between calls from malloc/free and utility zero-out. Added comments. stephan.yichao.zhao: It seems that 32k is the boundary between calls from malloc/free and utility zero-out. Added…
		const uptr end_shadow_addr = (uptr)__dfsan::shadow_for(end_addr);
		const uptr page_size = GetPageSizeCached();
		const uptr beg_aligned = RoundUpTo(beg_shadow_addr, page_size);
		const uptr end_aligned = RoundDownTo(end_shadow_addr, page_size);

		// dfsan_set_label can be called from the following cases
		// 1) mapped ranges by new/delete and malloc/free. This case has shadow memory
		// size > 100k, and happens less frequently.
		// 2) zero-filling internal data structures by utility libraries. This case
		// has shadow memory size < 32k, and happens more often.
		// Set kNumPagesThreshold to be 8 to avoid releasing small pages.
		morehouseUnsubmitted Done Reply Inline Actions Since `kNumPagesThreshold` is only used here, let's define it here instead. morehouse: Since `kNumPagesThreshold` is only used here, let's define it here instead.
		const int kNumPagesThreshold = 8;
		if (beg_aligned + kNumPagesThreshold * page_size >= end_aligned)
		return WriteShadowIfDifferent(label, beg_shadow_addr, size);

		WriteShadowIfDifferent(label, beg_shadow_addr, beg_aligned - beg_shadow_addr);
		ReleaseMemoryPagesToOS(beg_aligned, end_aligned);
		WriteShadowIfDifferent(label, end_aligned, end_shadow_addr - end_aligned);
		}

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
void dfsan_set_label(dfsan_label label, void *addr, uptr size) {		void dfsan_set_label(dfsan_label label, void *addr, uptr size) {
__dfsan_set_label(label, addr, size);		__dfsan_set_label(label, addr, size);
}		}

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
void dfsan_add_label(dfsan_label label, void *addr, uptr size) {		void dfsan_add_label(dfsan_label label, void *addr, uptr size) {
for (dfsan_label *labelp = shadow_for(addr); size != 0; --size, ++labelp)		for (dfsan_label *labelp = shadow_for(addr); size != 0; --size, ++labelp)
▲ Show 20 Lines • Show All 168 Lines • Show Last 20 Lines

compiler-rt/lib/dfsan/dfsan_interceptors.cpp

	Show All 18 Lines
	#include "sanitizer_common/sanitizer_common.h"			#include "sanitizer_common/sanitizer_common.h"

	using namespace __sanitizer;			using namespace __sanitizer;

	namespace {			namespace {

	bool interceptors_initialized;			bool interceptors_initialized;

	void ReleaseShadowMemoryPagesToOS(void *addr, SIZE_T length) {
	uptr beg_shadow_addr = (uptr)__dfsan::shadow_for(addr);
	void *end_addr =
	(void *)((uptr)addr + RoundUpTo(length, GetPageSizeCached()));
	uptr end_shadow_addr = (uptr)__dfsan::shadow_for(end_addr);
	ReleaseMemoryPagesToOS(beg_shadow_addr, end_shadow_addr);
	}

	} // namespace			} // namespace

	INTERCEPTOR(void , mmap, void addr, SIZE_T length, int prot, int flags,			INTERCEPTOR(void , mmap, void addr, SIZE_T length, int prot, int flags,
	int fd, OFF_T offset) {			int fd, OFF_T offset) {
	void *res;			void *res;

	// interceptors_initialized is set to true during preinit_array, when we're			// interceptors_initialized is set to true during preinit_array, when we're
	// single-threaded. So we don't need to worry about accessing it atomically.			// single-threaded. So we don't need to worry about accessing it atomically.
	if (!interceptors_initialized)			if (!interceptors_initialized)
	res = (void *)syscall(__NR_mmap, addr, length, prot, flags, fd, offset);			res = (void *)syscall(__NR_mmap, addr, length, prot, flags, fd, offset);
	else			else
	res = REAL(mmap)(addr, length, prot, flags, fd, offset);			res = REAL(mmap)(addr, length, prot, flags, fd, offset);

	if (res != (void *)-1)			if (res != (void *)-1)
	ReleaseShadowMemoryPagesToOS(res, length);			dfsan_set_label(0, res, RoundUpTo(length, GetPageSizeCached()));
	return res;			return res;
	}			}

	INTERCEPTOR(void , mmap64, void addr, SIZE_T length, int prot, int flags,			INTERCEPTOR(void , mmap64, void addr, SIZE_T length, int prot, int flags,
	int fd, OFF64_T offset) {			int fd, OFF64_T offset) {
	void *res = REAL(mmap64)(addr, length, prot, flags, fd, offset);			void *res = REAL(mmap64)(addr, length, prot, flags, fd, offset);
	if (res != (void *)-1)			if (res != (void *)-1)
	ReleaseShadowMemoryPagesToOS(res, length);			dfsan_set_label(0, res, RoundUpTo(length, GetPageSizeCached()));
	return res;			return res;
	}			}

	INTERCEPTOR(int, munmap, void *addr, SIZE_T length) {			INTERCEPTOR(int, munmap, void *addr, SIZE_T length) {
	int res = REAL(munmap)(addr, length);			int res = REAL(munmap)(addr, length);
	if (res != -1) {			if (res != -1)
	ReleaseShadowMemoryPagesToOS(addr, length);			dfsan_set_label(0, addr, RoundUpTo(length, GetPageSizeCached()));
	}
	return res;			return res;
	}			}

	namespace __dfsan {			namespace __dfsan {
	void InitializeInterceptors() {			void InitializeInterceptors() {
	CHECK(!interceptors_initialized);			CHECK(!interceptors_initialized);

	INTERCEPT_FUNCTION(mmap);			INTERCEPT_FUNCTION(mmap);
	INTERCEPT_FUNCTION(mmap64);			INTERCEPT_FUNCTION(mmap64);
	INTERCEPT_FUNCTION(munmap);			INTERCEPT_FUNCTION(munmap);

	interceptors_initialized = true;			interceptors_initialized = true;
	}			}
	} // namespace __dfsan			} // namespace __dfsan