An application running with ASAN can fail during shadow memory allocation, with an error indicating a failure to map shadow memory region due to negative size parameter passed to mmap. It can happen when iOS decides to limit the top of the virtual memory address space to be very low and, when the application itself is relatively complex (with lots of dependencies - like Spotify). What really happens, is that evaluating kHighMemBeg, kHighShadowBeg and kHighShadowEnd macros, when computed as usual (for dynamic shadow area locations) leads to nonsensical situation where kHighMemEnd <= (MEM_TO_SHADOW(kHighMemEnd) + 1). It results in a negative value of an expression passed to the mmap as the size of high shadow. To remedy this case, when this condition (kHighMemEnd <= (MEM_TO_SHADOW(kHighMemEnd) + 1)) is detected, an alternate high shadow memory layout is applied. It is really a mitigation, some issues involving high memory access might be missed - but, without the mitigation, the ASANified app will just crash. The mitigation allows it to work and detect most of typical issues ASAN detects.
Details
Details
- Reviewers
thetruestblue rsundahl yln delcypher
Diff Detail
Diff Detail
- Repository
- rG LLVM Github Monorepo
Event Timeline
Comment Actions
- Simplify expression deciding that high memory limit is low
- Fine tune the IS_HIGH_MEM_LOW comment