This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/sanitizer_common/
-
lib/
-
sanitizer_common/
1/3
sanitizer_allocator_combined.h

Differential D158550

[sanitizer_common] Fallback to secondary allocator if primary allocator is exhausted
AbandonedPublic

Authored by leonardchan on Aug 22 2023, 2:06 PM.

Download Raw Diff

Details

Reviewers

mcgrathr
vitalybuka
MaskRay

Summary

The 64bit primary allocator has a unique failure mode where it can exhaust the entire region for a given size class in the initial pre-allocated address range. This can happen if the region size happens to be relatively small and we allocate a bunch of objects that fit into the largest size class. It's still possible though for there to be some space outside of this initial address range. For this, we can rely on the secondary allocator to mmap to find some space.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

leonardchan created this revision.Aug 22 2023, 2:06 PM

Herald added a project: Restricted Project. · View Herald TranscriptAug 22 2023, 2:06 PM

Herald added a subscriber: Enna1. · View Herald Transcript

leonardchan requested review of this revision.Aug 22 2023, 2:06 PM

Harbormaster completed remote builds in B254190: Diff 552497.Aug 22 2023, 2:32 PM

We have unittests, check TestCombinedAllocator. Can you please extend some of them?

compiler-rt/lib/sanitizer_common/sanitizer_allocator_combined.h
68	maybe it's more efficient to increase size and go larger class sizes?
76	I afraid this is not enough. Sanitizers has some assumptions on how it will be allocated. E.g. in asan bool from_primary = PrimaryAllocator::CanAllocate(needed_size, alignment); So every sanitizers needs to be investigated on implication from this change.

This can happen if the region size happens to be relatively small and we allocate a bunch of objects that fit into the largest size class.

Can you elaborate? RISC-V?

In D158550#4608476, @MaskRay wrote:

This can happen if the region size happens to be relatively small and we allocate a bunch of objects that fit into the largest size class.

Can you elaborate? RISC-V?

When getting chunks from the freearray via PopulateFreeArray, the primary allocator will attempt to remap more space in a sizeclass's region. Before that, it calls IsRegionExhausted to see if there's any space left in the region to make the allocation. The check is essentially requested_size < kRegionSize - kFreeArraySize. If the region has no more user-allocatable space, it'll fail with The process has exhausted %zuMB for size class %zu. The max space per region (kRegionSize) is determined by the overall space provided for the primary allocator divided by the number of sizeclasses. So if, if we happen to allocate a lot of objects for a given sizeclass, we'll fail in this way. The frequency of this failure mode can be reduced by increasing kRegionSize (or alternatively decreasing kFreeArraySize).

For a 39bit VMA for RISCV, we don't have a lot of overall space for the primary allocator and the default size class map has a bunch of size classes, so the region size tended to be small. I think I found a size class map though that seems to work for us and reduce the number of sizeclasses (rounded) to 32. Abandoning this revision for now (unless I run into this again).

compiler-rt/lib/sanitizer_common/sanitizer_allocator_combined.h
68	Ok, I found a good enough SizeClassMap config that helps prevent this for now.

Revision Contents

Path

Size

compiler-rt/

lib/

sanitizer_common/

sanitizer_allocator_combined.h

10 lines

Diff 552497

compiler-rt/lib/sanitizer_common/sanitizer_allocator_combined.h

Show First 20 Lines • Show All 58 Lines • ▼ Show 20 Lines	void Allocate(AllocatorCache cache, uptr size, uptr alignment) {
if (alignment > 8)		if (alignment > 8)
size = RoundUpTo(size, alignment);		size = RoundUpTo(size, alignment);
// The primary allocator should return a 2^x aligned allocation when		// The primary allocator should return a 2^x aligned allocation when
// requested 2^x bytes, hence using the rounded up 'size' when being		// requested 2^x bytes, hence using the rounded up 'size' when being
// serviced by the primary (this is no longer true when the primary is		// serviced by the primary (this is no longer true when the primary is
// using a non-fixed base address). The secondary takes care of the		// using a non-fixed base address). The secondary takes care of the
// alignment without such requirement, and allocating 'size' would use		// alignment without such requirement, and allocating 'size' would use
// extraneous memory, so we employ 'original_size'.		// extraneous memory, so we employ 'original_size'.
void *res;		void *res = nullptr;
if (primary_.CanAllocate(size, alignment))		if (primary_.CanAllocate(size, alignment))
		vitalybukaUnsubmitted Not Done Reply Inline Actions maybe it's more efficient to increase size and go larger class sizes? vitalybuka: maybe it's more efficient to increase size and go larger class sizes?
		leonardchanAuthorUnsubmitted Done Reply Inline Actions Ok, I found a good enough SizeClassMap config that helps prevent this for now. leonardchan: Ok, I found a good enough SizeClassMap config that helps prevent this for now.
res = cache->Allocate(&primary_, primary_.ClassID(size));		res = cache->Allocate(&primary_, primary_.ClassID(size));
else		if (!res) {
		// The primary alllocater can still fail if a region for a particular
		// class id is exhausted and we cannot repopulate it. This can happen if
		// the kRegionSize happens to be relatively small. There could still be
		// lots of memory left in the system for mmap-ing, so we should fallback
		// to that.
res = secondary_.Allocate(&stats_, original_size, alignment);		res = secondary_.Allocate(&stats_, original_size, alignment);
		vitalybukaUnsubmitted Not Done Reply Inline Actions I afraid this is not enough. Sanitizers has some assumptions on how it will be allocated. E.g. in asan bool from_primary = PrimaryAllocator::CanAllocate(needed_size, alignment); So every sanitizers needs to be investigated on implication from this change. vitalybuka: I afraid this is not enough. Sanitizers has some assumptions on how it will be allocated. E.g.
		}
if (alignment > 8)		if (alignment > 8)
CHECK_EQ(reinterpret_cast<uptr>(res) & (alignment - 1), 0);		CHECK_EQ(reinterpret_cast<uptr>(res) & (alignment - 1), 0);
return res;		return res;
}		}

s32 ReleaseToOSIntervalMs() const {		s32 ReleaseToOSIntervalMs() const {
return primary_.ReleaseToOSIntervalMs();		return primary_.ReleaseToOSIntervalMs();
}		}
▲ Show 20 Lines • Show All 120 Lines • Show Last 20 Lines