This is an archive of the discontinued LLVM Phabricator instance.

Differential D32968

Add dyld to sanitizer procmaps on darwin
ClosedPublic

Authored by fjricci on May 8 2017, 8:15 AM.

Details

Reviewers
alekseyshl
kubamracek
Commits
rG61ed9345c9b4: Add dyld to sanitizer procmaps on darwin
rG1cdcbcdb92d1: Add dyld to sanitizer procmaps on darwin
rCRT302899: Add dyld to sanitizer procmaps on darwin
rCRT302673: Add dyld to sanitizer procmaps on darwin
rL302899: Add dyld to sanitizer procmaps on darwin
rL302673: Add dyld to sanitizer procmaps on darwin
Summary

Sanitizer procmaps uses dyld apis to iterate over the list of images
in the process. This is much more performan than manually recursing
over all of the memory regions in the process, however, dyld does
not report itself in the list of images. In order to prevent reporting
leaks from dyld globals and to symbolize dyld functions in stack traces,
this patch special-cases dyld and ensures that it is added to the
list of modules.

This is accomplished by recursing through the memory map of the process
until a dyld Mach header is found. While this recursion is expensive,
it is run before the full set of images has been loaded in the process,
so only a few calls are required. The result is cached so that it never
needs to be searched for when the full process memory map exists, as this
would be incredibly slow, on the order of minutes for leak sanitizer with
only 25 or so libraries loaded.

Diff Detail

Event Timeline

fjricci created this revision.May 8 2017, 8:15 AM
fjricci edited the summary of this revision. (Show Details)May 8 2017, 8:15 AM
fjricci updated this revision to Diff 98172.May 8 2017, 8:22 AM

Small refactor

fjricci updated this revision to Diff 98175.May 8 2017, 8:32 AM

Consolidate diff a bit

fjricci added a child revision: D32191: Enable lsan test suite for darwin x86-64.May 8 2017, 8:40 AM
alekseyshl added inline comments.May 8 2017, 2:13 PM
lib/sanitizer_common/sanitizer_procmaps_mac.cc
235

Shouldn't we check err == KERN_SUCCESS before accessing vm_region_recurse_64 results?

237

This means that dyld_hdr at some point contains a pointer to something other than dyld and might even stay that way if something goes wrong in this loop.

250

How about using local static var initialization?

static const struct mach_header *get_dyld_hdr() {
  static struct mach_header *header = get_dyld_image_header();
  return header;
}

and then use get_dyld_hdr() everywhere instead of dyld_hdr and get_dyld_image_header()?

fjricci updated this revision to Diff 98316.May 9 2017, 9:52 AM

Use function to wrap dyld header static var and check for recurse error

alekseyshl accepted this revision.May 9 2017, 3:56 PM
This revision is now accepted and ready to land.May 9 2017, 3:56 PM
Closed by commit rL302673: Add dyld to sanitizer procmaps on darwin (authored by fjricci). · Explain WhyMay 10 2017, 7:51 AM
This revision was automatically updated to reflect the committed changes.
fjricci reopened this revision.May 10 2017, 9:48 AM

Looks like we can't use the wrapper function for the static variable, because we don't always have access to the __cxa_guard functions. I reverted the commit for now, but I think the solution is to move the cached dyld header back to a static global var.

This revision is now accepted and ready to land.May 10 2017, 9:48 AM
alekseyshl added a comment.May 10 2017, 10:03 AM
In D32968#751141, @fjricci wrote:

Looks like we can't use the wrapper function for the static variable, because we don't always have access to the __cxa_guard functions. I reverted the commit for now, but I think the solution is to move the cached dyld header back to a static global var.

Right... I'd still keep the current code structure though, replace local static header var with static global, that's it.

fjricci updated this revision to Diff 98485.May 10 2017, 10:16 AM

Use static global to avoid use of cxa guard

Harbormaster completed remote builds in B6319: Diff 98485.May 10 2017, 10:16 AM
Closed by commit rL302899: Add dyld to sanitizer procmaps on darwin (authored by fjricci). · Explain WhyMay 12 2017, 7:24 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
sanitizer_common/
1 line
86 lines

Diff 98175

lib/sanitizer_common/sanitizer_procmaps.h

Show First 20 LinesShow All 64 Lines▼ Show 20 Lines# if SANITIZER_FREEBSD || SANITIZER_LINUX
// Static mappings cache. // Static mappings cache.
static ProcSelfMapsBuff cached_proc_self_maps_; static ProcSelfMapsBuff cached_proc_self_maps_;
static StaticSpinMutex cache_lock_; // protects cached_proc_self_maps_. static StaticSpinMutex cache_lock_; // protects cached_proc_self_maps_.
# elif SANITIZER_MAC # elif SANITIZER_MAC
template <u32 kLCSegment, typename SegmentCommand> template <u32 kLCSegment, typename SegmentCommand>
bool NextSegmentLoad(uptr *start, uptr *end, uptr *offset, char filename[], bool NextSegmentLoad(uptr *start, uptr *end, uptr *offset, char filename[],
uptr filename_size, ModuleArch *arch, u8 *uuid, uptr filename_size, ModuleArch *arch, u8 *uuid,
uptr *protection); uptr *protection);
void GetSegmentAddrRange(uptr *start, uptr *end, uptr vmaddr, uptr vmsize);
int current_image_; int current_image_;
u32 current_magic_; u32 current_magic_;
u32 current_filetype_; u32 current_filetype_;
ModuleArch current_arch_; ModuleArch current_arch_;
u8 current_uuid_[kModuleUUIDSize]; u8 current_uuid_[kModuleUUIDSize];
int current_load_cmd_count_; int current_load_cmd_count_;
char *current_load_cmd_addr_; char *current_load_cmd_addr_;
bool current_instrumented_; bool current_instrumented_;
Show All 22 Lines

lib/sanitizer_common/sanitizer_procmaps_mac.cc

Show All 12 Lines
#include "sanitizer_platform.h" #include "sanitizer_platform.h"
#if SANITIZER_MAC #if SANITIZER_MAC
#include "sanitizer_common.h" #include "sanitizer_common.h"
#include "sanitizer_placement_new.h" #include "sanitizer_placement_new.h"
#include "sanitizer_procmaps.h" #include "sanitizer_procmaps.h"
#include <mach-o/dyld.h> #include <mach-o/dyld.h>
#include <mach-o/loader.h> #include <mach-o/loader.h>
#include <mach/mach.h>
// These are not available in older macOS SDKs. // These are not available in older macOS SDKs.
#ifndef CPU_SUBTYPE_X86_64_H #ifndef CPU_SUBTYPE_X86_64_H
#define CPU_SUBTYPE_X86_64_H ((cpu_subtype_t)8) /* Haswell */ #define CPU_SUBTYPE_X86_64_H ((cpu_subtype_t)8) /* Haswell */
#endif #endif
#ifndef CPU_SUBTYPE_ARM_V7S #ifndef CPU_SUBTYPE_ARM_V7S
#define CPU_SUBTYPE_ARM_V7S ((cpu_subtype_t)11) /* Swift */ #define CPU_SUBTYPE_ARM_V7S ((cpu_subtype_t)11) /* Swift */
#endif #endif
Show All 37 Linesvoid MemoryMappingLayout::Reset() {
current_load_cmd_count_ = -1; current_load_cmd_count_ = -1;
current_load_cmd_addr_ = 0; current_load_cmd_addr_ = 0;
current_magic_ = 0; current_magic_ = 0;
current_filetype_ = 0; current_filetype_ = 0;
current_arch_ = kModuleArchUnknown; current_arch_ = kModuleArchUnknown;
internal_memset(current_uuid_, 0, kModuleUUIDSize); internal_memset(current_uuid_, 0, kModuleUUIDSize);
} }
// The dyld load address should be unchanged throughout process execution,
// and it is expensive to compute once many libraries have been loaded,
// so cache it here and do not reset.
static struct mach_header *dyld_hdr;
static const char kDyldPath[] = "/usr/lib/dyld";
static const int kDyldImageIdx = -1;
// static // static
void MemoryMappingLayout::CacheMemoryMappings() { void MemoryMappingLayout::CacheMemoryMappings() {
// No-op on Mac for now. // No-op on Mac for now.
} }
void MemoryMappingLayout::LoadFromCache() { void MemoryMappingLayout::LoadFromCache() {
// No-op on Mac for now. // No-op on Mac for now.
} }
// Next and NextSegmentLoad were inspired by base/sysinfo.cc in // Next and NextSegmentLoad were inspired by base/sysinfo.cc in
// Google Perftools, https://github.com/gperftools/gperftools. // Google Perftools, https://github.com/gperftools/gperftools.
// NextSegmentLoad scans the current image for the next segment load command // NextSegmentLoad scans the current image for the next segment load command
// and returns the start and end addresses and file offset of the corresponding // and returns the start and end addresses and file offset of the corresponding
// segment. // segment.
// Note that the segment addresses are not necessarily sorted. // Note that the segment addresses are not necessarily sorted.
template <u32 kLCSegment, typename SegmentCommand> template <u32 kLCSegment, typename SegmentCommand>
bool MemoryMappingLayout::NextSegmentLoad(uptr *start, uptr *end, uptr *offset, bool MemoryMappingLayout::NextSegmentLoad(uptr *start, uptr *end, uptr *offset,
char filename[], uptr filename_size, char filename[], uptr filename_size,
ModuleArch *arch, u8 *uuid, ModuleArch *arch, u8 *uuid,
uptr *protection) { uptr *protection) {
const char *lc = current_load_cmd_addr_; const char *lc = current_load_cmd_addr_;
current_load_cmd_addr_ += ((const load_command *)lc)->cmdsize; current_load_cmd_addr_ += ((const load_command *)lc)->cmdsize;
if (((const load_command *)lc)->cmd == kLCSegment) { if (((const load_command *)lc)->cmd == kLCSegment) {
const sptr dlloff = _dyld_get_image_vmaddr_slide(current_image_);
const SegmentCommand* sc = (const SegmentCommand *)lc; const SegmentCommand* sc = (const SegmentCommand *)lc;
if (start) *start = sc->vmaddr + dlloff; GetSegmentAddrRange(start, end, sc->vmaddr, sc->vmsize);
if (protection) { if (protection) {
// Return the initial protection. // Return the initial protection.
*protection = sc->initprot; *protection = sc->initprot;
} }
if (end) *end = sc->vmaddr + sc->vmsize + dlloff;
if (offset) { if (offset) {
if (current_filetype_ == /*MH_EXECUTE*/ 0x2) { if (current_filetype_ == /*MH_EXECUTE*/ 0x2) {
*offset = sc->vmaddr; *offset = sc->vmaddr;
} else { } else {
*offset = sc->fileoff; *offset = sc->fileoff;
} }
} }
if (filename) { if (filename) {
if (current_image_ == kDyldImageIdx) {
internal_strncpy(filename, kDyldPath, filename_size);
} else {
internal_strncpy(filename, _dyld_get_image_name(current_image_), internal_strncpy(filename, _dyld_get_image_name(current_image_),
filename_size); filename_size);
} }
}
if (arch) { if (arch) {
*arch = current_arch_; *arch = current_arch_;
} }
if (uuid) { if (uuid) {
internal_memcpy(uuid, current_uuid_, kModuleUUIDSize); internal_memcpy(uuid, current_uuid_, kModuleUUIDSize);
} }
return true; return true;
} }
▲ Show 20 LinesShow All 50 Lines▼ Show 20 Lines for (const load_command *lc = first_lc; lc->cmd != 0; lc = NextCommand(lc)) {
dylib_name = StripModuleName(dylib_name); dylib_name = StripModuleName(dylib_name);
if (dylib_name != 0 && (internal_strstr(dylib_name, "libclang_rt."))) { if (dylib_name != 0 && (internal_strstr(dylib_name, "libclang_rt."))) {
return true; return true;
} }
} }
return false; return false;
} }
void MemoryMappingLayout::GetSegmentAddrRange(uptr *start, uptr *end,
uptr vmaddr, uptr vmsize) {
if (current_image_ == kDyldImageIdx) {
// vmaddr is masked with 0xfffff because on macOS versions < 10.12,
// it contains an absolute address rather than an offset for dyld.
// To make matters even more complicated, this absolute address
// isn't actually the absolute segment address, but the offset portion
// of the address is accurate when combined with the dyld base address,
// and the mask will give just this offset.
if (start) *start = (vmaddr & 0xfffff) + (uptr)dyld_hdr;
if (end) *end = (vmaddr & 0xfffff) + vmsize + (uptr)dyld_hdr;
} else {
const sptr dlloff = _dyld_get_image_vmaddr_slide(current_image_);
if (start) *start = vmaddr + dlloff;
if (end) *end = vmaddr + vmsize + dlloff;
}
}
// _dyld_get_image_header() and related APIs don't report dyld itself.
// We work around this by manually recursing through the memory map
// until we hit a Mach header matching dyld instead. These recurse
// calls are expensive, but the first memory map generation occurs
// early in the process, when dyld is one of the only images loaded,
// so it will be hit after only a few iterations.
static const struct mach_header *get_dyld_image_header() {
if (!dyld_hdr) {
mach_port_name_t port;
if (task_for_pid(mach_task_self(), internal_getpid(), &port) !=
KERN_SUCCESS) {
return nullptr;
}
unsigned depth = 1;
vm_size_t size = 0;
vm_address_t address = 0;
kern_return_t err = KERN_SUCCESS;
mach_msg_type_number_t count = VM_REGION_SUBMAP_INFO_COUNT_64;
while (err == KERN_SUCCESS) {
struct vm_region_submap_info_64 info;
err = vm_region_recurse_64(port, &address, &size, &depth,
(vm_region_info_t)&info, &count);
if (size >= sizeof(struct mach_header) &&
alekseyshlUnsubmitted
Not Done
ReplyInline Actions

Shouldn't we check err == KERN_SUCCESS before accessing vm_region_recurse_64 results?

alekseyshl: Shouldn't we check err == KERN_SUCCESS before accessing vm_region_recurse_64 results?
info.protection & MemoryMappingLayout::kProtectionRead) {
dyld_hdr = (struct mach_header *)address;
alekseyshlUnsubmitted
Not Done
ReplyInline Actions

This means that dyld_hdr at some point contains a pointer to something other than dyld and might even stay that way if something goes wrong in this loop.

alekseyshl: This means that dyld_hdr at some point contains a pointer to something other than dyld and…
if ((dyld_hdr->magic == MH_MAGIC || dyld_hdr->magic == MH_MAGIC_64) &&
dyld_hdr->filetype == MH_DYLINKER) {
return dyld_hdr;
}
}
address += size;
}
return nullptr;
}
return dyld_hdr;
}
alekseyshlUnsubmitted
Not Done
ReplyInline Actions

How about using local static var initialization?

static const struct mach_header *get_dyld_hdr() {
  static struct mach_header *header = get_dyld_image_header();
  return header;
}

and then use get_dyld_hdr() everywhere instead of dyld_hdr and get_dyld_image_header()?

alekseyshl: How about using local static var initialization? static const struct mach_header…
bool MemoryMappingLayout::Next(uptr *start, uptr *end, uptr *offset, bool MemoryMappingLayout::Next(uptr *start, uptr *end, uptr *offset,
char filename[], uptr filename_size, char filename[], uptr filename_size,
uptr *protection, ModuleArch *arch, u8 *uuid) { uptr *protection, ModuleArch *arch, u8 *uuid) {
for (; current_image_ >= 0; current_image_--) { for (; current_image_ >= kDyldImageIdx; current_image_--) {
const mach_header* hdr = _dyld_get_image_header(current_image_); const struct mach_header *hdr =
(current_image_ == kDyldImageIdx)
? get_dyld_image_header()
: _dyld_get_image_header(current_image_);
if (!hdr) continue; if (!hdr) continue;
if (current_load_cmd_count_ < 0) { if (current_load_cmd_count_ < 0) {
// Set up for this image; // Set up for this image;
current_load_cmd_count_ = hdr->ncmds; current_load_cmd_count_ = hdr->ncmds;
current_magic_ = hdr->magic; current_magic_ = hdr->magic;
current_filetype_ = hdr->filetype; current_filetype_ = hdr->filetype;
current_arch_ = ModuleArchFromCpuType(hdr->cputype, hdr->cpusubtype); current_arch_ = ModuleArchFromCpuType(hdr->cputype, hdr->cpusubtype);
switch (current_magic_) { switch (current_magic_) {
▲ Show 20 LinesShow All 77 LinesShow Last 20 Lines