This is an archive of the discontinued LLVM Phabricator instance.

Differential D35690

[Sanitizers] TSan allocator set errno on failure.
ClosedPublic

Authored by alekseyshl on Jul 20 2017, 10:28 AM.

Details

Reviewers
dvyukov
Commits
rG132689243e03: [Sanitizers] TSan allocator set errno on failure.
rCRT308929: [Sanitizers] TSan allocator set errno on failure.
rL308929: [Sanitizers] TSan allocator set errno on failure.
Summary

Set proper errno code on allocation failures and change realloc, pvalloc,
aligned_alloc, memalign and posix_memalign implementation to satisfy
their man-specified requirements.

Modify allocator API implementation to bring it closer to other
sanitizers allocators.

Diff Detail

Repository
rL LLVM

Event Timeline

alekseyshl created this revision.Jul 20 2017, 10:28 AM
Herald added a subscriber: kubamracek. · View Herald TranscriptJul 20 2017, 10:28 AM
dvyukov added inline comments.Jul 20 2017, 10:48 AM
lib/tsan/rtl/tsan_mman.cc
174 ↗(On Diff #107544)

Please don't prefix functions, variables and types in tsan with tsan. It's all tsan already. It's just plain pointless to prefix everything in tsan with tsan, everything in asan with asan, etc, and does not add any information for reader about purpose of a function or a type.

Also, diff will be much smaller if you name this function user_alloc and rename the old one to, say, user_alloc_noerrno. It will be just few lines instead of churning the whole codebase.

alekseyshl updated this revision to Diff 107601.Jul 20 2017, 4:18 PM
  • Do not use "tsan_" prefix.
Harbormaster completed remote builds in B8461: Diff 107601.Jul 20 2017, 4:18 PM
alekseyshl added inline comments.Jul 20 2017, 4:21 PM
lib/tsan/rtl/tsan_mman.cc
174 ↗(On Diff #107544)

Well, not sure about a few lines, but will do. It just seem weird to mention errno in the code which does not care about errno at all. Maybe user_alloc_internal?

dvyukov added inline comments.Jul 20 2017, 10:34 PM
lib/tsan/rtl/tsan_mman.cc
174 ↗(On Diff #107544)

Much better now. Thanks.
user_alloc_internal is fine.

lib/tsan/tests/unit/tsan_mman_test.cc
72 ↗(On Diff #107601)

Is there a particular reason for this change? If not, then I would prefer to leave the current behavior. It worked for 5 years. We don't know what will happen with this one.

test/tsan/allocator_returns_null.cc
40 ↗(On Diff #107601)

Are C++ tsan tests run on windows? That's surprising to me.

dvyukov added inline comments.Jul 20 2017, 10:41 PM
lib/tsan/tests/unit/tsan_mman_test.cc
72 ↗(On Diff #107601)

Note: the current behavior is correct according to both POSIX, linux man pages and C:

If size is 0, either a null pointer or a unique pointer that can be successfully passed to free() shall be returned.

If size was equal to 0, either NULL or a pointer suitable to be passed to free() is returned.

alekseyshl added inline comments.Jul 21 2017, 7:57 AM
lib/tsan/tests/unit/tsan_mman_test.cc
72 ↗(On Diff #107601)

Wait, that's what the man I quoted in comments: "if size is equal to zero, and ptr is not NULL, then the call is equivalent to free(ptr)", so I'm freeing the pointer and it seems only natural to return NULL in this case, cause what else would I return?

What you're saying is correct for user_realloc(thr, pc, NULL, 0) case.

alekseyshl updated this revision to Diff 107688.Jul 21 2017, 10:25 AM
  • Address comments
alekseyshl added inline comments.Jul 21 2017, 10:26 AM
lib/tsan/tests/unit/tsan_mman_test.cc
72 ↗(On Diff #107601)

What I mean to say, it seems strange to return a dangling pointer and stdlib's realloc returns NULL in this case anyway.

user_realloc(thr, pc, NULL, 0) is tested first hand in this test.

test/tsan/allocator_returns_null.cc
40 ↗(On Diff #107601)

Yep, got carried away unifying tests with other sanitizers.

dvyukov accepted this revision.Jul 23 2017, 12:58 AM
dvyukov added inline comments.
lib/tsan/tests/unit/tsan_mman_test.cc
72 ↗(On Diff #107601)

Okay, let's try this.

This revision is now accepted and ready to land.Jul 23 2017, 12:58 AM
Closed by commit rL308929: [Sanitizers] TSan allocator set errno on failure. (authored by alekseyshl). · Explain WhyJul 24 2017, 2:24 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
tsan/
rtl/
6 lines
16 lines
3 lines
4 lines
15 lines
86 lines
tests/
unit/
83 lines
test/
tsan/
12 lines

Diff 107963

compiler-rt/trunk/lib/tsan/rtl/tsan_fd.cc

Show First 20 LinesShow All 42 Lines▼ Show 20 Lines
static FdContext fdctx; static FdContext fdctx;
static bool bogusfd(int fd) { static bool bogusfd(int fd) {
// Apparently a bogus fd value. // Apparently a bogus fd value.
return fd < 0 || fd >= kTableSize; return fd < 0 || fd >= kTableSize;
} }
static FdSync *allocsync(ThreadState *thr, uptr pc) { static FdSync *allocsync(ThreadState *thr, uptr pc) {
FdSync *s = (FdSync*)user_alloc(thr, pc, sizeof(FdSync), kDefaultAlignment, FdSync *s = (FdSync*)user_alloc_internal(thr, pc, sizeof(FdSync),
false); kDefaultAlignment, false);
atomic_store(&s->rc, 1, memory_order_relaxed); atomic_store(&s->rc, 1, memory_order_relaxed);
return s; return s;
} }
static FdSync *ref(FdSync *s) { static FdSync *ref(FdSync *s) {
if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1)
atomic_fetch_add(&s->rc, 1, memory_order_relaxed); atomic_fetch_add(&s->rc, 1, memory_order_relaxed);
return s; return s;
Show All 13 Lines
static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) { static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) {
CHECK_GE(fd, 0); CHECK_GE(fd, 0);
CHECK_LT(fd, kTableSize); CHECK_LT(fd, kTableSize);
atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2]; atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2];
uptr l1 = atomic_load(pl1, memory_order_consume); uptr l1 = atomic_load(pl1, memory_order_consume);
if (l1 == 0) { if (l1 == 0) {
uptr size = kTableSizeL2 * sizeof(FdDesc); uptr size = kTableSizeL2 * sizeof(FdDesc);
// We need this to reside in user memory to properly catch races on it. // We need this to reside in user memory to properly catch races on it.
void *p = user_alloc(thr, pc, size, kDefaultAlignment, false); void *p = user_alloc_internal(thr, pc, size, kDefaultAlignment, false);
internal_memset(p, 0, size); internal_memset(p, 0, size);
MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size); MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size);
if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel)) if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel))
l1 = (uptr)p; l1 = (uptr)p;
else else
user_free(thr, pc, p, false); user_free(thr, pc, p, false);
} }
return &((FdDesc*)l1)[fd % kTableSizeL2]; // NOLINT return &((FdDesc*)l1)[fd % kTableSizeL2]; // NOLINT
▲ Show 20 LinesShow All 226 LinesShow Last 20 Lines

compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc

Show First 20 LinesShow All 578 Lines▼ Show 20 Lines void *p = 0;
p = user_alloc(thr, pc, size); p = user_alloc(thr, pc, size);
} }
invoke_malloc_hook(p, size); invoke_malloc_hook(p, size);
return p; return p;
} }
TSAN_INTERCEPTOR(void*, __libc_memalign, uptr align, uptr sz) { TSAN_INTERCEPTOR(void*, __libc_memalign, uptr align, uptr sz) {
SCOPED_TSAN_INTERCEPTOR(__libc_memalign, align, sz); SCOPED_TSAN_INTERCEPTOR(__libc_memalign, align, sz);
return user_alloc(thr, pc, sz, align); return user_memalign(thr, pc, align, sz);
} }
TSAN_INTERCEPTOR(void*, calloc, uptr size, uptr n) { TSAN_INTERCEPTOR(void*, calloc, uptr size, uptr n) {
if (cur_thread()->in_symbolizer) if (cur_thread()->in_symbolizer)
return InternalCalloc(size, n); return InternalCalloc(size, n);
void *p = 0; void *p = 0;
{ {
SCOPED_INTERCEPTOR_RAW(calloc, size, n); SCOPED_INTERCEPTOR_RAW(calloc, size, n);
▲ Show 20 LinesShow All 129 Lines▼ Show 20 LinesTSAN_INTERCEPTOR(int, munmap, void *addr, long_t sz) {
} }
int res = REAL(munmap)(addr, sz); int res = REAL(munmap)(addr, sz);
return res; return res;
} }
#if SANITIZER_LINUX #if SANITIZER_LINUX
TSAN_INTERCEPTOR(void*, memalign, uptr align, uptr sz) { TSAN_INTERCEPTOR(void*, memalign, uptr align, uptr sz) {
SCOPED_INTERCEPTOR_RAW(memalign, align, sz); SCOPED_INTERCEPTOR_RAW(memalign, align, sz);
return user_alloc(thr, pc, sz, align); return user_memalign(thr, pc, align, sz);
} }
#define TSAN_MAYBE_INTERCEPT_MEMALIGN TSAN_INTERCEPT(memalign) #define TSAN_MAYBE_INTERCEPT_MEMALIGN TSAN_INTERCEPT(memalign)
#else #else
#define TSAN_MAYBE_INTERCEPT_MEMALIGN #define TSAN_MAYBE_INTERCEPT_MEMALIGN
#endif #endif
#if !SANITIZER_MAC #if !SANITIZER_MAC
TSAN_INTERCEPTOR(void*, aligned_alloc, uptr align, uptr sz) { TSAN_INTERCEPTOR(void*, aligned_alloc, uptr align, uptr sz) {
SCOPED_INTERCEPTOR_RAW(memalign, align, sz); SCOPED_INTERCEPTOR_RAW(aligned_alloc, align, sz);
return user_alloc(thr, pc, sz, align); return user_aligned_alloc(thr, pc, align, sz);
} }
TSAN_INTERCEPTOR(void*, valloc, uptr sz) { TSAN_INTERCEPTOR(void*, valloc, uptr sz) {
SCOPED_INTERCEPTOR_RAW(valloc, sz); SCOPED_INTERCEPTOR_RAW(valloc, sz);
return user_alloc(thr, pc, sz, GetPageSizeCached()); return user_valloc(thr, pc, sz);
} }
#endif #endif
#if SANITIZER_LINUX #if SANITIZER_LINUX
TSAN_INTERCEPTOR(void*, pvalloc, uptr sz) { TSAN_INTERCEPTOR(void*, pvalloc, uptr sz) {
SCOPED_INTERCEPTOR_RAW(pvalloc, sz); SCOPED_INTERCEPTOR_RAW(pvalloc, sz);
sz = RoundUp(sz, GetPageSizeCached()); return user_pvalloc(thr, pc, sz);
return user_alloc(thr, pc, sz, GetPageSizeCached());
} }
#define TSAN_MAYBE_INTERCEPT_PVALLOC TSAN_INTERCEPT(pvalloc) #define TSAN_MAYBE_INTERCEPT_PVALLOC TSAN_INTERCEPT(pvalloc)
#else #else
#define TSAN_MAYBE_INTERCEPT_PVALLOC #define TSAN_MAYBE_INTERCEPT_PVALLOC
#endif #endif
#if !SANITIZER_MAC #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int, posix_memalign, void **memptr, uptr align, uptr sz) { TSAN_INTERCEPTOR(int, posix_memalign, void **memptr, uptr align, uptr sz) {
SCOPED_INTERCEPTOR_RAW(posix_memalign, memptr, align, sz); SCOPED_INTERCEPTOR_RAW(posix_memalign, memptr, align, sz);
*memptr = user_alloc(thr, pc, sz, align); return user_posix_memalign(thr, pc, memptr, align, sz);
return 0;
} }
#endif #endif
// __cxa_guard_acquire and friends need to be intercepted in a special way - // __cxa_guard_acquire and friends need to be intercepted in a special way -
// regular interceptors will break statically-linked libstdc++. Linux // regular interceptors will break statically-linked libstdc++. Linux
// interceptors are especially defined as weak functions (so that they don't // interceptors are especially defined as weak functions (so that they don't
// cause link errors when user defines them as well). So they silently // cause link errors when user defines them as well). So they silently
// auto-disable themselves when such symbol is already present in the binary. If // auto-disable themselves when such symbol is already present in the binary. If
▲ Show 20 LinesShow All 1,861 LinesShow Last 20 Lines

compiler-rt/trunk/lib/tsan/rtl/tsan_libdispatch_mac.cc

Show First 20 LinesShow All 80 Lines▼ Show 20 Linesstatic dispatch_queue_t GetTargetQueueFromSource(dispatch_source_t source) {
return tq; return tq;
} }
static tsan_block_context_t *AllocContext(ThreadState *thr, uptr pc, static tsan_block_context_t *AllocContext(ThreadState *thr, uptr pc,
dispatch_queue_t queue, dispatch_queue_t queue,
void *orig_context, void *orig_context,
dispatch_function_t orig_work) { dispatch_function_t orig_work) {
tsan_block_context_t *new_context = tsan_block_context_t *new_context =
(tsan_block_context_t *)user_alloc(thr, pc, sizeof(tsan_block_context_t)); (tsan_block_context_t *)user_alloc_internal(thr, pc,
sizeof(tsan_block_context_t));
new_context->queue = queue; new_context->queue = queue;
new_context->orig_context = orig_context; new_context->orig_context = orig_context;
new_context->orig_work = orig_work; new_context->orig_work = orig_work;
new_context->free_context_in_callback = true; new_context->free_context_in_callback = true;
new_context->submitted_synchronously = false; new_context->submitted_synchronously = false;
new_context->is_barrier_block = false; new_context->is_barrier_block = false;
new_context->non_queue_sync_object = 0; new_context->non_queue_sync_object = 0;
return new_context; return new_context;
▲ Show 20 LinesShow All 625 LinesShow Last 20 Lines

compiler-rt/trunk/lib/tsan/rtl/tsan_malloc_mac.cc

Show All 20 Lines
using namespace __tsan; using namespace __tsan;
#define COMMON_MALLOC_ZONE_NAME "tsan" #define COMMON_MALLOC_ZONE_NAME "tsan"
#define COMMON_MALLOC_ENTER() #define COMMON_MALLOC_ENTER()
#define COMMON_MALLOC_SANITIZER_INITIALIZED (cur_thread()->is_inited) #define COMMON_MALLOC_SANITIZER_INITIALIZED (cur_thread()->is_inited)
#define COMMON_MALLOC_FORCE_LOCK() #define COMMON_MALLOC_FORCE_LOCK()
#define COMMON_MALLOC_FORCE_UNLOCK() #define COMMON_MALLOC_FORCE_UNLOCK()
#define COMMON_MALLOC_MEMALIGN(alignment, size) \ #define COMMON_MALLOC_MEMALIGN(alignment, size) \
void *p = \ void *p = \
user_alloc(cur_thread(), StackTrace::GetCurrentPc(), size, alignment) user_memalign(cur_thread(), StackTrace::GetCurrentPc(), alignment, size)
#define COMMON_MALLOC_MALLOC(size) \ #define COMMON_MALLOC_MALLOC(size) \
if (cur_thread()->in_symbolizer) return InternalAlloc(size); \ if (cur_thread()->in_symbolizer) return InternalAlloc(size); \
SCOPED_INTERCEPTOR_RAW(malloc, size); \ SCOPED_INTERCEPTOR_RAW(malloc, size); \
void *p = user_alloc(thr, pc, size) void *p = user_alloc(thr, pc, size)
#define COMMON_MALLOC_REALLOC(ptr, size) \ #define COMMON_MALLOC_REALLOC(ptr, size) \
if (cur_thread()->in_symbolizer) return InternalRealloc(ptr, size); \ if (cur_thread()->in_symbolizer) return InternalRealloc(ptr, size); \
SCOPED_INTERCEPTOR_RAW(realloc, ptr, size); \ SCOPED_INTERCEPTOR_RAW(realloc, ptr, size); \
void *p = user_realloc(thr, pc, ptr, size) void *p = user_realloc(thr, pc, ptr, size)
#define COMMON_MALLOC_CALLOC(count, size) \ #define COMMON_MALLOC_CALLOC(count, size) \
if (cur_thread()->in_symbolizer) return InternalCalloc(count, size); \ if (cur_thread()->in_symbolizer) return InternalCalloc(count, size); \
SCOPED_INTERCEPTOR_RAW(calloc, size, count); \ SCOPED_INTERCEPTOR_RAW(calloc, size, count); \
void *p = user_calloc(thr, pc, size, count) void *p = user_calloc(thr, pc, size, count)
#define COMMON_MALLOC_VALLOC(size) \ #define COMMON_MALLOC_VALLOC(size) \
if (cur_thread()->in_symbolizer) \ if (cur_thread()->in_symbolizer) \
return InternalAlloc(size, nullptr, GetPageSizeCached()); \ return InternalAlloc(size, nullptr, GetPageSizeCached()); \
SCOPED_INTERCEPTOR_RAW(valloc, size); \ SCOPED_INTERCEPTOR_RAW(valloc, size); \
void *p = user_alloc(thr, pc, size, GetPageSizeCached()) void *p = user_valloc(thr, pc, size)
#define COMMON_MALLOC_FREE(ptr) \ #define COMMON_MALLOC_FREE(ptr) \
if (cur_thread()->in_symbolizer) return InternalFree(ptr); \ if (cur_thread()->in_symbolizer) return InternalFree(ptr); \
SCOPED_INTERCEPTOR_RAW(free, ptr); \ SCOPED_INTERCEPTOR_RAW(free, ptr); \
user_free(thr, pc, ptr) user_free(thr, pc, ptr)
#define COMMON_MALLOC_SIZE(ptr) uptr size = user_alloc_usable_size(ptr); #define COMMON_MALLOC_SIZE(ptr) uptr size = user_alloc_usable_size(ptr);
#define COMMON_MALLOC_FILL_STATS(zone, stats) #define COMMON_MALLOC_FILL_STATS(zone, stats)
#define COMMON_MALLOC_REPORT_UNKNOWN_REALLOC(ptr, zone_ptr, zone_name) \ #define COMMON_MALLOC_REPORT_UNKNOWN_REALLOC(ptr, zone_ptr, zone_name) \
(void)zone_name; \ (void)zone_name; \
Report("mz_realloc(%p) -- attempting to realloc unallocated memory.\n", ptr); Report("mz_realloc(%p) -- attempting to realloc unallocated memory.\n", ptr);
#define COMMON_MALLOC_NAMESPACE __tsan #define COMMON_MALLOC_NAMESPACE __tsan
#include "sanitizer_common/sanitizer_malloc_mac.inc" #include "sanitizer_common/sanitizer_malloc_mac.inc"
#endif #endif

compiler-rt/trunk/lib/tsan/rtl/tsan_mman.h

Show All 21 Lines
void InitializeAllocator(); void InitializeAllocator();
void InitializeAllocatorLate(); void InitializeAllocatorLate();
void ReplaceSystemMalloc(); void ReplaceSystemMalloc();
void AllocatorProcStart(Processor *proc); void AllocatorProcStart(Processor *proc);
void AllocatorProcFinish(Processor *proc); void AllocatorProcFinish(Processor *proc);
void AllocatorPrintStats(); void AllocatorPrintStats();
// For user allocations. // For user allocations.
void *user_alloc(ThreadState *thr, uptr pc, uptr sz, void *user_alloc_internal(ThreadState *thr, uptr pc, uptr sz,
uptr align = kDefaultAlignment, bool signal = true); uptr align = kDefaultAlignment, bool signal = true);
void *user_calloc(ThreadState *thr, uptr pc, uptr sz, uptr n);
// Does not accept NULL. // Does not accept NULL.
void user_free(ThreadState *thr, uptr pc, void *p, bool signal = true); void user_free(ThreadState *thr, uptr pc, void *p, bool signal = true);
// Interceptor implementations.
void *user_alloc(ThreadState *thr, uptr pc, uptr sz);
void *user_calloc(ThreadState *thr, uptr pc, uptr sz, uptr n);
void *user_realloc(ThreadState *thr, uptr pc, void *p, uptr sz); void *user_realloc(ThreadState *thr, uptr pc, void *p, uptr sz);
void *user_alloc_aligned(ThreadState *thr, uptr pc, uptr sz, uptr align); void *user_memalign(ThreadState *thr, uptr pc, uptr align, uptr sz);
int user_posix_memalign(ThreadState *thr, uptr pc, void **memptr, uptr align,
uptr sz);
void *user_aligned_alloc(ThreadState *thr, uptr pc, uptr align, uptr sz);
void *user_valloc(ThreadState *thr, uptr pc, uptr sz);
void *user_pvalloc(ThreadState *thr, uptr pc, uptr sz);
uptr user_alloc_usable_size(const void *p); uptr user_alloc_usable_size(const void *p);
// Invoking malloc/free hooks that may be installed by the user. // Invoking malloc/free hooks that may be installed by the user.
void invoke_malloc_hook(void *ptr, uptr size); void invoke_malloc_hook(void *ptr, uptr size);
void invoke_free_hook(void *ptr); void invoke_free_hook(void *ptr);
enum MBlockType { enum MBlockType {
MBlockScopedBuf, MBlockScopedBuf,
Show All 39 Lines

compiler-rt/trunk/lib/tsan/rtl/tsan_mman.cc

Show First 20 LinesShow All 143 Lines▼ Show 20 Linesstatic void SignalUnsafeCall(ThreadState *thr, uptr pc) {
if (IsFiredSuppression(ctx, ReportTypeSignalUnsafe, stack)) if (IsFiredSuppression(ctx, ReportTypeSignalUnsafe, stack))
return; return;
ThreadRegistryLock l(ctx->thread_registry); ThreadRegistryLock l(ctx->thread_registry);
ScopedReport rep(ReportTypeSignalUnsafe); ScopedReport rep(ReportTypeSignalUnsafe);
rep.AddStack(stack, true); rep.AddStack(stack, true);
OutputReport(thr, rep); OutputReport(thr, rep);
} }
void *user_alloc(ThreadState *thr, uptr pc, uptr sz, uptr align, bool signal) { void *user_alloc_internal(ThreadState *thr, uptr pc, uptr sz, uptr align,
bool signal) {
if ((sz >= (1ull << 40)) || (align >= (1ull << 40))) if ((sz >= (1ull << 40)) || (align >= (1ull << 40)))
return Allocator::FailureHandler::OnBadRequest(); return Allocator::FailureHandler::OnBadRequest();
void *p = allocator()->Allocate(&thr->proc()->alloc_cache, sz, align); void *p = allocator()->Allocate(&thr->proc()->alloc_cache, sz, align);
if (p == 0) if (UNLIKELY(p == 0))
return 0; return 0;
if (ctx && ctx->initialized) if (ctx && ctx->initialized)
OnUserAlloc(thr, pc, (uptr)p, sz, true); OnUserAlloc(thr, pc, (uptr)p, sz, true);
if (signal) if (signal)
SignalUnsafeCall(thr, pc); SignalUnsafeCall(thr, pc);
return p; return p;
} }
void *user_calloc(ThreadState *thr, uptr pc, uptr size, uptr n) {
if (CheckForCallocOverflow(size, n))
return Allocator::FailureHandler::OnBadRequest();
void *p = user_alloc(thr, pc, n * size);
if (p)
internal_memset(p, 0, n * size);
return p;
}
void user_free(ThreadState *thr, uptr pc, void *p, bool signal) { void user_free(ThreadState *thr, uptr pc, void *p, bool signal) {
ScopedGlobalProcessor sgp; ScopedGlobalProcessor sgp;
if (ctx && ctx->initialized) if (ctx && ctx->initialized)
OnUserFree(thr, pc, (uptr)p, true); OnUserFree(thr, pc, (uptr)p, true);
allocator()->Deallocate(&thr->proc()->alloc_cache, p); allocator()->Deallocate(&thr->proc()->alloc_cache, p);
if (signal) if (signal)
SignalUnsafeCall(thr, pc); SignalUnsafeCall(thr, pc);
} }
void *user_alloc(ThreadState *thr, uptr pc, uptr sz) {
return SetErrnoOnNull(user_alloc_internal(thr, pc, sz, kDefaultAlignment));
}
void *user_calloc(ThreadState *thr, uptr pc, uptr size, uptr n) {
if (UNLIKELY(CheckForCallocOverflow(size, n)))
return SetErrnoOnNull(Allocator::FailureHandler::OnBadRequest());
void *p = user_alloc_internal(thr, pc, n * size);
if (p)
internal_memset(p, 0, n * size);
return SetErrnoOnNull(p);
}
void OnUserAlloc(ThreadState *thr, uptr pc, uptr p, uptr sz, bool write) { void OnUserAlloc(ThreadState *thr, uptr pc, uptr p, uptr sz, bool write) {
DPrintf("#%d: alloc(%zu) = %p\n", thr->tid, sz, p); DPrintf("#%d: alloc(%zu) = %p\n", thr->tid, sz, p);
ctx->metamap.AllocBlock(thr, pc, p, sz); ctx->metamap.AllocBlock(thr, pc, p, sz);
if (write && thr->ignore_reads_and_writes == 0) if (write && thr->ignore_reads_and_writes == 0)
MemoryRangeImitateWrite(thr, pc, (uptr)p, sz); MemoryRangeImitateWrite(thr, pc, (uptr)p, sz);
else else
MemoryResetRange(thr, pc, (uptr)p, sz); MemoryResetRange(thr, pc, (uptr)p, sz);
} }
void OnUserFree(ThreadState *thr, uptr pc, uptr p, bool write) { void OnUserFree(ThreadState *thr, uptr pc, uptr p, bool write) {
CHECK_NE(p, (void*)0); CHECK_NE(p, (void*)0);
uptr sz = ctx->metamap.FreeBlock(thr->proc(), p); uptr sz = ctx->metamap.FreeBlock(thr->proc(), p);
DPrintf("#%d: free(%p, %zu)\n", thr->tid, p, sz); DPrintf("#%d: free(%p, %zu)\n", thr->tid, p, sz);
if (write && thr->ignore_reads_and_writes == 0) if (write && thr->ignore_reads_and_writes == 0)
MemoryRangeFreed(thr, pc, (uptr)p, sz); MemoryRangeFreed(thr, pc, (uptr)p, sz);
} }
void *user_realloc(ThreadState *thr, uptr pc, void *p, uptr sz) { void *user_realloc(ThreadState *thr, uptr pc, void *p, uptr sz) {
// FIXME: Handle "shrinking" more efficiently, // FIXME: Handle "shrinking" more efficiently,
// it seems that some software actually does this. // it seems that some software actually does this.
void *p2 = user_alloc(thr, pc, sz); if (!p)
if (p2 == 0) return SetErrnoOnNull(user_alloc_internal(thr, pc, sz));
return 0; if (!sz) {
if (p) {
uptr oldsz = user_alloc_usable_size(p);
internal_memcpy(p2, p, min(oldsz, sz));
user_free(thr, pc, p); user_free(thr, pc, p);
return nullptr;
} }
return p2; void *new_p = user_alloc_internal(thr, pc, sz);
if (new_p) {
uptr old_sz = user_alloc_usable_size(p);
internal_memcpy(new_p, p, min(old_sz, sz));
user_free(thr, pc, p);
}
return SetErrnoOnNull(new_p);
}
void *user_memalign(ThreadState *thr, uptr pc, uptr align, uptr sz) {
if (UNLIKELY(!IsPowerOfTwo(align))) {
errno = errno_EINVAL;
return Allocator::FailureHandler::OnBadRequest();
}
return SetErrnoOnNull(user_alloc_internal(thr, pc, sz, align));
}
int user_posix_memalign(ThreadState *thr, uptr pc, void **memptr, uptr align,
uptr sz) {
if (UNLIKELY(!CheckPosixMemalignAlignment(align))) {
Allocator::FailureHandler::OnBadRequest();
return errno_EINVAL;
}
void *ptr = user_alloc_internal(thr, pc, sz, align);
if (UNLIKELY(!ptr))
return errno_ENOMEM;
CHECK(IsAligned((uptr)ptr, align));
*memptr = ptr;
return 0;
}
void *user_aligned_alloc(ThreadState *thr, uptr pc, uptr align, uptr sz) {
if (UNLIKELY(!CheckAlignedAllocAlignmentAndSize(align, sz))) {
errno = errno_EINVAL;
return Allocator::FailureHandler::OnBadRequest();
}
return SetErrnoOnNull(user_alloc_internal(thr, pc, sz, align));
}
void *user_valloc(ThreadState *thr, uptr pc, uptr sz) {
return SetErrnoOnNull(user_alloc_internal(thr, pc, sz, GetPageSizeCached()));
}
void *user_pvalloc(ThreadState *thr, uptr pc, uptr sz) {
uptr PageSize = GetPageSizeCached();
// pvalloc(0) should allocate one page.
sz = sz ? RoundUpTo(sz, PageSize) : PageSize;
return SetErrnoOnNull(user_alloc_internal(thr, pc, sz, PageSize));
} }
uptr user_alloc_usable_size(const void *p) { uptr user_alloc_usable_size(const void *p) {
if (p == 0) if (p == 0)
return 0; return 0;
MBlock *b = ctx->metamap.GetBlock((uptr)p); MBlock *b = ctx->metamap.GetBlock((uptr)p);
if (!b) if (!b)
return 0; // Not a valid pointer. return 0; // Not a valid pointer.
▲ Show 20 LinesShow All 85 LinesShow Last 20 Lines

compiler-rt/trunk/lib/tsan/tests/unit/tsan_mman_test.cc

Show First 20 LinesShow All 50 Lines▼ Show 20 Lines
TEST(Mman, UserRealloc) { TEST(Mman, UserRealloc) {
ThreadState *thr = cur_thread(); ThreadState *thr = cur_thread();
uptr pc = 0; uptr pc = 0;
{ {
void *p = user_realloc(thr, pc, 0, 0); void *p = user_realloc(thr, pc, 0, 0);
// Realloc(NULL, N) is equivalent to malloc(N), thus must return // Realloc(NULL, N) is equivalent to malloc(N), thus must return
// non-NULL pointer. // non-NULL pointer.
EXPECT_NE(p, (void*)0); EXPECT_NE(p, (void*)0);
user_free(thr, pc, p);
} }
{ {
void *p = user_realloc(thr, pc, 0, 100); void *p = user_realloc(thr, pc, 0, 100);
EXPECT_NE(p, (void*)0); EXPECT_NE(p, (void*)0);
memset(p, 0xde, 100); memset(p, 0xde, 100);
user_free(thr, pc, p); user_free(thr, pc, p);
} }
{ {
void *p = user_alloc(thr, pc, 100); void *p = user_alloc(thr, pc, 100);
EXPECT_NE(p, (void*)0); EXPECT_NE(p, (void*)0);
memset(p, 0xde, 100); memset(p, 0xde, 100);
// Realloc(P, 0) is equivalent to free(P) and returns NULL.
void *p2 = user_realloc(thr, pc, p, 0); void *p2 = user_realloc(thr, pc, p, 0);
EXPECT_NE(p2, (void*)0); EXPECT_EQ(p2, (void*)0);
} }
{ {
void *p = user_realloc(thr, pc, 0, 100); void *p = user_realloc(thr, pc, 0, 100);
EXPECT_NE(p, (void*)0); EXPECT_NE(p, (void*)0);
memset(p, 0xde, 100); memset(p, 0xde, 100);
void *p2 = user_realloc(thr, pc, p, 10000); void *p2 = user_realloc(thr, pc, p, 10000);
EXPECT_NE(p2, (void*)0); EXPECT_NE(p2, (void*)0);
for (int i = 0; i < 100; i++) for (int i = 0; i < 100; i++)
▲ Show 20 LinesShow All 50 Lines▼ Show 20 LinesTEST(Mman, Stats) {
user_free(thr, 0, p); user_free(thr, 0, p);
EXPECT_EQ(alloc0, __sanitizer_get_current_allocated_bytes()); EXPECT_EQ(alloc0, __sanitizer_get_current_allocated_bytes());
EXPECT_GE(__sanitizer_get_heap_size(), heap0); EXPECT_GE(__sanitizer_get_heap_size(), heap0);
EXPECT_EQ(free0, __sanitizer_get_free_bytes()); EXPECT_EQ(free0, __sanitizer_get_free_bytes());
EXPECT_EQ(unmapped0, __sanitizer_get_unmapped_bytes()); EXPECT_EQ(unmapped0, __sanitizer_get_unmapped_bytes());
} }
TEST(Mman, CallocOverflow) { TEST(Mman, Valloc) {
#if SANITIZER_DEBUG ThreadState *thr = cur_thread();
void *p = user_valloc(thr, 0, 100);
EXPECT_NE(p, (void*)0);
user_free(thr, 0, p);
p = user_pvalloc(thr, 0, 100);
EXPECT_NE(p, (void*)0);
user_free(thr, 0, p);
p = user_pvalloc(thr, 0, 0);
EXPECT_NE(p, (void*)0);
EXPECT_EQ(GetPageSizeCached(), __sanitizer_get_allocated_size(p));
user_free(thr, 0, p);
}
#if !SANITIZER_DEBUG
// EXPECT_DEATH clones a thread with 4K stack, // EXPECT_DEATH clones a thread with 4K stack,
// which is overflown by tsan memory accesses functions in debug mode. // which is overflown by tsan memory accesses functions in debug mode.
return;
#endif TEST(Mman, CallocOverflow) {
ThreadState *thr = cur_thread(); ThreadState *thr = cur_thread();
uptr pc = 0; uptr pc = 0;
size_t kArraySize = 4096; size_t kArraySize = 4096;
volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max(); volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max();
volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10; volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10;
volatile void *p = NULL; volatile void *p = NULL;
EXPECT_DEATH(p = user_calloc(thr, pc, kArraySize, kArraySize2), EXPECT_DEATH(p = user_calloc(thr, pc, kArraySize, kArraySize2),
"allocator is terminating the process instead of returning 0"); "allocator is terminating the process instead of returning 0");
EXPECT_EQ(0L, p); EXPECT_EQ(0L, p);
} }
TEST(Mman, Memalign) {
ThreadState *thr = cur_thread();
void *p = user_memalign(thr, 0, 8, 100);
EXPECT_NE(p, (void*)0);
user_free(thr, 0, p);
p = NULL;
EXPECT_DEATH(p = user_memalign(thr, 0, 7, 100),
"allocator is terminating the process instead of returning 0");
EXPECT_EQ(0L, p);
}
TEST(Mman, PosixMemalign) {
ThreadState *thr = cur_thread();
void *p = NULL;
int res = user_posix_memalign(thr, 0, &p, 8, 100);
EXPECT_NE(p, (void*)0);
EXPECT_EQ(res, 0);
user_free(thr, 0, p);
p = NULL;
// Alignment is not a power of two, although is a multiple of sizeof(void*).
EXPECT_DEATH(res = user_posix_memalign(thr, 0, &p, 3 * sizeof(p), 100),
"allocator is terminating the process instead of returning 0");
EXPECT_EQ(0L, p);
// Alignment is not a multiple of sizeof(void*), although is a power of 2.
EXPECT_DEATH(res = user_posix_memalign(thr, 0, &p, 2, 100),
"allocator is terminating the process instead of returning 0");
EXPECT_EQ(0L, p);
}
TEST(Mman, AlignedAlloc) {
ThreadState *thr = cur_thread();
void *p = user_aligned_alloc(thr, 0, 8, 64);
EXPECT_NE(p, (void*)0);
user_free(thr, 0, p);
p = NULL;
// Alignement is not a power of 2.
EXPECT_DEATH(p = user_aligned_alloc(thr, 0, 7, 100),
"allocator is terminating the process instead of returning 0");
EXPECT_EQ(0L, p);
// Size is not a multiple of alignment.
EXPECT_DEATH(p = user_aligned_alloc(thr, 0, 8, 100),
"allocator is terminating the process instead of returning 0");
EXPECT_EQ(0L, p);
}
#endif
} // namespace __tsan } // namespace __tsan

compiler-rt/trunk/test/tsan/allocator_returns_null.cc

Show All 31 Lines
// RUN: %env_tsan_opts=allocator_may_return_null=1 not %run %t new 2>&1 \ // RUN: %env_tsan_opts=allocator_may_return_null=1 not %run %t new 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nCRASH // RUN: | FileCheck %s --check-prefix=CHECK-nCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t new-nothrow 2>&1 \ // RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t new-nothrow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nnCRASH // RUN: | FileCheck %s --check-prefix=CHECK-nnCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=1 %run %t new-nothrow 2>&1 \ // RUN: %env_tsan_opts=allocator_may_return_null=1 %run %t new-nothrow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nnNULL // RUN: | FileCheck %s --check-prefix=CHECK-nnNULL
#include <assert.h> #include <assert.h>
#include <string.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h>
#include <limits> #include <limits>
#include <new> #include <new>
int main(int argc, char **argv) { int main(int argc, char **argv) {
// Disable stderr buffering. Needed on Windows. // Disable stderr buffering. Needed on Windows.
setvbuf(stderr, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0);
assert(argc == 2); assert(argc == 2);
const char *action = argv[1]; const char *action = argv[1];
fprintf(stderr, "%s:\n", action); fprintf(stderr, "%s:\n", action);
// The limit enforced in tsan_mman.cc, user_alloc_internal function.
static const size_t kMaxAllowedMallocSizePlusOne = (1ULL << 40) + 1; static const size_t kMaxAllowedMallocSizePlusOne = (1ULL << 40) + 1;
void *x = 0; void *x = 0;
if (!strcmp(action, "malloc")) { if (!strcmp(action, "malloc")) {
x = malloc(kMaxAllowedMallocSizePlusOne); x = malloc(kMaxAllowedMallocSizePlusOne);
} else if (!strcmp(action, "calloc")) { } else if (!strcmp(action, "calloc")) {
x = calloc((kMaxAllowedMallocSizePlusOne / 4) + 1, 4); x = calloc((kMaxAllowedMallocSizePlusOne / 4) + 1, 4);
} else if (!strcmp(action, "calloc-overflow")) { } else if (!strcmp(action, "calloc-overflow")) {
Show All 11 Linesint main(int argc, char **argv) {
} else if (!strcmp(action, "new")) { } else if (!strcmp(action, "new")) {
x = operator new(kMaxAllowedMallocSizePlusOne); x = operator new(kMaxAllowedMallocSizePlusOne);
} else if (!strcmp(action, "new-nothrow")) { } else if (!strcmp(action, "new-nothrow")) {
x = operator new(kMaxAllowedMallocSizePlusOne, std::nothrow); x = operator new(kMaxAllowedMallocSizePlusOne, std::nothrow);
} else { } else {
assert(0); assert(0);
} }
fprintf(stderr, "errno: %d\n", errno);
// The NULL pointer is printed differently on different systems, while (long)0 // The NULL pointer is printed differently on different systems, while (long)0
// is always the same. // is always the same.
fprintf(stderr, "x: %lx\n", (long)x); fprintf(stderr, "x: %lx\n", (long)x);
free(x); free(x);
return x != 0; return x != 0;
} }
// CHECK-mCRASH: malloc: // CHECK-mCRASH: malloc:
// CHECK-mCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-mCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-cCRASH: calloc: // CHECK-cCRASH: calloc:
// CHECK-cCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-cCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-coCRASH: calloc-overflow: // CHECK-coCRASH: calloc-overflow:
// CHECK-coCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-coCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-rCRASH: realloc: // CHECK-rCRASH: realloc:
// CHECK-rCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-rCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-mrCRASH: realloc-after-malloc: // CHECK-mrCRASH: realloc-after-malloc:
// CHECK-mrCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-mrCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-nCRASH: new: // CHECK-nCRASH: new:
// CHECK-nCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-nCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-nnCRASH: new-nothrow: // CHECK-nnCRASH: new-nothrow:
// CHECK-nnCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-nnCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-mNULL: malloc: // CHECK-mNULL: malloc:
// CHECK-mNULL: errno: 12
// CHECK-mNULL: x: 0 // CHECK-mNULL: x: 0
// CHECK-cNULL: calloc: // CHECK-cNULL: calloc:
// CHECK-cNULL: errno: 12
// CHECK-cNULL: x: 0 // CHECK-cNULL: x: 0
// CHECK-coNULL: calloc-overflow: // CHECK-coNULL: calloc-overflow:
// CHECK-coNULL: errno: 12
// CHECK-coNULL: x: 0 // CHECK-coNULL: x: 0
// CHECK-rNULL: realloc: // CHECK-rNULL: realloc:
// CHECK-rNULL: errno: 12
// CHECK-rNULL: x: 0 // CHECK-rNULL: x: 0
// CHECK-mrNULL: realloc-after-malloc: // CHECK-mrNULL: realloc-after-malloc:
// CHECK-mrNULL: errno: 12
// CHECK-mrNULL: x: 0 // CHECK-mrNULL: x: 0
// CHECK-nnNULL: new-nothrow: // CHECK-nnNULL: new-nothrow:
// CHECK-nnNULL: x: 0 // CHECK-nnNULL: x: 0