This is an archive of the discontinued LLVM Phabricator instance.

Differential D36190

[asan] Allocator support for Fuchsia
ClosedPublic

Authored by mcgrathr on Aug 1 2017, 2:13 PM.

Details

Reviewers
vitalybuka
alekseyshl
kcc
Commits
rG993bbbf19ed4: [asan] Allocator support for Fuchsia
rCRT309914: [asan] Allocator support for Fuchsia
rL309914: [asan] Allocator support for Fuchsia

Diff Detail

Event Timeline

mcgrathr created this revision.Aug 1 2017, 2:13 PM
Herald added a subscriber: kubamracek. · View Herald TranscriptAug 1 2017, 2:13 PM
mcgrathr added a comment.Aug 1 2017, 2:13 PM

Split out from D35865.

cryptoad added a subscriber: cryptoad.Aug 1 2017, 2:45 PM
cryptoad added inline comments.
lib/asan/asan_allocator.h
122–126

Random question:
SANITIZER_CAN_USE_ALLOCATOR64 is false for __aarch64__ by default (https://github.com/llvm-mirror/compiler-rt/blob/master/lib/sanitizer_common/sanitizer_platform.h#L193) except for Android.
I didn't see any change for Fuchsia there (I might have missed it), and as I understand Fuchsia supports AArch64.
Would setting SANITIZER_CAN_USE_ALLOCATOR64 for AArch64 in sanitizer_platform.h make sense as well?

mcgrathr mentioned this in D35865: [asan] Complete the Fuchsia port.Aug 1 2017, 2:54 PM
mcgrathr updated this revision to Diff 109248.Aug 1 2017, 4:14 PM
mcgrathr marked an inline comment as done.

Make sure SANITIZER_CAN_USE_ALLOCATOR64 is 1 on aarch64.

Herald added a subscriber: srhines. · View Herald TranscriptAug 1 2017, 4:15 PM
alekseyshl added inline comments.Aug 2 2017, 11:20 AM
lib/asan/asan_malloc_linux.cc
90

How about minimizing the ifdefed section and go with this:

INLINE bool MaybeInDlsym() {
#if SANITIZER_FUCHSIA
  return false;
#else
  return asan_init_is_running;
#endif
}

Wouldn't the compiler be smart enough to optimize out all that unused stuff? And we will have to do the same for IsInDlsymAllocPool to help it to figure that out.

mcgrathr updated this revision to Diff 109395.Aug 2 2017, 12:38 PM
mcgrathr marked an inline comment as done.

Minimal #if'ing out for alloc-inside-dlsym support, let the compiler optimize it away.

vitalybuka added inline comments.Aug 2 2017, 2:32 PM
lib/asan/asan_malloc_linux.cc
56

Why do you need to ifdef this?
I'd expect that asan_init_is_running will be false on fuchsia anyway

mcgrathr added inline comments.Aug 2 2017, 2:37 PM
lib/asan/asan_malloc_linux.cc
56

It will always be false at runtime, but the compiler can't tell that statically.
I want the dead code (and its static data bloat) to be compiled out, which it is with this.

vitalybuka added inline comments.Aug 2 2017, 3:01 PM
lib/asan/asan_malloc_linux.cc
56

could you please remove ifdef then? We don't like them only when no other options.
We can add them later if it cause real problems.

56

actually just undo MaybeInDlsym change

mcgrathr added inline comments.Aug 2 2017, 3:26 PM
lib/asan/asan_malloc_linux.cc
56

It sounds like you want all the dead code and data bloat to be there.
It won't cause problems other than marginal slowdown and memory bloat.
But I don't see a good reason to leave it there when eliminating it is easy and noninvasive.
I have a new version where there is no #if but only a single if (constant) that will cause everything to be compiled away.
It required a semantic change to IsInDlsymAllocPool but one that is harmless and lets the compiler grok that it can compile it away.

mcgrathr updated this revision to Diff 109441.Aug 2 2017, 3:27 PM

No more #if to get the alloc-from-dlsym hacks compiled away, but they still get compiled away.

alekseyshl accepted this revision.Aug 2 2017, 4:05 PM
alekseyshl added inline comments.
lib/asan/asan_malloc_linux.cc
51

Make it inline.

53

UNLIKELY is not required here.

This revision is now accepted and ready to land.Aug 2 2017, 4:05 PM
mcgrathr marked 2 inline comments as done.Aug 2 2017, 4:12 PM
mcgrathr added inline comments.
lib/asan/asan_malloc_linux.cc
51

Done, though the compiler does inline it without the keyword.

mcgrathr updated this revision to Diff 109451.Aug 2 2017, 4:13 PM
mcgrathr marked an inline comment as done.

Added INLINE, removed UNLIKELY.

mcgrathr added a comment.Aug 2 2017, 4:14 PM

This is ready to land now.
Please land it for me!

Thanks,
Roland

Closed by commit rL309914: [asan] Allocator support for Fuchsia (authored by vitalybuka). · Explain WhyAug 2 2017, 7:23 PM
This revision was automatically updated to reflect the committed changes.
vitalybuka added inline comments.Aug 7 2017, 1:47 AM
lib/asan/asan_malloc_linux.cc
39–40

Why sizeof is gone here?

mcgrathr added inline comments.Aug 7 2017, 2:22 PM
lib/asan/asan_malloc_linux.cc
39–40

Previously it was sizeof(alloc_memory_for_dlsym), the static size of the static buffer.
I changed it to allocated_for_dlsym, which is the dynamic count of how much of the static buffer has been used.

The reason for the change is that in the SANITIZER_FUCHSIA case, the compiler can see statically that nothing ever sets allocated_for_dlsym and so it will always be zero and hence this comparison is always false and it can optimize away all the related dead code entirely.

In theory the change is harmless because the offset of any allocated block will be less than the current count.
However, I failed to notice that the count in allocated_for_dlsym is of sizeof(uptr) units while the comparison is being made against a byte count. Hence I introduced https://bugs.llvm.org/show_bug.cgi?id=34085 with the change. I'll do a follow-up change that gets the comparison arithmetic right, so that bug won't happen but Fuchsia will get back the dead code elimination I was going for with the change.

Revision Contents

PathSize
lib/
asan/
6 lines
55 lines
sanitizer_common/
2 lines

Diff 109395

lib/asan/asan_allocator.h

Show First 20 LinesShow All 113 Lines▼ Show 20 Lines
}; };
struct AsanMapUnmapCallback { struct AsanMapUnmapCallback {
void OnMap(uptr p, uptr size) const; void OnMap(uptr p, uptr size) const;
void OnUnmap(uptr p, uptr size) const; void OnUnmap(uptr p, uptr size) const;
}; };
#if SANITIZER_CAN_USE_ALLOCATOR64 #if SANITIZER_CAN_USE_ALLOCATOR64
# if defined(__powerpc64__) # if SANITIZER_FUCHSIA
const uptr kAllocatorSpace = ~(uptr)0;
const uptr kAllocatorSize = 0x40000000000ULL; // 4T.
typedef DefaultSizeClassMap SizeClassMap;
# elif defined(__powerpc64__)
cryptoadUnsubmitted
Done
ReplyInline Actions

Random question:
SANITIZER_CAN_USE_ALLOCATOR64 is false for __aarch64__ by default (https://github.com/llvm-mirror/compiler-rt/blob/master/lib/sanitizer_common/sanitizer_platform.h#L193) except for Android.
I didn't see any change for Fuchsia there (I might have missed it), and as I understand Fuchsia supports AArch64.
Would setting SANITIZER_CAN_USE_ALLOCATOR64 for AArch64 in sanitizer_platform.h make sense as well?

cryptoad: Random question: `SANITIZER_CAN_USE_ALLOCATOR64` is false for `__aarch64__` by default (https…
const uptr kAllocatorSpace = 0xa0000000000ULL; const uptr kAllocatorSpace = 0xa0000000000ULL;
const uptr kAllocatorSize = 0x20000000000ULL; // 2T. const uptr kAllocatorSize = 0x20000000000ULL; // 2T.
typedef DefaultSizeClassMap SizeClassMap; typedef DefaultSizeClassMap SizeClassMap;
# elif defined(__aarch64__) && SANITIZER_ANDROID # elif defined(__aarch64__) && SANITIZER_ANDROID
const uptr kAllocatorSpace = 0x3000000000ULL; const uptr kAllocatorSpace = 0x3000000000ULL;
const uptr kAllocatorSize = 0x2000000000ULL; // 128G. const uptr kAllocatorSize = 0x2000000000ULL; // 128G.
typedef VeryCompactSizeClassMap SizeClassMap; typedef VeryCompactSizeClassMap SizeClassMap;
# elif defined(__aarch64__) # elif defined(__aarch64__)
▲ Show 20 LinesShow All 87 LinesShow Last 20 Lines

lib/asan/asan_malloc_linux.cc

Show All 9 Lines
// This file is a part of AddressSanitizer, an address sanity checker. // This file is a part of AddressSanitizer, an address sanity checker.
// //
// Linux-specific malloc interception. // Linux-specific malloc interception.
// We simply define functions like malloc, free, realloc, etc. // We simply define functions like malloc, free, realloc, etc.
// They will replace the corresponding libc functions automagically. // They will replace the corresponding libc functions automagically.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "sanitizer_common/sanitizer_platform.h" #include "sanitizer_common/sanitizer_platform.h"
#if SANITIZER_FREEBSD || SANITIZER_LINUX #if SANITIZER_FREEBSD || SANITIZER_FUCHSIA || SANITIZER_LINUX
#include "sanitizer_common/sanitizer_tls_get_addr.h" #include "sanitizer_common/sanitizer_tls_get_addr.h"
#include "asan_allocator.h" #include "asan_allocator.h"
#include "asan_interceptors.h" #include "asan_interceptors.h"
#include "asan_internal.h" #include "asan_internal.h"
#include "asan_stack.h" #include "asan_stack.h"
// ---------------------- Replacement functions ---------------- {{{1 // ---------------------- Replacement functions ---------------- {{{1
using namespace __asan; // NOLINT using namespace __asan; // NOLINT
static uptr allocated_for_dlsym; static uptr allocated_for_dlsym;
static const uptr kDlsymAllocPoolSize = 1024; static const uptr kDlsymAllocPoolSize = 1024;
static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize]; static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize];
static bool IsInDlsymAllocPool(const void *ptr) { static bool IsInDlsymAllocPool(const void *ptr) {
#if SANITIZER_FUCHSIA
// Fuchsia doesn't use dlsym-based interceptors.
return false;
#else
uptr off = (uptr)ptr - (uptr)alloc_memory_for_dlsym; uptr off = (uptr)ptr - (uptr)alloc_memory_for_dlsym;
return off < sizeof(alloc_memory_for_dlsym); return off < sizeof(alloc_memory_for_dlsym);
#endif
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Why sizeof is gone here?

vitalybuka: Why sizeof is gone here?
mcgrathrAuthorUnsubmitted
Not Done
ReplyInline Actions

Previously it was sizeof(alloc_memory_for_dlsym), the static size of the static buffer.
I changed it to allocated_for_dlsym, which is the dynamic count of how much of the static buffer has been used.

The reason for the change is that in the SANITIZER_FUCHSIA case, the compiler can see statically that nothing ever sets allocated_for_dlsym and so it will always be zero and hence this comparison is always false and it can optimize away all the related dead code entirely.

In theory the change is harmless because the offset of any allocated block will be less than the current count.
However, I failed to notice that the count in allocated_for_dlsym is of sizeof(uptr) units while the comparison is being made against a byte count. Hence I introduced https://bugs.llvm.org/show_bug.cgi?id=34085 with the change. I'll do a follow-up change that gets the comparison arithmetic right, so that bug won't happen but Fuchsia will get back the dead code elimination I was going for with the change.

mcgrathr: Previously it was sizeof(alloc_memory_for_dlsym), the static size of the static buffer. I…
} }
static void *AllocateFromLocalPool(uptr size_in_bytes) { static void *AllocateFromLocalPool(uptr size_in_bytes) {
uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize; uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize;
void *mem = (void*)&alloc_memory_for_dlsym[allocated_for_dlsym]; void *mem = (void*)&alloc_memory_for_dlsym[allocated_for_dlsym];
allocated_for_dlsym += size_in_words; allocated_for_dlsym += size_in_words;
CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize); CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize);
return mem; return mem;
} }
static bool MaybeInDlsym() {
alekseyshlUnsubmitted
Done
ReplyInline Actions

Make it inline.

alekseyshl: Make it inline.
mcgrathrAuthorUnsubmitted
Not Done
ReplyInline Actions

Done, though the compiler does inline it without the keyword.

mcgrathr: Done, though the compiler does inline it without the keyword.
#if SANITIZER_FUCHSIA
// Fuchsia doesn't use dlsym-based interceptors.
alekseyshlUnsubmitted
Done
ReplyInline Actions

UNLIKELY is not required here.

alekseyshl: UNLIKELY is not required here.
return false;
#else
return UNLIKELY(asan_init_is_running);
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Why do you need to ifdef this?
I'd expect that asan_init_is_running will be false on fuchsia anyway

vitalybuka: Why do you need to ifdef this? I'd expect that asan_init_is_running will be false on fuchsia…
mcgrathrAuthorUnsubmitted
Not Done
ReplyInline Actions

It will always be false at runtime, but the compiler can't tell that statically.
I want the dead code (and its static data bloat) to be compiled out, which it is with this.

mcgrathr: It will always be false at runtime, but the compiler can't tell that statically. I want the…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

could you please remove ifdef then? We don't like them only when no other options.
We can add them later if it cause real problems.

vitalybuka: could you please remove ifdef then? We don't like them only when no other options. We can add…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

actually just undo MaybeInDlsym change

vitalybuka: actually just undo MaybeInDlsym change
mcgrathrAuthorUnsubmitted
Not Done
ReplyInline Actions

It sounds like you want all the dead code and data bloat to be there.
It won't cause problems other than marginal slowdown and memory bloat.
But I don't see a good reason to leave it there when eliminating it is easy and noninvasive.
I have a new version where there is no #if but only a single if (constant) that will cause everything to be compiled away.
It required a semantic change to IsInDlsymAllocPool but one that is harmless and lets the compiler grok that it can compile it away.

mcgrathr: It sounds like you want all the dead code and data bloat to be there. It won't cause problems…
#endif
}
static void *ReallocFromLocalPool(void *ptr, uptr size) {
const uptr offset = (uptr)ptr - (uptr)alloc_memory_for_dlsym;
const uptr copy_size = Min(size, kDlsymAllocPoolSize - offset);
void *new_ptr;
if (UNLIKELY(MaybeInDlsym())) {
new_ptr = AllocateFromLocalPool(size);
} else {
ENSURE_ASAN_INITED();
GET_STACK_TRACE_MALLOC;
new_ptr = asan_malloc(size, &stack);
}
internal_memcpy(new_ptr, ptr, copy_size);
return new_ptr;
}
INTERCEPTOR(void, free, void *ptr) { INTERCEPTOR(void, free, void *ptr) {
GET_STACK_TRACE_FREE; GET_STACK_TRACE_FREE;
if (UNLIKELY(IsInDlsymAllocPool(ptr))) if (UNLIKELY(IsInDlsymAllocPool(ptr)))
return; return;
asan_free(ptr, &stack, FROM_MALLOC); asan_free(ptr, &stack, FROM_MALLOC);
} }
#if SANITIZER_INTERCEPT_CFREE #if SANITIZER_INTERCEPT_CFREE
INTERCEPTOR(void, cfree, void *ptr) { INTERCEPTOR(void, cfree, void *ptr) {
GET_STACK_TRACE_FREE; GET_STACK_TRACE_FREE;
if (UNLIKELY(IsInDlsymAllocPool(ptr))) if (UNLIKELY(IsInDlsymAllocPool(ptr)))
return; return;
asan_free(ptr, &stack, FROM_MALLOC); asan_free(ptr, &stack, FROM_MALLOC);
} }
#endif // SANITIZER_INTERCEPT_CFREE #endif // SANITIZER_INTERCEPT_CFREE
alekseyshlUnsubmitted
Done
ReplyInline Actions

How about minimizing the ifdefed section and go with this:

INLINE bool MaybeInDlsym() {
#if SANITIZER_FUCHSIA
  return false;
#else
  return asan_init_is_running;
#endif
}

Wouldn't the compiler be smart enough to optimize out all that unused stuff? And we will have to do the same for IsInDlsymAllocPool to help it to figure that out.

alekseyshl: How about minimizing the ifdefed section and go with this: INLINE bool MaybeInDlsym() {…
INTERCEPTOR(void*, malloc, uptr size) { INTERCEPTOR(void*, malloc, uptr size) {
if (UNLIKELY(asan_init_is_running)) if (UNLIKELY(MaybeInDlsym()))
// Hack: dlsym calls malloc before REAL(malloc) is retrieved from dlsym. // Hack: dlsym calls malloc before REAL(malloc) is retrieved from dlsym.
return AllocateFromLocalPool(size); return AllocateFromLocalPool(size);
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_malloc(size, &stack); return asan_malloc(size, &stack);
} }
INTERCEPTOR(void*, calloc, uptr nmemb, uptr size) { INTERCEPTOR(void*, calloc, uptr nmemb, uptr size) {
if (UNLIKELY(asan_init_is_running)) if (UNLIKELY(MaybeInDlsym()))
// Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym. // Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym.
return AllocateFromLocalPool(nmemb * size); return AllocateFromLocalPool(nmemb * size);
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_calloc(nmemb, size, &stack); return asan_calloc(nmemb, size, &stack);
} }
INTERCEPTOR(void*, realloc, void *ptr, uptr size) { INTERCEPTOR(void*, realloc, void *ptr, uptr size) {
if (UNLIKELY(IsInDlsymAllocPool(ptr))) { if (UNLIKELY(IsInDlsymAllocPool(ptr)))
const uptr offset = (uptr)ptr - (uptr)alloc_memory_for_dlsym; return ReallocFromLocalPool(ptr, size);
const uptr copy_size = Min(size, kDlsymAllocPoolSize - offset); if (UNLIKELY(MaybeInDlsym()))
void *new_ptr;
if (UNLIKELY(asan_init_is_running)) {
new_ptr = AllocateFromLocalPool(size);
} else {
ENSURE_ASAN_INITED();
GET_STACK_TRACE_MALLOC;
new_ptr = asan_malloc(size, &stack);
}
internal_memcpy(new_ptr, ptr, copy_size);
return new_ptr;
}
if (UNLIKELY(asan_init_is_running))
return AllocateFromLocalPool(size); return AllocateFromLocalPool(size);
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_realloc(ptr, size, &stack); return asan_realloc(ptr, size, &stack);
} }
#if SANITIZER_INTERCEPT_MEMALIGN #if SANITIZER_INTERCEPT_MEMALIGN
INTERCEPTOR(void*, memalign, uptr boundary, uptr size) { INTERCEPTOR(void*, memalign, uptr boundary, uptr size) {
▲ Show 20 LinesShow All 117 Lines▼ Show 20 Lines
#else // SANITIZER_ANDROID #else // SANITIZER_ANDROID
namespace __asan { namespace __asan {
void ReplaceSystemMalloc() { void ReplaceSystemMalloc() {
} }
} // namespace __asan } // namespace __asan
#endif // SANITIZER_ANDROID #endif // SANITIZER_ANDROID
#endif // SANITIZER_FREEBSD || SANITIZER_LINUX #endif // SANITIZER_FREEBSD || SANITIZER_FUCHSIA || SANITIZER_LINUX

lib/sanitizer_common/sanitizer_platform.h

Show First 20 LinesShow All 181 Lines▼ Show 20 Lines
#endif #endif
// By default we allow to use SizeClassAllocator64 on 64-bit platform. // By default we allow to use SizeClassAllocator64 on 64-bit platform.
// But in some cases (e.g. AArch64's 39-bit address space) SizeClassAllocator64 // But in some cases (e.g. AArch64's 39-bit address space) SizeClassAllocator64
// does not work well and we need to fallback to SizeClassAllocator32. // does not work well and we need to fallback to SizeClassAllocator32.
// For such platforms build this code with -DSANITIZER_CAN_USE_ALLOCATOR64=0 or // For such platforms build this code with -DSANITIZER_CAN_USE_ALLOCATOR64=0 or
// change the definition of SANITIZER_CAN_USE_ALLOCATOR64 here. // change the definition of SANITIZER_CAN_USE_ALLOCATOR64 here.
#ifndef SANITIZER_CAN_USE_ALLOCATOR64 #ifndef SANITIZER_CAN_USE_ALLOCATOR64
# if SANITIZER_ANDROID && defined(__aarch64__) # if (SANITIZER_ANDROID && defined(__aarch64__)) || SANITIZER_FUCHSIA
# define SANITIZER_CAN_USE_ALLOCATOR64 1 # define SANITIZER_CAN_USE_ALLOCATOR64 1
# elif defined(__mips64) || defined(__aarch64__) # elif defined(__mips64) || defined(__aarch64__)
# define SANITIZER_CAN_USE_ALLOCATOR64 0 # define SANITIZER_CAN_USE_ALLOCATOR64 0
# else # else
# define SANITIZER_CAN_USE_ALLOCATOR64 (SANITIZER_WORDSIZE == 64) # define SANITIZER_CAN_USE_ALLOCATOR64 (SANITIZER_WORDSIZE == 64)
# endif # endif
#endif #endif
▲ Show 20 LinesShow All 88 LinesShow Last 20 Lines