This is an archive of the discontinued LLVM Phabricator instance.

Differential D39154

[Sanitizers] New sanitizer API to purge allocator quarantine.
AbandonedPublic

Authored by alekseyshl on Oct 20 2017, 7:52 PM.

Details

Reviewers
cryptoad
Summary

Purging allocator quarantine and returning memory to OS might be desired
between fuzzer iterations since, most likely, the quarantine is not
going to catch bugs in the code under fuzz, but reducing RSS might
significantly prolong the fuzzing session.

[libFuzzer] Periodically purge allocator's quarantine to prolong fuzzing sessions.

Fuzzing targets that allocate/deallocate a lot of memory tend to consume
a lot of RSS when ASan quarantine is enabled. Purging quarantine between
iterations and returning memory to OS keeps RSS down and should not
reduce the quarantine effectiveness provided the fuzz target does not
preserve state between iterations (in this case this feature can be turned off).

Based on D39153.

Diff Detail

Event Timeline

alekseyshl created this revision.Oct 20 2017, 7:52 PM
alekseyshl abandoned this revision.Oct 23 2017, 10:34 AM

Revision Contents

Diff 119738

include/sanitizer/allocator_interface.h

Show First 20 LinesShow All 70 Lines▼ Show 20 Lines /* Installs a pair of hooks for malloc/free.
Returns the number of hooks currently installed or 0 on failure. Returns the number of hooks currently installed or 0 on failure.
Not thread-safe, should be called in the main thread before starting Not thread-safe, should be called in the main thread before starting
other threads. other threads.
*/ */
int __sanitizer_install_malloc_and_free_hooks( int __sanitizer_install_malloc_and_free_hooks(
void (*malloc_hook)(const volatile void *, size_t), void (*malloc_hook)(const volatile void *, size_t),
void (*free_hook)(const volatile void *)); void (*free_hook)(const volatile void *));
/* Drains allocator quarantines (calling thread's and global ones), returns
freed memory back to OS and releases other non-essential internal allocator
resources in attempt to reduce process RSS.
Currently available with ASan only.
*/
void __sanitizer_purge_allocator();
#ifdef __cplusplus #ifdef __cplusplus
} // extern "C" } // extern "C"
#endif #endif
#endif #endif

lib/asan/asan_allocator.cc

Show First 20 LinesShow All 710 Lines▼ Show 20 Lines if (AsanChunkView(m1).AddrIsAtLeft(addr, 1, &offset)) {
break; break;
} }
if (m2 && AsanChunkView(m2).AddrIsAtRight(addr, 1, &offset)) if (m2 && AsanChunkView(m2).AddrIsAtRight(addr, 1, &offset))
m1 = ChooseChunk(addr, m2, m1); m1 = ChooseChunk(addr, m2, m1);
} }
return AsanChunkView(m1); return AsanChunkView(m1);
} }
void Purge() {
AsanThread *t = GetCurrentThread();
if (t) {
AsanThreadLocalMallocStorage *ms = &t->malloc_storage();
quarantine.DrainAndRecycle(GetQuarantineCache(ms),
QuarantineCallback(GetAllocatorCache(ms)));
}
{
SpinMutexLock l(&fallback_mutex);
quarantine.DrainAndRecycle(&fallback_quarantine_cache,
QuarantineCallback(&fallback_allocator_cache));
}
allocator.ForceReleaseToOS();
}
void PrintStats() { void PrintStats() {
allocator.PrintStats(); allocator.PrintStats();
quarantine.PrintStats(); quarantine.PrintStats();
} }
void ForceLock() { void ForceLock() {
allocator.ForceLock(); allocator.ForceLock();
fallback_mutex.Lock(); fallback_mutex.Lock();
▲ Show 20 LinesShow All 279 Lines▼ Show 20 Linesuptr __sanitizer_get_allocated_size(const void *p) {
// Die if p is not malloced or if it is already freed. // Die if p is not malloced or if it is already freed.
if (allocated_size == 0) { if (allocated_size == 0) {
GET_STACK_TRACE_FATAL_HERE; GET_STACK_TRACE_FATAL_HERE;
ReportSanitizerGetAllocatedSizeNotOwned(ptr, &stack); ReportSanitizerGetAllocatedSizeNotOwned(ptr, &stack);
} }
return allocated_size; return allocated_size;
} }
void __sanitizer_purge_allocator() {
instance.Purge();
}
#if !SANITIZER_SUPPORTS_WEAK_HOOKS #if !SANITIZER_SUPPORTS_WEAK_HOOKS
// Provide default (no-op) implementation of malloc hooks. // Provide default (no-op) implementation of malloc hooks.
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_malloc_hook, SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_malloc_hook,
void *ptr, uptr size) { void *ptr, uptr size) {
(void)ptr; (void)ptr;
(void)size; (void)size;
} }
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_free_hook, void *ptr) { SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_free_hook, void *ptr) {
(void)ptr; (void)ptr;
} }
#endif #endif

lib/fuzzer/FuzzerDriver.cpp

Show First 20 LinesShow All 572 Lines▼ Show 20 Linesint FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
Options.UseValueProfile = Flags.use_value_profile; Options.UseValueProfile = Flags.use_value_profile;
Options.Shrink = Flags.shrink; Options.Shrink = Flags.shrink;
Options.ReduceInputs = Flags.reduce_inputs; Options.ReduceInputs = Flags.reduce_inputs;
Options.ShuffleAtStartUp = Flags.shuffle; Options.ShuffleAtStartUp = Flags.shuffle;
Options.PreferSmall = Flags.prefer_small; Options.PreferSmall = Flags.prefer_small;
Options.ReloadIntervalSec = Flags.reload; Options.ReloadIntervalSec = Flags.reload;
Options.OnlyASCII = Flags.only_ascii; Options.OnlyASCII = Flags.only_ascii;
Options.DetectLeaks = Flags.detect_leaks; Options.DetectLeaks = Flags.detect_leaks;
Options.PurgeAllocatorIntervalSec = Flags.purge_allocator_interval;
Options.TraceMalloc = Flags.trace_malloc; Options.TraceMalloc = Flags.trace_malloc;
Options.RssLimitMb = Flags.rss_limit_mb; Options.RssLimitMb = Flags.rss_limit_mb;
if (Flags.runs >= 0) if (Flags.runs >= 0)
Options.MaxNumberOfRuns = Flags.runs; Options.MaxNumberOfRuns = Flags.runs;
if (!Inputs->empty() && !Flags.minimize_crash_internal_step) if (!Inputs->empty() && !Flags.minimize_crash_internal_step)
Options.OutputCorpus = (*Inputs)[0]; Options.OutputCorpus = (*Inputs)[0];
Options.ReportSlowUnits = Flags.report_slow_units; Options.ReportSlowUnits = Flags.report_slow_units;
if (Flags.artifact_prefix) if (Flags.artifact_prefix)
▲ Show 20 LinesShow All 163 LinesShow Last 20 Lines

lib/fuzzer/FuzzerExtFunctions.def

Show All 27 Lines
// Sanitizer functions // Sanitizer functions
EXT_FUNC(__lsan_enable, void, (), false); EXT_FUNC(__lsan_enable, void, (), false);
EXT_FUNC(__lsan_disable, void, (), false); EXT_FUNC(__lsan_disable, void, (), false);
EXT_FUNC(__lsan_do_recoverable_leak_check, int, (), false); EXT_FUNC(__lsan_do_recoverable_leak_check, int, (), false);
EXT_FUNC(__sanitizer_install_malloc_and_free_hooks, int, EXT_FUNC(__sanitizer_install_malloc_and_free_hooks, int,
(void (*malloc_hook)(const volatile void *, size_t), (void (*malloc_hook)(const volatile void *, size_t),
void (*free_hook)(const volatile void *)), void (*free_hook)(const volatile void *)),
false); false);
EXT_FUNC(__sanitizer_purge_allocator, void, (), false);
EXT_FUNC(__sanitizer_print_memory_profile, int, (size_t, size_t), false); EXT_FUNC(__sanitizer_print_memory_profile, int, (size_t, size_t), false);
EXT_FUNC(__sanitizer_print_stack_trace, void, (), true); EXT_FUNC(__sanitizer_print_stack_trace, void, (), true);
EXT_FUNC(__sanitizer_symbolize_pc, void, EXT_FUNC(__sanitizer_symbolize_pc, void,
(void *, const char *fmt, char *out_buf, size_t out_buf_size), false); (void *, const char *fmt, char *out_buf, size_t out_buf_size), false);
EXT_FUNC(__sanitizer_get_module_and_offset_for_pc, int, EXT_FUNC(__sanitizer_get_module_and_offset_for_pc, int,
(void *pc, char *module_path, (void *pc, char *module_path,
size_t module_path_len,void **pc_offset), false); size_t module_path_len,void **pc_offset), false);
EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true); EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true);
EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false); EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false);
EXT_FUNC(__sanitizer_dump_coverage, void, (const uintptr_t *, uintptr_t), EXT_FUNC(__sanitizer_dump_coverage, void, (const uintptr_t *, uintptr_t),
false); false);

lib/fuzzer/FuzzerFlags.def

Show First 20 LinesShow All 108 Lines▼ Show 20 Lines
FUZZER_FLAG_INT(handle_int, 1, "If 1, try to intercept SIGINT.") FUZZER_FLAG_INT(handle_int, 1, "If 1, try to intercept SIGINT.")
FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.") FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.")
FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.") FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; " FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
"if 2, close stderr; if 3, close both. " "if 2, close stderr; if 3, close both. "
"Be careful, this will also close e.g. asan's stderr/stdout.") "Be careful, this will also close e.g. asan's stderr/stdout.")
FUZZER_FLAG_INT(detect_leaks, 1, "If 1, and if LeakSanitizer is enabled " FUZZER_FLAG_INT(detect_leaks, 1, "If 1, and if LeakSanitizer is enabled "
"try to detect memory leaks during fuzzing (i.e. not only at shut down).") "try to detect memory leaks during fuzzing (i.e. not only at shut down).")
FUZZER_FLAG_INT(purge_allocator_interval, 1, "Purge allocator caches and "
"quarantines every <N> seconds. When rss_limit_mb is specified (>0), "
"purging starts when RSS exceeds 50% of rss_limit_mb. Pass "
"purge_allocator_interval=-1 to disable this functionality.")
FUZZER_FLAG_INT(trace_malloc, 0, "If >= 1 will print all mallocs/frees. " FUZZER_FLAG_INT(trace_malloc, 0, "If >= 1 will print all mallocs/frees. "
"If >= 2 will also print stack traces.") "If >= 2 will also print stack traces.")
FUZZER_FLAG_INT(rss_limit_mb, 2048, "If non-zero, the fuzzer will exit upon" FUZZER_FLAG_INT(rss_limit_mb, 2048, "If non-zero, the fuzzer will exit upon"
"reaching this limit of RSS memory usage.") "reaching this limit of RSS memory usage.")
FUZZER_FLAG_STRING(exit_on_src_pos, "Exit if a newly found PC originates" FUZZER_FLAG_STRING(exit_on_src_pos, "Exit if a newly found PC originates"
" from the given source location. Example: -exit_on_src_pos=foo.cc:123. " " from the given source location. Example: -exit_on_src_pos=foo.cc:123. "
"Used primarily for testing libFuzzer itself.") "Used primarily for testing libFuzzer itself.")
FUZZER_FLAG_STRING(exit_on_item, "Exit if an item with a given sha1 sum" FUZZER_FLAG_STRING(exit_on_item, "Exit if an item with a given sha1 sum"
Show All 20 Lines

lib/fuzzer/FuzzerInternal.h

Show First 20 LinesShow All 90 Lines▼ Show 20 Lines
private: private:
void AlarmCallback(); void AlarmCallback();
void CrashCallback(); void CrashCallback();
void ExitCallback(); void ExitCallback();
void CrashOnOverwrittenData(); void CrashOnOverwrittenData();
void InterruptCallback(); void InterruptCallback();
void MutateAndTestOne(); void MutateAndTestOne();
void PurgeAllocator();
void ReportNewCoverage(InputInfo *II, const Unit &U); void ReportNewCoverage(InputInfo *II, const Unit &U);
void PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size); void PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size);
void WriteToOutputCorpus(const Unit &U); void WriteToOutputCorpus(const Unit &U);
void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix); void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
void PrintStats(const char *Where, const char *End = "\n", size_t Units = 0); void PrintStats(const char *Where, const char *End = "\n", size_t Units = 0);
void PrintStatusForNewUnit(const Unit &U, const char *Text); void PrintStatusForNewUnit(const Unit &U, const char *Text);
void CheckExitOnSrcPosOrItem(); void CheckExitOnSrcPosOrItem();
Show All 12 Linesprivate:
size_t LastCorpusUpdateRun = 0; size_t LastCorpusUpdateRun = 0;
system_clock::time_point LastCorpusUpdateTime = system_clock::now(); system_clock::time_point LastCorpusUpdateTime = system_clock::now();
bool HasMoreMallocsThanFrees = false; bool HasMoreMallocsThanFrees = false;
size_t NumberOfLeakDetectionAttempts = 0; size_t NumberOfLeakDetectionAttempts = 0;
system_clock::time_point LastAllocatorPurgeAttemptTime = system_clock::now();
UserCallback CB; UserCallback CB;
InputCorpus &Corpus; InputCorpus &Corpus;
MutationDispatcher &MD; MutationDispatcher &MD;
FuzzingOptions Options; FuzzingOptions Options;
system_clock::time_point ProcessStartTime = system_clock::now(); system_clock::time_point ProcessStartTime = system_clock::now();
system_clock::time_point UnitStartTime, UnitStopTime; system_clock::time_point UnitStartTime, UnitStopTime;
long TimeOfLongestUnitInSeconds = 0; long TimeOfLongestUnitInSeconds = 0;
Show All 15 Lines

lib/fuzzer/FuzzerLoop.cpp

Show First 20 LinesShow All 581 Lines▼ Show 20 Linesvoid Fuzzer::MutateAndTestOne() {
assert(CurrentMaxMutationLen > 0); assert(CurrentMaxMutationLen > 0);
for (int i = 0; i < Options.MutateDepth; i++) { for (int i = 0; i < Options.MutateDepth; i++) {
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns) if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
break; break;
size_t NewSize = 0; size_t NewSize = 0;
NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen); NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
assert(NewSize > 0 && "Mutator returned empty unit"); assert(NewSize > 0 && "Mutator returned empty unit");
assert(NewSize <= CurrentMaxMutationLen && "Mutator return overisized unit"); assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");
Size = NewSize; Size = NewSize;
II.NumExecutedMutations++; II.NumExecutedMutations++;
if (RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II)) if (RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II))
ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size}); ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
TryDetectingAMemoryLeak(CurrentUnitData, Size, TryDetectingAMemoryLeak(CurrentUnitData, Size,
/*DuringInitialCorpusExecution*/ false); /*DuringInitialCorpusExecution*/ false);
} }
} }
void Fuzzer::PurgeAllocator() {
if (Options.PurgeAllocatorIntervalSec < 0 ||
!EF->__sanitizer_purge_allocator) {
return;
}
if (duration_cast<seconds>(system_clock::now() -
LastAllocatorPurgeAttemptTime).count() <
Options.PurgeAllocatorIntervalSec) {
return;
}
if (Options.RssLimitMb <= 0 ||
GetPeakRSSMb() > static_cast<size_t>(Options.RssLimitMb) / 2) {
EF->__sanitizer_purge_allocator();
}
LastAllocatorPurgeAttemptTime = system_clock::now();
}
void Fuzzer::ReadAndExecuteSeedCorpora(const Vector<std::string> &CorpusDirs) { void Fuzzer::ReadAndExecuteSeedCorpora(const Vector<std::string> &CorpusDirs) {
const size_t kMaxSaneLen = 1 << 20; const size_t kMaxSaneLen = 1 << 20;
const size_t kMinDefaultLen = 4096; const size_t kMinDefaultLen = 4096;
Vector<SizedFile> SizedFiles; Vector<SizedFile> SizedFiles;
size_t MaxSize = 0; size_t MaxSize = 0;
size_t MinSize = -1; size_t MinSize = -1;
size_t TotalSize = 0; size_t TotalSize = 0;
size_t LastNumFiles = 0; size_t LastNumFiles = 0;
▲ Show 20 LinesShow All 85 Lines▼ Show 20 Lines if (Options.ExperimentalLenControl) {
TmpMaxMutationLen); TmpMaxMutationLen);
} }
} else { } else {
TmpMaxMutationLen = MaxMutationLen; TmpMaxMutationLen = MaxMutationLen;
} }
// Perform several mutations and runs. // Perform several mutations and runs.
MutateAndTestOne(); MutateAndTestOne();
PurgeAllocator();
} }
PrintStats("DONE ", "\n"); PrintStats("DONE ", "\n");
MD.PrintRecommendedDictionary(); MD.PrintRecommendedDictionary();
} }
void Fuzzer::MinimizeCrashLoop(const Unit &U) { void Fuzzer::MinimizeCrashLoop(const Unit &U) {
if (U.size() <= 1) return; if (U.size() <= 1) return;
▲ Show 20 LinesShow All 52 LinesShow Last 20 Lines

lib/fuzzer/FuzzerOptions.h

Show First 20 LinesShow All 48 Lines▼ Show 20 Linesstruct FuzzingOptions {
bool PrintNewCovPcs = false; bool PrintNewCovPcs = false;
int PrintNewCovFuncs = 0; int PrintNewCovFuncs = 0;
bool PrintFinalStats = false; bool PrintFinalStats = false;
bool PrintCorpusStats = false; bool PrintCorpusStats = false;
bool PrintCoverage = false; bool PrintCoverage = false;
bool DumpCoverage = false; bool DumpCoverage = false;
bool UseClangCoverage = false; bool UseClangCoverage = false;
bool DetectLeaks = true; bool DetectLeaks = true;
int PurgeAllocatorIntervalSec = 1;
int UseFeatureFrequency = false; int UseFeatureFrequency = false;
int TraceMalloc = 0; int TraceMalloc = 0;
bool HandleAbrt = false; bool HandleAbrt = false;
bool HandleBus = false; bool HandleBus = false;
bool HandleFpe = false; bool HandleFpe = false;
bool HandleIll = false; bool HandleIll = false;
bool HandleInt = false; bool HandleInt = false;
bool HandleSegv = false; bool HandleSegv = false;
bool HandleTerm = false; bool HandleTerm = false;
bool HandleXfsz = false; bool HandleXfsz = false;
}; };
} // namespace fuzzer } // namespace fuzzer
#endif // LLVM_FUZZER_OPTIONS_H #endif // LLVM_FUZZER_OPTIONS_H

lib/sanitizer_common/sanitizer_allocator_combined.h

Show First 20 LinesShow All 71 Lines▼ Show 20 Lines public:
s32 ReleaseToOSIntervalMs() const { s32 ReleaseToOSIntervalMs() const {
return primary_.ReleaseToOSIntervalMs(); return primary_.ReleaseToOSIntervalMs();
} }
void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) { void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) {
primary_.SetReleaseToOSIntervalMs(release_to_os_interval_ms); primary_.SetReleaseToOSIntervalMs(release_to_os_interval_ms);
} }
void ForceReleaseToOS() {
primary_.ForceReleaseToOS();
}
void Deallocate(AllocatorCache *cache, void *p) { void Deallocate(AllocatorCache *cache, void *p) {
if (!p) return; if (!p) return;
if (primary_.PointerIsMine(p)) if (primary_.PointerIsMine(p))
cache->Deallocate(&primary_, primary_.GetSizeClass(p), p); cache->Deallocate(&primary_, primary_.GetSizeClass(p), p);
else else
secondary_.Deallocate(&stats_, p); secondary_.Deallocate(&stats_, p);
} }
▲ Show 20 LinesShow All 106 LinesShow Last 20 Lines

lib/sanitizer_common/sanitizer_allocator_interface.h

Show All 33 LinesSANITIZER_INTERFACE_ATTRIBUTE int __sanitizer_install_malloc_and_free_hooks(
void (*free_hook)(const void *)); void (*free_hook)(const void *));
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
void __sanitizer_malloc_hook(void *ptr, uptr size); void __sanitizer_malloc_hook(void *ptr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
void __sanitizer_free_hook(void *ptr); void __sanitizer_free_hook(void *ptr);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE void SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE void
__sanitizer_purge_allocator();
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE void
__sanitizer_print_memory_profile(uptr top_percent, uptr max_number_of_contexts); __sanitizer_print_memory_profile(uptr top_percent, uptr max_number_of_contexts);
} // extern "C" } // extern "C"
#endif // SANITIZER_ALLOCATOR_INTERFACE_H #endif // SANITIZER_ALLOCATOR_INTERFACE_H

lib/sanitizer_common/sanitizer_allocator_primary32.h

Show First 20 LinesShow All 114 Lines▼ Show 20 Lines public:
s32 ReleaseToOSIntervalMs() const { s32 ReleaseToOSIntervalMs() const {
return kReleaseToOSIntervalNever; return kReleaseToOSIntervalNever;
} }
void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) { void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) {
// This is empty here. Currently only implemented in 64-bit allocator. // This is empty here. Currently only implemented in 64-bit allocator.
} }
void ForceReleaseToOS() {
// Currently implemented in 64-bit allocator only.
}
void *MapWithCallback(uptr size) { void *MapWithCallback(uptr size) {
void *res = MmapOrDie(size, "SizeClassAllocator32"); void *res = MmapOrDie(size, "SizeClassAllocator32");
MapUnmapCallback().OnMap((uptr)res, size); MapUnmapCallback().OnMap((uptr)res, size);
return res; return res;
} }
void UnmapWithCallback(uptr beg, uptr size) { void UnmapWithCallback(uptr beg, uptr size) {
MapUnmapCallback().OnUnmap(beg, size); MapUnmapCallback().OnUnmap(beg, size);
▲ Show 20 LinesShow All 202 LinesShow Last 20 Lines

lib/sanitizer_common/sanitizer_allocator_primary64.h

Show First 20 LinesShow All 86 Lines▼ Show 20 Lines s32 ReleaseToOSIntervalMs() const {
return atomic_load(&release_to_os_interval_ms_, memory_order_relaxed); return atomic_load(&release_to_os_interval_ms_, memory_order_relaxed);
} }
void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) { void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) {
atomic_store(&release_to_os_interval_ms_, release_to_os_interval_ms, atomic_store(&release_to_os_interval_ms_, release_to_os_interval_ms,
memory_order_relaxed); memory_order_relaxed);
} }
void ForceReleaseToOS() {
for (uptr class_id = 1; class_id < kNumClasses; class_id++) {
BlockingMutexLock l(&GetRegionInfo(class_id)->mutex);
MaybeReleaseToOS(class_id, true /*force*/);
}
}
static bool CanAllocate(uptr size, uptr alignment) { static bool CanAllocate(uptr size, uptr alignment) {
return size <= SizeClassMap::kMaxSize && return size <= SizeClassMap::kMaxSize &&
alignment <= SizeClassMap::kMaxSize; alignment <= SizeClassMap::kMaxSize;
} }
NOINLINE void ReturnToAllocator(AllocatorStats *stat, uptr class_id, NOINLINE void ReturnToAllocator(AllocatorStats *stat, uptr class_id,
const CompactPtrT *chunks, uptr n_chunks) { const CompactPtrT *chunks, uptr n_chunks) {
RegionInfo *region = GetRegionInfo(class_id); RegionInfo *region = GetRegionInfo(class_id);
uptr region_beg = GetRegionBeginBySizeClass(class_id); uptr region_beg = GetRegionBeginBySizeClass(class_id);
CompactPtrT *free_array = GetFreeArray(region_beg); CompactPtrT *free_array = GetFreeArray(region_beg);
BlockingMutexLock l(&region->mutex); BlockingMutexLock l(&region->mutex);
uptr old_num_chunks = region->num_freed_chunks; uptr old_num_chunks = region->num_freed_chunks;
uptr new_num_freed_chunks = old_num_chunks + n_chunks; uptr new_num_freed_chunks = old_num_chunks + n_chunks;
// Failure to allocate free array space while releasing memory is non // Failure to allocate free array space while releasing memory is non
// recoverable. // recoverable.
if (UNLIKELY(!EnsureFreeArraySpace(region, region_beg, if (UNLIKELY(!EnsureFreeArraySpace(region, region_beg,
new_num_freed_chunks))) new_num_freed_chunks)))
DieOnFailure::OnOOM(); DieOnFailure::OnOOM();
for (uptr i = 0; i < n_chunks; i++) for (uptr i = 0; i < n_chunks; i++)
free_array[old_num_chunks + i] = chunks[i]; free_array[old_num_chunks + i] = chunks[i];
region->num_freed_chunks = new_num_freed_chunks; region->num_freed_chunks = new_num_freed_chunks;
region->stats.n_freed += n_chunks; region->stats.n_freed += n_chunks;
MaybeReleaseToOS(class_id); MaybeReleaseToOS(class_id, false /*force*/);
} }
NOINLINE bool GetFromAllocator(AllocatorStats *stat, uptr class_id, NOINLINE bool GetFromAllocator(AllocatorStats *stat, uptr class_id,
CompactPtrT *chunks, uptr n_chunks) { CompactPtrT *chunks, uptr n_chunks) {
RegionInfo *region = GetRegionInfo(class_id); RegionInfo *region = GetRegionInfo(class_id);
uptr region_beg = GetRegionBeginBySizeClass(class_id); uptr region_beg = GetRegionBeginBySizeClass(class_id);
CompactPtrT *free_array = GetFreeArray(region_beg); CompactPtrT *free_array = GetFreeArray(region_beg);
▲ Show 20 LinesShow All 653 Lines▼ Show 20 Lines private:
const ThisT& allocator; const ThisT& allocator;
const uptr region_base; const uptr region_base;
uptr released_ranges_count; uptr released_ranges_count;
uptr released_bytes; uptr released_bytes;
}; };
// Attempts to release RAM occupied by freed chunks back to OS. The region is // Attempts to release RAM occupied by freed chunks back to OS. The region is
// expected to be locked. // expected to be locked.
void MaybeReleaseToOS(uptr class_id) { void MaybeReleaseToOS(uptr class_id, bool force) {
RegionInfo *region = GetRegionInfo(class_id); RegionInfo *region = GetRegionInfo(class_id);
const uptr chunk_size = ClassIdToSize(class_id); const uptr chunk_size = ClassIdToSize(class_id);
const uptr page_size = GetPageSizeCached(); const uptr page_size = GetPageSizeCached();
uptr n = region->num_freed_chunks; uptr n = region->num_freed_chunks;
if (n * chunk_size < page_size) if (n * chunk_size < page_size)
return; // No chance to release anything. return; // No chance to release anything.
if ((region->stats.n_freed - if ((region->stats.n_freed -
region->rtoi.n_freed_at_last_release) * chunk_size < page_size) { region->rtoi.n_freed_at_last_release) * chunk_size < page_size) {
return; // Nothing new to release. return; // Nothing new to release.
} }
if (!force) {
s32 interval_ms = ReleaseToOSIntervalMs(); s32 interval_ms = ReleaseToOSIntervalMs();
if (interval_ms < 0) if (interval_ms < 0)
return; return;
if (region->rtoi.last_release_at_ns + interval_ms * 1000000ULL > NanoTime()) if (region->rtoi.last_release_at_ns + interval_ms * 1000000ULL >
NanoTime()) {
return; // Memory was returned recently. return; // Memory was returned recently.
}
}
MemoryMapper memory_mapper(*this, class_id); MemoryMapper memory_mapper(*this, class_id);
ReleaseFreeMemoryToOS<MemoryMapper>( ReleaseFreeMemoryToOS<MemoryMapper>(
GetFreeArray(GetRegionBeginBySizeClass(class_id)), n, chunk_size, GetFreeArray(GetRegionBeginBySizeClass(class_id)), n, chunk_size,
RoundUpTo(region->allocated_user, page_size) / page_size, RoundUpTo(region->allocated_user, page_size) / page_size,
&memory_mapper); &memory_mapper);
if (memory_mapper.GetReleasedRangesCount() > 0) { if (memory_mapper.GetReleasedRangesCount() > 0) {
region->rtoi.n_freed_at_last_release = region->stats.n_freed; region->rtoi.n_freed_at_last_release = region->stats.n_freed;
region->rtoi.num_releases += memory_mapper.GetReleasedRangesCount(); region->rtoi.num_releases += memory_mapper.GetReleasedRangesCount();
region->rtoi.last_released_bytes = memory_mapper.GetReleasedBytes(); region->rtoi.last_released_bytes = memory_mapper.GetReleasedBytes();
} }
region->rtoi.last_release_at_ns = NanoTime(); region->rtoi.last_release_at_ns = NanoTime();
} }
}; };

lib/sanitizer_common/sanitizer_common_interface.inc

Show All 28 Lines
INTERFACE_FUNCTION(__sanitizer_get_allocated_size) INTERFACE_FUNCTION(__sanitizer_get_allocated_size)
INTERFACE_FUNCTION(__sanitizer_get_current_allocated_bytes) INTERFACE_FUNCTION(__sanitizer_get_current_allocated_bytes)
INTERFACE_FUNCTION(__sanitizer_get_estimated_allocated_size) INTERFACE_FUNCTION(__sanitizer_get_estimated_allocated_size)
INTERFACE_FUNCTION(__sanitizer_get_free_bytes) INTERFACE_FUNCTION(__sanitizer_get_free_bytes)
INTERFACE_FUNCTION(__sanitizer_get_heap_size) INTERFACE_FUNCTION(__sanitizer_get_heap_size)
INTERFACE_FUNCTION(__sanitizer_get_ownership) INTERFACE_FUNCTION(__sanitizer_get_ownership)
INTERFACE_FUNCTION(__sanitizer_get_unmapped_bytes) INTERFACE_FUNCTION(__sanitizer_get_unmapped_bytes)
INTERFACE_FUNCTION(__sanitizer_install_malloc_and_free_hooks) INTERFACE_FUNCTION(__sanitizer_install_malloc_and_free_hooks)
INTERFACE_FUNCTION(__sanitizer_purge_allocator)
INTERFACE_FUNCTION(__sanitizer_print_memory_profile) INTERFACE_FUNCTION(__sanitizer_print_memory_profile)
INTERFACE_WEAK_FUNCTION(__sanitizer_free_hook) INTERFACE_WEAK_FUNCTION(__sanitizer_free_hook)
INTERFACE_WEAK_FUNCTION(__sanitizer_malloc_hook) INTERFACE_WEAK_FUNCTION(__sanitizer_malloc_hook)

lib/sanitizer_common/sanitizer_quarantine.h

Show First 20 LinesShow All 111 Lines▼ Show 20 Lines public:
} }
void NOINLINE Drain(Cache *c, Callback cb) { void NOINLINE Drain(Cache *c, Callback cb) {
{ {
SpinMutexLock l(&cache_mutex_); SpinMutexLock l(&cache_mutex_);
cache_.Transfer(c); cache_.Transfer(c);
} }
if (cache_.Size() > GetSize() && recycle_mutex_.TryLock()) if (cache_.Size() > GetSize() && recycle_mutex_.TryLock())
Recycle(cb); Recycle(atomic_load(&min_size_, memory_order_relaxed), cb);
}
void NOINLINE DrainAndRecycle(Cache *c, Callback cb) {
{
SpinMutexLock l(&cache_mutex_);
cache_.Transfer(c);
}
recycle_mutex_.Lock();
Recycle(0, cb);
} }
void PrintStats() const { void PrintStats() const {
// It assumes that the world is stopped, just as the allocator's PrintStats. // It assumes that the world is stopped, just as the allocator's PrintStats.
Printf("Quarantine limits: global: %zdMb; thread local: %zdKb\n", Printf("Quarantine limits: global: %zdMb; thread local: %zdKb\n",
GetSize() >> 20, GetCacheSize() >> 10); GetSize() >> 20, GetCacheSize() >> 10);
cache_.PrintStats(); cache_.PrintStats();
} }
private: private:
// Read-only data. // Read-only data.
char pad0_[kCacheLineSize]; char pad0_[kCacheLineSize];
atomic_uintptr_t max_size_; atomic_uintptr_t max_size_;
atomic_uintptr_t min_size_; atomic_uintptr_t min_size_;
atomic_uintptr_t max_cache_size_; atomic_uintptr_t max_cache_size_;
char pad1_[kCacheLineSize]; char pad1_[kCacheLineSize];
SpinMutex cache_mutex_; SpinMutex cache_mutex_;
SpinMutex recycle_mutex_; SpinMutex recycle_mutex_;
Cache cache_; Cache cache_;
char pad2_[kCacheLineSize]; char pad2_[kCacheLineSize];
void NOINLINE Recycle(Callback cb) { void NOINLINE Recycle(uptr min_size, Callback cb) {
Cache tmp; Cache tmp;
uptr min_size = atomic_load(&min_size_, memory_order_relaxed);
{ {
SpinMutexLock l(&cache_mutex_); SpinMutexLock l(&cache_mutex_);
// Go over the batches and merge partially filled ones to // Go over the batches and merge partially filled ones to
// save some memory, otherwise batches themselves (since the memory used // save some memory, otherwise batches themselves (since the memory used
// by them is counted against quarantine limit) can overcome the actual // by them is counted against quarantine limit) can overcome the actual
// user's quarantined chunks, which diminishes the purpose of the // user's quarantined chunks, which diminishes the purpose of the
// quarantine. // quarantine.
uptr cache_size = cache_.Size(); uptr cache_size = cache_.Size();
▲ Show 20 LinesShow All 156 LinesShow Last 20 Lines

test/asan/TestCases/Linux/release_to_os_test.cc

// Tests ASAN_OPTIONS=allocator_release_to_os=1 // Tests ASAN_OPTIONS=allocator_release_to_os=1
//
// RUN: %clangxx_asan -std=c++11 %s -o %t // RUN: %clangxx_asan -std=c++11 %s -o %t
// RUN: %env_asan_opts=allocator_release_to_os_interval_ms=0 %run %t 2>&1 | FileCheck %s --check-prefix=RELEASE // RUN: %env_asan_opts=allocator_release_to_os_interval_ms=0 %run %t 2>&1 | FileCheck %s --check-prefix=RELEASE
// RUN: %env_asan_opts=allocator_release_to_os_interval_ms=-1 %run %t 2>&1 | FileCheck %s --check-prefix=NO_RELEASE // RUN: %env_asan_opts=allocator_release_to_os_interval_ms=-1 %run %t 2>&1 | FileCheck %s --check-prefix=NO_RELEASE
// // RUN: %env_asan_opts=allocator_release_to_os_interval_ms=-1 %run %t force 2>&1 | FileCheck %s --check-prefix=FORCE_RELEASE
// REQUIRES: x86_64-target-arch // REQUIRES: x86_64-target-arch
#include <stdlib.h>
#include <stdio.h>
#include <algorithm> #include <algorithm>
#include <stdint.h>
#include <assert.h> #include <assert.h>
#include <random> #include <random>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sanitizer/allocator_interface.h>
#include <sanitizer/asan_interface.h> #include <sanitizer/asan_interface.h>
void MallocReleaseStress() { void MallocReleaseStress() {
const size_t kNumChunks = 10000; const size_t kNumChunks = 10000;
const size_t kAllocSize = 100; const size_t kAllocSize = 100;
const size_t kNumIter = 100; const size_t kNumIter = 100;
uintptr_t *chunks[kNumChunks] = {0}; uintptr_t *chunks[kNumChunks] = {0};
std::mt19937 r; std::mt19937 r;
Show All 10 Lines for (size_t i = 0; i < kNumChunks; i++) {
chunks[i][0] = (uintptr_t)chunks[i]; chunks[i][0] = (uintptr_t)chunks[i];
} }
} }
} }
for (auto p : chunks) for (auto p : chunks)
delete[] p; delete[] p;
} }
int main() { int main(int argc, char **argv) {
MallocReleaseStress(); MallocReleaseStress();
if (argc > 1 && !strcmp("force", argv[1]))
__sanitizer_purge_allocator();
__asan_print_accumulated_stats(); __asan_print_accumulated_stats();
} }
// RELEASE: mapped:{{.*}}releases: {{[1-9]}} // RELEASE: mapped:{{.*}}releases: {{[1-9]}}
// NO_RELEASE: mapped:{{.*}}releases: 0 // NO_RELEASE: mapped:{{.*}}releases: 0
// FORCE_RELEASE: mapped:{{.*}}releases: {{[1-9]}}