This is an archive of the discontinued LLVM Phabricator instance.

Differential D73294

[GWP-ASan] enable/disable and fork support.
ClosedPublic

Authored by eugenis on Jan 23 2020, 2:04 PM.

Details

Reviewers
cryptoad
hctim
jfb
Commits
rG596d06145a2b: [GWP-ASan] enable/disable and fork support.
Summary
  • Implement enable() and disable() in GWP-ASan.
  • Setup atfork handler.
  • Improve test harness sanity and re-enable GWP-ASan in Scudo.

Scudo_standalone disables embedded GWP-ASan as necessary around fork().
Standalone GWP-ASan sets the atfork handler in init() if asked to. This
requires a working malloc(), therefore GWP-ASan initialization in Scudo
is delayed to the post-init callback.

Test harness changes are about setting up a single global instance of
the GWP-ASan allocator so that pthread_atfork() does not create
dangling pointers.

Test case shamelessly stolen from D72470.

Diff Detail

Event Timeline

eugenis created this revision.Jan 23 2020, 2:04 PM
Herald added a reviewer: jfb. · View Herald TranscriptJan 23 2020, 2:04 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald Transcript
Herald added subscribers: Restricted Project, jfb, mgorny. · View Herald Transcript
eugenis added a comment.Jan 23 2020, 2:06 PM

I've merged two earlier changes (gwp-asan re-enablement and atfork/enable/disable support) in one because they are interconnected.

Herald added a subscriber: dexonsmith. · View Herald TranscriptJan 23 2020, 2:06 PM
hctim added inline comments.Jan 23 2020, 3:10 PM
compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
116

// AdjustedSampleRatePlusOne is designed to intentionally underflow. This class must be valid when zero-initialised, and we wish to sample as infrequently as possible when this is the case, hence we underflow to UINT32_MAX.

125

Now that GuardedPagePool is zero-initialised, the fast path has an additional branch. Can be fixed via:
return P < GuardedPagePoolEnd && GuardedPagePool <= P;

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp
95

Why does this need to disable the singleton? Why not just disable this class (which should be equivalent).

compiler-rt/lib/gwp_asan/tests/enable_disable.cpp
46

Nit: prefer c++-style casting

47

What do mean by "initialize" here? GPA should already be inited by the parent.

If you're trying to init the sample counters to some nonzero value here, calling shouldSample() is the only way, not allocate().

compiler-rt/lib/gwp_asan/tests/harness.cpp
8

OnlyOnce?

compiler-rt/lib/gwp_asan/tests/harness.h
28

Why a single global instance?

eugenis updated this revision to Diff 240061.Jan 23 2020, 4:58 PM
eugenis marked 6 inline comments as done.

address comments

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
125

Sure.

compiler-rt/lib/gwp_asan/tests/enable_disable.cpp
47

That's left over from the scudo tests. Removed the initialization and cleaned up synchronization a bit. We can not get rid of the sleep, unfortunately, because the thread needs to act while the other one is blocked inside fork(), and there is no clear way to detect that condition.

compiler-rt/lib/gwp_asan/tests/harness.h
28

Yeah, I don't think it is required. We do need SetUp/TearDown logic though to properly set and remove the signal handlers.

hctim accepted this revision.Jan 23 2020, 5:33 PM

LGTM with installAtFork() and cond_wait() comments.

compiler-rt/lib/gwp_asan/tests/enable_disable.cpp
52

I don't see why this value is needed - we don't expect someone else to send the cond_signal for this conditional, right?

This revision is now accepted and ready to land.Jan 23 2020, 5:33 PM
merge_guards_bot added a subscriber: merge_guards_bot.Jan 23 2020, 5:36 PM

Unit tests: fail. 62144 tests passed, 5 failed and 811 were skipped.

failed: libc++.std/language_support/cmp/cmp_partialord/partialord.pass.cpp
failed: libc++.std/language_support/cmp/cmp_strongeq/cmp.strongeq.pass.cpp
failed: libc++.std/language_support/cmp/cmp_strongord/strongord.pass.cpp
failed: libc++.std/language_support/cmp/cmp_weakeq/cmp.weakeq.pass.cpp
failed: libc++.std/language_support/cmp/cmp_weakord/weakord.pass.cpp

clang-tidy: fail. clang-tidy found 32 errors and 19 warnings. 0 of them are added as review comments below (why?).

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B44793: Diff 240061!Jan 23 2020, 5:38 PM
eugenis marked an inline comment as done.Jan 24 2020, 1:25 PM
eugenis added inline comments.
compiler-rt/lib/gwp_asan/tests/enable_disable.cpp
52

pthread_cond_wait is allowed spurious wake ups.
Using it without a loop with an external condition is almost always wrong.

eugenis updated this revision to Diff 240281.Jan 24 2020, 1:25 PM

fix lint warnings

merge_guards_bot added a comment.Jan 24 2020, 1:46 PM

Unit tests: pass. 62190 tests passed, 0 failed and 815 were skipped.

clang-tidy: fail. clang-tidy found 31 errors and 11 warnings. 0 of them are added as review comments below (why?).

clang-format: pass.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B44877: Diff 240281!Jan 24 2020, 1:50 PM
Closed by commit rG596d06145a2b: [GWP-ASan] enable/disable and fork support. (authored by eugenis). · Explain WhyJan 24 2020, 1:59 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
lib/
gwp_asan/
23 lines
33 lines
4 lines
platform_specific/
34 lines
tests/
4 lines
86 lines
17 lines
10 lines
scudo/
standalone/
5 lines
27 lines
tests/
5 lines
12 lines
1 line

Diff 240286

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h

Show First 20 LinesShow All 92 Lines▼ Show 20 Linespublic:
// and metadata allocations during destruction. We can't clean up these areas // and metadata allocations during destruction. We can't clean up these areas
// as this may cause a use-after-free on shutdown. // as this may cause a use-after-free on shutdown.
~GuardedPoolAllocator() = default; ~GuardedPoolAllocator() = default;
// Initialise the rest of the members of this class. Create the allocation // Initialise the rest of the members of this class. Create the allocation
// pool using the provided options. See options.inc for runtime configuration // pool using the provided options. See options.inc for runtime configuration
// options. // options.
void init(const options::Options &Opts); void init(const options::Options &Opts);
void uninitTestOnly();
void disable();
void enable();
// Return whether the allocation should be randomly chosen for sampling. // Return whether the allocation should be randomly chosen for sampling.
GWP_ASAN_ALWAYS_INLINE bool shouldSample() { GWP_ASAN_ALWAYS_INLINE bool shouldSample() {
// NextSampleCounter == 0 means we "should regenerate the counter". // NextSampleCounter == 0 means we "should regenerate the counter".
// == 1 means we "should sample this allocation". // == 1 means we "should sample this allocation".
// AdjustedSampleRatePlusOne is designed to intentionally underflow. This
// class must be valid when zero-initialised, and we wish to sample as
// infrequently as possible when this is the case, hence we underflow to
// UINT32_MAX.
if (GWP_ASAN_UNLIKELY(ThreadLocals.NextSampleCounter == 0)) if (GWP_ASAN_UNLIKELY(ThreadLocals.NextSampleCounter == 0))
ThreadLocals.NextSampleCounter = ThreadLocals.NextSampleCounter =
(getRandomUnsigned32() % AdjustedSampleRate) + 1; (getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1;
hctimUnsubmitted
Done
ReplyInline Actions

// AdjustedSampleRatePlusOne is designed to intentionally underflow. This class must be valid when zero-initialised, and we wish to sample as infrequently as possible when this is the case, hence we underflow to UINT32_MAX.

hctim: `// AdjustedSampleRatePlusOne is designed to intentionally underflow. This class must be valid…
return GWP_ASAN_UNLIKELY(--ThreadLocals.NextSampleCounter == 0); return GWP_ASAN_UNLIKELY(--ThreadLocals.NextSampleCounter == 0);
} }
// Returns whether the provided pointer is a current sampled allocation that // Returns whether the provided pointer is a current sampled allocation that
// is owned by this pool. // is owned by this pool.
GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const { GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const {
uintptr_t P = reinterpret_cast<uintptr_t>(Ptr); uintptr_t P = reinterpret_cast<uintptr_t>(Ptr);
return GuardedPagePool <= P && P < GuardedPagePoolEnd; return P < GuardedPagePoolEnd && GuardedPagePool <= P;
hctimUnsubmitted
Not Done
ReplyInline Actions

Now that GuardedPagePool is zero-initialised, the fast path has an additional branch. Can be fixed via:
return P < GuardedPagePoolEnd && GuardedPagePool <= P;

hctim: Now that `GuardedPagePool` is zero-initialised, the fast path has an additional branch. Can be…
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

Sure.

eugenis: Sure.
} }
// Allocate memory in a guarded slot, and return a pointer to the new // Allocate memory in a guarded slot, and return a pointer to the new
// allocation. Returns nullptr if the pool is empty, the requested size is too // allocation. Returns nullptr if the pool is empty, the requested size is too
// large for this pool to handle, or the requested size is zero. // large for this pool to handle, or the requested size is zero.
void *allocate(size_t Size); void *allocate(size_t Size);
// Deallocate memory in a guarded slot. The provided pointer must have been // Deallocate memory in a guarded slot. The provided pointer must have been
Show All 25 Linesprivate:
// These functions anonymously map memory or change the permissions of mapped // These functions anonymously map memory or change the permissions of mapped
// memory into this process in a platform-specific way. Pointer and size // memory into this process in a platform-specific way. Pointer and size
// arguments are expected to be page-aligned. These functions will never // arguments are expected to be page-aligned. These functions will never
// return on error, instead electing to kill the calling process on failure. // return on error, instead electing to kill the calling process on failure.
// Note that memory is initially mapped inaccessible. In order for RW // Note that memory is initially mapped inaccessible. In order for RW
// mappings, call mapMemory() followed by markReadWrite() on the returned // mappings, call mapMemory() followed by markReadWrite() on the returned
// pointer. // pointer.
void *mapMemory(size_t Size) const; void *mapMemory(size_t Size) const;
void unmapMemory(void *Addr, size_t Size) const;
void markReadWrite(void *Ptr, size_t Size) const; void markReadWrite(void *Ptr, size_t Size) const;
void markInaccessible(void *Ptr, size_t Size) const; void markInaccessible(void *Ptr, size_t Size) const;
// Get the page size from the platform-specific implementation. Only needs to // Get the page size from the platform-specific implementation. Only needs to
// be called once, and the result should be cached in PageSize in this class. // be called once, and the result should be cached in PageSize in this class.
static size_t getPlatformPageSize(); static size_t getPlatformPageSize();
// Install the SIGSEGV crash handler for printing use-after-free and heap- // Install the SIGSEGV crash handler for printing use-after-free and heap-
// buffer-{under|over}flow exceptions. This is platform specific as even // buffer-{under|over}flow exceptions. This is platform specific as even
// though POSIX and Windows both support registering handlers through // though POSIX and Windows both support registering handlers through
// signal(), we have to use platform-specific signal handlers to obtain the // signal(), we have to use platform-specific signal handlers to obtain the
// address that caused the SIGSEGV exception. // address that caused the SIGSEGV exception.
static void installSignalHandlers(); static void installSignalHandlers();
static void uninstallSignalHandlers();
// Returns the index of the slot that this pointer resides in. If the pointer // Returns the index of the slot that this pointer resides in. If the pointer
// is not owned by this pool, the result is undefined. // is not owned by this pool, the result is undefined.
size_t addrToSlot(uintptr_t Ptr) const; size_t addrToSlot(uintptr_t Ptr) const;
// Returns the address of the N-th guarded slot. // Returns the address of the N-th guarded slot.
uintptr_t slotToAddr(size_t N) const; uintptr_t slotToAddr(size_t N) const;
Show All 25 Linesprivate:
// Returns the diagnosis for an unknown error. If the diagnosis is not // Returns the diagnosis for an unknown error. If the diagnosis is not
// Error::INVALID_FREE or Error::UNKNOWN, the metadata for the slot // Error::INVALID_FREE or Error::UNKNOWN, the metadata for the slot
// responsible for the error is placed in *Meta. // responsible for the error is placed in *Meta.
Error diagnoseUnknownError(uintptr_t AccessPtr, AllocationMetadata **Meta); Error diagnoseUnknownError(uintptr_t AccessPtr, AllocationMetadata **Meta);
void reportErrorInternal(uintptr_t AccessPtr, Error E); void reportErrorInternal(uintptr_t AccessPtr, Error E);
static GuardedPoolAllocator *getSingleton();
// Install a pthread_atfork handler.
void installAtFork();
// Cached page size for this system in bytes. // Cached page size for this system in bytes.
size_t PageSize = 0; size_t PageSize = 0;
// A mutex to protect the guarded slot and metadata pool for this class. // A mutex to protect the guarded slot and metadata pool for this class.
Mutex PoolMutex; Mutex PoolMutex;
// The number of guarded slots that this pool holds. // The number of guarded slots that this pool holds.
size_t MaxSimultaneousAllocations = 0; size_t MaxSimultaneousAllocations = 0;
// Record the number allocations that we've sampled. We store this amount so // Record the number allocations that we've sampled. We store this amount so
// that we don't randomly choose to recycle a slot that previously had an // that we don't randomly choose to recycle a slot that previously had an
// allocation before all the slots have been utilised. // allocation before all the slots have been utilised.
size_t NumSampledAllocations = 0; size_t NumSampledAllocations = 0;
// Pointer to the pool of guarded slots. Note that this points to the start of // Pointer to the pool of guarded slots. Note that this points to the start of
// the pool (which is a guard page), not a pointer to the first guarded page. // the pool (which is a guard page), not a pointer to the first guarded page.
uintptr_t GuardedPagePool = UINTPTR_MAX; uintptr_t GuardedPagePool = 0;
uintptr_t GuardedPagePoolEnd = 0; uintptr_t GuardedPagePoolEnd = 0;
// Pointer to the allocation metadata (allocation/deallocation stack traces), // Pointer to the allocation metadata (allocation/deallocation stack traces),
// if any. // if any.
AllocationMetadata *Metadata = nullptr; AllocationMetadata *Metadata = nullptr;
// Pointer to an array of free slot indexes. // Pointer to an array of free slot indexes.
size_t *FreeSlots = nullptr; size_t *FreeSlots = nullptr;
// The current length of the list of free slots. // The current length of the list of free slots.
Show All 10 Linesprivate:
options::PrintBacktrace_t PrintBacktrace = nullptr; options::PrintBacktrace_t PrintBacktrace = nullptr;
// The adjusted sample rate for allocation sampling. Default *must* be // The adjusted sample rate for allocation sampling. Default *must* be
// nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++) // nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++)
// before GPA::init() is called. This would cause an error in shouldSample(), // before GPA::init() is called. This would cause an error in shouldSample(),
// where we would calculate modulo zero. This value is set UINT32_MAX, as when // where we would calculate modulo zero. This value is set UINT32_MAX, as when
// GWP-ASan is disabled, we wish to never spend wasted cycles recalculating // GWP-ASan is disabled, we wish to never spend wasted cycles recalculating
// the sample rate. // the sample rate.
uint32_t AdjustedSampleRate = UINT32_MAX; uint32_t AdjustedSampleRatePlusOne = 0;
// Pack the thread local variables into a struct to ensure that they're in // Pack the thread local variables into a struct to ensure that they're in
// the same cache line for performance reasons. These are the most touched // the same cache line for performance reasons. These are the most touched
// variables in GWP-ASan. // variables in GWP-ASan.
struct alignas(8) ThreadLocalPackedVariables { struct alignas(8) ThreadLocalPackedVariables {
constexpr ThreadLocalPackedVariables() {} constexpr ThreadLocalPackedVariables() {}
// Thread-local decrementing counter that indicates that a given allocation // Thread-local decrementing counter that indicates that a given allocation
// should be sampled when it reaches zero. // should be sampled when it reaches zero.
Show All 13 Lines

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp

Show First 20 LinesShow All 52 Lines▼ Show 20 Lines for (size_t i = 0; i < TraceLength; ++i) {
Printf(" #%zu 0x%zx in <unknown>\n", i, Trace[i]); Printf(" #%zu 0x%zx in <unknown>\n", i, Trace[i]);
} }
Printf("\n"); Printf("\n");
} }
} // anonymous namespace } // anonymous namespace
// Gets the singleton implementation of this class. Thread-compatible until // Gets the singleton implementation of this class. Thread-compatible until
// init() is called, thread-safe afterwards. // init() is called, thread-safe afterwards.
GuardedPoolAllocator *getSingleton() { return SingletonPtr; } GuardedPoolAllocator *GuardedPoolAllocator::getSingleton() {
return SingletonPtr;
}
void GuardedPoolAllocator::AllocationMetadata::RecordAllocation( void GuardedPoolAllocator::AllocationMetadata::RecordAllocation(
uintptr_t AllocAddr, size_t AllocSize, options::Backtrace_t Backtrace) { uintptr_t AllocAddr, size_t AllocSize, options::Backtrace_t Backtrace) {
Addr = AllocAddr; Addr = AllocAddr;
Size = AllocSize; Size = AllocSize;
IsDeallocated = false; IsDeallocated = false;
// TODO(hctim): Ask the caller to provide the thread ID, so we don't waste // TODO(hctim): Ask the caller to provide the thread ID, so we don't waste
▲ Show 20 LinesShow All 81 Lines▼ Show 20 Linesvoid GuardedPoolAllocator::init(const options::Options &Opts) {
// Allocate memory and set up the free pages queue. // Allocate memory and set up the free pages queue.
BytesRequired = MaxSimultaneousAllocations * sizeof(*FreeSlots); BytesRequired = MaxSimultaneousAllocations * sizeof(*FreeSlots);
FreeSlots = reinterpret_cast<size_t *>(mapMemory(BytesRequired)); FreeSlots = reinterpret_cast<size_t *>(mapMemory(BytesRequired));
markReadWrite(FreeSlots, BytesRequired); markReadWrite(FreeSlots, BytesRequired);
// Multiply the sample rate by 2 to give a good, fast approximation for (1 / // Multiply the sample rate by 2 to give a good, fast approximation for (1 /
// SampleRate) chance of sampling. // SampleRate) chance of sampling.
if (Opts.SampleRate != 1) if (Opts.SampleRate != 1)
AdjustedSampleRate = static_cast<uint32_t>(Opts.SampleRate) * 2; AdjustedSampleRatePlusOne = static_cast<uint32_t>(Opts.SampleRate) * 2 + 1;
else else
AdjustedSampleRate = 1; AdjustedSampleRatePlusOne = 2;
GuardedPagePool = reinterpret_cast<uintptr_t>(GuardedPoolMemory); GuardedPagePool = reinterpret_cast<uintptr_t>(GuardedPoolMemory);
GuardedPagePoolEnd = GuardedPagePoolEnd =
reinterpret_cast<uintptr_t>(GuardedPoolMemory) + PoolBytesRequired; reinterpret_cast<uintptr_t>(GuardedPoolMemory) + PoolBytesRequired;
// Ensure that signal handlers are installed as late as possible, as the class // Ensure that signal handlers are installed as late as possible, as the class
// is not thread-safe until init() is finished, and thus a SIGSEGV may cause a // is not thread-safe until init() is finished, and thus a SIGSEGV may cause a
// race to members if received during init(). // race to members if received during init().
if (Opts.InstallSignalHandlers) if (Opts.InstallSignalHandlers)
installSignalHandlers(); installSignalHandlers();
if (Opts.InstallForkHandlers)
installAtFork();
}
void GuardedPoolAllocator::disable() { PoolMutex.lock(); }
void GuardedPoolAllocator::enable() { PoolMutex.unlock(); }
void GuardedPoolAllocator::uninitTestOnly() {
if (GuardedPagePool) {
unmapMemory(reinterpret_cast<void *>(GuardedPagePool),
GuardedPagePoolEnd - GuardedPagePool);
GuardedPagePool = 0;
GuardedPagePoolEnd = 0;
}
if (Metadata) {
unmapMemory(Metadata, MaxSimultaneousAllocations * sizeof(*Metadata));
Metadata = nullptr;
}
if (FreeSlots) {
unmapMemory(FreeSlots, MaxSimultaneousAllocations * sizeof(*FreeSlots));
FreeSlots = nullptr;
}
uninstallSignalHandlers();
} }
void *GuardedPoolAllocator::allocate(size_t Size) { void *GuardedPoolAllocator::allocate(size_t Size) {
// GuardedPagePoolEnd == 0 when GWP-ASan is disabled. If we are disabled, fall // GuardedPagePoolEnd == 0 when GWP-ASan is disabled. If we are disabled, fall
// back to the supporting allocator. // back to the supporting allocator.
if (GuardedPagePoolEnd == 0) if (GuardedPagePoolEnd == 0)
return nullptr; return nullptr;
▲ Show 20 LinesShow All 347 LinesShow Last 20 Lines

compiler-rt/lib/gwp_asan/options.inc

Show All 33 LinesGWP_ASAN_OPTION(
bool, InstallSignalHandlers, true, bool, InstallSignalHandlers, true,
"Install GWP-ASan signal handlers for SIGSEGV during dynamic loading. This " "Install GWP-ASan signal handlers for SIGSEGV during dynamic loading. This "
"allows better error reports by providing stack traces for allocation and " "allows better error reports by providing stack traces for allocation and "
"deallocation when reporting a memory error. GWP-ASan's signal handler " "deallocation when reporting a memory error. GWP-ASan's signal handler "
"will forward the signal to any previously-installed handler, and user " "will forward the signal to any previously-installed handler, and user "
"programs that install further signal handlers should make sure they do " "programs that install further signal handlers should make sure they do "
"the same. Note, if the previously installed SIGSEGV handler is SIG_IGN, " "the same. Note, if the previously installed SIGSEGV handler is SIG_IGN, "
"we terminate the process after dumping the error report.") "we terminate the process after dumping the error report.")
GWP_ASAN_OPTION(bool, InstallForkHandlers, true,
"Install GWP-ASan atfork handlers to acquire internal locks "
"before fork and release them after.")

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp

//===-- guarded_pool_allocator_posix.cpp ------------------------*- C++ -*-===// //===-- guarded_pool_allocator_posix.cpp ------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "gwp_asan/guarded_pool_allocator.h" #include "gwp_asan/guarded_pool_allocator.h"
#include <stdlib.h>
#include <errno.h> #include <errno.h>
#include <signal.h> #include <signal.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h> #include <sys/mman.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#include <sys/types.h> #include <sys/types.h>
#include <unistd.h> #include <unistd.h>
namespace gwp_asan { namespace gwp_asan {
void *GuardedPoolAllocator::mapMemory(size_t Size) const { void *GuardedPoolAllocator::mapMemory(size_t Size) const {
void *Ptr = void *Ptr =
mmap(nullptr, Size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); mmap(nullptr, Size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
if (Ptr == MAP_FAILED) { if (Ptr == MAP_FAILED) {
Printf("Failed to map guarded pool allocator memory, errno: %d\n", errno); Printf("Failed to map guarded pool allocator memory, errno: %d\n", errno);
Printf(" mmap(nullptr, %zu, ...) failed.\n", Size); Printf(" mmap(nullptr, %zu, ...) failed.\n", Size);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
return Ptr; return Ptr;
} }
void GuardedPoolAllocator::unmapMemory(void *Addr, size_t Size) const {
int Res = munmap(Addr, Size);
if (Res != 0) {
Printf("Failed to unmap guarded pool allocator memory, errno: %d\n", errno);
Printf(" unmmap(%p, %zu, ...) failed.\n", Addr, Size);
exit(EXIT_FAILURE);
}
}
void GuardedPoolAllocator::markReadWrite(void *Ptr, size_t Size) const { void GuardedPoolAllocator::markReadWrite(void *Ptr, size_t Size) const {
if (mprotect(Ptr, Size, PROT_READ | PROT_WRITE) != 0) { if (mprotect(Ptr, Size, PROT_READ | PROT_WRITE) != 0) {
Printf("Failed to set guarded pool allocator memory at as RW, errno: %d\n", Printf("Failed to set guarded pool allocator memory at as RW, errno: %d\n",
errno); errno);
Printf(" mprotect(%p, %zu, RW) failed.\n", Ptr, Size); Printf(" mprotect(%p, %zu, RW) failed.\n", Ptr, Size);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} }
Show All 12 Linesvoid GuardedPoolAllocator::markInaccessible(void *Ptr, size_t Size) const {
} }
} }
size_t GuardedPoolAllocator::getPlatformPageSize() { size_t GuardedPoolAllocator::getPlatformPageSize() {
return sysconf(_SC_PAGESIZE); return sysconf(_SC_PAGESIZE);
} }
struct sigaction PreviousHandler; struct sigaction PreviousHandler;
bool SignalHandlerInstalled;
static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) { static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) {
gwp_asan::GuardedPoolAllocator::reportError( gwp_asan::GuardedPoolAllocator::reportError(
reinterpret_cast<uintptr_t>(info->si_addr)); reinterpret_cast<uintptr_t>(info->si_addr));
// Process any previous handlers. // Process any previous handlers.
if (PreviousHandler.sa_flags & SA_SIGINFO) { if (PreviousHandler.sa_flags & SA_SIGINFO) {
PreviousHandler.sa_sigaction(sig, info, ucontext); PreviousHandler.sa_sigaction(sig, info, ucontext);
} else if (PreviousHandler.sa_handler == SIG_IGN || } else if (PreviousHandler.sa_handler == SIG_IGN ||
PreviousHandler.sa_handler == SIG_DFL) { PreviousHandler.sa_handler == SIG_DFL) {
// If the previous handler was the default handler, or was ignoring this // If the previous handler was the default handler, or was ignoring this
// signal, install the default handler and re-raise the signal in order to // signal, install the default handler and re-raise the signal in order to
// get a core dump and terminate this process. // get a core dump and terminate this process.
signal(SIGSEGV, SIG_DFL); signal(SIGSEGV, SIG_DFL);
raise(SIGSEGV); raise(SIGSEGV);
} else { } else {
PreviousHandler.sa_handler(sig); PreviousHandler.sa_handler(sig);
} }
} }
void GuardedPoolAllocator::installAtFork() {
auto Disable = []() {
if (auto *S = getSingleton())
hctimUnsubmitted
Not Done
ReplyInline Actions

Why does this need to disable the singleton? Why not just disable this class (which should be equivalent).

hctim: Why does this need to disable the singleton? Why not just disable this class (which should be…
S->disable();
};
auto Enable = []() {
if (auto *S = getSingleton())
S->enable();
};
pthread_atfork(Disable, Enable, Enable);
}
void GuardedPoolAllocator::installSignalHandlers() { void GuardedPoolAllocator::installSignalHandlers() {
struct sigaction Action; struct sigaction Action;
Action.sa_sigaction = sigSegvHandler; Action.sa_sigaction = sigSegvHandler;
Action.sa_flags = SA_SIGINFO; Action.sa_flags = SA_SIGINFO;
sigaction(SIGSEGV, &Action, &PreviousHandler); sigaction(SIGSEGV, &Action, &PreviousHandler);
SignalHandlerInstalled = true;
}
void GuardedPoolAllocator::uninstallSignalHandlers() {
if (SignalHandlerInstalled) {
sigaction(SIGSEGV, &PreviousHandler, nullptr);
SignalHandlerInstalled = false;
}
} }
uint64_t GuardedPoolAllocator::getThreadID() { uint64_t GuardedPoolAllocator::getThreadID() {
#ifdef SYS_gettid #ifdef SYS_gettid
return syscall(SYS_gettid); return syscall(SYS_gettid);
#else #else
return kInvalidThreadID; return kInvalidThreadID;
#endif #endif
} }
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/tests/CMakeLists.txt

Show All 11 Linesset(GWP_ASAN_UNITTESTS
optional/printf_sanitizer_common.cpp optional/printf_sanitizer_common.cpp
alignment.cpp alignment.cpp
backtrace.cpp backtrace.cpp
basic.cpp basic.cpp
compression.cpp compression.cpp
driver.cpp driver.cpp
mutex_test.cpp mutex_test.cpp
slot_reuse.cpp slot_reuse.cpp
thread_contention.cpp) thread_contention.cpp
harness.cpp
enable_disable.cpp)
set(GWP_ASAN_UNIT_TEST_HEADERS set(GWP_ASAN_UNIT_TEST_HEADERS
${GWP_ASAN_HEADERS} ${GWP_ASAN_HEADERS}
harness.h) harness.h)
add_custom_target(GwpAsanUnitTests) add_custom_target(GwpAsanUnitTests)
set_target_properties(GwpAsanUnitTests PROPERTIES FOLDER "Compiler-RT Tests") set_target_properties(GwpAsanUnitTests PROPERTIES FOLDER "Compiler-RT Tests")
Show All 37 Lines

compiler-rt/lib/gwp_asan/tests/enable_disable.cpp

  • This file was added.
//===-- enable_disable.cpp --------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "gwp_asan/tests/harness.h"
constexpr size_t Size = 100;
TEST_F(DefaultGuardedPoolAllocator, Fork) {
void *P;
pid_t Pid = fork();
EXPECT_GE(Pid, 0);
if (Pid == 0) {
P = GPA.allocate(Size);
EXPECT_NE(P, nullptr);
memset(P, 0x42, Size);
GPA.deallocate(P);
_exit(0);
}
waitpid(Pid, nullptr, 0);
P = GPA.allocate(Size);
EXPECT_NE(P, nullptr);
memset(P, 0x42, Size);
GPA.deallocate(P);
// fork should stall if the allocator has been disabled.
EXPECT_DEATH(
{
GPA.disable();
alarm(1);
Pid = fork();
EXPECT_GE(Pid, 0);
},
"");
}
namespace {
pthread_mutex_t Mutex;
pthread_cond_t Conditional = PTHREAD_COND_INITIALIZER;
bool ThreadReady = false;
void *enableMalloc(void *arg) {
hctimUnsubmitted
Done
ReplyInline Actions

Nit: prefer c++-style casting

hctim: Nit: prefer c++-style casting
auto &GPA = *reinterpret_cast<gwp_asan::GuardedPoolAllocator *>(arg);
hctimUnsubmitted
Not Done
ReplyInline Actions

What do mean by "initialize" here? GPA should already be inited by the parent.

If you're trying to init the sample counters to some nonzero value here, calling shouldSample() is the only way, not allocate().

hctim: What do mean by "initialize" here? GPA should already be inited by the parent. If you're…
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

That's left over from the scudo tests. Removed the initialization and cleaned up synchronization a bit. We can not get rid of the sleep, unfortunately, because the thread needs to act while the other one is blocked inside fork(), and there is no clear way to detect that condition.

eugenis: That's left over from the scudo tests. Removed the initialization and cleaned up…
// Signal the main thread we are ready.
pthread_mutex_lock(&Mutex);
ThreadReady = true;
pthread_cond_signal(&Conditional);
hctimUnsubmitted
Not Done
ReplyInline Actions

I don't see why this value is needed - we don't expect someone else to send the cond_signal for this conditional, right?

hctim: I don't see why this value is needed - we don't expect someone else to send the cond_signal for…
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

pthread_cond_wait is allowed spurious wake ups.
Using it without a loop with an external condition is almost always wrong.

eugenis: pthread_cond_wait is allowed spurious wake ups. Using it without a loop with an external…
pthread_mutex_unlock(&Mutex);
// Wait for the malloc_disable & fork, then enable the allocator again.
sleep(1);
GPA.enable();
return nullptr;
}
TEST_F(DefaultGuardedPoolAllocator, DisableForkEnable) {
pthread_t ThreadId;
EXPECT_EQ(pthread_create(&ThreadId, nullptr, &enableMalloc, &GPA), 0);
// Do not lock the allocator right away, the other thread may need it to start
// up.
pthread_mutex_lock(&Mutex);
while (!ThreadReady)
pthread_cond_wait(&Conditional, &Mutex);
pthread_mutex_unlock(&Mutex);
// Disable the allocator and fork. fork should succeed after malloc_enable.
GPA.disable();
pid_t Pid = fork();
EXPECT_GE(Pid, 0);
if (Pid == 0) {
void *P = GPA.allocate(Size);
EXPECT_NE(P, nullptr);
GPA.deallocate(P);
_exit(0);
}
waitpid(Pid, nullptr, 0);
EXPECT_EQ(pthread_join(ThreadId, 0), 0);
}
} // namespace

compiler-rt/lib/gwp_asan/tests/harness.h

Show All 18 Lines
namespace gwp_asan { namespace gwp_asan {
namespace test { namespace test {
// This printf-function getter allows other platforms (e.g. Android) to define // This printf-function getter allows other platforms (e.g. Android) to define
// their own signal-safe Printf function. In LLVM, we use // their own signal-safe Printf function. In LLVM, we use
// `optional/printf_sanitizer_common.cpp` which supplies the __sanitizer::Printf // `optional/printf_sanitizer_common.cpp` which supplies the __sanitizer::Printf
// for this purpose. // for this purpose.
options::Printf_t getPrintfFunction(); options::Printf_t getPrintfFunction();
// First call returns true, all the following calls return false.
hctimUnsubmitted
Not Done
ReplyInline Actions

Why a single global instance?

hctim: Why a single global instance?
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

Yeah, I don't think it is required. We do need SetUp/TearDown logic though to properly set and remove the signal handlers.

eugenis: Yeah, I don't think it is required. We do need SetUp/TearDown logic though to properly set and…
bool OnlyOnce();
}; // namespace test }; // namespace test
}; // namespace gwp_asan }; // namespace gwp_asan
class DefaultGuardedPoolAllocator : public ::testing::Test { class DefaultGuardedPoolAllocator : public ::testing::Test {
public: public:
DefaultGuardedPoolAllocator() { void SetUp() override {
gwp_asan::options::Options Opts; gwp_asan::options::Options Opts;
Opts.setDefaults(); Opts.setDefaults();
MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations; MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations;
Opts.Printf = gwp_asan::test::getPrintfFunction(); Opts.Printf = gwp_asan::test::getPrintfFunction();
Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce();
GPA.init(Opts); GPA.init(Opts);
} }
void TearDown() override { GPA.uninitTestOnly(); }
protected: protected:
gwp_asan::GuardedPoolAllocator GPA; gwp_asan::GuardedPoolAllocator GPA;
decltype(gwp_asan::options::Options::MaxSimultaneousAllocations) decltype(gwp_asan::options::Options::MaxSimultaneousAllocations)
MaxSimultaneousAllocations; MaxSimultaneousAllocations;
}; };
class CustomGuardedPoolAllocator : public ::testing::Test { class CustomGuardedPoolAllocator : public ::testing::Test {
public: public:
void void
InitNumSlots(decltype(gwp_asan::options::Options::MaxSimultaneousAllocations) InitNumSlots(decltype(gwp_asan::options::Options::MaxSimultaneousAllocations)
MaxSimultaneousAllocationsArg) { MaxSimultaneousAllocationsArg) {
gwp_asan::options::Options Opts; gwp_asan::options::Options Opts;
Opts.setDefaults(); Opts.setDefaults();
Opts.MaxSimultaneousAllocations = MaxSimultaneousAllocationsArg; Opts.MaxSimultaneousAllocations = MaxSimultaneousAllocationsArg;
MaxSimultaneousAllocations = MaxSimultaneousAllocationsArg; MaxSimultaneousAllocations = MaxSimultaneousAllocationsArg;
Opts.Printf = gwp_asan::test::getPrintfFunction(); Opts.Printf = gwp_asan::test::getPrintfFunction();
Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce();
GPA.init(Opts); GPA.init(Opts);
} }
void TearDown() override { GPA.uninitTestOnly(); }
protected: protected:
gwp_asan::GuardedPoolAllocator GPA; gwp_asan::GuardedPoolAllocator GPA;
decltype(gwp_asan::options::Options::MaxSimultaneousAllocations) decltype(gwp_asan::options::Options::MaxSimultaneousAllocations)
MaxSimultaneousAllocations; MaxSimultaneousAllocations;
}; };
class BacktraceGuardedPoolAllocator : public ::testing::Test { class BacktraceGuardedPoolAllocator : public ::testing::Test {
public: public:
BacktraceGuardedPoolAllocator() { void SetUp() override {
gwp_asan::options::Options Opts; gwp_asan::options::Options Opts;
Opts.setDefaults(); Opts.setDefaults();
Opts.Printf = gwp_asan::test::getPrintfFunction(); Opts.Printf = gwp_asan::test::getPrintfFunction();
Opts.Backtrace = gwp_asan::options::getBacktraceFunction(); Opts.Backtrace = gwp_asan::options::getBacktraceFunction();
Opts.PrintBacktrace = gwp_asan::options::getPrintBacktraceFunction(); Opts.PrintBacktrace = gwp_asan::options::getPrintBacktraceFunction();
Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce();
GPA.init(Opts); GPA.init(Opts);
} }
void TearDown() override { GPA.uninitTestOnly(); }
protected: protected:
gwp_asan::GuardedPoolAllocator GPA; gwp_asan::GuardedPoolAllocator GPA;
}; };
#endif // GWP_ASAN_TESTS_HARNESS_H_ #endif // GWP_ASAN_TESTS_HARNESS_H_

compiler-rt/lib/gwp_asan/tests/harness.cpp

  • This file was added.
#include "harness.h"
namespace gwp_asan {
namespace test {
bool OnlyOnce() {
static int x = 0;
return !x++;
}
hctimUnsubmitted
Done
ReplyInline Actions

OnlyOnce?

hctim: `OnlyOnce`?
} // namespace test
} // namespace gwp_asan

compiler-rt/lib/scudo/standalone/CMakeLists.txt

add_compiler_rt_component(scudo_standalone) add_compiler_rt_component(scudo_standalone)
# FIXME: GWP-ASan is temporarily disabled, re-enable once issues are fixed. if (COMPILER_RT_HAS_GWP_ASAN)
if (FALSE AND COMPILER_RT_HAS_GWP_ASAN)
add_dependencies(scudo_standalone gwp_asan) add_dependencies(scudo_standalone gwp_asan)
endif() endif()
include_directories(../..) include_directories(../..)
set(SCUDO_CFLAGS) set(SCUDO_CFLAGS)
list(APPEND SCUDO_CFLAGS list(APPEND SCUDO_CFLAGS
▲ Show 20 LinesShow All 90 Lines▼ Show 20 Linesset(SCUDO_SOURCES_C_WRAPPERS
) )
set(SCUDO_SOURCES_CXX_WRAPPERS set(SCUDO_SOURCES_CXX_WRAPPERS
wrappers_cpp.cpp wrappers_cpp.cpp
) )
set(SCUDO_OBJECT_LIBS) set(SCUDO_OBJECT_LIBS)
if (FALSE AND COMPILER_RT_HAS_GWP_ASAN) if (COMPILER_RT_HAS_GWP_ASAN)
list(APPEND SCUDO_OBJECT_LIBS RTGwpAsan) list(APPEND SCUDO_OBJECT_LIBS RTGwpAsan)
list(APPEND SCUDO_CFLAGS -DGWP_ASAN_HOOKS) list(APPEND SCUDO_CFLAGS -DGWP_ASAN_HOOKS)
endif() endif()
if(COMPILER_RT_HAS_SCUDO_STANDALONE) if(COMPILER_RT_HAS_SCUDO_STANDALONE)
add_compiler_rt_object_libraries(RTScudoStandalone add_compiler_rt_object_libraries(RTScudoStandalone
ARCHS ${SCUDO_STANDALONE_SUPPORTED_ARCH} ARCHS ${SCUDO_STANDALONE_SUPPORTED_ARCH}
SOURCES ${SCUDO_SOURCES} SOURCES ${SCUDO_SOURCES}
Show All 35 Lines

compiler-rt/lib/scudo/standalone/combined.h

Show All 18 Lines
#include "quarantine.h" #include "quarantine.h"
#include "report.h" #include "report.h"
#include "secondary.h" #include "secondary.h"
#include "string_utils.h" #include "string_utils.h"
#include "tsd.h" #include "tsd.h"
#ifdef GWP_ASAN_HOOKS #ifdef GWP_ASAN_HOOKS
#include "gwp_asan/guarded_pool_allocator.h" #include "gwp_asan/guarded_pool_allocator.h"
// GWP-ASan is declared here in order to avoid indirect call overhead. It's also
// instantiated outside of the Allocator class, as the allocator is only
// zero-initialised. GWP-ASan requires constant initialisation, and the Scudo
// allocator doesn't have a constexpr constructor (see discussion here:
// https://reviews.llvm.org/D69265#inline-624315).
static gwp_asan::GuardedPoolAllocator GuardedAlloc;
#endif // GWP_ASAN_HOOKS #endif // GWP_ASAN_HOOKS
extern "C" inline void EmptyCallback() {} extern "C" inline void EmptyCallback() {}
namespace scudo { namespace scudo {
template <class Params, void (*PostInitCallback)(void) = EmptyCallback> template <class Params, void (*PostInitCallback)(void) = EmptyCallback>
class Allocator { class Allocator {
▲ Show 20 LinesShow All 107 Lines▼ Show 20 Lines void initLinkerInitialized() {
Stats.initLinkerInitialized(); Stats.initLinkerInitialized();
Primary.initLinkerInitialized(getFlags()->release_to_os_interval_ms); Primary.initLinkerInitialized(getFlags()->release_to_os_interval_ms);
Secondary.initLinkerInitialized(&Stats); Secondary.initLinkerInitialized(&Stats);
Quarantine.init( Quarantine.init(
static_cast<uptr>(getFlags()->quarantine_size_kb << 10), static_cast<uptr>(getFlags()->quarantine_size_kb << 10),
static_cast<uptr>(getFlags()->thread_local_quarantine_size_kb << 10)); static_cast<uptr>(getFlags()->thread_local_quarantine_size_kb << 10));
}
// Initialize the embedded GWP-ASan instance. Requires the main allocator to
// be functional, best called from PostInitCallback.
void initGwpAsan() {
#ifdef GWP_ASAN_HOOKS #ifdef GWP_ASAN_HOOKS
gwp_asan::options::Options Opt; gwp_asan::options::Options Opt;
Opt.Enabled = getFlags()->GWP_ASAN_Enabled; Opt.Enabled = getFlags()->GWP_ASAN_Enabled;
// Bear in mind - Scudo has its own alignment guarantees that are strictly // Bear in mind - Scudo has its own alignment guarantees that are strictly
// enforced. Scudo exposes the same allocation function for everything from // enforced. Scudo exposes the same allocation function for everything from
// malloc() to posix_memalign, so in general this flag goes unused, as Scudo // malloc() to posix_memalign, so in general this flag goes unused, as Scudo
// will always ask GWP-ASan for an aligned amount of bytes. // will always ask GWP-ASan for an aligned amount of bytes.
Opt.PerfectlyRightAlign = getFlags()->GWP_ASAN_PerfectlyRightAlign; Opt.PerfectlyRightAlign = getFlags()->GWP_ASAN_PerfectlyRightAlign;
Opt.MaxSimultaneousAllocations = Opt.MaxSimultaneousAllocations =
getFlags()->GWP_ASAN_MaxSimultaneousAllocations; getFlags()->GWP_ASAN_MaxSimultaneousAllocations;
Opt.SampleRate = getFlags()->GWP_ASAN_SampleRate; Opt.SampleRate = getFlags()->GWP_ASAN_SampleRate;
Opt.InstallSignalHandlers = getFlags()->GWP_ASAN_InstallSignalHandlers; Opt.InstallSignalHandlers = getFlags()->GWP_ASAN_InstallSignalHandlers;
// Embedded GWP-ASan is locked through the Scudo atfork handler (via
// Allocator::disable calling GWPASan.disable). Disable GWP-ASan's atfork
// handler.
Opt.InstallForkHandlers = false;
Opt.Printf = Printf; Opt.Printf = Printf;
GuardedAlloc.init(Opt); GuardedAlloc.init(Opt);
#endif // GWP_ASAN_HOOKS #endif // GWP_ASAN_HOOKS
} }
void reset() { memset(this, 0, sizeof(*this)); } void reset() { memset(this, 0, sizeof(*this)); }
void unmapTestOnly() { void unmapTestOnly() {
TSDRegistry.unmapTestOnly(); TSDRegistry.unmapTestOnly();
Primary.unmapTestOnly(); Primary.unmapTestOnly();
#ifdef GWP_ASAN_HOOKS
GuardedAlloc.uninitTestOnly();
#endif // GWP_ASAN_HOOKS
} }
TSDRegistryT *getTSDRegistry() { return &TSDRegistry; } TSDRegistryT *getTSDRegistry() { return &TSDRegistry; }
// The Cache must be provided zero-initialized. // The Cache must be provided zero-initialized.
void initCache(CacheT *Cache) { void initCache(CacheT *Cache) {
Cache->initLinkerInitialized(&Stats, &Primary); Cache->initLinkerInitialized(&Stats, &Primary);
} }
▲ Show 20 LinesShow All 317 Lines▼ Show 20 Lines#endif // GWP_ASAN_HOOKS
return NewPtr; return NewPtr;
} }
// TODO(kostyak): disable() is currently best-effort. There are some small // TODO(kostyak): disable() is currently best-effort. There are some small
// windows of time when an allocation could still succeed after // windows of time when an allocation could still succeed after
// this function finishes. We will revisit that later. // this function finishes. We will revisit that later.
void disable() { void disable() {
initThreadMaybe(); initThreadMaybe();
#ifdef GWP_ASAN_HOOKS
GuardedAlloc.disable();
#endif
TSDRegistry.disable(); TSDRegistry.disable();
Stats.disable(); Stats.disable();
Quarantine.disable(); Quarantine.disable();
Primary.disable(); Primary.disable();
Secondary.disable(); Secondary.disable();
} }
void enable() { void enable() {
initThreadMaybe(); initThreadMaybe();
Secondary.enable(); Secondary.enable();
Primary.enable(); Primary.enable();
Quarantine.enable(); Quarantine.enable();
Stats.enable(); Stats.enable();
TSDRegistry.enable(); TSDRegistry.enable();
#ifdef GWP_ASAN_HOOKS
GuardedAlloc.enable();
#endif
} }
// The function returns the amount of bytes required to store the statistics, // The function returns the amount of bytes required to store the statistics,
// which might be larger than the amount of bytes provided. Note that the // which might be larger than the amount of bytes provided. Note that the
// statistics buffer is not necessarily constant between calls to this // statistics buffer is not necessarily constant between calls to this
// function. This can be called with a null buffer or zero size for buffer // function. This can be called with a null buffer or zero size for buffer
// sizing purposes. // sizing purposes.
uptr getStats(char *Buffer, uptr Size) { uptr getStats(char *Buffer, uptr Size) {
▲ Show 20 LinesShow All 137 Lines▼ Show 20 Linesprivate:
struct { struct {
u8 MayReturnNull : 1; // may_return_null u8 MayReturnNull : 1; // may_return_null
u8 ZeroContents : 1; // zero_contents u8 ZeroContents : 1; // zero_contents
u8 DeallocTypeMismatch : 1; // dealloc_type_mismatch u8 DeallocTypeMismatch : 1; // dealloc_type_mismatch
u8 DeleteSizeMismatch : 1; // delete_size_mismatch u8 DeleteSizeMismatch : 1; // delete_size_mismatch
u32 QuarantineMaxChunkSize; // quarantine_max_chunk_size u32 QuarantineMaxChunkSize; // quarantine_max_chunk_size
} Options; } Options;
#ifdef GWP_ASAN_HOOKS
gwp_asan::GuardedPoolAllocator GuardedAlloc;
#endif // GWP_ASAN_HOOKS
// The following might get optimized out by the compiler. // The following might get optimized out by the compiler.
NOINLINE void performSanityChecks() { NOINLINE void performSanityChecks() {
// Verify that the header offset field can hold the maximum offset. In the // Verify that the header offset field can hold the maximum offset. In the
// case of the Secondary allocator, it takes care of alignment and the // case of the Secondary allocator, it takes care of alignment and the
// offset will always be small. In the case of the Primary, the worst case // offset will always be small. In the case of the Primary, the worst case
// scenario happens in the last size class, when the backend allocation // scenario happens in the last size class, when the backend allocation
// would already be aligned on the requested alignment, which would happen // would already be aligned on the requested alignment, which would happen
// to be the maximum alignment that would fit in that size class. As a // to be the maximum alignment that would fit in that size class. As a
▲ Show 20 LinesShow All 106 LinesShow Last 20 Lines

compiler-rt/lib/scudo/standalone/tests/CMakeLists.txt

Show All 14 Linesset(SCUDO_UNITTEST_CFLAGS
# Extra flags for the C++ tests # Extra flags for the C++ tests
# TODO(kostyak): find a way to make -fsized-deallocation work # TODO(kostyak): find a way to make -fsized-deallocation work
-Wno-mismatched-new-delete) -Wno-mismatched-new-delete)
if(ANDROID) if(ANDROID)
list(APPEND SCUDO_UNITTEST_CFLAGS -fno-emulated-tls) list(APPEND SCUDO_UNITTEST_CFLAGS -fno-emulated-tls)
endif() endif()
# FIXME: GWP-ASan is temporarily disabled, re-enable once issues are fixed. if (COMPILER_RT_HAS_GWP_ASAN)
if (FALSE AND COMPILER_RT_HAS_GWP_ASAN)
list(APPEND SCUDO_UNITTEST_CFLAGS -DGWP_ASAN_HOOKS) list(APPEND SCUDO_UNITTEST_CFLAGS -DGWP_ASAN_HOOKS)
endif() endif()
set(SCUDO_TEST_ARCH ${SCUDO_STANDALONE_SUPPORTED_ARCH}) set(SCUDO_TEST_ARCH ${SCUDO_STANDALONE_SUPPORTED_ARCH})
# gtests requires c++ # gtests requires c++
set(LINK_FLAGS ${COMPILER_RT_UNITTEST_LINK_FLAGS}) set(LINK_FLAGS ${COMPILER_RT_UNITTEST_LINK_FLAGS})
foreach(lib ${SANITIZER_TEST_CXX_LIBRARIES}) foreach(lib ${SANITIZER_TEST_CXX_LIBRARIES})
list(APPEND LINK_FLAGS -l${lib}) list(APPEND LINK_FLAGS -l${lib})
endforeach() endforeach()
list(APPEND LINK_FLAGS -pthread) list(APPEND LINK_FLAGS -pthread)
# Linking against libatomic is required with some compilers # Linking against libatomic is required with some compilers
list(APPEND LINK_FLAGS -latomic) list(APPEND LINK_FLAGS -latomic)
set(SCUDO_TEST_HEADERS) set(SCUDO_TEST_HEADERS)
foreach (header ${SCUDO_HEADERS}) foreach (header ${SCUDO_HEADERS})
list(APPEND SCUDO_TEST_HEADERS ${CMAKE_CURRENT_SOURCE_DIR}/../${header}) list(APPEND SCUDO_TEST_HEADERS ${CMAKE_CURRENT_SOURCE_DIR}/../${header})
endforeach() endforeach()
macro(add_scudo_unittest testname) macro(add_scudo_unittest testname)
cmake_parse_arguments(TEST "" "" "SOURCES;ADDITIONAL_RTOBJECTS" ${ARGN}) cmake_parse_arguments(TEST "" "" "SOURCES;ADDITIONAL_RTOBJECTS" ${ARGN})
if (FALSE AND COMPILER_RT_HAS_GWP_ASAN) if (COMPILER_RT_HAS_GWP_ASAN)
list(APPEND TEST_ADDITIONAL_RTOBJECTS RTGwpAsan) list(APPEND TEST_ADDITIONAL_RTOBJECTS RTGwpAsan)
endif() endif()
if(COMPILER_RT_HAS_SCUDO_STANDALONE) if(COMPILER_RT_HAS_SCUDO_STANDALONE)
foreach(arch ${SCUDO_TEST_ARCH}) foreach(arch ${SCUDO_TEST_ARCH})
# Additional runtime objects get added along RTScudoStandalone # Additional runtime objects get added along RTScudoStandalone
set(SCUDO_TEST_RTOBJECTS $<TARGET_OBJECTS:RTScudoStandalone.${arch}>) set(SCUDO_TEST_RTOBJECTS $<TARGET_OBJECTS:RTScudoStandalone.${arch}>)
foreach(rtobject ${TEST_ADDITIONAL_RTOBJECTS}) foreach(rtobject ${TEST_ADDITIONAL_RTOBJECTS})
▲ Show 20 LinesShow All 61 LinesShow Last 20 Lines

compiler-rt/lib/scudo/standalone/tests/combined_test.cpp

Show First 20 LinesShow All 258 Lines▼ Show 20 Linestemplate <class Config> static void testAllocator() {
std::string Stats(Buffer.begin(), Buffer.end()); std::string Stats(Buffer.begin(), Buffer.end());
// Basic checks on the contents of the statistics output, which also allows us // Basic checks on the contents of the statistics output, which also allows us
// to verify that we got it all. // to verify that we got it all.
EXPECT_NE(Stats.find("Stats: SizeClassAllocator"), std::string::npos); EXPECT_NE(Stats.find("Stats: SizeClassAllocator"), std::string::npos);
EXPECT_NE(Stats.find("Stats: MapAllocator"), std::string::npos); EXPECT_NE(Stats.find("Stats: MapAllocator"), std::string::npos);
EXPECT_NE(Stats.find("Stats: Quarantine"), std::string::npos); EXPECT_NE(Stats.find("Stats: Quarantine"), std::string::npos);
} }
// Test that multiple instantiations of the allocator have not messed up the
// process's signal handlers (GWP-ASan used to do this).
void testSEGV() {
const scudo::uptr Size = 4 * scudo::getPageSizeCached();
scudo::MapPlatformData Data = {};
void *P = scudo::map(nullptr, Size, "testSEGV", MAP_NOACCESS, &Data);
EXPECT_NE(P, nullptr);
EXPECT_DEATH(memset(P, 0xaa, Size), "");
scudo::unmap(P, Size, UNMAP_ALL, &Data);
}
TEST(ScudoCombinedTest, BasicCombined) { TEST(ScudoCombinedTest, BasicCombined) {
UseQuarantine = false; UseQuarantine = false;
testAllocator<scudo::AndroidSvelteConfig>(); testAllocator<scudo::AndroidSvelteConfig>();
#if SCUDO_FUCHSIA #if SCUDO_FUCHSIA
testAllocator<scudo::FuchsiaConfig>(); testAllocator<scudo::FuchsiaConfig>();
#else #else
testAllocator<scudo::DefaultConfig>(); testAllocator<scudo::DefaultConfig>();
UseQuarantine = true; UseQuarantine = true;
testAllocator<scudo::AndroidConfig>(); testAllocator<scudo::AndroidConfig>();
testSEGV();
#endif #endif
} }
template <typename AllocatorT> static void stressAllocator(AllocatorT *A) { template <typename AllocatorT> static void stressAllocator(AllocatorT *A) {
{ {
std::unique_lock<std::mutex> Lock(Mutex); std::unique_lock<std::mutex> Lock(Mutex);
while (!Ready) while (!Ready)
Cv.wait(Lock); Cv.wait(Lock);
▲ Show 20 LinesShow All 111 LinesShow Last 20 Lines

compiler-rt/lib/scudo/standalone/wrappers_c.inc

Show First 20 LinesShow All 144 Lines▼ Show 20 Lines
INTERFACE WEAK void SCUDO_PREFIX(malloc_enable)() { SCUDO_ALLOCATOR.enable(); } INTERFACE WEAK void SCUDO_PREFIX(malloc_enable)() { SCUDO_ALLOCATOR.enable(); }
INTERFACE WEAK void SCUDO_PREFIX(malloc_disable)() { INTERFACE WEAK void SCUDO_PREFIX(malloc_disable)() {
SCUDO_ALLOCATOR.disable(); SCUDO_ALLOCATOR.disable();
} }
void SCUDO_PREFIX(malloc_postinit)() { void SCUDO_PREFIX(malloc_postinit)() {
SCUDO_ALLOCATOR.initGwpAsan();
pthread_atfork(SCUDO_PREFIX(malloc_disable), SCUDO_PREFIX(malloc_enable), pthread_atfork(SCUDO_PREFIX(malloc_disable), SCUDO_PREFIX(malloc_enable),
SCUDO_PREFIX(malloc_enable)); SCUDO_PREFIX(malloc_enable));
} }
INTERFACE WEAK int SCUDO_PREFIX(mallopt)(int param, UNUSED int value) { INTERFACE WEAK int SCUDO_PREFIX(mallopt)(int param, UNUSED int value) {
if (param == M_DECAY_TIME) { if (param == M_DECAY_TIME) {
// TODO(kostyak): set release_to_os_interval_ms accordingly. // TODO(kostyak): set release_to_os_interval_ms accordingly.
return 1; return 1;
Show All 35 Lines