This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/
-
asan/
-
asan_suppressions.cc
-
lsan/
-
lsan_common.cc
-
sanitizer_common/
-
sanitizer_coverage_libcdep.cc
-
sanitizer_symbolizer.h
-
sanitizer_symbolizer.cc
-
sanitizer_symbolizer_posix_libcdep.cc

Differential D8666

[Sanitizer RT] Put the module name string ownership in Symbolizer in order
ClosedPublic

Authored by timurrrr on Mar 27 2015, 10:20 AM.

Download Raw Diff

Details

Reviewers

kcc
samsonov

Summary

What do you think about this approach?
I haven't benchmarked it yet.

Diff Detail

Event Timeline

timurrrr updated this revision to Diff 22805.Mar 27 2015, 10:20 AM

timurrrr retitled this revision from to [Sanitizer RT] Put the module name string ownership in Symbolizer in order.

timurrrr updated this object.

timurrrr edited the test plan for this revision. (Show Details)

timurrrr added reviewers: kcc, samsonov.

timurrrr added a subscriber: Unknown Object (MLST).

I don't see any significant difference between runtimes of pdfium_test from Chromium with this patch and coverage enabled vs disabled on a 4 MB PDF.
Should I benchmark further?

What is the rationale? I see added complexity but don't see the benefit

sanitizer_symbolizer.cc
78 ↗	(On Diff #22805)	Why do you need a DTOR? Are you ever going to call it except for when the process is dying?

Rationale: we have a possible UAF in the RTL.
We either leak [see r233257] or UAF or manage the strings somehow.
A possible alternative is to replace char **module_name kind of returning a string to "pass us a fixed-size buffer" and char *module_name.

sanitizer_symbolizer.cc
78 ↗	(On Diff #22805)	Correct. Should I remove it?

In D8666#147984, @timurrrr wrote:

Rationale: we have a possible UAF in the RTL.
We either leak [see r233257] or UAF or manage the strings somehow.
A possible alternative is to replace char **module_name kind of returning a string to "pass us a fixed-size buffer" and char *module_name.

"pass us a fixed-size buffer" (i.e. the caller owns the buffer, we copy data there is better here, imho

sanitizer_symbolizer.cc
78 ↗	(On Diff #22805)	Yes, if we decide to proceed with this, but I'd prefer we don't

How does the caller pick the buffer size? Also, this way we'll be copying
a lot of strings without the need to do so...

In D8666#147989, @timurrrr wrote:

How does the caller pick the buffer size?

isn't this kMaxPathLength ?

Also, this way we'll be copying
a lot of strings without the need to do so...

How bad is that?
Are we getting the module name in any perf critical place?

How does the caller pick the buffer size?

isn't this kMaxPathLength ?

Yes, probably :)

Also, this way we'll be copying a lot of strings without the need to do so...
How bad is that?
Are we getting the module name in any perf critical place?

I haven't measured that yet, but I think it's basically once for each
TU in the default coverage mode.
Possibly more for edge coverage?

Like this?

Please note we have a warning if a function takes more than 512 bytes on stack, so I used InternalScopedString instead. This implies mmap+munmap on each TU on process startup, plus a few times on shutdown. I've tried the patch on pdfium_test and chrome and haven't observed much slowdown...

[TODO: update subject before comitting]

+glider

In D8666#148920, @timurrrr wrote:

Like this?

Yea.. This clearly sucks too. Probably more than you initial variant.
Let's get back to it and polish it.

Please note we have a warning if a function takes more than 512 bytes on stack, so I used InternalScopedString instead. This implies mmap+munmap on each TU on process startup, plus a few times on shutdown. I've tried the patch on pdfium_test and chrome and haven't observed much slowdown...

[TODO: update subject before comitting]

Reverted to the original version, sans destructor

Ok, let's go this way...

sanitizer_symbolizer.h
90 ↗	(On Diff #22900)	Can you modify the comments (and logic) by removing "as long as .. " These names should be just live forever, independent of anything.
120 ↗	(On Diff #22900)	Why race conditions? This may happen w/o any threads, right?
125 ↗	(On Diff #22900)	add a comment explaining thread-(un) safety and which lock should be held.

I think this change is reasonable. Timur, please make sure that (after this goes in) you audit the calls to Symbolizer::GetModuleNameAndOffsetForPC() and Symbolizer::GetModuleNameForPc() and remove internal_strdup() that could encounter at call sites: now we don't have to take ownership of these strings, as they are always owned by the Symbolizer.

sanitizer_symbolizer.cc
153 ↗	(On Diff #22900)	nullptr
sanitizer_symbolizer.h
124 ↗	(On Diff #22900)	Please use a named constant.
128 ↗	(On Diff #22900)	const char *
129 ↗	(On Diff #22900)	Why is this not a const char * ?

Addressed the review comments

PTAL

sanitizer_symbolizer.cc
153 ↗	(On Diff #22900)	Done
sanitizer_symbolizer.h
90 ↗	(On Diff #22900)	Comment – updated. What logic do I need to change now that the dtor is deleted?
120 ↗	(On Diff #22900)	Theoretically – yes, but not with the current code. Updated the comment.
124 ↗	(On Diff #22900)	Done
125 ↗	(On Diff #22900)	Done
128 ↗	(On Diff #22900)	yeah, done
129 ↗	(On Diff #22900)	Growth rings... Fixed, thanks for catching!

Timur, please make sure that (after this goes in) you audit the calls to Symbolizer::GetModuleNameAndOffsetForPC() and Symbolizer::GetModuleNameForPc() and remove internal_strdup() that could encounter at call sites: now we don't have to take ownership of these strings, as they are always owned by the Symbolizer.

I think I've already done it, but will double-check before committing when everything else is OK.

I'm OK with the change, but have a suggestion. Feel free to address it if you find it reasonable.

sanitizer_symbolizer.h
125 ↗	(On Diff #22908)	Suggestion: replace the `ModuleNameOwner` class with just a private method of `Symbolizer` class. Then you could self-documented code there: mu_.CheckLocked(); and probably hide `last_match_` in the implementation by making a function-static variable storing the cached const char *. It will be thread-safe (protected by mu_), and in practice we don't have many Symbolizer objects anyway.

This revision is now accepted and ready to land.Mar 30 2015, 2:42 PM

I think ModuleNameOwner might eventually turn into something bigger (e.g. ModulesHistory?) and/or it can be reused in other parts of the RTL (e.g. StringsCache/StringsOwner?), so I think it makes sense to keep it as a separate self-contained type.
I liked the idea of CheckLocked though, so I've decided to just pass a pointer to the Symbolizer::mu_ mutex to the ModuleNameOwner ctor.

Please take a look at r233687.

Revision Contents

Path

Size

lib/

asan/

asan_suppressions.cc

7 lines

lsan/

lsan_common.cc

8 lines

sanitizer_common/

sanitizer_coverage_libcdep.cc

53 lines

sanitizer_symbolizer.h

17 lines

sanitizer_symbolizer.cc

14 lines

sanitizer_symbolizer_posix_libcdep.cc

6 lines

Diff 22889

lib/asan/asan_suppressions.cc

Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines	bool IsStackTraceSuppressed(const StackTrace *stack) {
CHECK(suppression_ctx);		CHECK(suppression_ctx);
Symbolizer *symbolizer = Symbolizer::GetOrInit();		Symbolizer *symbolizer = Symbolizer::GetOrInit();
Suppression *s;		Suppression *s;
for (uptr i = 0; i < stack->size && stack->trace[i]; i++) {		for (uptr i = 0; i < stack->size && stack->trace[i]; i++) {
uptr addr = stack->trace[i];		uptr addr = stack->trace[i];

if (suppression_ctx->HasSuppressionType(kInterceptorViaLibrary)) {		if (suppression_ctx->HasSuppressionType(kInterceptorViaLibrary)) {
// Match "interceptor_via_lib" suppressions.		// Match "interceptor_via_lib" suppressions.
if (const char *module_name = symbolizer->GetModuleNameForPc(addr))		InternalScopedString mod_name(kMaxPathLength);
if (suppression_ctx->Match(module_name, kInterceptorViaLibrary, &s))		if (symbolizer->GetModuleNameForPc(addr, mod_name.data()) &&
		suppression_ctx->Match(mod_name.data(), kInterceptorViaLibrary, &s))
return true;		return true;
}		}

if (suppression_ctx->HasSuppressionType(kInterceptorViaFunction)) {		if (suppression_ctx->HasSuppressionType(kInterceptorViaFunction)) {
SymbolizedStack *frames = symbolizer->SymbolizePC(addr);		SymbolizedStack *frames = symbolizer->SymbolizePC(addr);
for (SymbolizedStack *cur = frames; cur; cur = cur->next) {		for (SymbolizedStack *cur = frames; cur; cur = cur->next) {
const char *function_name = cur->info.function;		const char *function_name = cur->info.function;
if (!function_name) {		if (!function_name) {
continue;		continue;
Show All 15 Lines

lib/lsan/lsan_common.cc

Show First 20 Lines • Show All 430 Lines • ▼ Show 20 Lines	void DoLeakCheck() {
}		}
}		}

static Suppression *GetSuppressionForAddr(uptr addr) {		static Suppression *GetSuppressionForAddr(uptr addr) {
Suppression *s = nullptr;		Suppression *s = nullptr;

// Suppress by module name.		// Suppress by module name.
SuppressionContext *suppressions = GetSuppressionContext();		SuppressionContext *suppressions = GetSuppressionContext();
if (const char *module_name =		InternalScopedString module_name(kMaxPathLength);
Symbolizer::GetOrInit()->GetModuleNameForPc(addr))		if (Symbolizer::GetOrInit()->GetModuleNameForPc(addr, module_name.data()) &&
if (suppressions->Match(module_name, kSuppressionLeak, &s))		suppressions->Match(module_name.data(), kSuppressionLeak, &s))
return s;		return s;

// Suppress by file or function name.		// Suppress by file or function name.
SymbolizedStack *frames = Symbolizer::GetOrInit()->SymbolizePC(addr);		SymbolizedStack *frames = Symbolizer::GetOrInit()->SymbolizePC(addr);
for (SymbolizedStack *cur = frames; cur; cur = cur->next) {		for (SymbolizedStack *cur = frames; cur; cur = cur->next) {
if (suppressions->Match(cur->info.function, kSuppressionLeak, &s) \|\|		if (suppressions->Match(cur->info.function, kSuppressionLeak, &s) \|\|
suppressions->Match(cur->info.file, kSuppressionLeak, &s)) {		suppressions->Match(cur->info.file, kSuppressionLeak, &s)) {
break;		break;
}		}
▲ Show 20 Lines • Show All 235 Lines • Show Last 20 Lines

lib/sanitizer_common/sanitizer_coverage_libcdep.cc

Show First 20 Lines • Show All 329 Lines • ▼ Show 20 Lines	void CoverageData::InitializeCounters(u8 *counters, uptr n) {
num_8bit_counters += n;		num_8bit_counters += n;
}		}

void CoverageData::UpdateModuleNameVec(uptr caller_pc, uptr range_beg,		void CoverageData::UpdateModuleNameVec(uptr caller_pc, uptr range_beg,
uptr range_end) {		uptr range_end) {
auto sym = Symbolizer::GetOrInit();		auto sym = Symbolizer::GetOrInit();
if (!sym)		if (!sym)
return;		return;
const char *module_name = sym->GetModuleNameForPc(caller_pc);		InternalScopedString module_name(kMaxPathLength);
if (!module_name) return;		if (!sym->GetModuleNameForPc(caller_pc, module_name.data()))
		return;
if (module_name_vec.empty() \|\|		if (module_name_vec.empty() \|\|
internal_strcmp(module_name_vec.back().copied_module_name, module_name))		internal_strcmp(module_name_vec.back().copied_module_name,
		module_name.data()))
module_name_vec.push_back(		module_name_vec.push_back(
{internal_strdup(module_name), range_beg, range_end});		{ internal_strdup(module_name.data()), range_beg, range_end });
else		else
module_name_vec.back().end = range_end;		module_name_vec.back().end = range_end;
}		}

void CoverageData::InitializeGuards(s32 *guards, uptr n,		void CoverageData::InitializeGuards(s32 *guards, uptr n,
const char *comp_unit_name,		const char *comp_unit_name,
uptr caller_pc) {		uptr caller_pc) {
// The array 'guards' has n+1 elements, we use the element zero		// The array 'guards' has n+1 elements, we use the element zero
▲ Show 20 Lines • Show All 230 Lines • ▼ Show 20 Lines
// Dump trace PCs and trace events into two separate files.		// Dump trace PCs and trace events into two separate files.
void CoverageData::DumpTrace() {		void CoverageData::DumpTrace() {
uptr max_idx = tr_event_pointer - tr_event_array;		uptr max_idx = tr_event_pointer - tr_event_array;
if (!max_idx) return;		if (!max_idx) return;
auto sym = Symbolizer::GetOrInit();		auto sym = Symbolizer::GetOrInit();
if (!sym)		if (!sym)
return;		return;
InternalScopedString out(32 << 20);		InternalScopedString out(32 << 20);
		InternalScopedString module_name(kMaxPathLength);
for (uptr i = 0, n = size(); i < n; i++) {		for (uptr i = 0, n = size(); i < n; i++) {
const char *module_name = "<unknown>";		module_name.clear();
uptr module_address = 0;		module_name.append("<unknown>");
sym->GetModuleNameAndOffsetForPC(UnbundlePc(pc_array[i]), &module_name,		uptr offset = 0;
&module_address);		sym->GetModuleNameAndOffsetForPC(UnbundlePc(pc_array[i]),
out.append("%s 0x%zx\n", module_name, module_address);		module_name.data(), &offset);
		out.append("%s 0x%zx\n", module_name.data(), offset);
}		}
InternalScopedString path(kMaxPathLength);		InternalScopedString path(kMaxPathLength);
int fd = CovOpenFile(&path, false, "trace-points");		int fd = CovOpenFile(&path, false, "trace-points");
if (fd < 0) return;		if (fd < 0) return;
internal_write(fd, out.data(), out.length());		internal_write(fd, out.data(), out.length());
internal_close(fd);		internal_close(fd);

fd = CovOpenFile(&path, false, "trace-compunits");		fd = CovOpenFile(&path, false, "trace-compunits");
Show All 28 Lines
void CoverageData::DumpCallerCalleePairs() {		void CoverageData::DumpCallerCalleePairs() {
uptr max_idx = atomic_load(&cc_array_index, memory_order_relaxed);		uptr max_idx = atomic_load(&cc_array_index, memory_order_relaxed);
if (!max_idx) return;		if (!max_idx) return;
auto sym = Symbolizer::GetOrInit();		auto sym = Symbolizer::GetOrInit();
if (!sym)		if (!sym)
return;		return;
InternalScopedString out(32 << 20);		InternalScopedString out(32 << 20);
uptr total = 0;		uptr total = 0;
		InternalScopedString caller_module_name(kMaxPathLength),
		callee_module_name(kMaxPathLength);
for (uptr i = 0; i < max_idx; i++) {		for (uptr i = 0; i < max_idx; i++) {
uptr *cc_cache = cc_array[i];		uptr *cc_cache = cc_array[i];
CHECK(cc_cache);		CHECK(cc_cache);
uptr caller = cc_cache[0];		uptr caller = cc_cache[0];
uptr n_callees = cc_cache[1];		uptr n_callees = cc_cache[1];
const char *caller_module_name = "<unknown>";		caller_module_name.clear();
uptr caller_module_address = 0;		caller_module_name.append("<unknown>");
sym->GetModuleNameAndOffsetForPC(caller, &caller_module_name,		uptr caller_module_offset = 0;
&caller_module_address);		sym->GetModuleNameAndOffsetForPC(caller, caller_module_name.data(),
		&caller_module_offset);
for (uptr j = 2; j < n_callees; j++) {		for (uptr j = 2; j < n_callees; j++) {
uptr callee = cc_cache[j];		uptr callee = cc_cache[j];
if (!callee) break;		if (!callee) break;
total++;		total++;
const char *callee_module_name = "<unknown>";		callee_module_name.clear();
uptr callee_module_address = 0;		callee_module_name.append("<unknown>");
sym->GetModuleNameAndOffsetForPC(callee, &callee_module_name,		uptr callee_module_offset = 0;
&callee_module_address);		sym->GetModuleNameAndOffsetForPC(callee, callee_module_name.data(),
out.append("%s 0x%zx\n%s 0x%zx\n", caller_module_name,		&callee_module_offset);
caller_module_address, callee_module_name,		out.append("%s 0x%zx\n%s 0x%zx\n", caller_module_name.data(),
callee_module_address);		caller_module_offset, callee_module_name.data(),
		callee_module_offset);
}		}
}		}
InternalScopedString path(kMaxPathLength);		InternalScopedString path(kMaxPathLength);
int fd = CovOpenFile(&path, false, "caller-callee");		int fd = CovOpenFile(&path, false, "caller-callee");
if (fd < 0) return;		if (fd < 0) return;
internal_write(fd, out.data(), out.length());		internal_write(fd, out.data(), out.length());
internal_close(fd);		internal_close(fd);
VReport(1, " CovDump: %zd caller-callee pairs written\n", total);		VReport(1, " CovDump: %zd caller-callee pairs written\n", total);
▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines	for (uptr m = 0; m < module_name_vec.size(); m++) {
auto r = module_name_vec[m];		auto r = module_name_vec[m];
CHECK(r.copied_module_name);		CHECK(r.copied_module_name);
CHECK_LE(r.beg, r.end);		CHECK_LE(r.beg, r.end);
CHECK_LE(r.end, size());		CHECK_LE(r.end, size());
for (uptr i = r.beg; i < r.end; i++) {		for (uptr i = r.beg; i < r.end; i++) {
uptr pc = UnbundlePc(pc_array[i]);		uptr pc = UnbundlePc(pc_array[i]);
uptr counter = UnbundleCounter(pc_array[i]);		uptr counter = UnbundleCounter(pc_array[i]);
if (!pc) continue; // Not visited.		if (!pc) continue; // Not visited.
const char *unused;
uptr offset = 0;		uptr offset = 0;
sym->GetModuleNameAndOffsetForPC(pc, &unused, &offset);		sym->GetModuleOffsetForPc(pc, &offset);
offsets.push_back(BundlePcAndCounter(offset, counter));		offsets.push_back(BundlePcAndCounter(offset, counter));
}		}

CHECK_GE(offsets.size(), num_words_for_magic);		CHECK_GE(offsets.size(), num_words_for_magic);
SortArray(offsets.data(), offsets.size());		SortArray(offsets.data(), offsets.size());
for (uptr i = 0; i < offsets.size(); i++)		for (uptr i = 0; i < offsets.size(); i++)
offsets[i] = UnbundlePc(offsets[i]);		offsets[i] = UnbundlePc(offsets[i]);

▲ Show 20 Lines • Show All 169 Lines • Show Last 20 Lines

lib/sanitizer_common/sanitizer_symbolizer.h

	Show First 20 Lines • Show All 78 Lines • ▼ Show 20 Lines
	public:			public:
	/// Initialize and return platform-specific implementation of symbolizer			/// Initialize and return platform-specific implementation of symbolizer
	/// (if it wasn't already initialized).			/// (if it wasn't already initialized).
	static Symbolizer *GetOrInit();			static Symbolizer *GetOrInit();
	// Returns a list of symbolized frames for a given address (containing			// Returns a list of symbolized frames for a given address (containing
	// all inlined functions, if necessary).			// all inlined functions, if necessary).
	SymbolizedStack *SymbolizePC(uptr address);			SymbolizedStack *SymbolizePC(uptr address);
	bool SymbolizeData(uptr address, DataInfo *info);			bool SymbolizeData(uptr address, DataInfo *info);
	bool GetModuleNameAndOffsetForPC(uptr pc, const char **module_name,
	uptr *module_address);			// \|name\| should contain at least kMaxPathLength bytes.
	const char *GetModuleNameForPc(uptr pc) {			bool GetModuleNameAndOffsetForPC(uptr pc, char name, uptr offset);
	const char *module_name = 0;			bool GetModuleNameForPc(uptr pc, char *name) {
	uptr unused;			return GetModuleNameAndOffsetForPC(pc, name, nullptr);
	if (GetModuleNameAndOffsetForPC(pc, &module_name, &unused))			}
	return module_name;			bool GetModuleOffsetForPc(uptr pc, uptr *offset) {
	return nullptr;			return GetModuleNameAndOffsetForPC(pc, nullptr, offset);
	}			}

	// Release internal caches (if any).			// Release internal caches (if any).
	void Flush();			void Flush();
	// Attempts to demangle the provided C++ mangled name.			// Attempts to demangle the provided C++ mangled name.
	const char Demangle(const char name);			const char Demangle(const char name);
	void PrepareForSandboxing();			void PrepareForSandboxing();

	// Allow user to install hooks that would be called before/after Symbolizer			// Allow user to install hooks that would be called before/after Symbolizer
	// does the actual file/line info fetching. Specific sanitizers may need this			// does the actual file/line info fetching. Specific sanitizers may need this
	▲ Show 20 Lines • Show All 50 Lines • Show Last 20 Lines

lib/sanitizer_common/sanitizer_symbolizer.cc

Show First 20 Lines • Show All 123 Lines • ▼ Show 20 Lines	for (auto iter = Iterator(&tools_); iter.hasNext();) {
SymbolizerScope sym_scope(this);		SymbolizerScope sym_scope(this);
if (tool->SymbolizeData(addr, info)) {		if (tool->SymbolizeData(addr, info)) {
return true;		return true;
}		}
}		}
return true;		return true;
}		}

bool Symbolizer::GetModuleNameAndOffsetForPC(uptr pc, const char **module_name,		bool Symbolizer::GetModuleNameAndOffsetForPC(uptr pc, char *name,
uptr *module_address) {		uptr *offset) {
BlockingMutexLock l(&mu_);		BlockingMutexLock l(&mu_);
return PlatformFindModuleNameAndOffsetForAddress(pc, module_name,		const char *internal_name;
module_address);		bool ret = PlatformFindModuleNameAndOffsetForAddress(pc, &internal_name,
		offset);
		if (ret && name) {
		internal_strncpy(name, internal_name, kMaxPathLength - 1);
		name[kMaxPathLength - 1] = '\0';
		}
		return ret;
}		}

void Symbolizer::Flush() {		void Symbolizer::Flush() {
BlockingMutexLock l(&mu_);		BlockingMutexLock l(&mu_);
for (auto iter = Iterator(&tools_); iter.hasNext();) {		for (auto iter = Iterator(&tools_); iter.hasNext();) {
auto *tool = iter.next();		auto *tool = iter.next();
SymbolizerScope sym_scope(this);		SymbolizerScope sym_scope(this);
tool->Flush();		tool->Flush();
Show All 20 Lines

lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc

Show First 20 Lines • Show All 394 Lines • ▼ Show 20 Lines	#endif
}		}

bool PlatformFindModuleNameAndOffsetForAddress(uptr address,		bool PlatformFindModuleNameAndOffsetForAddress(uptr address,
const char **module_name,		const char **module_name,
uptr *module_offset) override {		uptr *module_offset) override {
LoadedModule *module = FindModuleForAddress(address);		LoadedModule *module = FindModuleForAddress(address);
if (module == 0)		if (module == 0)
return false;		return false;
		if (module_name)
*module_name = module->full_name();		*module_name = module->full_name();
		if (module_offset)
*module_offset = address - module->base_address();		*module_offset = address - module->base_address();
return true;		return true;
}		}

// 16K loaded modules should be enough for everyone.		// 16K loaded modules should be enough for everyone.
static const uptr kMaxNumberOfModuleContexts = 1 << 14;		static const uptr kMaxNumberOfModuleContexts = 1 << 14;
LoadedModule modules_[kMaxNumberOfModuleContexts];		LoadedModule modules_[kMaxNumberOfModuleContexts];
uptr n_modules_;		uptr n_modules_;
// If stale, need to reload the modules before looking up addresses.		// If stale, need to reload the modules before looking up addresses.
▲ Show 20 Lines • Show All 90 Lines • Show Last 20 Lines