This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/
-
lib/dfsan/
-
dfsan/
4/4
dfsan.cpp
-
test/dfsan/
-
dfsan/
-
release_shadow_space.c

Differential D89662

Set Huge Page mode on shadow regions based on no_huge_pages_for_shadow
ClosedPublic

Authored by stephan.yichao.zhao on Oct 18 2020, 6:27 PM.

Download Raw Diff

Details

Reviewers

morehouse

Summary

It turned out that at dynamic shared library mode, the memory access

pattern can increase memory footprint significantly on OS when transparent
hugepages (THP) are enabled. This could cause >70x memory overhead than
running a static linked binary. For example, a static binary with RSS
overhead 300M can use > 23G RSS if it is built dynamically.
/proc/../smaps shows in 6204552 kB RSS 6141952 kB relates to
AnonHugePages.

Also such a high RSS happens in some rate: around 25% runs may use > 23G RSS, the
rest uses in between 6-23G. I guess this may relate to how user memory
is allocated and distributted across huge pages.

THP is a trade-off between time and space. We have a flag
no_huge_pages_for_shadow for sanitizer. It is true by default but DFSan
did not follow this. Depending on if a target is built statically or
dynamically, maybe Clang can set no_huge_pages_for_shadow accordingly
after this change. But it still seems fine to follow the default setting of
no_huge_pages_for_shadow. If time is an issue, and users are fine with
high RSS, this flag can be set to false selectively.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

stephan.yichao.zhao created this revision.Oct 18 2020, 6:27 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 18 2020, 6:27 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

stephan.yichao.zhao requested review of this revision.Oct 18 2020, 6:27 PM

Harbormaster completed remote builds in B75465: Diff 298898.Oct 18 2020, 6:59 PM

morehouse accepted this revision.Oct 19 2020, 12:02 PM

morehouse added inline comments.

compiler-rt/lib/dfsan/dfsan.cpp
440	Nit: Let's prefer `SetShadowRegionFlags` style for new code.

This revision is now accepted and ready to land.Oct 19 2020, 12:02 PM

morehouse requested changes to this revision.Oct 19 2020, 12:06 PM

morehouse added inline comments.

compiler-rt/lib/dfsan/dfsan.cpp
440	On second thought, let's eliminate this static function entirely since we only need to call it from one place.
447	Let's reuse `MmapFixedSuperNoReserve` and then to the `use_madv_dontdump` check inline here.
458	I think this is unnecessary here since the memory is marked `PROT_NONE` anyway.

This revision now requires changes to proceed.Oct 19 2020, 12:06 PM

But it still seems fine to follow the default setting of
no_huge_pages_for_shadow. If time is an issue, and users are fine with
high RSS, this flag can be set to false selectively.

I agree 100%

stephan.yichao.zhao marked 4 inline comments as done.Oct 19 2020, 1:08 PM

addressed comments

update

Harbormaster completed remote builds in B75580: Diff 299135.Oct 19 2020, 1:35 PM

LGTM, thanks!

This revision is now accepted and ready to land.Oct 19 2020, 1:36 PM

Harbormaster completed remote builds in B75578: Diff 299133.Oct 19 2020, 1:39 PM

submitted by https://github.com/llvm/llvm-project/commit/91dc545bf24daa60c21c93039408061194dd0ab3

stephan.yichao.zhao mentioned this in D96569: [dfsan] Turn off THP at dfsan_flush.Feb 11 2021, 7:19 PM

Jianzhou Zhao <jianzhouzh@google.com> mentioned this in rG7590c0078dd5: [dfsan] Turn off THP at dfsan_flush.Feb 12 2021, 9:11 AM

Revision Contents

Path

Size

compiler-rt/

lib/

dfsan/

dfsan.cpp

4 lines

test/

dfsan/

release_shadow_space.c

3 lines

Diff 299135

compiler-rt/lib/dfsan/dfsan.cpp

Show First 20 Lines • Show All 431 Lines • ▼ Show 20 Lines	static void dfsan_fini() {
}		}
}		}

extern "C" void dfsan_flush() {		extern "C" void dfsan_flush() {
if (!MmapFixedNoReserve(ShadowAddr(), UnusedAddr() - ShadowAddr()))		if (!MmapFixedNoReserve(ShadowAddr(), UnusedAddr() - ShadowAddr()))
Die();		Die();
}		}

static void dfsan_init(int argc, char argv, char envp) {		static void dfsan_init(int argc, char argv, char envp) {
		morehouseUnsubmitted Done Reply Inline Actions Nit: Let's prefer `SetShadowRegionFlags` style for new code. morehouse: Nit: Let's prefer `SetShadowRegionFlags` style for new code.
		morehouseUnsubmitted Done Reply Inline Actions On second thought, let's eliminate this static function entirely since we only need to call it from one place. morehouse: On second thought, let's eliminate this static function entirely since we only need to call it…
InitializeFlags();		InitializeFlags();

::InitializePlatformEarly();		::InitializePlatformEarly();

if (!MmapFixedNoReserve(ShadowAddr(), UnusedAddr() - ShadowAddr()))		if (!MmapFixedSuperNoReserve(ShadowAddr(), UnusedAddr() - ShadowAddr()))
Die();		Die();
		if (common_flags()->use_madv_dontdump)
		morehouseUnsubmitted Done Reply Inline Actions Let's reuse `MmapFixedSuperNoReserve` and then to the `use_madv_dontdump` check inline here. morehouse: Let's reuse `MmapFixedSuperNoReserve` and then to the `use_madv_dontdump` check inline here.
		DontDumpShadowMemory(ShadowAddr(), UnusedAddr() - ShadowAddr());

// Protect the region of memory we don't use, to preserve the one-to-one		// Protect the region of memory we don't use, to preserve the one-to-one
// mapping from application to shadow memory. But if ASLR is disabled, Linux		// mapping from application to shadow memory. But if ASLR is disabled, Linux
// will load our executable in the middle of our unused region. This mostly		// will load our executable in the middle of our unused region. This mostly
// works so long as the program doesn't use too much memory. We support this		// works so long as the program doesn't use too much memory. We support this
// case by disabling memory protection when ASLR is disabled.		// case by disabling memory protection when ASLR is disabled.
uptr init_addr = (uptr)&dfsan_init;		uptr init_addr = (uptr)&dfsan_init;
if (!(init_addr >= UnusedAddr() && init_addr < AppAddr()))		if (!(init_addr >= UnusedAddr() && init_addr < AppAddr()))
MmapFixedNoAccess(UnusedAddr(), AppAddr() - UnusedAddr());		MmapFixedNoAccess(UnusedAddr(), AppAddr() - UnusedAddr());

		morehouseUnsubmitted Done Reply Inline Actions I think this is unnecessary here since the memory is marked `PROT_NONE` anyway. morehouse: I think this is unnecessary here since the memory is marked `PROT_NONE` anyway.
InitializeInterceptors();		InitializeInterceptors();

// Register the fini callback to run when the program terminates successfully		// Register the fini callback to run when the program terminates successfully
// or it is killed by the runtime.		// or it is killed by the runtime.
Atexit(dfsan_fini);		Atexit(dfsan_fini);
AddDieCallback(dfsan_fini);		AddDieCallback(dfsan_fini);

__dfsan_label_info[kInitializingLabel].desc = "<init label>";		__dfsan_label_info[kInitializingLabel].desc = "<init label>";
}		}

#if SANITIZER_CAN_USE_PREINIT_ARRAY		#if SANITIZER_CAN_USE_PREINIT_ARRAY
__attribute__((section(".preinit_array"), used))		__attribute__((section(".preinit_array"), used))
static void (dfsan_init_ptr)(int, char , char *) = dfsan_init;		static void (dfsan_init_ptr)(int, char , char *) = dfsan_init;
#endif		#endif

compiler-rt/test/dfsan/release_shadow_space.c

	// RUN: %clang_dfsan %s -o %t && %run %t			// DFSAN_OPTIONS=no_huge_pages_for_shadow=false RUN: %clang_dfsan %s -o %t && %run %t
				// DFSAN_OPTIONS=no_huge_pages_for_shadow=true RUN: %clang_dfsan %s -o %t && %run %t

	#include <assert.h>			#include <assert.h>
	#include <sanitizer/dfsan_interface.h>			#include <sanitizer/dfsan_interface.h>
	#include <stdbool.h>			#include <stdbool.h>
	#include <stdio.h>			#include <stdio.h>
	#include <string.h>			#include <string.h>
	#include <sys/mman.h>			#include <sys/mman.h>
	#include <unistd.h>			#include <unistd.h>
	▲ Show 20 Lines • Show All 74 Lines • Show Last 20 Lines