This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/
-
lib/
-
asan/
-
asan_allocator.cpp
-
lsan/
-
lsan_allocator.cpp
4/4
lsan_common.h
4/4
lsan_common.cpp

Differential D95183

[LSan] Introduce a callback mechanism to allow adding data reachable from ThreadContexts to the frontier.
ClosedPublic

Authored by delcypher on Jan 21 2021, 4:18 PM.

Download Raw Diff

Details

Reviewers

kubamracek
yln
kcc
dvyukov
eugenis
vitalybuka
cryptoad
earthdok

Commits

rGdd922bc2a621: [LSan] Introduce a callback mechanism to allow adding data reachable from…

Summary

This mechanism is intended to provide a way to treat the arg pointer
of a created (but not yet started) thread as reachable. In future
patches this will be implemented in ForEachRegisteredThreadContextCb.

A separate implementation of ForEachRegisteredThreadContextCb exists
for ASan and LSan runtimes because they need to be implemented
differently in future patches.

rdar://problem/63537240

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

delcypher requested review of this revision.Jan 21 2021, 4:18 PM

delcypher created this revision.

Herald added a project: Restricted Project. · View Herald TranscriptJan 21 2021, 4:18 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

delcypher added a child revision: D95184: [ASan] Stop blocking child thread progress from parent thread in `pthread_create` interceptor..Jan 21 2021, 4:19 PM

delcypher mentioned this in D94210: [ASan] Stop blocking child thread progress from parent thread in `pthread_create` interceptor..

delcypher mentioned this in D95184: [ASan] Stop blocking child thread progress from parent thread in `pthread_create` interceptor..Jan 21 2021, 4:26 PM

Harbormaster completed remote builds in B86187: Diff 318348.Jan 21 2021, 7:19 PM

vitalybuka added inline comments.Jan 21 2021, 8:53 PM

compiler-rt/lib/lsan/lsan_common.cpp
549	to avoid frontier access from asan could you please just: InternalMmapVector<uptr> ptrs; GetThreadRegistryLocked()->RunCallbackForEachThreadLocked( ForEachRegisteredThreadContextCb, &ptrs); for (: ptr) { // process ptr here. } another option is nested callback but it seems unnecessary
559	I would prefer if we handle this in ProcessThreads(suspended_threads, frontier) for suspended_threads But I guess we don't know if just created threads are in suspended_threads. Still this is very Thread related so maybe call GetThreadRegistryLocked()->RunCallbackForEachThreadLocked( from the ProcessThreads() with commend that GetThreadRegistryLocked may contains threads
compiler-rt/lib/lsan/lsan_common.h
52–53	forward declaration instead of the new include?
146	Maybe ForEachRegisteredThreadContextCb -> GetAdditionalThreadContextPtrs to show what is expected from this CB

delcypher added inline comments.Jan 22 2021, 12:47 PM

compiler-rt/lib/lsan/lsan_common.cpp
549	Good idea. This means that ASan and LSan can share some logic here and it avoids the problems I ran into trying to use `flags()->log_pointers` from `asan_allocator.cpp`
559	I would prefer if we handle this in ProcessThreads(suspended_threads, frontier) for suspended_threads But I guess we don't know if just created threads are in suspended_threads. I don't think we can use `suspended_threads`. I glanced at the origin of the `suspend_threads` list and on Linux that comes from reading `/proc//task` (see `ThreadLister::ThreadLister`). That won't necessarily contain be the threads (not started) we are interested in. The types are also wrong. The list of suspended threads look like `tid_t` but we actually need the `ThreadContext` objects which would require a O(N) look up into the thread registry anyway. It's simpler to just walk the thread registry. I could move the code walking the thread registry into `ProcessThreads`. However, that function is already pretty big. Can I just change `ProcessThreads()` to call `ProcessThreadRegistry()` at the end to make the code easier to read?*
compiler-rt/lib/lsan/lsan_common.h
52–53	I'll try it out. I can't actually remember why this include was necessary. It might be that's actually needed for the subsequent patch.
146	Good idea. I'll do rename.

delcypher marked 3 inline comments as not done.Jan 22 2021, 12:58 PM

Address first round of feedback.

delcypher marked 4 inline comments as done.Jan 22 2021, 6:14 PM

Harbormaster completed remote builds in B86381: Diff 318712.Jan 22 2021, 6:42 PM

Thanks, LGTM.

This revision is now accepted and ready to land.Jan 22 2021, 7:20 PM

This revision was landed with ongoing or failed builds.Jan 22 2021, 7:27 PM

Closed by commit rGdd922bc2a621: [LSan] Introduce a callback mechanism to allow adding data reachable from… (authored by delcypher). · Explain Why

This revision was automatically updated to reflect the committed changes.

delcypher added a commit: rGdd922bc2a621: [LSan] Introduce a callback mechanism to allow adding data reachable from….

Revision Contents

Path

Size

compiler-rt/

lib/

asan/

asan_allocator.cpp

10 lines

lsan/

lsan_allocator.cpp

10 lines

lsan_common.h

2 lines

lsan_common.cpp

24 lines

Diff 318720

compiler-rt/lib/asan/asan_allocator.cpp

Show First 20 Lines • Show All 1,177 Lines • ▼ Show 20 Lines	if (!m \|\|
!m->AddrIsInside(addr)) {		!m->AddrIsInside(addr)) {
return kIgnoreObjectInvalid;		return kIgnoreObjectInvalid;
}		}
if (m->lsan_tag == kIgnored)		if (m->lsan_tag == kIgnored)
return kIgnoreObjectAlreadyIgnored;		return kIgnoreObjectAlreadyIgnored;
m->lsan_tag = __lsan::kIgnored;		m->lsan_tag = __lsan::kIgnored;
return kIgnoreObjectSuccess;		return kIgnoreObjectSuccess;
}		}

		void GetAdditionalThreadContextPtrs(ThreadContextBase tctx, void ptrs) {
		// This function can be used to treat memory reachable from `tctx` as live.
		// This is useful for threads that have been created but not yet started.

		// This is currently a no-op because the ASan `pthread_create()` interceptor
		// blocks until the child thread starts which keeps the thread's `arg` pointer
		// live.
		}

} // namespace __lsan		} // namespace __lsan

// ---------------------- Interface ---------------- {{{1		// ---------------------- Interface ---------------- {{{1
using namespace __asan;		using namespace __asan;

// ASan allocator doesn't reserve extra bytes, so normally we would		// ASan allocator doesn't reserve extra bytes, so normally we would
// just return "size". We don't want to expose our redzone sizes, etc here.		// just return "size". We don't want to expose our redzone sizes, etc here.
uptr __sanitizer_get_estimated_allocated_size(uptr size) {		uptr __sanitizer_get_estimated_allocated_size(uptr size) {
▲ Show 20 Lines • Show All 42 Lines • Show Last 20 Lines

compiler-rt/lib/lsan/lsan_allocator.cpp

Show First 20 Lines • Show All 303 Lines • ▼ Show 20 Lines	if (m->allocated && (uptr)p < (uptr)chunk + m->requested_size) {
if (m->tag == kIgnored)		if (m->tag == kIgnored)
return kIgnoreObjectAlreadyIgnored;		return kIgnoreObjectAlreadyIgnored;
m->tag = kIgnored;		m->tag = kIgnored;
return kIgnoreObjectSuccess;		return kIgnoreObjectSuccess;
} else {		} else {
return kIgnoreObjectInvalid;		return kIgnoreObjectInvalid;
}		}
}		}

		void GetAdditionalThreadContextPtrs(ThreadContextBase tctx, void ptrs) {
		// This function can be used to treat memory reachable from `tctx` as live.
		// This is useful for threads that have been created but not yet started.

		// This is currently a no-op because the LSan `pthread_create()` interceptor
		// blocks until the child thread starts which keeps the thread's `arg` pointer
		// live.
		}

} // namespace __lsan		} // namespace __lsan

using namespace __lsan;		using namespace __lsan;

extern "C" {		extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
uptr __sanitizer_get_current_allocated_bytes() {		uptr __sanitizer_get_current_allocated_bytes() {
uptr stats[AllocatorStatCount];		uptr stats[AllocatorStatCount];
▲ Show 20 Lines • Show All 41 Lines • Show Last 20 Lines

compiler-rt/lib/lsan/lsan_common.h

Show First 20 Lines • Show All 43 Lines • ▼ Show 20 Lines
#elif SANITIZER_NETBSD \|\| SANITIZER_FUCHSIA		#elif SANITIZER_NETBSD \|\| SANITIZER_FUCHSIA
#define CAN_SANITIZE_LEAKS 1		#define CAN_SANITIZE_LEAKS 1
#else		#else
#define CAN_SANITIZE_LEAKS 0		#define CAN_SANITIZE_LEAKS 0
#endif		#endif

namespace __sanitizer {		namespace __sanitizer {
class FlagParser;		class FlagParser;
class ThreadRegistry;		class ThreadRegistry;
		class ThreadContextBase;
		vitalybukaUnsubmitted Done Reply Inline Actions forward declaration instead of the new include? vitalybuka: forward declaration instead of the new include?
		delcypherAuthorUnsubmitted Done Reply Inline Actions I'll try it out. I can't actually remember why this include was necessary. It might be that's actually needed for the subsequent patch. delcypher: I'll try it out. I can't actually remember why this include was necessary. It might be that's…
struct DTLS;		struct DTLS;
}		}

namespace __lsan {		namespace __lsan {

// Chunk tags.		// Chunk tags.
enum ChunkTag {		enum ChunkTag {
kDirectlyLeaked = 0, // default		kDirectlyLeaked = 0, // default
▲ Show 20 Lines • Show All 76 Lines • ▼ Show 20 Lines	struct CheckForLeaksParam {
LeakReport leak_report;		LeakReport leak_report;
bool success = false;		bool success = false;
};		};

InternalMmapVector<RootRegion> const *GetRootRegions();		InternalMmapVector<RootRegion> const *GetRootRegions();
void ScanRootRegion(Frontier *frontier, RootRegion const &region,		void ScanRootRegion(Frontier *frontier, RootRegion const &region,
uptr region_begin, uptr region_end, bool is_readable);		uptr region_begin, uptr region_end, bool is_readable);
void ForEachExtraStackRangeCb(uptr begin, uptr end, void* arg);		void ForEachExtraStackRangeCb(uptr begin, uptr end, void* arg);
		void GetAdditionalThreadContextPtrs(ThreadContextBase tctx, void ptrs);
		vitalybukaUnsubmitted Done Reply Inline Actions Maybe ForEachRegisteredThreadContextCb -> GetAdditionalThreadContextPtrs to show what is expected from this CB vitalybuka: Maybe ForEachRegisteredThreadContextCb -> GetAdditionalThreadContextPtrs to show what is…
		delcypherAuthorUnsubmitted Done Reply Inline Actions Good idea. I'll do rename. delcypher: Good idea. I'll do rename.
// Run stoptheworld while holding any platform-specific locks, as well as the		// Run stoptheworld while holding any platform-specific locks, as well as the
// allocator and thread registry locks.		// allocator and thread registry locks.
void LockStuffAndStopTheWorld(StopTheWorldCallback callback,		void LockStuffAndStopTheWorld(StopTheWorldCallback callback,
CheckForLeaksParam* argument);		CheckForLeaksParam* argument);

void ScanRangeForPointers(uptr begin, uptr end,		void ScanRangeForPointers(uptr begin, uptr end,
Frontier *frontier,		Frontier *frontier,
const char *region_type, ChunkTag tag);		const char *region_type, ChunkTag tag);
▲ Show 20 Lines • Show All 130 Lines • Show Last 20 Lines

compiler-rt/lib/lsan/lsan_common.cpp

Show First 20 Lines • Show All 247 Lines • ▼ Show 20 Lines
#else		#else

#if SANITIZER_ANDROID		#if SANITIZER_ANDROID
// FIXME: Move this out into *libcdep.cpp		// FIXME: Move this out into *libcdep.cpp
extern "C" SANITIZER_WEAK_ATTRIBUTE void __libc_iterate_dynamic_tls(		extern "C" SANITIZER_WEAK_ATTRIBUTE void __libc_iterate_dynamic_tls(
pid_t, void (cb)(void , void , uptr, void ), void *);		pid_t, void (cb)(void , void , uptr, void ), void *);
#endif		#endif

		static void ProcessThreadRegistry(Frontier *frontier) {
		InternalMmapVector<uptr> ptrs;
		GetThreadRegistryLocked()->RunCallbackForEachThreadLocked(
		GetAdditionalThreadContextPtrs, &ptrs);

		for (uptr i = 0; i < ptrs.size(); ++i) {
		void ptr = reinterpret_cast<void >(ptrs[i]);
		uptr chunk = PointsIntoChunk(ptr);
		if (!chunk)
		continue;
		LsanMetadata m(chunk);
		if (!m.allocated())
		continue;

		// Mark as reachable and add to frontier.
		LOG_POINTERS("Treating pointer %p from ThreadContext as reachable\n", ptr);
		m.set_tag(kReachable);
		frontier->push_back(chunk);
		}
		}

// Scans thread data (stacks and TLS) for heap pointers.		// Scans thread data (stacks and TLS) for heap pointers.
static void ProcessThreads(SuspendedThreadsList const &suspended_threads,		static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
Frontier *frontier) {		Frontier *frontier) {
InternalMmapVector<uptr> registers;		InternalMmapVector<uptr> registers;
for (uptr i = 0; i < suspended_threads.ThreadCount(); i++) {		for (uptr i = 0; i < suspended_threads.ThreadCount(); i++) {
tid_t os_id = static_cast<tid_t>(suspended_threads.GetThreadID(i));		tid_t os_id = static_cast<tid_t>(suspended_threads.GetThreadID(i));
LOG_THREADS("Processing thread %d.\n", os_id);		LOG_THREADS("Processing thread %d.\n", os_id);
uptr stack_begin, stack_end, tls_begin, tls_end, cache_begin, cache_end;		uptr stack_begin, stack_end, tls_begin, tls_end, cache_begin, cache_end;
▲ Show 20 Lines • Show All 95 Lines • ▼ Show 20 Lines	#else
} else {		} else {
// We are handling a thread with DTLS under destruction. Log about		// We are handling a thread with DTLS under destruction. Log about
// this and continue.		// this and continue.
LOG_THREADS("Thread %d has DTLS under destruction.\n", os_id);		LOG_THREADS("Thread %d has DTLS under destruction.\n", os_id);
}		}
#endif		#endif
}		}
}		}

		// Add pointers reachable from ThreadContexts
		ProcessThreadRegistry(frontier);
}		}

#endif // SANITIZER_FUCHSIA		#endif // SANITIZER_FUCHSIA

void ScanRootRegion(Frontier *frontier, const RootRegion &root_region,		void ScanRootRegion(Frontier *frontier, const RootRegion &root_region,
uptr region_begin, uptr region_end, bool is_readable) {		uptr region_begin, uptr region_end, bool is_readable) {
uptr intersection_begin = Max(root_region.begin, region_begin);		uptr intersection_begin = Max(root_region.begin, region_begin);
uptr intersection_end = Min(region_end, root_region.begin + root_region.size);		uptr intersection_end = Min(region_end, root_region.begin + root_region.size);
▲ Show 20 Lines • Show All 142 Lines • ▼ Show 20 Lines	void ProcessPC(Frontier *frontier) {
arg.stack_depot_reverse_map = &stack_depot_reverse_map;		arg.stack_depot_reverse_map = &stack_depot_reverse_map;
arg.skip_linker_allocations =		arg.skip_linker_allocations =
flags()->use_tls && flags()->use_ld_allocations && GetLinker() != nullptr;		flags()->use_tls && flags()->use_ld_allocations && GetLinker() != nullptr;
ForEachChunk(MarkInvalidPCCb, &arg);		ForEachChunk(MarkInvalidPCCb, &arg);
}		}

// Sets the appropriate tag on each chunk.		// Sets the appropriate tag on each chunk.
static void ClassifyAllChunks(SuspendedThreadsList const &suspended_threads,		static void ClassifyAllChunks(SuspendedThreadsList const &suspended_threads,
Frontier *frontier) {		Frontier *frontier) {
		vitalybukaUnsubmitted Done Reply Inline Actions to avoid frontier access from asan could you please just: InternalMmapVector<uptr> ptrs; GetThreadRegistryLocked()->RunCallbackForEachThreadLocked( ForEachRegisteredThreadContextCb, &ptrs); for (: ptr) { // process ptr here. } another option is nested callback but it seems unnecessary vitalybuka: to avoid frontier access from asan could you please just: ``` InternalMmapVector<uptr> ptrs…
		delcypherAuthorUnsubmitted Done Reply Inline Actions Good idea. This means that ASan and LSan can share some logic here and it avoids the problems I ran into trying to use `flags()->log_pointers` from `asan_allocator.cpp` delcypher: Good idea. This means that ASan and LSan can share some logic here and it avoids the problems I…
const InternalMmapVector<u32> &suppressed_stacks =		const InternalMmapVector<u32> &suppressed_stacks =
GetSuppressionContext()->GetSortedSuppressedStacks();		GetSuppressionContext()->GetSortedSuppressedStacks();
if (!suppressed_stacks.empty()) {		if (!suppressed_stacks.empty()) {
ForEachChunk(IgnoredSuppressedCb,		ForEachChunk(IgnoredSuppressedCb,
const_cast<InternalMmapVector<u32> *>(&suppressed_stacks));		const_cast<InternalMmapVector<u32> *>(&suppressed_stacks));
}		}
ForEachChunk(CollectIgnoredCb, frontier);		ForEachChunk(CollectIgnoredCb, frontier);
ProcessGlobalRegions(frontier);		ProcessGlobalRegions(frontier);
ProcessThreads(suspended_threads, frontier);		ProcessThreads(suspended_threads, frontier);
ProcessRootRegions(frontier);		ProcessRootRegions(frontier);
		vitalybukaUnsubmitted Done Reply Inline Actions I would prefer if we handle this in ProcessThreads(suspended_threads, frontier) for suspended_threads But I guess we don't know if just created threads are in suspended_threads. Still this is very Thread related so maybe call GetThreadRegistryLocked()->RunCallbackForEachThreadLocked( from the ProcessThreads() with commend that GetThreadRegistryLocked may contains threads vitalybuka: I would prefer if we handle this in ProcessThreads(suspended_threads, frontier) for…
		delcypherAuthorUnsubmitted Done Reply Inline Actions I would prefer if we handle this in ProcessThreads(suspended_threads, frontier) for suspended_threads But I guess we don't know if just created threads are in suspended_threads. I don't think we can use `suspended_threads`. I glanced at the origin of the `suspend_threads` list and on Linux that comes from reading `/proc//task` (see `ThreadLister::ThreadLister`). That won't necessarily contain be the threads (not started) we are interested in. The types are also wrong. The list of suspended threads look like `tid_t` but we actually need the `ThreadContext` objects which would require a O(N) look up into the thread registry anyway. It's simpler to just walk the thread registry. I could move the code walking the thread registry into `ProcessThreads`. However, that function is already pretty big. Can I just change `ProcessThreads()` to call `ProcessThreadRegistry()` at the end to make the code easier to read?* delcypher: > I would prefer if we handle this in ProcessThreads(suspended_threads, frontier) for…
FloodFillTag(frontier, kReachable);		FloodFillTag(frontier, kReachable);

CHECK_EQ(0, frontier->size());		CHECK_EQ(0, frontier->size());
ProcessPC(frontier);		ProcessPC(frontier);

// The check here is relatively expensive, so we do this in a separate flood		// The check here is relatively expensive, so we do this in a separate flood
// fill. That way we can skip the check for chunks that are reachable		// fill. That way we can skip the check for chunks that are reachable
// otherwise.		// otherwise.
▲ Show 20 Lines • Show All 486 Lines • Show Last 20 Lines