This is an archive of the discontinued LLVM Phabricator instance.

Differential D95892

[sanitizers][Windows] implement __sanitizer_purge_allocator for Win64
ClosedPublic

Authored by mcgov on Feb 2 2021, 12:43 PM.

Details

Reviewers
rnk
mstorsjo
vitalybuka
Commits
rG81b1d3da094c: [sanitizers][Windows] Implement __sanitizer_purge_allocator for Win64
Summary

On Windows memory is never released once it's mapped with VirtualAlloc. This isn't a huge deal for many applications but with LibFuzzer this can lead to OOM's quite quickly.

The memory management model for the sanitizer allocator doesn't seem to quite fit the needs of Windows in this case, I think the assumption is that pages will be reclaimed and remapped as needed by the OS when they are touched. This patch attempts to unmap and remap pages, I'm putting it up for comment and review, I'm guessing this will need some additional work to avoid putting Windows code in a shared section.

Thank you everyone for your time, attention, and expertise!

patch authored by mcgov and Jordyn Puryear

Diff Detail

Event Timeline

mcgov requested review of this revision.Feb 2 2021, 12:43 PM
mcgov created this revision.
vitalybuka added inline comments.Feb 2 2021, 1:26 PM
compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h
152

MmapFixedOrDie can't return nulltpr

compiler-rt/lib/sanitizer_common/sanitizer_win.cpp
337–343

Isn't sanitizers on windows are always 64?

338

RoundUpTo/RoundDownTo?

mcgov updated this revision to Diff 321483.Feb 4 2021, 9:20 AM

added purge test, updated for Vitaly's comments

mcgov marked 3 inline comments as done.Feb 4 2021, 9:20 AM
mcgov updated this revision to Diff 321547.Feb 4 2021, 12:39 PM

update test to only apply to x64 (we still build x86)

vitalybuka accepted this revision.Feb 4 2021, 12:47 PM
vitalybuka added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_win.cpp
337–344

I see no reason to split declaration from initialization.

compiler-rt/test/asan/TestCases/Windows/sanitizer_purge.cpp
7–9

We usually put RUN: before includes

and
// RUN: %clang_cl_asan -Od %s -Fe%t && %t
is a little bit more convenient for copying reproducer line from failed test output

18–32

please clang-format

This revision is now accepted and ready to land.Feb 4 2021, 12:47 PM
mcgov updated this revision to Diff 321553.Feb 4 2021, 1:16 PM

nit, style fix

mcgov added a comment.Feb 4 2021, 1:22 PM

Thank you Vitaly! I'm going to wait on a review from @mstorsjo to land this

mstorsjo added a comment.Feb 4 2021, 1:49 PM

Seems to build fine in my configs, so no objections from me - thanks for looping me in!

mcgov closed this revision.Feb 23 2021, 3:08 PM

landed https://github.com/llvm/llvm-project/commit/81b1d3da094c54ffd75e05c8d4683792edf17f4c

alvinhochun added a commit: rG81b1d3da094c: [sanitizers][Windows] Implement __sanitizer_purge_allocator for Win64.Apr 23 2023, 12:05 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 23 2023, 12:05 AM
Herald added a subscriber: Enna1. · View Herald Transcript
alvinhochun mentioned this in D149020: [sanitizer][asan][win] Enable commit on demand for i686.Apr 23 2023, 8:33 AM
alvinhochun mentioned this in D149025: [sanitizer][asan][win] Only unmap unneeded shadow memory on x86_64.Apr 23 2023, 9:25 AM
alvinhochun mentioned this in rG0d5b51e0ac88: [sanitizer][asan][win] Only unmap unneeded shadow memory on x86_64.May 2 2023, 9:23 AM

Revision Contents

PathSize
compiler-rt/
lib/
sanitizer_common/
11 lines
9 lines
test/
asan/
TestCases/
Windows/
30 lines

Diff 321483

compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h

Show First 20 LinesShow All 138 Lines▼ Show 20 Lines public:
NOINLINE bool GetFromAllocator(AllocatorStats *stat, uptr class_id, NOINLINE bool GetFromAllocator(AllocatorStats *stat, uptr class_id,
CompactPtrT *chunks, uptr n_chunks) { CompactPtrT *chunks, uptr n_chunks) {
RegionInfo *region = GetRegionInfo(class_id); RegionInfo *region = GetRegionInfo(class_id);
uptr region_beg = GetRegionBeginBySizeClass(class_id); uptr region_beg = GetRegionBeginBySizeClass(class_id);
CompactPtrT *free_array = GetFreeArray(region_beg); CompactPtrT *free_array = GetFreeArray(region_beg);
BlockingMutexLock l(&region->mutex); BlockingMutexLock l(&region->mutex);
#if SANITIZER_WINDOWS
/* On Windows unmapping of memory during __sanitizer_purge_allocator is
explicit and immediate, so unmapped regions must be explicitly mapped back
in when they are accessed again. */
if (region->rtoi.last_released_bytes > 0) {
MmapFixedOrDie(region_beg, region->mapped_user,
vitalybukaUnsubmitted
Done
ReplyInline Actions

MmapFixedOrDie can't return nulltpr

vitalybuka: MmapFixedOrDie can't return nulltpr
"SizeClassAllocator: region data");
region->rtoi.n_freed_at_last_release = 0;
region->rtoi.last_released_bytes = 0;
}
#endif
if (UNLIKELY(region->num_freed_chunks < n_chunks)) { if (UNLIKELY(region->num_freed_chunks < n_chunks)) {
if (UNLIKELY(!PopulateFreeArray(stat, class_id, region, if (UNLIKELY(!PopulateFreeArray(stat, class_id, region,
n_chunks - region->num_freed_chunks))) n_chunks - region->num_freed_chunks)))
return false; return false;
CHECK_GE(region->num_freed_chunks, n_chunks); CHECK_GE(region->num_freed_chunks, n_chunks);
} }
region->num_freed_chunks -= n_chunks; region->num_freed_chunks -= n_chunks;
uptr base_idx = region->num_freed_chunks; uptr base_idx = region->num_freed_chunks;
▲ Show 20 LinesShow All 710 LinesShow Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_win.cpp

Show First 20 LinesShow All 328 Lines▼ Show 20 Lines
} }
bool MprotectNoAccess(uptr addr, uptr size) { bool MprotectNoAccess(uptr addr, uptr size) {
DWORD old_protection; DWORD old_protection;
return VirtualProtect((LPVOID)addr, size, PAGE_NOACCESS, &old_protection); return VirtualProtect((LPVOID)addr, size, PAGE_NOACCESS, &old_protection);
} }
void ReleaseMemoryPagesToOS(uptr beg, uptr end) { void ReleaseMemoryPagesToOS(uptr beg, uptr end) {
// This is almost useless on 32-bits. uptr beg_aligned, end_aligned;
// FIXME: add madvise-analog when we move to 64-bits. beg_aligned = RoundDownTo(beg, GetPageSizeCached());
vitalybukaUnsubmitted
Done
ReplyInline Actions

RoundUpTo/RoundDownTo?

vitalybuka: RoundUpTo/RoundDownTo?
end_aligned = RoundDownTo(end, GetPageSizeCached());
CHECK(beg < end); // make sure the region is sane
if (beg_aligned == end_aligned) // make sure we're freeing at least 1 page;
return;
UnmapOrDie((void *)beg, end_aligned - beg_aligned);
vitalybukaUnsubmitted
Done
ReplyInline Actions

Isn't sanitizers on windows are always 64?

vitalybuka: Isn't sanitizers on windows are always 64?
} }
vitalybukaUnsubmitted
Not Done
ReplyInline Actions
void ReleaseMemoryPagesToOS(uptr beg, uptr end) {
- uptr beg_aligned, end_aligned;
- beg_aligned = RoundDownTo(beg, GetPageSizeCached());
- end_aligned = RoundDownTo(end, GetPageSizeCached());
+ uptr beg_aligned = RoundDownTo(beg, GetPageSizeCached());
+ uptr end_aligned = RoundDownTo(end, GetPageSizeCached());
CHECK(beg < end); // make sure the region is sane

I see no reason to split declaration from initialization.

vitalybuka: I see no reason to split declaration from initialization.
void SetShadowRegionHugePageMode(uptr addr, uptr size) { void SetShadowRegionHugePageMode(uptr addr, uptr size) {
// FIXME: probably similar to ReleaseMemoryToOS. // FIXME: probably similar to ReleaseMemoryToOS.
} }
bool DontDumpShadowMemory(uptr addr, uptr length) { bool DontDumpShadowMemory(uptr addr, uptr length) {
// This is almost useless on 32-bits. // This is almost useless on 32-bits.
// FIXME: add madvise-analog when we move to 64-bits. // FIXME: add madvise-analog when we move to 64-bits.
▲ Show 20 LinesShow All 810 LinesShow Last 20 Lines

compiler-rt/test/asan/TestCases/Windows/sanitizer_purge.cpp

  • This file was added.
#include <Windows.h>
#include <stdio.h>
#include <sanitizer/allocator_interface.h>
#include <psapi.h>
// RUN: %clang_cl_asan -Od %s -Fe%t
// RUN: %t
size_t GetRSS() {
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

We usually put RUN: before includes

and
// RUN: %clang_cl_asan -Od %s -Fe%t && %t
is a little bit more convenient for copying reproducer line from failed test output

vitalybuka: We usually put RUN: before includes and // RUN: %clang_cl_asan -Od %s -Fe%t && %t is a…
PROCESS_MEMORY_COUNTERS counters;
if (!GetProcessMemoryInfo(GetCurrentProcess(), &counters, sizeof(counters)))
return 0;
return counters.WorkingSetSize;
}
int main(){
for (int i = 0; i < 1000; i++) {
void* a = malloc(1000);
free(a);
}
size_t rss_pre = GetRSS();
__sanitizer_purge_allocator();
size_t rss_post = GetRSS();
if (rss_pre <= rss_post){
return -1;
}
return 0;
}
No newline at end of file