[memprof] Switch allocator to dynamic base address #98510

thurstond · 2024-07-11T17:58:20Z

memprof_rtl.cpp calls InitializeShadowMemory() - which dynamically/"randomly" chooses a base address for the shadow mapping - prior to InitializeAllocator(). If we are unlucky, the shadow memory may be mapped in the same region where the allocator wants to be.

This patch fixes the issue by changing the allocator to dynamically choosing a base address, as suggested by Vitaly. For comparison, HWASan already dynamically chooses the base addresses for the shadow mapping and allocator.

The "unlucky" failure was observed on a new buildbot: https://lab.llvm.org/buildbot/#/builders/66/builds/1361/steps/17/logs/stdio

memprof_rtl.cpp calls InitializeShadowMemory() - which dynamically/"randomly" chooses a base address for the shadow mapping - prior to InitializeAllocator(). If we are unlucky, the shadow memory may be mapped in the same region where the allocator wants to be. This patch fixes the issue by changing the allocator to dynamically choosing a base address, as suggested by Vitaly. For comparison, HWASan already dynamically chooses the base addresses for the shadow mapping and allocator. The "unlucky" failure was observed on a new buildbot (https://lab.llvm.org/buildbot/#/builders/66/builds/1361/steps/17/logs/stdio).

llvmbot · 2024-07-11T17:58:54Z

@llvm/pr-subscribers-pgo

Author: Thurston Dang (thurstond)

Changes

memprof_rtl.cpp calls InitializeShadowMemory() - which dynamically/"randomly" chooses a base address for the shadow mapping - prior to InitializeAllocator(). If we are unlucky, the shadow memory may be mapped in the same region where the allocator wants to be.

This patch fixes the issue by changing the allocator to dynamically choosing a base address, as suggested by Vitaly. For comparison, HWASan already dynamically chooses the base addresses for the shadow mapping and allocator.

The "unlucky" failure was observed on a new buildbot: https://lab.llvm.org/buildbot/#/builders/66/builds/1361/steps/17/logs/stdio

Full diff: https://github.com/llvm/llvm-project/pull/98510.diff

1 Files Affected:

(modified) compiler-rt/lib/memprof/memprof_allocator.h (+1-1)

diff --git a/compiler-rt/lib/memprof/memprof_allocator.h b/compiler-rt/lib/memprof/memprof_allocator.h
index 89e924f80d41a..ee8034b366b67 100644
--- a/compiler-rt/lib/memprof/memprof_allocator.h
+++ b/compiler-rt/lib/memprof/memprof_allocator.h
@@ -49,7 +49,7 @@ struct MemprofMapUnmapCallback {
 #if SANITIZER_APPLE
 constexpr uptr kAllocatorSpace = 0x600000000000ULL;
 #else
-constexpr uptr kAllocatorSpace = 0x500000000000ULL;
+constexpr uptr kAllocatorSpace = ~(uptr)0;
 #endif
 constexpr uptr kAllocatorSize = 0x40000000000ULL; // 4T.
 typedef DefaultSizeClassMap SizeClassMap;

This ports a proposed memprof fix (llvm#98510), which has a shadow memory and allocator layout that is similar to ASan. Although we have only observed the failure for memprof on a buildbot [*], it could theoretically happen for ASan. asan_rtl.cpp calls InitializeShadowMemory() - which dynamically/"randomly" chooses a base address for the shadow mapping - prior to InitializeAllocator(). If we are unlucky, the shadow memory may be mapped in the same region where the allocator wants to be. This patch fixes the issue by changing the allocator to dynamically choosing a base address, as suggested by Vitaly. For comparison, HWASan already dynamically chooses the base addresses for the shadow mapping and allocator. [*] https://lab.llvm.org/buildbot/#/builders/66/builds/1361/steps/17/logs/stdio

memprof_rtl.cpp calls InitializeShadowMemory() - which dynamically/"randomly" chooses a base address for the shadow mapping - prior to InitializeAllocator(). If we are unlucky, the shadow memory may be mapped in the same region where the allocator wants to be. This patch fixes the issue by changing the allocator to dynamically choosing a base address, as suggested by Vitaly. For comparison, HWASan already dynamically chooses the base addresses for the shadow mapping and allocator. The "unlucky" failure was observed on a new buildbot: https://lab.llvm.org/buildbot/#/builders/66/builds/1361/steps/17/logs/stdio --------- Co-authored-by: Vitaly Buka <vitalybuka@gmail.com>

This ports a fix from memprof (#98510), which has a shadow mapping that is similar to ASan (8 bytes of shadow memory per 64 bytes of app memory). This patch changes the allocator to dynamically choose a base address, as suggested by Vitaly for memprof. This simplifies ASan's #ifdef's and avoids potential conflict in the event that ASan were to switch to a dynamic shadow offset in the future [1]. [1] Since shadow memory is mapped before the allocator is mapped: - dynamic shadow and fixed allocator (old memprof): could fail if "unlucky" (e.g., https://lab.llvm.org/buildbot/#/builders/66/builds/1361/steps/17/logs/stdio) - dynamic shadow and dynamic allocator (HWASan; current memprof): always works - fixed shadow and fixed allocator (current ASan): always works, if constants are carefully chosen - fixed shadow and dynamic allocator (ASan with this patch): always works

thurstond requested review from vitalybuka and teresajohnson July 11, 2024 17:58

llvmbot added compiler-rt PGO Profile Guided Optimizations labels Jul 11, 2024

thurstond mentioned this pull request Jul 11, 2024

[asan] Switch allocator to dynamic base address #98511

Merged

Apply to Apple as well

e0dc2ab

vitalybuka approved these changes Jul 12, 2024

View reviewed changes

vitalybuka merged commit b12e141 into llvm:main Jul 12, 2024
4 of 5 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[memprof] Switch allocator to dynamic base address #98510

[memprof] Switch allocator to dynamic base address #98510

thurstond commented Jul 11, 2024

llvmbot commented Jul 11, 2024

[memprof] Switch allocator to dynamic base address #98510

[memprof] Switch allocator to dynamic base address #98510

Conversation

thurstond commented Jul 11, 2024

llvmbot commented Jul 11, 2024