[compiler-rt] r268157 - [tsan] Return 0 from malloc_size for non-malloc'd pointers

Sat Apr 30 00:14:41 PDT 2016

Author: kuba.brecka
Date: Sat Apr 30 02:14:41 2016
New Revision: 268157

URL: http://llvm.org/viewvc/llvm-project?rev=268157&view=rev
Log:
[tsan] Return 0 from malloc_size for non-malloc'd pointers

In http://reviews.llvm.org/D19100, I introduced a bug: On OS X, existing programs rely on malloc_size() to detect whether a pointer comes from heap memory (malloc_size returns non-zero) or not. We have to distinguish between a zero-sized allocation (where we need to return 1 from malloc_size, due to other binary compatibility reasons, see http://reviews.llvm.org/D19100), and pointers that are not returned from malloc at all.

Differential Revision: http://reviews.llvm.org/D19653


Modified:
    compiler-rt/trunk/lib/tsan/rtl/tsan_malloc_mac.cc
    compiler-rt/trunk/lib/tsan/rtl/tsan_mman.cc
    compiler-rt/trunk/test/tsan/Darwin/malloc_size.mm

Modified: compiler-rt/trunk/lib/tsan/rtl/tsan_malloc_mac.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/tsan/rtl/tsan_malloc_mac.cc?rev=268157&r1=268156&r2=268157&view=diff
==============================================================================

--- compiler-rt/trunk/lib/tsan/rtl/tsan_malloc_mac.cc (original)
+++ compiler-rt/trunk/lib/tsan/rtl/tsan_malloc_mac.cc Sat Apr 30 02:14:41 2016
@@ -53,8 +53,7 @@ using namespace __tsan;
   SCOPED_INTERCEPTOR_RAW(free, ptr); \
   user_free(thr, pc, ptr)
 #define COMMON_MALLOC_SIZE(ptr) \
-  uptr size = user_alloc_usable_size(ptr); \
-  if (size == 0) size = 1;
+  uptr size = user_alloc_usable_size(ptr);
 #define COMMON_MALLOC_FILL_STATS(zone, stats)
 #define COMMON_MALLOC_REPORT_UNKNOWN_REALLOC(ptr, zone_ptr, zone_name) \
   (void)zone_name; \

Modified: compiler-rt/trunk/lib/tsan/rtl/tsan_mman.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/tsan/rtl/tsan_mman.cc?rev=268157&r1=268156&r2=268157&view=diff
==============================================================================
--- compiler-rt/trunk/lib/tsan/rtl/tsan_mman.cc (original)
+++ compiler-rt/trunk/lib/tsan/rtl/tsan_mman.cc Sat Apr 30 02:14:41 2016
@@ -164,7 +164,11 @@ uptr user_alloc_usable_size(const void *
   if (p == 0)
     return 0;
   MBlock *b = ctx->metamap.GetBlock((uptr)p);
-  return b ? b->siz : 0;
+  if (!b)
+    return 0;  // Not a valid pointer.
+  if (b->siz == 0)
+    return 1;  // Zero-sized allocations are actually 1 byte.
+  return b->siz;
 }
 
 void invoke_malloc_hook(void *ptr, uptr size) {

Modified: compiler-rt/trunk/test/tsan/Darwin/malloc_size.mm
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/tsan/Darwin/malloc_size.mm?rev=268157&r1=268156&r2=268157&view=diff
==============================================================================
--- compiler-rt/trunk/test/tsan/Darwin/malloc_size.mm (original)
+++ compiler-rt/trunk/test/tsan/Darwin/malloc_size.mm Sat Apr 30 02:14:41 2016
@@ -6,18 +6,50 @@
 #import <Foundation/Foundation.h>
 #include <malloc/malloc.h>
 
-int main() {
-  void *p = malloc(0);
-
-  size_t s = malloc_size(p);
-  printf("size = 0x%zx\n", s);
+int some_global;
 
+void describe_zone(void *p) {
   malloc_zone_t *z = malloc_zone_from_ptr(p);
-  if (z)
-    printf("z = %p\n", z);
-  else
-    printf("no zone\n");
+  if (z) {
+    fprintf(stderr, "zone = %p\n", z);
+  }	else {
+  	fprintf(stderr, "zone = no zone\n");
+  }
 }
 
-// CHECK: z = 0x{{[0-9a-f]+}}
-// CHECK-NOT: no zone
+int main() {
+  void *p;
+  size_t s;
+
+  p = malloc(0x40);
+  s = malloc_size(p);
+  fprintf(stderr, "size = 0x%zx\n", s);
+  // CHECK: size = 0x40
+  describe_zone(p);
+  // CHECK: zone = 0x{{[0-9a-f]+}}
+
+  p = malloc(0);
+  s = malloc_size(p);
+  fprintf(stderr, "size = 0x%zx\n", s);
+  // CHECK: size = 0x1
+  describe_zone(p);
+  // CHECK: zone = 0x{{[0-9a-f]+}}
+
+  p = &some_global;
+  s = malloc_size(p);
+  fprintf(stderr, "size = 0x%zx\n", s);
+  // CHECK: size = 0x0
+  describe_zone(p);
+  // CHECK: zone = no zone
+
+  p = mmap(0, 0x1000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
+  if (!p) {
+  	fprintf(stderr, "mmap failed\n");
+  	exit(1);
+  }
+  s = malloc_size(p);
+  fprintf(stderr, "size = 0x%zx\n", s);
+  // CHECK: size = 0x0
+  describe_zone(p);
+  // CHECK: zone = no zone
+}


