[PATCH] D87739: [WIP] scudo: Add an API for disabling memory initialization per-thread.

Peter Collingbourne via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Sep 15 21:09:26 PDT 2020 

pcc added a comment.

This is the patch that I've been using to stress test my implementation:

  diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
  index 6c39b8f361e7..54ea5f487ac9 100644
  --- a/compiler-rt/lib/scudo/standalone/combined.h
  +++ b/compiler-rt/lib/scudo/standalone/combined.h
  @@ -9,6 +9,8 @@
   #ifndef SCUDO_COMBINED_H_
   #define SCUDO_COMBINED_H_
   
  +#include <stdlib.h>
  +
   #include "chunk.h"
   #include "common.h"
   #include "flags.h"
  @@ -268,6 +270,14 @@ public:
                             bool ZeroContents = false) {
       initThreadMaybe();
   
  +    {
  +      int R = rand();
  +      if (R % 16 == 0)
  +        TSDRegistry.setOption(Option::ThreadDisableMemInit, 0);
  +      if (R % 16 == 1)
  +        TSDRegistry.setOption(Option::ThreadDisableMemInit, 1);
  +    }
  +
   #ifdef GWP_ASAN_HOOKS
       if (UNLIKELY(GuardedAlloc.shouldSample())) {
         if (void *Ptr = GuardedAlloc.allocate(roundUpTo(Size, Alignment)))

With this applied and booting Android on FVP I sometimes get an application crash in `com.android.settings` or `com.android.systemui`. The tombstone starts like this:

  Build fingerprint: 'Android/fvp/fvpbase:S/AOSP.MASTER/eng.pcc.20200813.203906:eng/test-keys'
  Revision: '0'
  ABI: 'arm64'
  Timestamp: 2020-09-15 23:35:00.120584420+0000
  pid: 1366, tid: 1707, name: RenderThread  >>> com.android.systemui <<<
  uid: 10100
  tagged_addr_ctrl: 000000000007fff5
  signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x35338100000010
      x0  0000007a599b10b0  x1  0a00007b9dcb2210  x2  0000000000000003  x3  0000000000000003
      x4  0000000000000000  x5  0000007a599b1400  x6  00000000000003ff  x7  0000000000000400
      x8  0000000000000002  x9  0000000000000003  x10 0000000000000002  x11 0000000000000013
      x12 0600007afdd915a0  x13 0000000000000002  x14 0035338100000000  x15 0000000000000007
      x16 0000007d6f9db4a0  x17 0000007d6f76c7c4  x18 0000007a50878000  x19 0a00007b9dcb2210
      x20 0000007a599b10b0  x21 0000007a599b0e40  x22 0000000000000003  x23 0000000000000003
      x24 0000007a599b0d78  x25 0000007a599b3000  x26 0000000000000000  x27 0d00007b9dcc7578
      x28 0000000000000000  x29 0000007a599b0cf0
      lr  0000007d6f814f38  sp  0000007a599b0ce0  pc  0000007d6f7e3e04  pst 0000000020001000
  
  backtrace:
        #00 pc 00000000003e1e04  /system/lib64/libhwui.so (GrResourceAllocator::addInterval(GrSurfaceProxy*, unsigned int, unsigned int)+132) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #01 pc 0000000000412f34  /system/lib64/libhwui.so (GrProcessorSet::visitProxies(std::__1::function<void (GrSurfaceProxy*)> const&) const+304) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #02 pc 00000000003ded90  /system/lib64/libhwui.so (GrRenderTargetOpList::OpChain::visitProxies(std::__1::function<void (GrSurfaceProxy*)> const&, GrOp::VisitorType) const+76) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #03 pc 00000000003e0c60  /system/lib64/libhwui.so (GrRenderTargetOpList::gatherProxyIntervals(GrResourceAllocator*) const+296) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #04 pc 00000000003b9988  /system/lib64/libhwui.so (GrDrawingManager::flush(GrSurfaceProxy*, SkSurface::BackendSurfaceAccess, GrFlushFlags, int, GrBackendSemaphore*, void (*)(void*), void*)+1980) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #05 pc 00000000003ba2b8  /system/lib64/libhwui.so (GrDrawingManager::prepareSurfaceForExternalIO(GrSurfaceProxy*, SkSurface::BackendSurfaceAccess, GrFlushFlags, int, GrBackendSemaphore*, void (*)(void*), void*)+244) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #06 pc 00000000003dd038  /system/lib64/libhwui.so (GrRenderTargetContext::prepareForExternalIO(SkSurface::BackendSurfaceAccess, GrFlushFlags, int, GrBackendSemaphore*, void (*)(void*), void*)+252) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #07 pc 000000000018b0f4  /system/lib64/libhwui.so (android::uirenderer::skiapipeline::SkiaPipeline::renderFrame(android::uirenderer::LayerUpdateQueue const&, SkRect const&, std::__1::vector<android::sp<android::uirenderer::RenderNode>, std::__1::allocator<android::sp<android::uirenderer::RenderNode> > > const&, bool, android::uirenderer::Rect const&, sk_sp<SkSurface>, SkMatrix const&)+208) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #08 pc 0000000000188d04  /system/lib64/libhwui.so (android::uirenderer::skiapipeline::SkiaOpenGLPipeline::draw(android::uirenderer::renderthread::Frame const&, SkRect const&, SkRect const&, android::uirenderer::LightGeometry const&, android::uirenderer::LayerUpdateQueue*, android::uirenderer::Rect const&, bool, android::uirenderer::LightInfo const&, std::__1::vector<android::sp<android::uirenderer::RenderNode>, std::__1::allocator<android::sp<android::uirenderer::RenderNode> > > const&, android::uirenderer::FrameInfoVisualizer*)+496) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #09 pc 00000000001943e4  /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::draw()+392) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #10 pc 000000000019636c  /system/lib64/libhwui.so (android::uirenderer::renderthread::DrawFrameTask::run()+428) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #11 pc 0000000000179dfc  /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+400) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #12 pc 00000000001a56a8  /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+128) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
        #13 pc 0000000000014444  /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+260) (BuildId: dfc95e0a7c124e5bf890590bb0f3c55f)
        #14 pc 0000000000013cf8  /system/lib64/libutils.so (thread_data_t::trampoline(void*)+424) (BuildId: dfc95e0a7c124e5bf890590bb0f3c55f)
        #15 pc 00000000000af5fc  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+344) (BuildId: 6cd1bc2d17bd5e5999e53add462790e2)
        #16 pc 000000000004f448  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 6cd1bc2d17bd5e5999e53add462790e2)

And the top frame symbolizes to this line of code:
https://cs.android.com/android/platform/superproject/+/master:external/skia/src/core/SkTDynamicHash.h;l=98
which is accessing a pointer from a calloc'd region and expecting it to either be zero or a stored value, indicating that the memory was not zero initialized correctly.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D87739/new/

https://reviews.llvm.org/D87739

More information about the llvm-commits mailing list