[compiler-rt] [scudo] [MTE] resize stack depot for allocation ring buffer (PR #74515)

Florian Mayer via llvm-commits llvm-commits at lists.llvm.org
Mon Feb 5 15:10:10 PST 2024


https://github.com/fmayer updated https://github.com/llvm/llvm-project/pull/74515

>From 7806419b3120f49af182c06b46f8d0875ad9f8e6 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Fri, 1 Dec 2023 16:46:29 -0800
Subject: [PATCH 01/17] [scudo] resize stack depot for allocation ring buffer

---
 compiler-rt/lib/scudo/standalone/combined.h   | 101 +++++++++++----
 .../standalone/fuzz/get_error_info_fuzzer.cpp |  14 +--
 compiler-rt/lib/scudo/standalone/platform.h   |  10 --
 .../lib/scudo/standalone/stack_depot.h        | 118 +++++++++++++-----
 .../scudo/standalone/wrappers_c_bionic.cpp    |   9 +-
 5 files changed, 173 insertions(+), 79 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 80774073522a7..11eaeb8042d8c 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -290,7 +290,9 @@ class Allocator {
     uptr Size =
         android_unsafe_frame_pointer_chase(Stack, MaxTraceSize + DiscardFrames);
     Size = Min<uptr>(Size, MaxTraceSize + DiscardFrames);
-    return Depot.insert(Stack + Min<uptr>(DiscardFrames, Size), Stack + Size);
+    return reinterpret_cast<StackDepot *>(RawStackDepot)
+        ->insert(RawStackDepot, Stack + Min<uptr>(DiscardFrames, Size),
+                 Stack + Size);
 #else
     return 0;
 #endif
@@ -919,8 +921,14 @@ class Allocator {
       Primary.Options.clear(OptionBit::AddLargeAllocationSlack);
   }
 
-  const char *getStackDepotAddress() const {
-    return reinterpret_cast<const char *>(&Depot);
+  const char *getStackDepotAddress() {
+    initThreadMaybe();
+    return RawStackDepot;
+  }
+
+  uptr getStackDepotSize() {
+    initThreadMaybe();
+    return StackDepotSize;
   }
 
   const char *getRegionInfoArrayAddress() const {
@@ -943,45 +951,54 @@ class Allocator {
 
   static const uptr MaxTraceSize = 64;
 
-  static void collectTraceMaybe(const StackDepot *Depot,
+  static void collectTraceMaybe(const char *RawStackDepot,
                                 uintptr_t (&Trace)[MaxTraceSize], u32 Hash) {
+    auto *Depot = reinterpret_cast<const StackDepot *>(RawStackDepot);
     uptr RingPos, Size;
-    if (!Depot->find(Hash, &RingPos, &Size))
+    if (!Depot->find(RawStackDepot, Hash, &RingPos, &Size))
       return;
     for (unsigned I = 0; I != Size && I != MaxTraceSize; ++I)
-      Trace[I] = static_cast<uintptr_t>((*Depot)[RingPos + I]);
+      Trace[I] = static_cast<uintptr_t>(Depot->at(RawStackDepot, RingPos + I));
   }
 
   static void getErrorInfo(struct scudo_error_info *ErrorInfo,
                            uintptr_t FaultAddr, const char *DepotPtr,
-                           const char *RegionInfoPtr, const char *RingBufferPtr,
-                           size_t RingBufferSize, const char *Memory,
-                           const char *MemoryTags, uintptr_t MemoryAddr,
-                           size_t MemorySize) {
+                           size_t DepotSize, const char *RegionInfoPtr,
+                           const char *RingBufferPtr, size_t RingBufferSize,
+                           const char *Memory, const char *MemoryTags,
+                           uintptr_t MemoryAddr, size_t MemorySize) {
     *ErrorInfo = {};
     if (!allocatorSupportsMemoryTagging<Config>() ||
         MemoryAddr + MemorySize < MemoryAddr)
       return;
 
-    auto *Depot = reinterpret_cast<const StackDepot *>(DepotPtr);
+    if (DepotPtr && DepotSize < sizeof(StackDepot)) {
+      return;
+    }
+    if (DepotPtr &&
+        !reinterpret_cast<const StackDepot *>(DepotPtr)->isValid(DepotSize)) {
+      // corrupted stack depot.
+      return;
+    }
+
     size_t NextErrorReport = 0;
 
     // Check for OOB in the current block and the two surrounding blocks. Beyond
     // that, UAF is more likely.
     if (extractTag(FaultAddr) != 0)
-      getInlineErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, Depot,
+      getInlineErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, DepotPtr,
                          RegionInfoPtr, Memory, MemoryTags, MemoryAddr,
                          MemorySize, 0, 2);
 
     // Check the ring buffer. For primary allocations this will only find UAF;
     // for secondary allocations we can find either UAF or OOB.
-    getRingBufferErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, Depot,
+    getRingBufferErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, DepotPtr,
                            RingBufferPtr, RingBufferSize);
 
     // Check for OOB in the 28 blocks surrounding the 3 we checked earlier.
     // Beyond that we are likely to hit false positives.
     if (extractTag(FaultAddr) != 0)
-      getInlineErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, Depot,
+      getInlineErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, DepotPtr,
                          RegionInfoPtr, Memory, MemoryTags, MemoryAddr,
                          MemorySize, 2, 16);
   }
@@ -1029,7 +1046,9 @@ class Allocator {
   uptr GuardedAllocSlotSize = 0;
 #endif // GWP_ASAN_HOOKS
 
-  StackDepot Depot;
+  char *RawStackDepot = nullptr;
+  uptr StackDepotSize = 0;
+  MemMapT RawStackDepotMap;
 
   struct AllocationRingBuffer {
     struct Entry {
@@ -1245,7 +1264,8 @@ class Allocator {
   }
 
   void storePrimaryAllocationStackMaybe(const Options &Options, void *Ptr) {
-    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)))
+    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)) ||
+        !RawRingBuffer)
       return;
     auto *Ptr32 = reinterpret_cast<u32 *>(Ptr);
     Ptr32[MemTagAllocationTraceIndex] = collectStackTrace();
@@ -1278,7 +1298,8 @@ class Allocator {
 
   void storeSecondaryAllocationStackMaybe(const Options &Options, void *Ptr,
                                           uptr Size) {
-    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)))
+    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)) ||
+        !RawRingBuffer)
       return;
 
     u32 Trace = collectStackTrace();
@@ -1293,7 +1314,8 @@ class Allocator {
 
   void storeDeallocationStackMaybe(const Options &Options, void *Ptr,
                                    u8 PrevTag, uptr Size) {
-    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)))
+    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)) ||
+        !RawRingBuffer)
       return;
 
     auto *Ptr32 = reinterpret_cast<u32 *>(Ptr);
@@ -1314,7 +1336,7 @@ class Allocator {
 
   static void getInlineErrorInfo(struct scudo_error_info *ErrorInfo,
                                  size_t &NextErrorReport, uintptr_t FaultAddr,
-                                 const StackDepot *Depot,
+                                 const char *RawStackDepot,
                                  const char *RegionInfoPtr, const char *Memory,
                                  const char *MemoryTags, uintptr_t MemoryAddr,
                                  size_t MemorySize, size_t MinDistance,
@@ -1379,8 +1401,10 @@ class Allocator {
           UntaggedFaultAddr < ChunkAddr ? BUFFER_UNDERFLOW : BUFFER_OVERFLOW;
       R->allocation_address = ChunkAddr;
       R->allocation_size = Header.SizeOrUnusedBytes;
-      collectTraceMaybe(Depot, R->allocation_trace,
-                        Data[MemTagAllocationTraceIndex]);
+      if (RawStackDepot) {
+        collectTraceMaybe(RawStackDepot, R->allocation_trace,
+                          Data[MemTagAllocationTraceIndex]);
+      }
       R->allocation_tid = Data[MemTagAllocationTidIndex];
       return NextErrorReport == NumErrorReports;
     };
@@ -1397,13 +1421,13 @@ class Allocator {
   static void getRingBufferErrorInfo(struct scudo_error_info *ErrorInfo,
                                      size_t &NextErrorReport,
                                      uintptr_t FaultAddr,
-                                     const StackDepot *Depot,
+                                     const char *RawStackDepot,
                                      const char *RingBufferPtr,
                                      size_t RingBufferSize) {
     auto *RingBuffer =
         reinterpret_cast<const AllocationRingBuffer *>(RingBufferPtr);
     size_t RingBufferElements = ringBufferElementsFromBytes(RingBufferSize);
-    if (!RingBuffer || RingBufferElements == 0)
+    if (!RingBuffer || RingBufferElements == 0 || !RawStackDepot)
       return;
     uptr Pos = atomic_load_relaxed(&RingBuffer->Pos);
 
@@ -1462,9 +1486,10 @@ class Allocator {
 
       R->allocation_address = UntaggedEntryPtr;
       R->allocation_size = EntrySize;
-      collectTraceMaybe(Depot, R->allocation_trace, AllocationTrace);
+      collectTraceMaybe(RawStackDepot, R->allocation_trace, AllocationTrace);
       R->allocation_tid = AllocationTid;
-      collectTraceMaybe(Depot, R->deallocation_trace, DeallocationTrace);
+      collectTraceMaybe(RawStackDepot, R->deallocation_trace,
+                        DeallocationTrace);
       R->deallocation_tid = DeallocationTid;
     }
   }
@@ -1493,6 +1518,28 @@ class Allocator {
       return;
     u32 AllocationRingBufferSize =
         static_cast<u32>(getFlags()->allocation_ring_buffer_size);
+    // We store alloc and free stacks for each entry.
+    constexpr auto kStacksPerRingBufferEntry = 2;
+    u32 TabSize = static_cast<u32>(roundUpPowerOfTwo(kStacksPerRingBufferEntry *
+                                                     AllocationRingBufferSize));
+    constexpr auto kFramesPerStack = 8;
+    static_assert(isPowerOfTwo(kFramesPerStack));
+    u32 RingSize = static_cast<u32>(TabSize * kFramesPerStack);
+    DCHECK(isPowerOfTwo(RingSize));
+    static_assert(sizeof(StackDepot) % alignof(atomic_u64) == 0);
+
+    StackDepotSize = sizeof(StackDepot) + sizeof(atomic_u64) * RingSize +
+                     sizeof(atomic_u32) * TabSize;
+    MemMapT DepotMap;
+    DepotMap.map(
+        /*Addr=*/0U, roundUp(StackDepotSize, getPageSizeCached()),
+        "scudo:stack_depot");
+    RawStackDepot = reinterpret_cast<char *>(DepotMap.getBase());
+    auto *Depot = reinterpret_cast<StackDepot *>(DepotMap.getBase());
+    Depot->init(RingSize, TabSize);
+    DCHECK(Depot->isValid(StackDepotSize));
+    RawStackDepotMap = DepotMap;
+
     MemMapT MemMap;
     MemMap.map(
         /*Addr=*/0U,
@@ -1515,6 +1562,10 @@ class Allocator {
                              RawRingBufferMap.getCapacity());
     }
     RawRingBuffer = nullptr;
+    if (RawStackDepot) {
+      RawStackDepotMap.unmap(RawStackDepotMap.getBase(),
+                             RawStackDepotMap.getCapacity());
+    }
   }
 
   static constexpr size_t ringBufferSizeInBytes(u32 RingBufferElements) {
diff --git a/compiler-rt/lib/scudo/standalone/fuzz/get_error_info_fuzzer.cpp b/compiler-rt/lib/scudo/standalone/fuzz/get_error_info_fuzzer.cpp
index 5b01ebe11c095..2cef1c44fadc9 100644
--- a/compiler-rt/lib/scudo/standalone/fuzz/get_error_info_fuzzer.cpp
+++ b/compiler-rt/lib/scudo/standalone/fuzz/get_error_info_fuzzer.cpp
@@ -9,6 +9,7 @@
 #define SCUDO_FUZZ
 #include "allocator_config.h"
 #include "combined.h"
+#include "common.h"
 
 #include <fuzzer/FuzzedDataProvider.h>
 
@@ -31,11 +32,6 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t *Data, size_t Size) {
 
   std::string StackDepotBytes =
       FDP.ConsumeRandomLengthString(FDP.remaining_bytes());
-  std::vector<char> StackDepot(sizeof(scudo::StackDepot), 0);
-  for (size_t i = 0; i < StackDepotBytes.length() && i < StackDepot.size();
-       ++i) {
-    StackDepot[i] = StackDepotBytes[i];
-  }
 
   std::string RegionInfoBytes =
       FDP.ConsumeRandomLengthString(FDP.remaining_bytes());
@@ -48,9 +44,9 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t *Data, size_t Size) {
   std::string RingBufferBytes = FDP.ConsumeRemainingBytesAsString();
 
   scudo_error_info ErrorInfo;
-  AllocatorT::getErrorInfo(&ErrorInfo, FaultAddr, StackDepot.data(),
-                           RegionInfo.data(), RingBufferBytes.data(),
-                           RingBufferBytes.size(), Memory, MemoryTags,
-                           MemoryAddr, MemorySize);
+  AllocatorT::getErrorInfo(&ErrorInfo, FaultAddr, StackDepotBytes.data(),
+                           StackDepotBytes.size(), RegionInfo.data(),
+                           RingBufferBytes.data(), RingBufferBytes.size(),
+                           Memory, MemoryTags, MemoryAddr, MemorySize);
   return 0;
 }
diff --git a/compiler-rt/lib/scudo/standalone/platform.h b/compiler-rt/lib/scudo/standalone/platform.h
index b71a86be7669f..5af1275e32d2b 100644
--- a/compiler-rt/lib/scudo/standalone/platform.h
+++ b/compiler-rt/lib/scudo/standalone/platform.h
@@ -63,16 +63,6 @@
 #define SCUDO_CAN_USE_MTE (SCUDO_LINUX || SCUDO_TRUSTY)
 #endif
 
-// Use smaller table sizes for fuzzing in order to reduce input size.
-// Trusty just has less available memory.
-#ifndef SCUDO_SMALL_STACK_DEPOT
-#if defined(SCUDO_FUZZ) || SCUDO_TRUSTY
-#define SCUDO_SMALL_STACK_DEPOT 1
-#else
-#define SCUDO_SMALL_STACK_DEPOT 0
-#endif
-#endif
-
 #ifndef SCUDO_ENABLE_HOOKS
 #define SCUDO_ENABLE_HOOKS 0
 #endif
diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index e887d1b43a7cf..92d18a7ad1f2f 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -10,6 +10,7 @@
 #define SCUDO_STACK_DEPOT_H_
 
 #include "atomic_helpers.h"
+#include "common.h"
 #include "mutex.h"
 
 namespace scudo {
@@ -38,7 +39,7 @@ class MurMur2HashBuilder {
   }
 };
 
-class StackDepot {
+class alignas(16) StackDepot {
   HybridMutex RingEndMu;
   u32 RingEnd = 0;
 
@@ -62,47 +63,103 @@ class StackDepot {
   // This is achieved by re-checking the hash of the stack trace before
   // returning the trace.
 
-#if SCUDO_SMALL_STACK_DEPOT
-  static const uptr TabBits = 4;
-#else
-  static const uptr TabBits = 16;
-#endif
-  static const uptr TabSize = 1 << TabBits;
-  static const uptr TabMask = TabSize - 1;
-  atomic_u32 Tab[TabSize] = {};
-
-#if SCUDO_SMALL_STACK_DEPOT
-  static const uptr RingBits = 4;
-#else
-  static const uptr RingBits = 19;
-#endif
-  static const uptr RingSize = 1 << RingBits;
-  static const uptr RingMask = RingSize - 1;
-  atomic_u64 Ring[RingSize] = {};
+  uptr RingSize = 0;
+  uptr RingMask = 0;
+  uptr TabMask = 0;
+  // This is immediately followed by RingSize atomic_u64 and
+  // (TabMask + 1) atomic_u32.
+
+  atomic_u64 *Ring(char *RawStackDepot) {
+    return reinterpret_cast<atomic_u64 *>(RawStackDepot + sizeof(StackDepot));
+  }
+
+  atomic_u32 *Tab(char *RawStackDepot) {
+    return reinterpret_cast<atomic_u32 *>(RawStackDepot + sizeof(StackDepot) +
+                                          sizeof(atomic_u64) * RingSize);
+  }
+
+  const atomic_u64 *Ring(const char *RawStackDepot) const {
+    return reinterpret_cast<const atomic_u64 *>(RawStackDepot +
+                                                sizeof(StackDepot));
+  }
+
+  const atomic_u32 *Tab(const char *RawStackDepot) const {
+    return reinterpret_cast<const atomic_u32 *>(
+        RawStackDepot + sizeof(StackDepot) + sizeof(atomic_u64) * RingSize);
+  }
 
 public:
+  void init(uptr RingSz, uptr TabSz) {
+    DCHECK(isPowerOfTwo(RingSz));
+    DCHECK(isPowerOfTwo(TabSz));
+    RingSize = RingSz;
+    RingMask = RingSz - 1;
+    TabMask = TabSz - 1;
+  }
+
+  // Ensure that RingSize, RingMask and TabMask are set up in a way that
+  // all accesses are within range of BufSize.
+  bool isValid(uptr BufSize) const {
+    if (RingSize > UINTPTR_MAX / sizeof(atomic_u64)) {
+      return false;
+    }
+    if (RingSize == 0 || !isPowerOfTwo(RingSize)) {
+      return false;
+    }
+    uptr RingBytes = sizeof(atomic_u64) * RingSize;
+    if (RingMask + 1 != RingSize) {
+      return false;
+    }
+
+    if (TabMask == 0) {
+      return false;
+    }
+    if ((TabMask - 1) > UINTPTR_MAX / sizeof(atomic_u32)) {
+      return false;
+    }
+    uptr TabSize = TabMask + 1;
+    if (!isPowerOfTwo(TabSize)) {
+      return false;
+    }
+    uptr TabBytes = sizeof(atomic_u32) * TabSize;
+
+    // Subtract and detect underflow.
+    if (BufSize < sizeof(StackDepot)) {
+      return false;
+    }
+    BufSize -= sizeof(StackDepot);
+    if (BufSize < TabBytes) {
+      return false;
+    }
+    BufSize = TabBytes;
+    if (BufSize < RingBytes) {
+      return false;
+    }
+    return BufSize == 0;
+  }
+
   // Insert hash of the stack trace [Begin, End) into the stack depot, and
   // return the hash.
-  u32 insert(uptr *Begin, uptr *End) {
+  u32 insert(char *RawStackDepot, uptr *Begin, uptr *End) {
     MurMur2HashBuilder B;
     for (uptr *I = Begin; I != End; ++I)
       B.add(u32(*I) >> 2);
     u32 Hash = B.get();
 
     u32 Pos = Hash & TabMask;
-    u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
-    u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
+    u32 RingPos = atomic_load_relaxed(&Tab(RawStackDepot)[Pos]);
+    u64 Entry = atomic_load_relaxed(&Ring(RawStackDepot)[RingPos]);
     u64 Id = (u64(End - Begin) << 33) | (u64(Hash) << 1) | 1;
     if (Entry == Id)
       return Hash;
 
     ScopedLock Lock(RingEndMu);
     RingPos = RingEnd;
-    atomic_store_relaxed(&Tab[Pos], RingPos);
-    atomic_store_relaxed(&Ring[RingPos], Id);
+    atomic_store_relaxed(&Tab(RawStackDepot)[Pos], RingPos);
+    atomic_store_relaxed(&Ring(RawStackDepot)[RingPos], Id);
     for (uptr *I = Begin; I != End; ++I) {
       RingPos = (RingPos + 1) & RingMask;
-      atomic_store_relaxed(&Ring[RingPos], *I);
+      atomic_store_relaxed(&Ring(RawStackDepot)[RingPos], *I);
     }
     RingEnd = (RingPos + 1) & RingMask;
     return Hash;
@@ -111,12 +168,13 @@ class StackDepot {
   // Look up a stack trace by hash. Returns true if successful. The trace may be
   // accessed via operator[] passing indexes between *RingPosPtr and
   // *RingPosPtr + *SizePtr.
-  bool find(u32 Hash, uptr *RingPosPtr, uptr *SizePtr) const {
+  bool find(const char *RawStackDepot, u32 Hash, uptr *RingPosPtr,
+            uptr *SizePtr) const {
     u32 Pos = Hash & TabMask;
-    u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
+    u32 RingPos = atomic_load_relaxed(&Tab(RawStackDepot)[Pos]);
     if (RingPos >= RingSize)
       return false;
-    u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
+    u64 Entry = atomic_load_relaxed(&Ring(RawStackDepot)[RingPos]);
     u64 HashWithTagBit = (u64(Hash) << 1) | 1;
     if ((Entry & 0x1ffffffff) != HashWithTagBit)
       return false;
@@ -128,13 +186,13 @@ class StackDepot {
     MurMur2HashBuilder B;
     for (uptr I = 0; I != Size; ++I) {
       RingPos = (RingPos + 1) & RingMask;
-      B.add(u32(atomic_load_relaxed(&Ring[RingPos])) >> 2);
+      B.add(u32(atomic_load_relaxed(&Ring(RawStackDepot)[RingPos])) >> 2);
     }
     return B.get() == Hash;
   }
 
-  u64 operator[](uptr RingPos) const {
-    return atomic_load_relaxed(&Ring[RingPos & RingMask]);
+  u64 at(const char *RawStackDepot, uptr RingPos) const {
+    return atomic_load_relaxed(&Ring(RawStackDepot)[RingPos & RingMask]);
   }
 
   // This is done for the purpose of fork safety in multithreaded programs and
diff --git a/compiler-rt/lib/scudo/standalone/wrappers_c_bionic.cpp b/compiler-rt/lib/scudo/standalone/wrappers_c_bionic.cpp
index 21694c3f17fe5..e9d8c1e8d3db2 100644
--- a/compiler-rt/lib/scudo/standalone/wrappers_c_bionic.cpp
+++ b/compiler-rt/lib/scudo/standalone/wrappers_c_bionic.cpp
@@ -43,10 +43,9 @@ INTERFACE void __scudo_get_error_info(
     const char *stack_depot, size_t stack_depot_size, const char *region_info,
     const char *ring_buffer, size_t ring_buffer_size, const char *memory,
     const char *memory_tags, uintptr_t memory_addr, size_t memory_size) {
-  (void)(stack_depot_size);
-  Allocator.getErrorInfo(error_info, fault_addr, stack_depot, region_info,
-                         ring_buffer, ring_buffer_size, memory, memory_tags,
-                         memory_addr, memory_size);
+  Allocator.getErrorInfo(error_info, fault_addr, stack_depot, stack_depot_size,
+                         region_info, ring_buffer, ring_buffer_size, memory,
+                         memory_tags, memory_addr, memory_size);
 }
 
 INTERFACE const char *__scudo_get_stack_depot_addr() {
@@ -54,7 +53,7 @@ INTERFACE const char *__scudo_get_stack_depot_addr() {
 }
 
 INTERFACE size_t __scudo_get_stack_depot_size() {
-  return sizeof(scudo::StackDepot);
+  return Allocator.getStackDepotSize();
 }
 
 INTERFACE const char *__scudo_get_region_info_addr() {

>From ff6d32a5eca8b8a6e29cc85b1fd31a40834fba2c Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Wed, 13 Dec 2023 13:00:15 -0800
Subject: [PATCH 02/17] comments

---
 compiler-rt/lib/scudo/standalone/combined.h   | 27 +++++++++----
 .../lib/scudo/standalone/stack_depot.h        | 31 ++++++---------
 .../scudo/standalone/tests/combined_test.cpp  | 38 ++++++++++++++++++-
 3 files changed, 67 insertions(+), 29 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 11eaeb8042d8c..165b9597a7aec 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -9,6 +9,7 @@
 #ifndef SCUDO_COMBINED_H_
 #define SCUDO_COMBINED_H_
 
+#include "atomic_helpers.h"
 #include "chunk.h"
 #include "common.h"
 #include "flags.h"
@@ -967,18 +968,21 @@ class Allocator {
                            const char *RingBufferPtr, size_t RingBufferSize,
                            const char *Memory, const char *MemoryTags,
                            uintptr_t MemoryAddr, size_t MemorySize) {
+    // N.B. we need to support corrupted data in any of the buffers here. We get
+    // this information from an external process (the crashing process) that
+    // shouldn't be able to crash crash_dump.
     *ErrorInfo = {};
     if (!allocatorSupportsMemoryTagging<Config>() ||
         MemoryAddr + MemorySize < MemoryAddr)
       return;
 
-    if (DepotPtr && DepotSize < sizeof(StackDepot)) {
-      return;
-    }
-    if (DepotPtr &&
-        !reinterpret_cast<const StackDepot *>(DepotPtr)->isValid(DepotSize)) {
-      // corrupted stack depot.
-      return;
+    if (DepotPtr) {
+      // check for corrupted StackDepot. First we need to check whether we can
+      // read the metadata, then whether the metadata matches the size.
+      if (DepotSize < sizeof(StackDepot))
+        return;
+      if (!reinterpret_cast<const StackDepot *>(DepotPtr)->isValid(DepotSize))
+        return;
     }
 
     size_t NextErrorReport = 0;
@@ -1520,14 +1524,23 @@ class Allocator {
         static_cast<u32>(getFlags()->allocation_ring_buffer_size);
     // We store alloc and free stacks for each entry.
     constexpr auto kStacksPerRingBufferEntry = 2;
+    constexpr auto kMaxU32Pow2 = ~(UINT32_MAX >> 1);
+    static_assert(isPowerOfTwo(kMaxU32Pow2));
+    if (AllocationRingBufferSize > kMaxU32Pow2 / kStacksPerRingBufferEntry)
+      return;
     u32 TabSize = static_cast<u32>(roundUpPowerOfTwo(kStacksPerRingBufferEntry *
                                                      AllocationRingBufferSize));
     constexpr auto kFramesPerStack = 8;
     static_assert(isPowerOfTwo(kFramesPerStack));
+    if (TabSize > UINT32_MAX / kFramesPerStack)
+      return;
     u32 RingSize = static_cast<u32>(TabSize * kFramesPerStack);
     DCHECK(isPowerOfTwo(RingSize));
     static_assert(sizeof(StackDepot) % alignof(atomic_u64) == 0);
 
+    static_assert(sizeof(StackDepot) + UINT32_MAX * sizeof(atomic_u64) *
+                                           UINT32_MAX * sizeof(atomic_u32) <
+                  UINTPTR_MAX);
     StackDepotSize = sizeof(StackDepot) + sizeof(atomic_u64) * RingSize +
                      sizeof(atomic_u32) * TabSize;
     MemMapT DepotMap;
diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index 92d18a7ad1f2f..5eded109ccd09 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -100,42 +100,33 @@ class alignas(16) StackDepot {
   // Ensure that RingSize, RingMask and TabMask are set up in a way that
   // all accesses are within range of BufSize.
   bool isValid(uptr BufSize) const {
-    if (RingSize > UINTPTR_MAX / sizeof(atomic_u64)) {
+    if (RingSize > UINTPTR_MAX / sizeof(atomic_u64))
       return false;
-    }
-    if (RingSize == 0 || !isPowerOfTwo(RingSize)) {
+    if (RingSize == 0 || !isPowerOfTwo(RingSize))
       return false;
-    }
     uptr RingBytes = sizeof(atomic_u64) * RingSize;
-    if (RingMask + 1 != RingSize) {
+    if (RingMask + 1 != RingSize)
       return false;
-    }
 
-    if (TabMask == 0) {
+    if (TabMask == 0)
       return false;
-    }
-    if ((TabMask - 1) > UINTPTR_MAX / sizeof(atomic_u32)) {
+    if ((TabMask - 1) > UINTPTR_MAX / sizeof(atomic_u32))
       return false;
-    }
     uptr TabSize = TabMask + 1;
-    if (!isPowerOfTwo(TabSize)) {
+    if (!isPowerOfTwo(TabSize))
       return false;
-    }
     uptr TabBytes = sizeof(atomic_u32) * TabSize;
 
     // Subtract and detect underflow.
-    if (BufSize < sizeof(StackDepot)) {
+    if (BufSize < sizeof(StackDepot))
       return false;
-    }
     BufSize -= sizeof(StackDepot);
-    if (BufSize < TabBytes) {
+    if (BufSize < TabBytes)
       return false;
-    }
-    BufSize = TabBytes;
-    if (BufSize < RingBytes) {
+    BufSize -= TabBytes;
+    if (BufSize < RingBytes)
       return false;
-    }
-    return BufSize == 0;
+    return BufSize == RingBytes;
   }
 
   // Insert hash of the stack trace [Begin, End) into the stack depot, and
diff --git a/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp b/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
index 3dbd93cacefd6..80898e5a10083 100644
--- a/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
+++ b/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
@@ -7,6 +7,7 @@
 //===----------------------------------------------------------------------===//
 
 #include "memtag.h"
+#include "stack_depot.h"
 #include "tests/scudo_unit_test.h"
 
 #include "allocator_config.h"
@@ -860,8 +861,8 @@ SCUDO_TYPED_TEST(ScudoCombinedTest, ReallocateInPlaceStress) {
 SCUDO_TYPED_TEST(ScudoCombinedTest, RingBufferSize) {
   auto *Allocator = this->Allocator.get();
   auto Size = Allocator->getRingBufferSize();
-  if (Size > 0)
-    EXPECT_EQ(Allocator->getRingBufferAddress()[Size - 1], '\0');
+  ASSERT_GT(Size, 0);
+  EXPECT_EQ(Allocator->getRingBufferAddress()[Size - 1], '\0');
 }
 
 SCUDO_TYPED_TEST(ScudoCombinedTest, RingBufferAddress) {
@@ -871,6 +872,39 @@ SCUDO_TYPED_TEST(ScudoCombinedTest, RingBufferAddress) {
   EXPECT_EQ(Addr, Allocator->getRingBufferAddress());
 }
 
+SCUDO_TYPED_TEST(ScudoCombinedTest, StackDepotSize) {
+  auto *Allocator = this->Allocator.get();
+  auto Size = Allocator->getStackDepotSize();
+  ASSERT_GT(Size, 0);
+  EXPECT_EQ(Allocator->getStackDepotAddress()[Size - 1], '\0');
+}
+
+SCUDO_TYPED_TEST(ScudoCombinedTest, StackDepotAddress) {
+  auto *Allocator = this->Allocator.get();
+  auto *Addr = Allocator->getStackDepotAddress();
+  EXPECT_NE(Addr, nullptr);
+  EXPECT_EQ(Addr, Allocator->getStackDepotAddress());
+}
+
+SCUDO_TYPED_TEST(ScudoCombinedTest, StackDepot) {
+  alignas(scudo::StackDepot) char Buf[sizeof(scudo::StackDepot) +
+                                      1024 * sizeof(scudo::atomic_u64) +
+                                      1024 * sizeof(scudo::atomic_u32)] = {};
+  auto *Depot = reinterpret_cast<scudo::StackDepot *>(Buf);
+  Depot->init(1024, 1024);
+  ASSERT_TRUE(Depot->isValid(sizeof(Buf)));
+  ASSERT_FALSE(Depot->isValid(sizeof(Buf) - 1));
+  scudo::uptr Stack[] = {1, 2, 3};
+  scudo::u32 Elem = Depot->insert(Buf, &Stack[0], &Stack[3]);
+  scudo::uptr RingPosPtr = 0;
+  scudo::uptr SizePtr = 0;
+  ASSERT_TRUE(Depot->find(Buf, Elem, &RingPosPtr, &SizePtr));
+  ASSERT_EQ(SizePtr, 3);
+  EXPECT_EQ(Depot->at(Buf, RingPosPtr), 1);
+  EXPECT_EQ(Depot->at(Buf, RingPosPtr + 1), 2);
+  EXPECT_EQ(Depot->at(Buf, RingPosPtr + 2), 3);
+}
+
 #if SCUDO_CAN_USE_PRIMARY64
 #if SCUDO_TRUSTY
 

>From 2306048f6787e1bd7a0bd6071d32740da6637c17 Mon Sep 17 00:00:00 2001
From: Florian Mayer <florian.mayer at bitsrc.org>
Date: Wed, 13 Dec 2023 15:49:47 -0800
Subject: [PATCH 03/17] Update compiler-rt/lib/scudo/standalone/stack_depot.h

Co-authored-by: ChiaHungDuan <f103119 at gmail.com>
---
 compiler-rt/lib/scudo/standalone/stack_depot.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index 5eded109ccd09..a71b373959e9a 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -138,8 +138,12 @@ class alignas(16) StackDepot {
     u32 Hash = B.get();
 
     u32 Pos = Hash & TabMask;
-    u32 RingPos = atomic_load_relaxed(&Tab(RawStackDepot)[Pos]);
-    u64 Entry = atomic_load_relaxed(&Ring(RawStackDepot)[RingPos]);
+   atomic_u32 *Tab = getTab(RawStackDepot);
+   atomic_u64 *Ring = getRing(RawStackDepot);
+   u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
+   u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
+   
+   // And the following uses of Tab/Ring
     u64 Id = (u64(End - Begin) << 33) | (u64(Hash) << 1) | 1;
     if (Entry == Id)
       return Hash;

>From e2742c7916cb8ccc2ac9fedc74713907f93623d1 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Wed, 13 Dec 2023 15:53:52 -0800
Subject: [PATCH 04/17] fmt suggestion

---
 compiler-rt/lib/scudo/standalone/stack_depot.h | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index a71b373959e9a..d114e21b2bce1 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -138,12 +138,12 @@ class alignas(16) StackDepot {
     u32 Hash = B.get();
 
     u32 Pos = Hash & TabMask;
-   atomic_u32 *Tab = getTab(RawStackDepot);
-   atomic_u64 *Ring = getRing(RawStackDepot);
-   u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
-   u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
-   
-   // And the following uses of Tab/Ring
+    atomic_u32 *Tab = getTab(RawStackDepot);
+    atomic_u64 *Ring = getRing(RawStackDepot);
+    u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
+    u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
+
+    // And the following uses of Tab/Ring
     u64 Id = (u64(End - Begin) << 33) | (u64(Hash) << 1) | 1;
     if (Entry == Id)
       return Hash;

>From 9b0f845c3fe27603c6dfc4b4ef78d1c5c46ff7fb Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Wed, 13 Dec 2023 15:59:47 -0800
Subject: [PATCH 05/17] Revert "fmt suggestion"

This reverts commit 86963399a908e4317a4fa8a47b9e7bb51ee7d7a5.
---
 compiler-rt/lib/scudo/standalone/stack_depot.h | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index d114e21b2bce1..a71b373959e9a 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -138,12 +138,12 @@ class alignas(16) StackDepot {
     u32 Hash = B.get();
 
     u32 Pos = Hash & TabMask;
-    atomic_u32 *Tab = getTab(RawStackDepot);
-    atomic_u64 *Ring = getRing(RawStackDepot);
-    u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
-    u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
-
-    // And the following uses of Tab/Ring
+   atomic_u32 *Tab = getTab(RawStackDepot);
+   atomic_u64 *Ring = getRing(RawStackDepot);
+   u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
+   u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
+   
+   // And the following uses of Tab/Ring
     u64 Id = (u64(End - Begin) << 33) | (u64(Hash) << 1) | 1;
     if (Entry == Id)
       return Hash;

>From 6963f9169f619268c07b554eaa8c380d2450a557 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Wed, 13 Dec 2023 15:59:54 -0800
Subject: [PATCH 06/17] Revert "Update
 compiler-rt/lib/scudo/standalone/stack_depot.h"

This reverts commit 3ff01eacd0fe13da16b83c86abe216cdb423caef.
---
 compiler-rt/lib/scudo/standalone/stack_depot.h | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index a71b373959e9a..5eded109ccd09 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -138,12 +138,8 @@ class alignas(16) StackDepot {
     u32 Hash = B.get();
 
     u32 Pos = Hash & TabMask;
-   atomic_u32 *Tab = getTab(RawStackDepot);
-   atomic_u64 *Ring = getRing(RawStackDepot);
-   u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
-   u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
-   
-   // And the following uses of Tab/Ring
+    u32 RingPos = atomic_load_relaxed(&Tab(RawStackDepot)[Pos]);
+    u64 Entry = atomic_load_relaxed(&Ring(RawStackDepot)[RingPos]);
     u64 Id = (u64(End - Begin) << 33) | (u64(Hash) << 1) | 1;
     if (Entry == Id)
       return Hash;

>From 1f3b255967e02d1c1aa6835e79401b1df7c372ee Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 15:40:38 -0800
Subject: [PATCH 07/17] review

---
 .../lib/scudo/standalone/stack_depot.h        | 33 +++++++++++--------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index 5eded109ccd09..6c0d693f67ae7 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -69,21 +69,21 @@ class alignas(16) StackDepot {
   // This is immediately followed by RingSize atomic_u64 and
   // (TabMask + 1) atomic_u32.
 
-  atomic_u64 *Ring(char *RawStackDepot) {
+  atomic_u64 *getRing(char *RawStackDepot) {
     return reinterpret_cast<atomic_u64 *>(RawStackDepot + sizeof(StackDepot));
   }
 
-  atomic_u32 *Tab(char *RawStackDepot) {
+  atomic_u32 *getTab(char *RawStackDepot) {
     return reinterpret_cast<atomic_u32 *>(RawStackDepot + sizeof(StackDepot) +
                                           sizeof(atomic_u64) * RingSize);
   }
 
-  const atomic_u64 *Ring(const char *RawStackDepot) const {
+  const atomic_u64 *getRing(const char *RawStackDepot) const {
     return reinterpret_cast<const atomic_u64 *>(RawStackDepot +
                                                 sizeof(StackDepot));
   }
 
-  const atomic_u32 *Tab(const char *RawStackDepot) const {
+  const atomic_u32 *getTab(const char *RawStackDepot) const {
     return reinterpret_cast<const atomic_u32 *>(
         RawStackDepot + sizeof(StackDepot) + sizeof(atomic_u64) * RingSize);
   }
@@ -132,25 +132,28 @@ class alignas(16) StackDepot {
   // Insert hash of the stack trace [Begin, End) into the stack depot, and
   // return the hash.
   u32 insert(char *RawStackDepot, uptr *Begin, uptr *End) {
+    auto *Tab = getTab(RawStackDepot);
+    auto *Ring = getRing(RawStackDepot);
+
     MurMur2HashBuilder B;
     for (uptr *I = Begin; I != End; ++I)
       B.add(u32(*I) >> 2);
     u32 Hash = B.get();
 
     u32 Pos = Hash & TabMask;
-    u32 RingPos = atomic_load_relaxed(&Tab(RawStackDepot)[Pos]);
-    u64 Entry = atomic_load_relaxed(&Ring(RawStackDepot)[RingPos]);
+    u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
+    u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
     u64 Id = (u64(End - Begin) << 33) | (u64(Hash) << 1) | 1;
     if (Entry == Id)
       return Hash;
 
     ScopedLock Lock(RingEndMu);
     RingPos = RingEnd;
-    atomic_store_relaxed(&Tab(RawStackDepot)[Pos], RingPos);
-    atomic_store_relaxed(&Ring(RawStackDepot)[RingPos], Id);
+    atomic_store_relaxed(&Tab[Pos], RingPos);
+    atomic_store_relaxed(&Ring[RingPos], Id);
     for (uptr *I = Begin; I != End; ++I) {
       RingPos = (RingPos + 1) & RingMask;
-      atomic_store_relaxed(&Ring(RawStackDepot)[RingPos], *I);
+      atomic_store_relaxed(&Ring[RingPos], *I);
     }
     RingEnd = (RingPos + 1) & RingMask;
     return Hash;
@@ -161,11 +164,14 @@ class alignas(16) StackDepot {
   // *RingPosPtr + *SizePtr.
   bool find(const char *RawStackDepot, u32 Hash, uptr *RingPosPtr,
             uptr *SizePtr) const {
+    auto *Tab = getTab(RawStackDepot);
+    auto *Ring = getRing(RawStackDepot);
+
     u32 Pos = Hash & TabMask;
-    u32 RingPos = atomic_load_relaxed(&Tab(RawStackDepot)[Pos]);
+    u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
     if (RingPos >= RingSize)
       return false;
-    u64 Entry = atomic_load_relaxed(&Ring(RawStackDepot)[RingPos]);
+    u64 Entry = atomic_load_relaxed(&Ring[RingPos]);
     u64 HashWithTagBit = (u64(Hash) << 1) | 1;
     if ((Entry & 0x1ffffffff) != HashWithTagBit)
       return false;
@@ -177,13 +183,14 @@ class alignas(16) StackDepot {
     MurMur2HashBuilder B;
     for (uptr I = 0; I != Size; ++I) {
       RingPos = (RingPos + 1) & RingMask;
-      B.add(u32(atomic_load_relaxed(&Ring(RawStackDepot)[RingPos])) >> 2);
+      B.add(u32(atomic_load_relaxed(&Ring[RingPos])) >> 2);
     }
     return B.get() == Hash;
   }
 
   u64 at(const char *RawStackDepot, uptr RingPos) const {
-    return atomic_load_relaxed(&Ring(RawStackDepot)[RingPos & RingMask]);
+    auto *Ring = getRing(RawStackDepot);
+    return atomic_load_relaxed(&Ring[RingPos & RingMask]);
   }
 
   // This is done for the purpose of fork safety in multithreaded programs and

>From d1726b17a2ed3c4e6c8168435c3ee45e4646b468 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 16:20:33 -0800
Subject: [PATCH 08/17] rearrange

---
 compiler-rt/lib/scudo/standalone/combined.h | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 165b9597a7aec..d7fcc06f43258 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -1522,25 +1522,33 @@ class Allocator {
       return;
     u32 AllocationRingBufferSize =
         static_cast<u32>(getFlags()->allocation_ring_buffer_size);
+
     // We store alloc and free stacks for each entry.
     constexpr auto kStacksPerRingBufferEntry = 2;
     constexpr auto kMaxU32Pow2 = ~(UINT32_MAX >> 1);
     static_assert(isPowerOfTwo(kMaxU32Pow2));
+    constexpr auto kFramesPerStack = 8;
+    static_assert(isPowerOfTwo(kFramesPerStack));
+
+    // We need StackDepot to be aligned to 8-bytes so the ring we st ore after
+    // is correctly assigned.
+    static_assert(sizeof(StackDepot) % alignof(atomic_u64) == 0);
+
+    // Make sure the maximum sized StackDepot fits withint a uintptr_t to
+    // simplify the overflow checking.
+    static_assert(sizeof(StackDepot) + UINT32_MAX * sizeof(atomic_u64) *
+                                           UINT32_MAX * sizeof(atomic_u32) <
+                  UINTPTR_MAX);
+
     if (AllocationRingBufferSize > kMaxU32Pow2 / kStacksPerRingBufferEntry)
       return;
     u32 TabSize = static_cast<u32>(roundUpPowerOfTwo(kStacksPerRingBufferEntry *
                                                      AllocationRingBufferSize));
-    constexpr auto kFramesPerStack = 8;
-    static_assert(isPowerOfTwo(kFramesPerStack));
     if (TabSize > UINT32_MAX / kFramesPerStack)
       return;
     u32 RingSize = static_cast<u32>(TabSize * kFramesPerStack);
     DCHECK(isPowerOfTwo(RingSize));
-    static_assert(sizeof(StackDepot) % alignof(atomic_u64) == 0);
 
-    static_assert(sizeof(StackDepot) + UINT32_MAX * sizeof(atomic_u64) *
-                                           UINT32_MAX * sizeof(atomic_u32) <
-                  UINTPTR_MAX);
     StackDepotSize = sizeof(StackDepot) + sizeof(atomic_u64) * RingSize +
                      sizeof(atomic_u32) * TabSize;
     MemMapT DepotMap;

>From 5d1fef98f04e5c7366614070ed57dbb709a21a8e Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 16:41:12 -0800
Subject: [PATCH 09/17] typo

---
 compiler-rt/lib/scudo/standalone/combined.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index d7fcc06f43258..c500e44ff714c 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -1530,7 +1530,7 @@ class Allocator {
     constexpr auto kFramesPerStack = 8;
     static_assert(isPowerOfTwo(kFramesPerStack));
 
-    // We need StackDepot to be aligned to 8-bytes so the ring we st ore after
+    // We need StackDepot to be aligned to 8-bytes so the ring we store after
     // is correctly assigned.
     static_assert(sizeof(StackDepot) % alignof(atomic_u64) == 0);
 

>From 0941ea6dd27c15287c7c113781750e2310393a62 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 17:15:02 -0800
Subject: [PATCH 10/17] review

---
 compiler-rt/lib/scudo/standalone/combined.h   | 27 +++++++------
 .../lib/scudo/standalone/stack_depot.h        | 38 ++++++++++---------
 .../scudo/standalone/tests/combined_test.cpp  | 10 ++---
 3 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index c500e44ff714c..d2d788060d9da 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -291,9 +291,8 @@ class Allocator {
     uptr Size =
         android_unsafe_frame_pointer_chase(Stack, MaxTraceSize + DiscardFrames);
     Size = Min<uptr>(Size, MaxTraceSize + DiscardFrames);
-    return reinterpret_cast<StackDepot *>(RawStackDepot)
-        ->insert(RawStackDepot, Stack + Min<uptr>(DiscardFrames, Size),
-                 Stack + Size);
+    return StackDepot->insert(Stack + Min<uptr>(DiscardFrames, Size),
+                              Stack + Size);
 #else
     return 0;
 #endif
@@ -924,7 +923,7 @@ class Allocator {
 
   const char *getStackDepotAddress() {
     initThreadMaybe();
-    return RawStackDepot;
+    return reinterpret_cast<char *>(StackDepot);
   }
 
   uptr getStackDepotSize() {
@@ -954,12 +953,12 @@ class Allocator {
 
   static void collectTraceMaybe(const char *RawStackDepot,
                                 uintptr_t (&Trace)[MaxTraceSize], u32 Hash) {
-    auto *Depot = reinterpret_cast<const StackDepot *>(RawStackDepot);
+    auto *Depot = reinterpret_cast<const class StackDepot *>(RawStackDepot);
     uptr RingPos, Size;
-    if (!Depot->find(RawStackDepot, Hash, &RingPos, &Size))
+    if (!Depot->find(Hash, &RingPos, &Size))
       return;
     for (unsigned I = 0; I != Size && I != MaxTraceSize; ++I)
-      Trace[I] = static_cast<uintptr_t>(Depot->at(RawStackDepot, RingPos + I));
+      Trace[I] = static_cast<uintptr_t>(Depot->at(RingPos + I));
   }
 
   static void getErrorInfo(struct scudo_error_info *ErrorInfo,
@@ -981,7 +980,8 @@ class Allocator {
       // read the metadata, then whether the metadata matches the size.
       if (DepotSize < sizeof(StackDepot))
         return;
-      if (!reinterpret_cast<const StackDepot *>(DepotPtr)->isValid(DepotSize))
+      if (!reinterpret_cast<const class StackDepot *>(DepotPtr)->isValid(
+              DepotSize))
         return;
     }
 
@@ -1050,7 +1050,7 @@ class Allocator {
   uptr GuardedAllocSlotSize = 0;
 #endif // GWP_ASAN_HOOKS
 
-  char *RawStackDepot = nullptr;
+  StackDepot *StackDepot = nullptr;
   uptr StackDepotSize = 0;
   MemMapT RawStackDepotMap;
 
@@ -1555,10 +1555,9 @@ class Allocator {
     DepotMap.map(
         /*Addr=*/0U, roundUp(StackDepotSize, getPageSizeCached()),
         "scudo:stack_depot");
-    RawStackDepot = reinterpret_cast<char *>(DepotMap.getBase());
-    auto *Depot = reinterpret_cast<StackDepot *>(DepotMap.getBase());
-    Depot->init(RingSize, TabSize);
-    DCHECK(Depot->isValid(StackDepotSize));
+    StackDepot = reinterpret_cast<class StackDepot *>(DepotMap.getBase());
+    StackDepot->init(RingSize, TabSize);
+    DCHECK(StackDepot->isValid(StackDepotSize));
     RawStackDepotMap = DepotMap;
 
     MemMapT MemMap;
@@ -1583,7 +1582,7 @@ class Allocator {
                              RawRingBufferMap.getCapacity());
     }
     RawRingBuffer = nullptr;
-    if (RawStackDepot) {
+    if (StackDepot) {
       RawStackDepotMap.unmap(RawStackDepotMap.getBase(),
                              RawStackDepotMap.getCapacity());
     }
diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index 6c0d693f67ae7..8fe67ec0d54c4 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -69,23 +69,26 @@ class alignas(16) StackDepot {
   // This is immediately followed by RingSize atomic_u64 and
   // (TabMask + 1) atomic_u32.
 
-  atomic_u64 *getRing(char *RawStackDepot) {
-    return reinterpret_cast<atomic_u64 *>(RawStackDepot + sizeof(StackDepot));
+  atomic_u64 *getRing() {
+    return reinterpret_cast<atomic_u64 *>(reinterpret_cast<char *>(this) +
+                                          sizeof(StackDepot));
   }
 
-  atomic_u32 *getTab(char *RawStackDepot) {
-    return reinterpret_cast<atomic_u32 *>(RawStackDepot + sizeof(StackDepot) +
+  atomic_u32 *getTab() {
+    return reinterpret_cast<atomic_u32 *>(reinterpret_cast<char *>(this) +
+                                          sizeof(StackDepot) +
                                           sizeof(atomic_u64) * RingSize);
   }
 
-  const atomic_u64 *getRing(const char *RawStackDepot) const {
-    return reinterpret_cast<const atomic_u64 *>(RawStackDepot +
-                                                sizeof(StackDepot));
+  const atomic_u64 *getRing() const {
+    return reinterpret_cast<const atomic_u64 *>(
+        reinterpret_cast<const char *>(this) + sizeof(StackDepot));
   }
 
-  const atomic_u32 *getTab(const char *RawStackDepot) const {
+  const atomic_u32 *getTab() const {
     return reinterpret_cast<const atomic_u32 *>(
-        RawStackDepot + sizeof(StackDepot) + sizeof(atomic_u64) * RingSize);
+        reinterpret_cast<const char *>(this) + sizeof(StackDepot) +
+        sizeof(atomic_u64) * RingSize);
   }
 
 public:
@@ -131,9 +134,9 @@ class alignas(16) StackDepot {
 
   // Insert hash of the stack trace [Begin, End) into the stack depot, and
   // return the hash.
-  u32 insert(char *RawStackDepot, uptr *Begin, uptr *End) {
-    auto *Tab = getTab(RawStackDepot);
-    auto *Ring = getRing(RawStackDepot);
+  u32 insert(uptr *Begin, uptr *End) {
+    auto *Tab = getTab();
+    auto *Ring = getRing();
 
     MurMur2HashBuilder B;
     for (uptr *I = Begin; I != End; ++I)
@@ -162,10 +165,9 @@ class alignas(16) StackDepot {
   // Look up a stack trace by hash. Returns true if successful. The trace may be
   // accessed via operator[] passing indexes between *RingPosPtr and
   // *RingPosPtr + *SizePtr.
-  bool find(const char *RawStackDepot, u32 Hash, uptr *RingPosPtr,
-            uptr *SizePtr) const {
-    auto *Tab = getTab(RawStackDepot);
-    auto *Ring = getRing(RawStackDepot);
+  bool find(u32 Hash, uptr *RingPosPtr, uptr *SizePtr) const {
+    auto *Tab = getTab();
+    auto *Ring = getRing();
 
     u32 Pos = Hash & TabMask;
     u32 RingPos = atomic_load_relaxed(&Tab[Pos]);
@@ -188,8 +190,8 @@ class alignas(16) StackDepot {
     return B.get() == Hash;
   }
 
-  u64 at(const char *RawStackDepot, uptr RingPos) const {
-    auto *Ring = getRing(RawStackDepot);
+  u64 at(uptr RingPos) const {
+    auto *Ring = getRing();
     return atomic_load_relaxed(&Ring[RingPos & RingMask]);
   }
 
diff --git a/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp b/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
index 80898e5a10083..cd9200793754a 100644
--- a/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
+++ b/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
@@ -895,14 +895,14 @@ SCUDO_TYPED_TEST(ScudoCombinedTest, StackDepot) {
   ASSERT_TRUE(Depot->isValid(sizeof(Buf)));
   ASSERT_FALSE(Depot->isValid(sizeof(Buf) - 1));
   scudo::uptr Stack[] = {1, 2, 3};
-  scudo::u32 Elem = Depot->insert(Buf, &Stack[0], &Stack[3]);
+  scudo::u32 Elem = Depot->insert(&Stack[0], &Stack[3]);
   scudo::uptr RingPosPtr = 0;
   scudo::uptr SizePtr = 0;
-  ASSERT_TRUE(Depot->find(Buf, Elem, &RingPosPtr, &SizePtr));
+  ASSERT_TRUE(Depot->find(Elem, &RingPosPtr, &SizePtr));
   ASSERT_EQ(SizePtr, 3);
-  EXPECT_EQ(Depot->at(Buf, RingPosPtr), 1);
-  EXPECT_EQ(Depot->at(Buf, RingPosPtr + 1), 2);
-  EXPECT_EQ(Depot->at(Buf, RingPosPtr + 2), 3);
+  EXPECT_EQ(Depot->at(RingPosPtr), 1);
+  EXPECT_EQ(Depot->at(RingPosPtr + 1), 2);
+  EXPECT_EQ(Depot->at(RingPosPtr + 2), 3);
 }
 
 #if SCUDO_CAN_USE_PRIMARY64

>From 560e91a710804feeca75b6df9670143e8644f155 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 17:17:30 -0800
Subject: [PATCH 11/17] simplify

---
 compiler-rt/lib/scudo/standalone/combined.h | 27 ++++++++++-----------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index d2d788060d9da..3b6fb4340f33f 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -923,7 +923,7 @@ class Allocator {
 
   const char *getStackDepotAddress() {
     initThreadMaybe();
-    return reinterpret_cast<char *>(StackDepot);
+    return reinterpret_cast<char *>(Depot);
   }
 
   uptr getStackDepotSize() {
@@ -953,7 +953,7 @@ class Allocator {
 
   static void collectTraceMaybe(const char *RawStackDepot,
                                 uintptr_t (&Trace)[MaxTraceSize], u32 Hash) {
-    auto *Depot = reinterpret_cast<const class StackDepot *>(RawStackDepot);
+    auto *Depot = reinterpret_cast<const StackDepot *>(RawStackDepot);
     uptr RingPos, Size;
     if (!Depot->find(Hash, &RingPos, &Size))
       return;
@@ -978,10 +978,9 @@ class Allocator {
     if (DepotPtr) {
       // check for corrupted StackDepot. First we need to check whether we can
       // read the metadata, then whether the metadata matches the size.
-      if (DepotSize < sizeof(StackDepot))
+      if (DepotSize < sizeof(Depot))
         return;
-      if (!reinterpret_cast<const class StackDepot *>(DepotPtr)->isValid(
-              DepotSize))
+      if (!reinterpret_cast<const StackDepot *>(DepotPtr)->isValid(DepotSize))
         return;
     }
 
@@ -1050,7 +1049,7 @@ class Allocator {
   uptr GuardedAllocSlotSize = 0;
 #endif // GWP_ASAN_HOOKS
 
-  StackDepot *StackDepot = nullptr;
+  StackDepot *Depot = nullptr;
   uptr StackDepotSize = 0;
   MemMapT RawStackDepotMap;
 
@@ -1532,12 +1531,12 @@ class Allocator {
 
     // We need StackDepot to be aligned to 8-bytes so the ring we store after
     // is correctly assigned.
-    static_assert(sizeof(StackDepot) % alignof(atomic_u64) == 0);
+    static_assert(sizeof(Depot) % alignof(atomic_u64) == 0);
 
     // Make sure the maximum sized StackDepot fits withint a uintptr_t to
     // simplify the overflow checking.
-    static_assert(sizeof(StackDepot) + UINT32_MAX * sizeof(atomic_u64) *
-                                           UINT32_MAX * sizeof(atomic_u32) <
+    static_assert(sizeof(Depot) + UINT32_MAX * sizeof(atomic_u64) * UINT32_MAX *
+                                      sizeof(atomic_u32) <
                   UINTPTR_MAX);
 
     if (AllocationRingBufferSize > kMaxU32Pow2 / kStacksPerRingBufferEntry)
@@ -1549,15 +1548,15 @@ class Allocator {
     u32 RingSize = static_cast<u32>(TabSize * kFramesPerStack);
     DCHECK(isPowerOfTwo(RingSize));
 
-    StackDepotSize = sizeof(StackDepot) + sizeof(atomic_u64) * RingSize +
+    StackDepotSize = sizeof(Depot) + sizeof(atomic_u64) * RingSize +
                      sizeof(atomic_u32) * TabSize;
     MemMapT DepotMap;
     DepotMap.map(
         /*Addr=*/0U, roundUp(StackDepotSize, getPageSizeCached()),
         "scudo:stack_depot");
-    StackDepot = reinterpret_cast<class StackDepot *>(DepotMap.getBase());
-    StackDepot->init(RingSize, TabSize);
-    DCHECK(StackDepot->isValid(StackDepotSize));
+    Depot = reinterpret_cast<StackDepot *>(DepotMap.getBase());
+    Depot->init(RingSize, TabSize);
+    DCHECK(Depot->isValid(StackDepotSize));
     RawStackDepotMap = DepotMap;
 
     MemMapT MemMap;
@@ -1582,7 +1581,7 @@ class Allocator {
                              RawRingBufferMap.getCapacity());
     }
     RawRingBuffer = nullptr;
-    if (StackDepot) {
+    if (Depot) {
       RawStackDepotMap.unmap(RawStackDepotMap.getBase(),
                              RawStackDepotMap.getCapacity());
     }

>From 5962e7df4413044427a00a4798553c5f6bd12da8 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 17:22:30 -0800
Subject: [PATCH 12/17] fix

---
 compiler-rt/lib/scudo/standalone/combined.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 3b6fb4340f33f..98958450921df 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -291,8 +291,8 @@ class Allocator {
     uptr Size =
         android_unsafe_frame_pointer_chase(Stack, MaxTraceSize + DiscardFrames);
     Size = Min<uptr>(Size, MaxTraceSize + DiscardFrames);
-    return StackDepot->insert(Stack + Min<uptr>(DiscardFrames, Size),
-                              Stack + Size);
+    return Depot->insert(Stack + Min<uptr>(DiscardFrames, Size),
+                         Stack + Size);
 #else
     return 0;
 #endif

>From 2b902f8a178627b38b0838e000463ed4b48cb4a8 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 17:25:27 -0800
Subject: [PATCH 13/17] comment

---
 compiler-rt/lib/scudo/standalone/combined.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 98958450921df..0d6f25d4a004e 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -969,7 +969,8 @@ class Allocator {
                            uintptr_t MemoryAddr, size_t MemorySize) {
     // N.B. we need to support corrupted data in any of the buffers here. We get
     // this information from an external process (the crashing process) that
-    // shouldn't be able to crash crash_dump.
+    // should not be able to crash the crash dumper (crash_dump on Android).
+    // See also the get_error_info_fuzzer.
     *ErrorInfo = {};
     if (!allocatorSupportsMemoryTagging<Config>() ||
         MemoryAddr + MemorySize < MemoryAddr)

>From 02c7cb094b8117e5e42626f1513107102e229d80 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 17:31:41 -0800
Subject: [PATCH 14/17] fix

---
 compiler-rt/lib/scudo/standalone/combined.h | 30 ++++++++++-----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 0d6f25d4a004e..5b9b5d1442637 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -951,9 +951,8 @@ class Allocator {
 
   static const uptr MaxTraceSize = 64;
 
-  static void collectTraceMaybe(const char *RawStackDepot,
+  static void collectTraceMaybe(const StackDepot *Depot,
                                 uintptr_t (&Trace)[MaxTraceSize], u32 Hash) {
-    auto *Depot = reinterpret_cast<const StackDepot *>(RawStackDepot);
     uptr RingPos, Size;
     if (!Depot->find(Hash, &RingPos, &Size))
       return;
@@ -976,12 +975,14 @@ class Allocator {
         MemoryAddr + MemorySize < MemoryAddr)
       return;
 
+    const StackDepot *Depot = nullptr;
     if (DepotPtr) {
       // check for corrupted StackDepot. First we need to check whether we can
       // read the metadata, then whether the metadata matches the size.
-      if (DepotSize < sizeof(Depot))
+      if (DepotSize < sizeof(*Depot))
         return;
-      if (!reinterpret_cast<const StackDepot *>(DepotPtr)->isValid(DepotSize))
+      Depot = reinterpret_cast<const StackDepot *>(DepotPtr);
+      if (!Depot->isValid(DepotSize))
         return;
     }
 
@@ -990,19 +991,19 @@ class Allocator {
     // Check for OOB in the current block and the two surrounding blocks. Beyond
     // that, UAF is more likely.
     if (extractTag(FaultAddr) != 0)
-      getInlineErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, DepotPtr,
+      getInlineErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, Depot,
                          RegionInfoPtr, Memory, MemoryTags, MemoryAddr,
                          MemorySize, 0, 2);
 
     // Check the ring buffer. For primary allocations this will only find UAF;
     // for secondary allocations we can find either UAF or OOB.
-    getRingBufferErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, DepotPtr,
+    getRingBufferErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, Depot,
                            RingBufferPtr, RingBufferSize);
 
     // Check for OOB in the 28 blocks surrounding the 3 we checked earlier.
     // Beyond that we are likely to hit false positives.
     if (extractTag(FaultAddr) != 0)
-      getInlineErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, DepotPtr,
+      getInlineErrorInfo(ErrorInfo, NextErrorReport, FaultAddr, Depot,
                          RegionInfoPtr, Memory, MemoryTags, MemoryAddr,
                          MemorySize, 2, 16);
   }
@@ -1340,7 +1341,7 @@ class Allocator {
 
   static void getInlineErrorInfo(struct scudo_error_info *ErrorInfo,
                                  size_t &NextErrorReport, uintptr_t FaultAddr,
-                                 const char *RawStackDepot,
+                                 const StackDepot *Depot,
                                  const char *RegionInfoPtr, const char *Memory,
                                  const char *MemoryTags, uintptr_t MemoryAddr,
                                  size_t MemorySize, size_t MinDistance,
@@ -1405,8 +1406,8 @@ class Allocator {
           UntaggedFaultAddr < ChunkAddr ? BUFFER_UNDERFLOW : BUFFER_OVERFLOW;
       R->allocation_address = ChunkAddr;
       R->allocation_size = Header.SizeOrUnusedBytes;
-      if (RawStackDepot) {
-        collectTraceMaybe(RawStackDepot, R->allocation_trace,
+      if (Depot) {
+        collectTraceMaybe(Depot, R->allocation_trace,
                           Data[MemTagAllocationTraceIndex]);
       }
       R->allocation_tid = Data[MemTagAllocationTidIndex];
@@ -1425,13 +1426,13 @@ class Allocator {
   static void getRingBufferErrorInfo(struct scudo_error_info *ErrorInfo,
                                      size_t &NextErrorReport,
                                      uintptr_t FaultAddr,
-                                     const char *RawStackDepot,
+                                     const StackDepot *Depot,
                                      const char *RingBufferPtr,
                                      size_t RingBufferSize) {
     auto *RingBuffer =
         reinterpret_cast<const AllocationRingBuffer *>(RingBufferPtr);
     size_t RingBufferElements = ringBufferElementsFromBytes(RingBufferSize);
-    if (!RingBuffer || RingBufferElements == 0 || !RawStackDepot)
+    if (!RingBuffer || RingBufferElements == 0 || !Depot)
       return;
     uptr Pos = atomic_load_relaxed(&RingBuffer->Pos);
 
@@ -1490,10 +1491,9 @@ class Allocator {
 
       R->allocation_address = UntaggedEntryPtr;
       R->allocation_size = EntrySize;
-      collectTraceMaybe(RawStackDepot, R->allocation_trace, AllocationTrace);
+      collectTraceMaybe(Depot, R->allocation_trace, AllocationTrace);
       R->allocation_tid = AllocationTid;
-      collectTraceMaybe(RawStackDepot, R->deallocation_trace,
-                        DeallocationTrace);
+      collectTraceMaybe(Depot, R->deallocation_trace, DeallocationTrace);
       R->deallocation_tid = DeallocationTid;
     }
   }

>From cdeefa9d98c76da046401dd95533ebb703bab8a0 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Tue, 23 Jan 2024 17:33:59 -0800
Subject: [PATCH 15/17] fmt

---
 compiler-rt/lib/scudo/standalone/combined.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 5b9b5d1442637..392d9a7d8b8b7 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -291,8 +291,7 @@ class Allocator {
     uptr Size =
         android_unsafe_frame_pointer_chase(Stack, MaxTraceSize + DiscardFrames);
     Size = Min<uptr>(Size, MaxTraceSize + DiscardFrames);
-    return Depot->insert(Stack + Min<uptr>(DiscardFrames, Size),
-                         Stack + Size);
+    return Depot->insert(Stack + Min<uptr>(DiscardFrames, Size), Stack + Size);
 #else
     return 0;
 #endif

>From c5b09455b10322a16abcca6351cb8d6cfe12577c Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Thu, 25 Jan 2024 12:08:33 -0800
Subject: [PATCH 16/17] depotcheck

---
 compiler-rt/lib/scudo/standalone/combined.h | 29 ++++++++++++---------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 392d9a7d8b8b7..d5848711977a7 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -283,7 +283,7 @@ class Allocator {
     return reinterpret_cast<void *>(addHeaderTag(reinterpret_cast<uptr>(Ptr)));
   }
 
-  NOINLINE u32 collectStackTrace() {
+  NOINLINE u32 collectStackTrace(StackDepot *Depot) {
 #ifdef HAVE_ANDROID_UNSAFE_FRAME_POINTER_CHASE
     // Discard collectStackTrace() frame and allocator function frame.
     constexpr uptr DiscardFrames = 2;
@@ -293,6 +293,7 @@ class Allocator {
     Size = Min<uptr>(Size, MaxTraceSize + DiscardFrames);
     return Depot->insert(Stack + Min<uptr>(DiscardFrames, Size), Stack + Size);
 #else
+    (void)(Depot);
     return 0;
 #endif
   }
@@ -1267,12 +1268,18 @@ class Allocator {
     storeEndMarker(RoundNewPtr, NewSize, BlockEnd);
   }
 
+  StackDepot *getDepotIfEnabled(const Options &Options) {
+    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)))
+      return nullptr;
+    return Depot;
+  }
+
   void storePrimaryAllocationStackMaybe(const Options &Options, void *Ptr) {
-    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)) ||
-        !RawRingBuffer)
+    auto *Depot = getDepotIfEnabled(Options);
+    if (!Depot)
       return;
     auto *Ptr32 = reinterpret_cast<u32 *>(Ptr);
-    Ptr32[MemTagAllocationTraceIndex] = collectStackTrace();
+    Ptr32[MemTagAllocationTraceIndex] = collectStackTrace(Depot);
     Ptr32[MemTagAllocationTidIndex] = getThreadID();
   }
 
@@ -1302,11 +1309,10 @@ class Allocator {
 
   void storeSecondaryAllocationStackMaybe(const Options &Options, void *Ptr,
                                           uptr Size) {
-    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)) ||
-        !RawRingBuffer)
+    auto *Depot = getDepotIfEnabled(Options);
+    if (!Depot)
       return;
-
-    u32 Trace = collectStackTrace();
+    u32 Trace = collectStackTrace(Depot);
     u32 Tid = getThreadID();
 
     auto *Ptr32 = reinterpret_cast<u32 *>(Ptr);
@@ -1318,15 +1324,14 @@ class Allocator {
 
   void storeDeallocationStackMaybe(const Options &Options, void *Ptr,
                                    u8 PrevTag, uptr Size) {
-    if (!UNLIKELY(Options.get(OptionBit::TrackAllocationStacks)) ||
-        !RawRingBuffer)
+    auto *Depot = getDepotIfEnabled(Options);
+    if (!Depot)
       return;
-
     auto *Ptr32 = reinterpret_cast<u32 *>(Ptr);
     u32 AllocationTrace = Ptr32[MemTagAllocationTraceIndex];
     u32 AllocationTid = Ptr32[MemTagAllocationTidIndex];
 
-    u32 DeallocationTrace = collectStackTrace();
+    u32 DeallocationTrace = collectStackTrace(Depot);
     u32 DeallocationTid = getThreadID();
 
     storeRingBufferEntry(addFixedTag(untagPointer(Ptr), PrevTag),

>From 353169f783053e187edc3e63d0474c067976521e Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Mon, 5 Feb 2024 15:09:40 -0800
Subject: [PATCH 17/17] comments + rebase

---
 compiler-rt/lib/scudo/standalone/combined.h | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index d5848711977a7..2c435bedaba6f 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -283,7 +283,7 @@ class Allocator {
     return reinterpret_cast<void *>(addHeaderTag(reinterpret_cast<uptr>(Ptr)));
   }
 
-  NOINLINE u32 collectStackTrace(StackDepot *Depot) {
+  NOINLINE u32 collectStackTrace(UNUSED StackDepot *Depot) {
 #ifdef HAVE_ANDROID_UNSAFE_FRAME_POINTER_CHASE
     // Discard collectStackTrace() frame and allocator function frame.
     constexpr uptr DiscardFrames = 2;
@@ -293,7 +293,6 @@ class Allocator {
     Size = Min<uptr>(Size, MaxTraceSize + DiscardFrames);
     return Depot->insert(Stack + Min<uptr>(DiscardFrames, Size), Stack + Size);
 #else
-    (void)(Depot);
     return 0;
 #endif
   }
@@ -693,12 +692,12 @@ class Allocator {
     Quarantine.disable();
     Primary.disable();
     Secondary.disable();
-    Depot.disable();
+    Depot->disable();
   }
 
   void enable() NO_THREAD_SAFETY_ANALYSIS {
     initThreadMaybe();
-    Depot.enable();
+    Depot->enable();
     Secondary.enable();
     Primary.enable();
     Quarantine.enable();
@@ -1528,10 +1527,10 @@ class Allocator {
         static_cast<u32>(getFlags()->allocation_ring_buffer_size);
 
     // We store alloc and free stacks for each entry.
-    constexpr auto kStacksPerRingBufferEntry = 2;
-    constexpr auto kMaxU32Pow2 = ~(UINT32_MAX >> 1);
+    constexpr u32 kStacksPerRingBufferEntry = 2;
+    constexpr u32 kMaxU32Pow2 = ~(UINT32_MAX >> 1);
     static_assert(isPowerOfTwo(kMaxU32Pow2));
-    constexpr auto kFramesPerStack = 8;
+    constexpr u32 kFramesPerStack = 8;
     static_assert(isPowerOfTwo(kFramesPerStack));
 
     // We need StackDepot to be aligned to 8-bytes so the ring we store after
@@ -1561,7 +1560,6 @@ class Allocator {
         "scudo:stack_depot");
     Depot = reinterpret_cast<StackDepot *>(DepotMap.getBase());
     Depot->init(RingSize, TabSize);
-    DCHECK(Depot->isValid(StackDepotSize));
     RawStackDepotMap = DepotMap;
 
     MemMapT MemMap;



More information about the llvm-commits mailing list