[compiler-rt] [tsan] Fix ASLR edge case, and improve diagnostics (PR #97125)
Thurston Dang via llvm-commits
llvm-commits at lists.llvm.org
Sun Jun 30 15:03:03 PDT 2024
thurstond wrote:
Back-of-the-envelope calculation of why it occurs roughly 1 in 3 million executions:
1. The chance of an execution having a compatible address space layout is (size of TSan PIE binaries region / max ASLR shift) * (size of TSan PIE libraries region / max ASLR shift) = `(4.67TB / (2**32 * 4KB)) * (6TB / (2**32 * 4KB))` = `(4.67TB / 16TB) * (6TB / 16TB)` = 10.95%.
We can observe this empirically:
```
export TSAN_OPTIONS=verbosity=2
(for f in `seq 1 10000`; do ./empty 2>&1 | grep 'fixed virtual address'; done) | wc -l
```
2. The "minor allocations" are 18MB, at the bottom of the libraries region. Conditional on 1., the amount of "free" space at the bottom of the libraries region is roughly uniform in [0MB, 6TB] (this is not quite true because libc, other libraries, the stack etc. take up space too, but close enough). The chance that there is less than 18MB available at the bottom of the libraries region is 18MB / 6TB = 3 in 1,000,000.
3. The overall probability is 10.95% * (3 in 1,000,000) = ~1 in 3,000,000.
https://github.com/llvm/llvm-project/pull/97125
More information about the llvm-commits
mailing list