[compiler-rt] [TSan] Make Shadow/Meta region inclusive-exclusive (PR #144647)
Kunqiu Chen via llvm-commits
llvm-commits at lists.llvm.org
Wed Jun 18 02:04:17 PDT 2025
https://github.com/Camsyn updated https://github.com/llvm/llvm-project/pull/144647
>From 5d8750f959b2c5e262f435f3f060504493e764fb Mon Sep 17 00:00:00 2001
From: Camsyn <camsyn at foxmail.com>
Date: Sat, 14 Jun 2025 23:32:23 +0800
Subject: [PATCH 1/2] [TSan] Make Shadow/Meta region inclusive-exclusive
This commit changes the interval shadow/meta address check from
inclusive-inclusive ( [start, end] ) to inclusive-exclusive
( [start, end) ), to resolve the ambiguity of the end point address.
This also aligns the logic with the check for `isAppMem`, ensuring
consistent behavior across all memory classifications.
1. The `isShadowMem` and `isMetaMem` checks previously used an
inclusive-inclusive interval, i.e., [start, end], which could lead to
a boundary address being incorrectly classified as both Shadow and
Meta memory, e.g., 0x3000_0000_0000 in `Mapping48AddressSpace`.
- What's more, even when Shadow doesn't border Meta,
`ShadowMem::end` cannot be considered a legal shadow address, as
TSan protects the gap, i.e.,
`ProtectRange(ShadowEnd(), MetaShadowBeg());`
2. `ShadowMem`/`MetaMem` addresses are derived from `AppMem` using an
affine-like transformation (`* factor + bias`). This transformation
includes two extra modifications: high- and low-order bits are masked
out, and for Shadow Memory, an optional XOR operation may be applied to
prevent conflicts with certain AppMem regions.
- Given that all AppMem regions are defined as inclusive-exclusive
intervals, $[\mathrm{start}, \mathrm{end})$, the resulting
Shadow/Meta regions should logically also be inclusive-exclusive.
Note: This change is purely for improving code consistency and should
have no functional impact. In practice, the exact endpoint addresses of
the Shadow/Meta regions are generally not reached.
---
compiler-rt/lib/tsan/rtl/tsan_platform.h | 4 ++--
compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/compiler-rt/lib/tsan/rtl/tsan_platform.h b/compiler-rt/lib/tsan/rtl/tsan_platform.h
index 354f6da6a64a1..ada594bc11fc7 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_platform.h
+++ b/compiler-rt/lib/tsan/rtl/tsan_platform.h
@@ -931,7 +931,7 @@ bool IsAppMem(uptr mem) { return SelectMapping<IsAppMemImpl>(mem); }
struct IsShadowMemImpl {
template <typename Mapping>
static bool Apply(uptr mem) {
- return mem >= Mapping::kShadowBeg && mem <= Mapping::kShadowEnd;
+ return mem >= Mapping::kShadowBeg && mem < Mapping::kShadowEnd;
}
};
@@ -943,7 +943,7 @@ bool IsShadowMem(RawShadow *p) {
struct IsMetaMemImpl {
template <typename Mapping>
static bool Apply(uptr mem) {
- return mem >= Mapping::kMetaShadowBeg && mem <= Mapping::kMetaShadowEnd;
+ return mem >= Mapping::kMetaShadowBeg && mem < Mapping::kMetaShadowEnd;
}
};
diff --git a/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp b/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
index cf07686d968dc..b0ce5680c95c1 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
@@ -525,7 +525,7 @@ ALWAYS_INLINE USED void UnalignedMemoryAccess(ThreadState* thr, uptr pc,
void ShadowSet(RawShadow* p, RawShadow* end, RawShadow v) {
DCHECK_LE(p, end);
DCHECK(IsShadowMem(p));
- DCHECK(IsShadowMem(end));
+ DCHECK(p == end || IsShadowMem(end - 1));
UNUSED const uptr kAlign = kShadowCnt * kShadowSize;
DCHECK_EQ(reinterpret_cast<uptr>(p) % kAlign, 0);
DCHECK_EQ(reinterpret_cast<uptr>(end) % kAlign, 0);
@@ -675,7 +675,7 @@ void MemoryAccessRangeT(ThreadState* thr, uptr pc, uptr addr, uptr size) {
Printf("Access to non app mem start: %p\n", (void*)addr);
DCHECK(IsAppMem(addr));
}
- if (!IsAppMem(addr + size - 1)) {
+ if (size > 0 && !IsAppMem(addr + size - 1)) {
Printf("Access to non app mem end: %p\n", (void*)(addr + size - 1));
DCHECK(IsAppMem(addr + size - 1));
}
@@ -686,7 +686,7 @@ void MemoryAccessRangeT(ThreadState* thr, uptr pc, uptr addr, uptr size) {
RawShadow* shadow_mem_end = reinterpret_cast<RawShadow*>(
reinterpret_cast<uptr>(shadow_mem) + size * kShadowMultiplier - 1);
- if (!IsShadowMem(shadow_mem_end)) {
+ if (size > 0 && !IsShadowMem(shadow_mem_end)) {
Printf("Bad shadow end addr: %p (%p)\n", shadow_mem_end,
(void*)(addr + size - 1));
Printf(
>From 2e267623c1f95e2fc203d7b66d7fc29ccccbc615 Mon Sep 17 00:00:00 2001
From: Camsyn <camsyn at foxmail.com>
Date: Wed, 18 Jun 2025 17:04:03 +0800
Subject: [PATCH 2/2] Add a DCHECK adhering to the suggestion
---
compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp b/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
index b0ce5680c95c1..dbdc6359d92aa 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
@@ -669,13 +669,13 @@ void MemoryAccessRangeT(ThreadState* thr, uptr pc, uptr addr, uptr size) {
RawShadow* shadow_mem = MemToShadow(addr);
DPrintf2("#%d: MemoryAccessRange: @%p %p size=%d is_read=%d\n", thr->tid,
(void*)pc, (void*)addr, (int)size, is_read);
-
+ DCHECK_NE(size, 0);
#if SANITIZER_DEBUG
if (!IsAppMem(addr)) {
Printf("Access to non app mem start: %p\n", (void*)addr);
DCHECK(IsAppMem(addr));
}
- if (size > 0 && !IsAppMem(addr + size - 1)) {
+ if (!IsAppMem(addr + size - 1)) {
Printf("Access to non app mem end: %p\n", (void*)(addr + size - 1));
DCHECK(IsAppMem(addr + size - 1));
}
@@ -686,7 +686,7 @@ void MemoryAccessRangeT(ThreadState* thr, uptr pc, uptr addr, uptr size) {
RawShadow* shadow_mem_end = reinterpret_cast<RawShadow*>(
reinterpret_cast<uptr>(shadow_mem) + size * kShadowMultiplier - 1);
- if (size > 0 && !IsShadowMem(shadow_mem_end)) {
+ if (!IsShadowMem(shadow_mem_end)) {
Printf("Bad shadow end addr: %p (%p)\n", shadow_mem_end,
(void*)(addr + size - 1));
Printf(
More information about the llvm-commits
mailing list