Blame - lib/asan/asan_allocator.cc - platform/external/compiler-rt

blob: 349bb50862a73d44d8ce320f06ad1283d29a8595 [file] [log] [blame]

Alexey Samsonov	e5f5895	2012-06-04 13:50:10 +0000	[diff] [blame]	1	//===-- asan_allocator.cc -------------------------------------------------===//
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	2	//
				3	// The LLVM Compiler Infrastructure
				4	//
				5	// This file is distributed under the University of Illinois Open Source
				6	// License. See LICENSE.TXT for details.
				7	//
				8	//===----------------------------------------------------------------------===//
				9	//
				10	// This file is a part of AddressSanitizer, an address sanity checker.
				11	//
				12	// Implementation of ASan's memory allocator.
				13	// Evey piece of memory (AsanChunk) allocated by the allocator
				14	// has a left redzone of REDZONE bytes and
				15	// a right redzone such that the end of the chunk is aligned by REDZONE
				16	// (i.e. the right redzone is between 0 and REDZONE-1).
				17	// The left redzone is always poisoned.
				18	// The right redzone is poisoned on malloc, the body is poisoned on free.
				19	// Once freed, a chunk is moved to a quarantine (fifo list).
				20	// After quarantine, a chunk is returned to freelists.
				21	//
				22	// The left redzone contains ASan's internal data and the stack trace of
				23	// the malloc call.
				24	// Once freed, the body of the chunk contains the stack trace of the free call.
				25	//
				26	//===----------------------------------------------------------------------===//
				27
				28	#include "asan_allocator.h"
				29	#include "asan_interceptors.h"
				30	#include "asan_interface.h"
				31	#include "asan_internal.h"
				32	#include "asan_lock.h"
				33	#include "asan_mapping.h"
				34	#include "asan_stats.h"
				35	#include "asan_thread.h"
				36	#include "asan_thread_registry.h"
				37
Timur Iskhodzhanov	8c505ef	2012-05-21 14:25:36 +0000	[diff] [blame]	38	#if defined(_WIN32) && !defined(__clang__)
Kostya Serebryany	8582208	2012-01-30 20:55:02 +0000	[diff] [blame]	39	#include <intrin.h>
				40	#endif
				41
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	42	namespace __asan {
				43
				44	#define REDZONE FLAG_redzone
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	45	static const uptr kMinAllocSize = REDZONE * 2;
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	46	static const u64 kMaxAvailableRam = 128ULL << 30; // 128G
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	47	static const uptr kMaxThreadLocalQuarantine = 1 << 20; // 1M
Evgeniy Stepanov	788e1d7	2012-02-16 13:35:11 +0000	[diff] [blame]	48
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	49	static const uptr kMinMmapSize = (ASAN_LOW_MEMORY) ? 4UL << 17 : 4UL << 20;
				50	static const uptr kMaxSizeForThreadLocalFreeList =
Evgeniy Stepanov	8ae44ac	2012-02-27 13:07:29 +0000	[diff] [blame]	51	(ASAN_LOW_MEMORY) ? 1 << 15 : 1 << 17;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	52
				53	// Size classes less than kMallocSizeClassStep are powers of two.
				54	// All other size classes are multiples of kMallocSizeClassStep.
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	55	static const uptr kMallocSizeClassStepLog = 26;
				56	static const uptr kMallocSizeClassStep = 1UL << kMallocSizeClassStepLog;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	57
Kostya Serebryany	9aead37	2012-05-31 14:11:07 +0000	[diff] [blame]	58	static const uptr kMaxAllowedMallocSize =
Evgeniy Stepanov	8ae44ac	2012-02-27 13:07:29 +0000	[diff] [blame]	59	(__WORDSIZE == 32) ? 3UL << 30 : 8UL << 30;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	60
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	61	static inline bool IsAligned(uptr a, uptr alignment) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	62	return (a & (alignment - 1)) == 0;
				63	}
				64
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	65	static inline uptr Log2(uptr x) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	66	CHECK(IsPowerOfTwo(x));
Timur Iskhodzhanov	8c505ef	2012-05-21 14:25:36 +0000	[diff] [blame]	67	#if !defined(_WIN32) \|\| defined(__clang__)
				68	return __builtin_ctzl(x);
				69	#elif defined(_WIN64)
Alexander Potapenko	6f04529	2012-01-27 15:15:04 +0000	[diff] [blame]	70	unsigned long ret; // NOLINT
				71	_BitScanForward64(&ret, x);
				72	return ret;
Timur Iskhodzhanov	8c505ef	2012-05-21 14:25:36 +0000	[diff] [blame]	73	#else
Alexander Potapenko	6f04529	2012-01-27 15:15:04 +0000	[diff] [blame]	74	unsigned long ret; // NOLINT
				75	_BitScanForward(&ret, x);
				76	return ret;
Alexander Potapenko	6f04529	2012-01-27 15:15:04 +0000	[diff] [blame]	77	#endif
				78	}
				79
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	80	static inline uptr RoundUpToPowerOfTwo(uptr size) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	81	CHECK(size);
				82	if (IsPowerOfTwo(size)) return size;
Alexander Potapenko	6f04529	2012-01-27 15:15:04 +0000	[diff] [blame]	83
Alexey Samsonov	f927ddc	2012-02-03 08:50:16 +0000	[diff] [blame]	84	unsigned long up; // NOLINT
Timur Iskhodzhanov	8c505ef	2012-05-21 14:25:36 +0000	[diff] [blame]	85	#if !defined(_WIN32) \|\| defined(__clang__)
Alexey Samsonov	f927ddc	2012-02-03 08:50:16 +0000	[diff] [blame]	86	up = __WORDSIZE - 1 - __builtin_clzl(size);
Timur Iskhodzhanov	8c505ef	2012-05-21 14:25:36 +0000	[diff] [blame]	87	#elif defined(_WIN64)
				88	_BitScanReverse64(&up, size);
				89	#else
				90	_BitScanReverse(&up, size);
Alexey Samsonov	f927ddc	2012-02-03 08:50:16 +0000	[diff] [blame]	91	#endif
				92	CHECK(size < (1ULL << (up + 1)));
				93	CHECK(size > (1ULL << up));
				94	return 1UL << (up + 1);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	95	}
				96
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	97	static inline uptr SizeClassToSize(u8 size_class) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	98	CHECK(size_class < kNumberOfSizeClasses);
				99	if (size_class <= kMallocSizeClassStepLog) {
				100	return 1UL << size_class;
				101	} else {
				102	return (size_class - kMallocSizeClassStepLog) * kMallocSizeClassStep;
				103	}
				104	}
				105
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	106	static inline u8 SizeToSizeClass(uptr size) {
				107	u8 res = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	108	if (size <= kMallocSizeClassStep) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	109	uptr rounded = RoundUpToPowerOfTwo(size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	110	res = Log2(rounded);
				111	} else {
				112	res = ((size + kMallocSizeClassStep - 1) / kMallocSizeClassStep)
				113	+ kMallocSizeClassStepLog;
				114	}
				115	CHECK(res < kNumberOfSizeClasses);
				116	CHECK(size <= SizeClassToSize(res));
				117	return res;
				118	}
				119
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	120	// Given REDZONE bytes, we need to mark first size bytes
				121	// as addressable and the rest REDZONE-size bytes as unaddressable.
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	122	static void PoisonHeapPartialRightRedzone(uptr mem, uptr size) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	123	CHECK(size <= REDZONE);
				124	CHECK(IsAligned(mem, REDZONE));
				125	CHECK(IsPowerOfTwo(SHADOW_GRANULARITY));
				126	CHECK(IsPowerOfTwo(REDZONE));
				127	CHECK(REDZONE >= SHADOW_GRANULARITY);
Kostya Serebryany	218a9b7	2011-11-30 18:50:23 +0000	[diff] [blame]	128	PoisonShadowPartialRightRedzone(mem, size, REDZONE,
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	129	kAsanHeapRightRedzoneMagic);
				130	}
				131
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	132	static u8 *MmapNewPagesAndPoisonShadow(uptr size) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	133	CHECK(IsAligned(size, kPageSize));
Alexey Samsonov	a25b346	2012-06-06 16:15:07 +0000	[diff] [blame]	134	u8 res = (u8)MmapOrDie(size, __FUNCTION__);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	135	PoisonShadow((uptr)res, size, kAsanHeapLeftRedzoneMagic);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	136	if (FLAG_debug) {
				137	Printf("ASAN_MMAP: [%p, %p)\n", res, res + size);
				138	}
				139	return res;
				140	}
				141
				142	// Every chunk of memory allocated by this allocator can be in one of 3 states:
				143	// CHUNK_AVAILABLE: the chunk is in the free list and ready to be allocated.
				144	// CHUNK_ALLOCATED: the chunk is allocated and not yet freed.
				145	// CHUNK_QUARANTINE: the chunk was freed and put into quarantine zone.
				146	//
				147	// The pseudo state CHUNK_MEMALIGN is used to mark that the address is not
Kostya Serebryany	1607160	2012-06-06 16:58:21 +0000	[diff] [blame]	148	// the beginning of a AsanChunk (in which the actual chunk resides at
				149	// this - this->used_size).
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	150	//
				151	// The magic numbers for the enum values are taken randomly.
				152	enum {
Kostya Serebryany	7ebac95	2012-06-06 14:46:38 +0000	[diff] [blame]	153	CHUNK_AVAILABLE = 0x57,
				154	CHUNK_ALLOCATED = 0x32,
				155	CHUNK_QUARANTINE = 0x19,
				156	CHUNK_MEMALIGN = 0xDC,
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	157	};
				158
				159	struct ChunkBase {
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	160	// First 8 bytes.
Kostya Serebryany	f4a4d5a	2012-06-06 15:30:55 +0000	[diff] [blame]	161	uptr chunk_state : 8;
				162	uptr size_class : 8;
				163	uptr alloc_tid : 24;
				164	uptr free_tid : 24;
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	165
				166	// Second 8 bytes.
				167	uptr alignment_log : 8;
				168	uptr used_size : FIRST_32_SECOND_64(32, 56); // Size requested by the user.
				169
Kostya Serebryany	1607160	2012-06-06 16:58:21 +0000	[diff] [blame]	170	// This field may overlap with the user area and thus should not
				171	// be used while the chunk is in CHUNK_ALLOCATED state.
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	172	AsanChunk *next;
				173
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	174	// Typically the beginning of the user-accessible memory is 'this'+REDZONE
				175	// and is also aligned by REDZONE. However, if the memory is allocated
				176	// by memalign, the alignment might be higher and the user-accessible memory
Kostya Serebryany	0334fc8	2012-06-07 09:15:48 +0000	[diff] [blame^]	177	// starts at the first properly aligned address after 'this'.
				178	uptr Beg() { return RoundUpTo((uptr)this + 1, 1 << alignment_log); }
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	179	uptr Size() { return SizeClassToSize(size_class); }
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	180	u8 SizeClass() { return size_class; }
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	181	};
				182
				183	struct AsanChunk: public ChunkBase {
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	184	u32 *compressed_alloc_stack() {
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	185	return (u32*)((uptr)this + sizeof(ChunkBase));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	186	}
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	187	u32 *compressed_free_stack() {
Kostya Serebryany	0334fc8	2012-06-07 09:15:48 +0000	[diff] [blame^]	188	return (u32*)((uptr)this + Max(REDZONE, (uptr)sizeof(ChunkBase)));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	189	}
				190
				191	// The left redzone after the ChunkBase is given to the alloc stack trace.
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	192	uptr compressed_alloc_stack_size() {
Kostya Serebryany	0334fc8	2012-06-07 09:15:48 +0000	[diff] [blame^]	193	if (REDZONE < sizeof(ChunkBase)) return 0;
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	194	return (REDZONE - sizeof(ChunkBase)) / sizeof(u32);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	195	}
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	196	uptr compressed_free_stack_size() {
Kostya Serebryany	0334fc8	2012-06-07 09:15:48 +0000	[diff] [blame^]	197	if (REDZONE < sizeof(ChunkBase)) return 0;
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	198	return (REDZONE) / sizeof(u32);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	199	}
				200
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	201	bool AddrIsInside(uptr addr, uptr access_size, uptr *offset) {
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	202	if (addr >= Beg() && (addr + access_size) <= (Beg() + used_size)) {
				203	*offset = addr - Beg();
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	204	return true;
				205	}
				206	return false;
				207	}
				208
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	209	bool AddrIsAtLeft(uptr addr, uptr access_size, uptr *offset) {
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	210	if (addr < Beg()) {
				211	*offset = Beg() - addr;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	212	return true;
				213	}
				214	return false;
				215	}
				216
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	217	bool AddrIsAtRight(uptr addr, uptr access_size, uptr *offset) {
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	218	if (addr + access_size >= Beg() + used_size) {
				219	if (addr <= Beg() + used_size)
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	220	*offset = 0;
				221	else
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	222	*offset = addr - (Beg() + used_size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	223	return true;
				224	}
				225	return false;
				226	}
				227
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	228	void DescribeAddress(uptr addr, uptr access_size) {
				229	uptr offset;
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	230	AsanPrintf("%p is located ", (void*)addr);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	231	if (AddrIsInside(addr, access_size, &offset)) {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	232	AsanPrintf("%zu bytes inside of", offset);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	233	} else if (AddrIsAtLeft(addr, access_size, &offset)) {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	234	AsanPrintf("%zu bytes to the left of", offset);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	235	} else if (AddrIsAtRight(addr, access_size, &offset)) {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	236	AsanPrintf("%zu bytes to the right of", offset);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	237	} else {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	238	AsanPrintf(" somewhere around (this is AddressSanitizer bug!)");
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	239	}
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	240	AsanPrintf(" %zu-byte region [%p,%p)\n",
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	241	used_size, (void)Beg(), (void)(Beg() + used_size));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	242	}
				243	};
				244
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	245	static AsanChunk *PtrToChunk(uptr ptr) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	246	AsanChunk m = (AsanChunk)(ptr - REDZONE);
				247	if (m->chunk_state == CHUNK_MEMALIGN) {
Kostya Serebryany	1607160	2012-06-06 16:58:21 +0000	[diff] [blame]	248	m = (AsanChunk*)((uptr)m - m->used_size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	249	}
				250	return m;
				251	}
				252
				253
				254	void AsanChunkFifoList::PushList(AsanChunkFifoList *q) {
Alexey Samsonov	e046066	2012-02-27 09:06:10 +0000	[diff] [blame]	255	CHECK(q->size() > 0);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	256	if (last_) {
				257	CHECK(first_);
				258	CHECK(!last_->next);
				259	last_->next = q->first_;
				260	last_ = q->last_;
				261	} else {
				262	CHECK(!first_);
				263	last_ = q->last_;
				264	first_ = q->first_;
Alexey Samsonov	e046066	2012-02-27 09:06:10 +0000	[diff] [blame]	265	CHECK(first_);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	266	}
Alexey Samsonov	e046066	2012-02-27 09:06:10 +0000	[diff] [blame]	267	CHECK(last_);
				268	CHECK(!last_->next);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	269	size_ += q->size();
				270	q->clear();
				271	}
				272
				273	void AsanChunkFifoList::Push(AsanChunk *n) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	274	CHECK(n->next == 0);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	275	if (last_) {
				276	CHECK(first_);
				277	CHECK(!last_->next);
				278	last_->next = n;
				279	last_ = n;
				280	} else {
				281	CHECK(!first_);
				282	last_ = first_ = n;
				283	}
				284	size_ += n->Size();
				285	}
				286
				287	// Interesting performance observation: this function takes up to 15% of overal
				288	// allocator time. That's because *first_ has been evicted from cache long time
				289	// ago. Not sure if we can or want to do anything with this.
				290	AsanChunk *AsanChunkFifoList::Pop() {
				291	CHECK(first_);
				292	AsanChunk *res = first_;
				293	first_ = first_->next;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	294	if (first_ == 0)
				295	last_ = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	296	CHECK(size_ >= res->Size());
				297	size_ -= res->Size();
				298	if (last_) {
				299	CHECK(!last_->next);
				300	}
				301	return res;
				302	}
				303
				304	// All pages we ever allocated.
				305	struct PageGroup {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	306	uptr beg;
				307	uptr end;
				308	uptr size_of_chunk;
				309	uptr last_chunk;
				310	bool InRange(uptr addr) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	311	return addr >= beg && addr < end;
				312	}
				313	};
				314
				315	class MallocInfo {
				316	public:
				317
				318	explicit MallocInfo(LinkerInitialized x) : mu_(x) { }
				319
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	320	AsanChunk *AllocateChunks(u8 size_class, uptr n_chunks) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	321	AsanChunk *m = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	322	AsanChunk **fl = &free_lists_[size_class];
				323	{
				324	ScopedLock lock(&mu_);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	325	for (uptr i = 0; i < n_chunks; i++) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	326	if (!(*fl)) {
				327	*fl = GetNewChunks(size_class);
				328	}
				329	AsanChunk t = fl;
				330	*fl = t->next;
				331	t->next = m;
				332	CHECK(t->chunk_state == CHUNK_AVAILABLE);
				333	m = t;
				334	}
				335	}
				336	return m;
				337	}
				338
				339	void SwallowThreadLocalMallocStorage(AsanThreadLocalMallocStorage *x,
				340	bool eat_free_lists) {
				341	CHECK(FLAG_quarantine_size > 0);
				342	ScopedLock lock(&mu_);
				343	AsanChunkFifoList *q = &x->quarantine_;
				344	if (q->size() > 0) {
				345	quarantine_.PushList(q);
				346	while (quarantine_.size() > FLAG_quarantine_size) {
				347	QuarantinePop();
				348	}
				349	}
				350	if (eat_free_lists) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	351	for (uptr size_class = 0; size_class < kNumberOfSizeClasses;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	352	size_class++) {
				353	AsanChunk *m = x->free_lists_[size_class];
				354	while (m) {
				355	AsanChunk *t = m->next;
				356	m->next = free_lists_[size_class];
				357	free_lists_[size_class] = m;
				358	m = t;
				359	}
				360	x->free_lists_[size_class] = 0;
				361	}
				362	}
				363	}
				364
				365	void BypassThreadLocalQuarantine(AsanChunk *chunk) {
				366	ScopedLock lock(&mu_);
				367	quarantine_.Push(chunk);
				368	}
				369
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	370	AsanChunk *FindMallocedOrFreed(uptr addr, uptr access_size) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	371	ScopedLock lock(&mu_);
				372	return FindChunkByAddr(addr);
				373	}
				374
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	375	uptr AllocationSize(uptr ptr) {
Alexey Samsonov	ca2278d	2012-01-18 15:26:55 +0000	[diff] [blame]	376	if (!ptr) return 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	377	ScopedLock lock(&mu_);
				378
				379	// first, check if this is our memory
				380	PageGroup *g = FindPageGroupUnlocked(ptr);
				381	if (!g) return 0;
				382	AsanChunk *m = PtrToChunk(ptr);
				383	if (m->chunk_state == CHUNK_ALLOCATED) {
				384	return m->used_size;
				385	} else {
				386	return 0;
				387	}
				388	}
				389
				390	void ForceLock() {
				391	mu_.Lock();
				392	}
				393
				394	void ForceUnlock() {
				395	mu_.Unlock();
				396	}
				397
				398	void PrintStatus() {
				399	ScopedLock lock(&mu_);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	400	uptr malloced = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	401
Evgeniy Stepanov	739eb79	2012-03-21 11:32:46 +0000	[diff] [blame]	402	Printf(" MallocInfo: in quarantine: %zu malloced: %zu; ",
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	403	quarantine_.size() >> 20, malloced >> 20);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	404	for (uptr j = 1; j < kNumberOfSizeClasses; j++) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	405	AsanChunk *i = free_lists_[j];
				406	if (!i) continue;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	407	uptr t = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	408	for (; i; i = i->next) {
				409	t += i->Size();
				410	}
Evgeniy Stepanov	739eb79	2012-03-21 11:32:46 +0000	[diff] [blame]	411	Printf("%zu:%zu ", j, t >> 20);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	412	}
				413	Printf("\n");
				414	}
				415
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	416	PageGroup *FindPageGroup(uptr addr) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	417	ScopedLock lock(&mu_);
				418	return FindPageGroupUnlocked(addr);
				419	}
				420
				421	private:
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	422	PageGroup *FindPageGroupUnlocked(uptr addr) {
Kostya Serebryany	25c7178	2012-03-10 01:30:01 +0000	[diff] [blame]	423	int n = n_page_groups_;
				424	// If the page groups are not sorted yet, sort them.
Alexey Samsonov	9bdf065	2012-03-13 06:46:32 +0000	[diff] [blame]	425	if (n_sorted_page_groups_ < n) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	426	SortArray((uptr*)page_groups_, n);
Alexey Samsonov	9bdf065	2012-03-13 06:46:32 +0000	[diff] [blame]	427	n_sorted_page_groups_ = n;
Kostya Serebryany	25c7178	2012-03-10 01:30:01 +0000	[diff] [blame]	428	}
Alexey Samsonov	9bdf065	2012-03-13 06:46:32 +0000	[diff] [blame]	429	// Binary search over the page groups.
Kostya Serebryany	25c7178	2012-03-10 01:30:01 +0000	[diff] [blame]	430	int beg = 0, end = n;
				431	while (beg < end) {
				432	int med = (beg + end) / 2;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	433	uptr g = (uptr)page_groups_[med];
Kostya Serebryany	25c7178	2012-03-10 01:30:01 +0000	[diff] [blame]	434	if (addr > g) {
				435	// 'g' points to the end of the group, so 'addr'
				436	// may not belong to page_groups_[med] or any previous group.
				437	beg = med + 1;
				438	} else {
				439	// 'addr' may belong to page_groups_[med] or a previous group.
				440	end = med;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	441	}
				442	}
Kostya Serebryany	25c7178	2012-03-10 01:30:01 +0000	[diff] [blame]	443	if (beg >= n)
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	444	return 0;
Kostya Serebryany	25c7178	2012-03-10 01:30:01 +0000	[diff] [blame]	445	PageGroup *g = page_groups_[beg];
				446	CHECK(g);
				447	if (g->InRange(addr))
				448	return g;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	449	return 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	450	}
				451
				452	// We have an address between two chunks, and we want to report just one.
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	453	AsanChunk *ChooseChunk(uptr addr,
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	454	AsanChunk left_chunk, AsanChunk right_chunk) {
				455	// Prefer an allocated chunk or a chunk from quarantine.
				456	if (left_chunk->chunk_state == CHUNK_AVAILABLE &&
				457	right_chunk->chunk_state != CHUNK_AVAILABLE)
				458	return right_chunk;
				459	if (right_chunk->chunk_state == CHUNK_AVAILABLE &&
				460	left_chunk->chunk_state != CHUNK_AVAILABLE)
				461	return left_chunk;
				462	// Choose based on offset.
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	463	uptr l_offset = 0, r_offset = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	464	CHECK(left_chunk->AddrIsAtRight(addr, 1, &l_offset));
				465	CHECK(right_chunk->AddrIsAtLeft(addr, 1, &r_offset));
				466	if (l_offset < r_offset)
				467	return left_chunk;
				468	return right_chunk;
				469	}
				470
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	471	AsanChunk *FindChunkByAddr(uptr addr) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	472	PageGroup *g = FindPageGroupUnlocked(addr);
				473	if (!g) return 0;
				474	CHECK(g->size_of_chunk);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	475	uptr offset_from_beg = addr - g->beg;
				476	uptr this_chunk_addr = g->beg +
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	477	(offset_from_beg / g->size_of_chunk) * g->size_of_chunk;
				478	CHECK(g->InRange(this_chunk_addr));
				479	AsanChunk m = (AsanChunk)this_chunk_addr;
				480	CHECK(m->chunk_state == CHUNK_ALLOCATED \|\|
				481	m->chunk_state == CHUNK_AVAILABLE \|\|
				482	m->chunk_state == CHUNK_QUARANTINE);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	483	uptr offset = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	484	if (m->AddrIsInside(addr, 1, &offset))
				485	return m;
				486
				487	if (m->AddrIsAtRight(addr, 1, &offset)) {
				488	if (this_chunk_addr == g->last_chunk) // rightmost chunk
				489	return m;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	490	uptr right_chunk_addr = this_chunk_addr + g->size_of_chunk;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	491	CHECK(g->InRange(right_chunk_addr));
				492	return ChooseChunk(addr, m, (AsanChunk*)right_chunk_addr);
				493	} else {
				494	CHECK(m->AddrIsAtLeft(addr, 1, &offset));
				495	if (this_chunk_addr == g->beg) // leftmost chunk
				496	return m;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	497	uptr left_chunk_addr = this_chunk_addr - g->size_of_chunk;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	498	CHECK(g->InRange(left_chunk_addr));
				499	return ChooseChunk(addr, (AsanChunk*)left_chunk_addr, m);
				500	}
				501	}
				502
				503	void QuarantinePop() {
				504	CHECK(quarantine_.size() > 0);
				505	AsanChunk *m = quarantine_.Pop();
				506	CHECK(m);
				507	// if (F_v >= 2) Printf("MallocInfo::pop %p\n", m);
				508
				509	CHECK(m->chunk_state == CHUNK_QUARANTINE);
				510	m->chunk_state = CHUNK_AVAILABLE;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	511	PoisonShadow((uptr)m, m->Size(), kAsanHeapLeftRedzoneMagic);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	512	CHECK(m->alloc_tid >= 0);
				513	CHECK(m->free_tid >= 0);
				514
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	515	uptr size_class = m->SizeClass();
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	516	m->next = free_lists_[size_class];
				517	free_lists_[size_class] = m;
				518
Kostya Serebryany	3074314	2011-12-05 19:17:53 +0000	[diff] [blame]	519	// Statistics.
				520	AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
				521	thread_stats.real_frees++;
				522	thread_stats.really_freed += m->used_size;
				523	thread_stats.really_freed_redzones += m->Size() - m->used_size;
				524	thread_stats.really_freed_by_size[m->SizeClass()]++;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	525	}
				526
				527	// Get a list of newly allocated chunks.
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	528	AsanChunk *GetNewChunks(u8 size_class) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	529	uptr size = SizeClassToSize(size_class);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	530	CHECK(IsPowerOfTwo(kMinMmapSize));
				531	CHECK(size < kMinMmapSize \|\| (size % kMinMmapSize) == 0);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	532	uptr mmap_size = Max(size, kMinMmapSize);
				533	uptr n_chunks = mmap_size / size;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	534	CHECK(n_chunks * size == mmap_size);
				535	if (size < kPageSize) {
				536	// Size is small, just poison the last chunk.
				537	n_chunks--;
				538	} else {
				539	// Size is large, allocate an extra page at right and poison it.
				540	mmap_size += kPageSize;
				541	}
				542	CHECK(n_chunks > 0);
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	543	u8 *mem = MmapNewPagesAndPoisonShadow(mmap_size);
Kostya Serebryany	3074314	2011-12-05 19:17:53 +0000	[diff] [blame]	544
				545	// Statistics.
				546	AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
				547	thread_stats.mmaps++;
				548	thread_stats.mmaped += mmap_size;
				549	thread_stats.mmaped_by_size[size_class] += n_chunks;
				550
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	551	AsanChunk *res = 0;
				552	for (uptr i = 0; i < n_chunks; i++) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	553	AsanChunk m = (AsanChunk)(mem + i * size);
				554	m->chunk_state = CHUNK_AVAILABLE;
				555	m->size_class = size_class;
				556	m->next = res;
				557	res = m;
				558	}
				559	PageGroup pg = (PageGroup)(mem + n_chunks * size);
				560	// This memory is already poisoned, no need to poison it again.
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	561	pg->beg = (uptr)mem;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	562	pg->end = pg->beg + mmap_size;
				563	pg->size_of_chunk = size;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	564	pg->last_chunk = (uptr)(mem + size * (n_chunks - 1));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	565	int page_group_idx = AtomicInc(&n_page_groups_) - 1;
				566	CHECK(page_group_idx < (int)ASAN_ARRAY_SIZE(page_groups_));
				567	page_groups_[page_group_idx] = pg;
				568	return res;
				569	}
				570
				571	AsanChunk *free_lists_[kNumberOfSizeClasses];
				572	AsanChunkFifoList quarantine_;
				573	AsanLock mu_;
				574
				575	PageGroup *page_groups_[kMaxAvailableRam / kMinMmapSize];
				576	int n_page_groups_; // atomic
Alexey Samsonov	9bdf065	2012-03-13 06:46:32 +0000	[diff] [blame]	577	int n_sorted_page_groups_;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	578	};
				579
				580	static MallocInfo malloc_info(LINKER_INITIALIZED);
				581
				582	void AsanThreadLocalMallocStorage::CommitBack() {
				583	malloc_info.SwallowThreadLocalMallocStorage(this, true);
				584	}
				585
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	586	static void Describe(uptr addr, uptr access_size) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	587	AsanChunk *m = malloc_info.FindMallocedOrFreed(addr, access_size);
				588	if (!m) return;
				589	m->DescribeAddress(addr, access_size);
				590	CHECK(m->alloc_tid >= 0);
				591	AsanThreadSummary *alloc_thread =
				592	asanThreadRegistry().FindByTid(m->alloc_tid);
				593	AsanStackTrace alloc_stack;
				594	AsanStackTrace::UncompressStack(&alloc_stack, m->compressed_alloc_stack(),
				595	m->compressed_alloc_stack_size());
				596	AsanThread *t = asanThreadRegistry().GetCurrent();
				597	CHECK(t);
Kostya Serebryany	e0cff0b	2012-06-06 15:06:58 +0000	[diff] [blame]	598	if (m->free_tid != kInvalidTid) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	599	AsanThreadSummary *free_thread =
				600	asanThreadRegistry().FindByTid(m->free_tid);
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	601	AsanPrintf("freed by thread T%d here:\n", free_thread->tid());
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	602	AsanStackTrace free_stack;
				603	AsanStackTrace::UncompressStack(&free_stack, m->compressed_free_stack(),
				604	m->compressed_free_stack_size());
				605	free_stack.PrintStack();
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	606	AsanPrintf("previously allocated by thread T%d here:\n",
				607	alloc_thread->tid());
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	608
				609	alloc_stack.PrintStack();
				610	t->summary()->Announce();
				611	free_thread->Announce();
				612	alloc_thread->Announce();
				613	} else {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	614	AsanPrintf("allocated by thread T%d here:\n", alloc_thread->tid());
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	615	alloc_stack.PrintStack();
				616	t->summary()->Announce();
				617	alloc_thread->Announce();
				618	}
				619	}
				620
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	621	static u8 Allocate(uptr alignment, uptr size, AsanStackTrace stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	622	__asan_init();
				623	CHECK(stack);
				624	if (size == 0) {
				625	size = 1; // TODO(kcc): do something smarter
				626	}
				627	CHECK(IsPowerOfTwo(alignment));
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	628	uptr rounded_size = RoundUpTo(size, REDZONE);
				629	uptr needed_size = rounded_size + REDZONE;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	630	if (alignment > REDZONE) {
				631	needed_size += alignment;
				632	}
				633	CHECK(IsAligned(needed_size, REDZONE));
				634	if (size > kMaxAllowedMallocSize \|\| needed_size > kMaxAllowedMallocSize) {
Alexey Samsonov	5bcca4e	2012-06-06 10:46:00 +0000	[diff] [blame]	635	Report("WARNING: AddressSanitizer failed to allocate %p bytes\n",
				636	(void*)size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	637	return 0;
				638	}
				639
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	640	u8 size_class = SizeToSizeClass(needed_size);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	641	uptr size_to_allocate = SizeClassToSize(size_class);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	642	CHECK(size_to_allocate >= kMinAllocSize);
				643	CHECK(size_to_allocate >= needed_size);
				644	CHECK(IsAligned(size_to_allocate, REDZONE));
				645
Alexander Potapenko	108a237	2012-03-27 16:37:16 +0000	[diff] [blame]	646	if (FLAG_v >= 3) {
Evgeniy Stepanov	739eb79	2012-03-21 11:32:46 +0000	[diff] [blame]	647	Printf("Allocate align: %zu size: %zu class: %u real: %zu\n",
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	648	alignment, size, size_class, size_to_allocate);
				649	}
				650
				651	AsanThread *t = asanThreadRegistry().GetCurrent();
				652	AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
Kostya Serebryany	3074314	2011-12-05 19:17:53 +0000	[diff] [blame]	653	// Statistics
				654	thread_stats.mallocs++;
				655	thread_stats.malloced += size;
				656	thread_stats.malloced_redzones += size_to_allocate - size;
				657	thread_stats.malloced_by_size[size_class]++;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	658
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	659	AsanChunk *m = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	660	if (!t \|\| size_to_allocate >= kMaxSizeForThreadLocalFreeList) {
				661	// get directly from global storage.
				662	m = malloc_info.AllocateChunks(size_class, 1);
Kostya Serebryany	3074314	2011-12-05 19:17:53 +0000	[diff] [blame]	663	thread_stats.malloc_large++;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	664	} else {
				665	// get from the thread-local storage.
				666	AsanChunk **fl = &t->malloc_storage().free_lists_[size_class];
				667	if (!*fl) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	668	uptr n_new_chunks = kMaxSizeForThreadLocalFreeList / size_to_allocate;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	669	*fl = malloc_info.AllocateChunks(size_class, n_new_chunks);
Kostya Serebryany	3074314	2011-12-05 19:17:53 +0000	[diff] [blame]	670	thread_stats.malloc_small_slow++;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	671	}
				672	m = *fl;
				673	fl = (fl)->next;
				674	}
				675	CHECK(m);
				676	CHECK(m->chunk_state == CHUNK_AVAILABLE);
				677	m->chunk_state = CHUNK_ALLOCATED;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	678	m->next = 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	679	CHECK(m->Size() == size_to_allocate);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	680	uptr addr = (uptr)m + REDZONE;
Kostya Serebryany	0334fc8	2012-06-07 09:15:48 +0000	[diff] [blame^]	681	CHECK(addr <= (uptr)m->compressed_free_stack());
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	682
				683	if (alignment > REDZONE && (addr & (alignment - 1))) {
				684	addr = RoundUpTo(addr, alignment);
				685	CHECK((addr & (alignment - 1)) == 0);
				686	AsanChunk p = (AsanChunk)(addr - REDZONE);
				687	p->chunk_state = CHUNK_MEMALIGN;
Kostya Serebryany	1607160	2012-06-06 16:58:21 +0000	[diff] [blame]	688	p->used_size = (uptr)p - (uptr)m;
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	689	m->alignment_log = Log2(alignment);
				690	CHECK(m->Beg() == addr);
				691	} else {
				692	m->alignment_log = Log2(REDZONE);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	693	}
				694	CHECK(m == PtrToChunk(addr));
				695	m->used_size = size;
Kostya Serebryany	6dc48dd	2012-06-06 16:33:46 +0000	[diff] [blame]	696	CHECK(m->Beg() == addr);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	697	m->alloc_tid = t ? t->tid() : 0;
Kostya Serebryany	e0cff0b	2012-06-06 15:06:58 +0000	[diff] [blame]	698	m->free_tid = kInvalidTid;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	699	AsanStackTrace::CompressStack(stack, m->compressed_alloc_stack(),
				700	m->compressed_alloc_stack_size());
				701	PoisonShadow(addr, rounded_size, 0);
				702	if (size < rounded_size) {
Kostya Serebryany	218a9b7	2011-11-30 18:50:23 +0000	[diff] [blame]	703	PoisonHeapPartialRightRedzone(addr + rounded_size - REDZONE,
				704	size & (REDZONE - 1));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	705	}
				706	if (size <= FLAG_max_malloc_fill_size) {
Alexey Samsonov	09672ca	2012-02-08 13:45:31 +0000	[diff] [blame]	707	REAL(memset)((void*)addr, 0, rounded_size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	708	}
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	709	return (u8*)addr;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	710	}
				711
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	712	static void Deallocate(u8 ptr, AsanStackTrace stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	713	if (!ptr) return;
				714	CHECK(stack);
				715
				716	if (FLAG_debug) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	717	CHECK(malloc_info.FindPageGroup((uptr)ptr));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	718	}
				719
				720	// Printf("Deallocate %p\n", ptr);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	721	AsanChunk *m = PtrToChunk((uptr)ptr);
Kostya Serebryany	f1e82b8	2012-04-05 15:55:09 +0000	[diff] [blame]	722
Kostya Serebryany	f4a4d5a	2012-06-06 15:30:55 +0000	[diff] [blame]	723	// Flip the chunk_state atomically to avoid race on double-free.
				724	u8 old_chunk_state = AtomicExchange((u8*)m, CHUNK_QUARANTINE);
Kostya Serebryany	f1e82b8	2012-04-05 15:55:09 +0000	[diff] [blame]	725
				726	if (old_chunk_state == CHUNK_QUARANTINE) {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	727	AsanReport("ERROR: AddressSanitizer attempting double-free on %p:\n", ptr);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	728	stack->PrintStack();
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	729	Describe((uptr)ptr, 1);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	730	ShowStatsAndAbort();
Kostya Serebryany	f1e82b8	2012-04-05 15:55:09 +0000	[diff] [blame]	731	} else if (old_chunk_state != CHUNK_ALLOCATED) {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	732	AsanReport("ERROR: AddressSanitizer attempting free on address "
				733	"which was not malloc()-ed: %p\n", ptr);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	734	stack->PrintStack();
				735	ShowStatsAndAbort();
				736	}
Kostya Serebryany	f1e82b8	2012-04-05 15:55:09 +0000	[diff] [blame]	737	CHECK(old_chunk_state == CHUNK_ALLOCATED);
Kostya Serebryany	1607160	2012-06-06 16:58:21 +0000	[diff] [blame]	738	// With REDZONE==16 m->next is in the user area, otherwise it should be 0.
				739	CHECK(REDZONE <= 16 \|\| !m->next);
Kostya Serebryany	e0cff0b	2012-06-06 15:06:58 +0000	[diff] [blame]	740	CHECK(m->free_tid == kInvalidTid);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	741	CHECK(m->alloc_tid >= 0);
				742	AsanThread *t = asanThreadRegistry().GetCurrent();
				743	m->free_tid = t ? t->tid() : 0;
				744	AsanStackTrace::CompressStack(stack, m->compressed_free_stack(),
				745	m->compressed_free_stack_size());
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	746	uptr rounded_size = RoundUpTo(m->used_size, REDZONE);
				747	PoisonShadow((uptr)ptr, rounded_size, kAsanHeapFreeMagic);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	748
Kostya Serebryany	3074314	2011-12-05 19:17:53 +0000	[diff] [blame]	749	// Statistics.
				750	AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
				751	thread_stats.frees++;
				752	thread_stats.freed += m->used_size;
				753	thread_stats.freed_by_size[m->SizeClass()]++;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	754
Kostya Serebryany	f1e82b8	2012-04-05 15:55:09 +0000	[diff] [blame]	755	CHECK(m->chunk_state == CHUNK_QUARANTINE);
Kostya Serebryany	1607160	2012-06-06 16:58:21 +0000	[diff] [blame]	756
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	757	if (t) {
				758	AsanThreadLocalMallocStorage *ms = &t->malloc_storage();
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	759	ms->quarantine_.Push(m);
				760
				761	if (ms->quarantine_.size() > kMaxThreadLocalQuarantine) {
				762	malloc_info.SwallowThreadLocalMallocStorage(ms, false);
				763	}
				764	} else {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	765	malloc_info.BypassThreadLocalQuarantine(m);
				766	}
				767	}
				768
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	769	static u8 Reallocate(u8 old_ptr, uptr new_size,
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	770	AsanStackTrace *stack) {
				771	CHECK(old_ptr && new_size);
Kostya Serebryany	3074314	2011-12-05 19:17:53 +0000	[diff] [blame]	772
				773	// Statistics.
				774	AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
				775	thread_stats.reallocs++;
				776	thread_stats.realloced += new_size;
				777
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	778	AsanChunk *m = PtrToChunk((uptr)old_ptr);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	779	CHECK(m->chunk_state == CHUNK_ALLOCATED);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	780	uptr old_size = m->used_size;
				781	uptr memcpy_size = Min(new_size, old_size);
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	782	u8 *new_ptr = Allocate(0, new_size, stack);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	783	if (new_ptr) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	784	CHECK(REAL(memcpy) != 0);
Alexey Samsonov	09672ca	2012-02-08 13:45:31 +0000	[diff] [blame]	785	REAL(memcpy)(new_ptr, old_ptr, memcpy_size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	786	Deallocate(old_ptr, stack);
				787	}
				788	return new_ptr;
				789	}
				790
				791	} // namespace __asan
				792
				793	// Malloc hooks declaration.
				794	// ASAN_NEW_HOOK(ptr, size) is called immediately after
				795	// allocation of "size" bytes, which returned "ptr".
				796	// ASAN_DELETE_HOOK(ptr) is called immediately before
				797	// deallocation of "ptr".
				798	// If ASAN_NEW_HOOK or ASAN_DELETE_HOOK is defined, user
				799	// program must provide implementation of this hook.
				800	// If macro is undefined, the hook is no-op.
				801	#ifdef ASAN_NEW_HOOK
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	802	extern "C" void ASAN_NEW_HOOK(void *ptr, uptr size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	803	#else
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	804	static inline void ASAN_NEW_HOOK(void *ptr, uptr size) { }
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	805	#endif
				806
				807	#ifdef ASAN_DELETE_HOOK
				808	extern "C" void ASAN_DELETE_HOOK(void *ptr);
				809	#else
				810	static inline void ASAN_DELETE_HOOK(void *ptr) { }
				811	#endif
				812
				813	namespace __asan {
				814
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	815	void asan_memalign(uptr alignment, uptr size, AsanStackTrace stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	816	void ptr = (void)Allocate(alignment, size, stack);
				817	ASAN_NEW_HOOK(ptr, size);
				818	return ptr;
				819	}
				820
				821	void asan_free(void ptr, AsanStackTrace stack) {
				822	ASAN_DELETE_HOOK(ptr);
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	823	Deallocate((u8*)ptr, stack);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	824	}
				825
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	826	void asan_malloc(uptr size, AsanStackTrace stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	827	void ptr = (void)Allocate(0, size, stack);
				828	ASAN_NEW_HOOK(ptr, size);
				829	return ptr;
				830	}
				831
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	832	void asan_calloc(uptr nmemb, uptr size, AsanStackTrace stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	833	void ptr = (void)Allocate(0, nmemb * size, stack);
				834	if (ptr)
Alexey Samsonov	09672ca	2012-02-08 13:45:31 +0000	[diff] [blame]	835	REAL(memset)(ptr, 0, nmemb * size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	836	ASAN_NEW_HOOK(ptr, nmemb * size);
				837	return ptr;
				838	}
				839
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	840	void asan_realloc(void p, uptr size, AsanStackTrace *stack) {
				841	if (p == 0) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	842	void ptr = (void)Allocate(0, size, stack);
				843	ASAN_NEW_HOOK(ptr, size);
				844	return ptr;
				845	} else if (size == 0) {
				846	ASAN_DELETE_HOOK(p);
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	847	Deallocate((u8*)p, stack);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	848	return 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	849	}
Kostya Serebryany	ee39255	2012-05-31 15:02:07 +0000	[diff] [blame]	850	return Reallocate((u8*)p, size, stack);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	851	}
				852
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	853	void asan_valloc(uptr size, AsanStackTrace stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	854	void ptr = (void)Allocate(kPageSize, size, stack);
				855	ASAN_NEW_HOOK(ptr, size);
				856	return ptr;
				857	}
				858
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	859	void asan_pvalloc(uptr size, AsanStackTrace stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	860	size = RoundUpTo(size, kPageSize);
				861	if (size == 0) {
				862	// pvalloc(0) should allocate one page.
				863	size = kPageSize;
				864	}
				865	void ptr = (void)Allocate(kPageSize, size, stack);
				866	ASAN_NEW_HOOK(ptr, size);
				867	return ptr;
				868	}
				869
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	870	int asan_posix_memalign(void **memptr, uptr alignment, uptr size,
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	871	AsanStackTrace *stack) {
				872	void *ptr = Allocate(alignment, size, stack);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	873	CHECK(IsAligned((uptr)ptr, alignment));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	874	ASAN_NEW_HOOK(ptr, size);
				875	*memptr = ptr;
				876	return 0;
				877	}
				878
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	879	uptr asan_malloc_usable_size(void ptr, AsanStackTrace stack) {
Alexey Samsonov	ca2278d	2012-01-18 15:26:55 +0000	[diff] [blame]	880	CHECK(stack);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	881	if (ptr == 0) return 0;
				882	uptr usable_size = malloc_info.AllocationSize((uptr)ptr);
Alexander Potapenko	3793123	2012-05-25 15:20:13 +0000	[diff] [blame]	883	if (FLAG_check_malloc_usable_size && (usable_size == 0)) {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	884	AsanReport("ERROR: AddressSanitizer attempting to call "
				885	"malloc_usable_size() for pointer which is "
				886	"not owned: %p\n", ptr);
Alexey Samsonov	4fd95f1	2012-01-17 06:39:10 +0000	[diff] [blame]	887	stack->PrintStack();
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	888	Describe((uptr)ptr, 1);
Alexey Samsonov	4fd95f1	2012-01-17 06:39:10 +0000	[diff] [blame]	889	ShowStatsAndAbort();
				890	}
				891	return usable_size;
				892	}
				893
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	894	uptr asan_mz_size(const void *ptr) {
				895	return malloc_info.AllocationSize((uptr)ptr);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	896	}
				897
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	898	void DescribeHeapAddress(uptr addr, uptr access_size) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	899	Describe(addr, access_size);
				900	}
				901
Alexey Samsonov	4fd95f1	2012-01-17 06:39:10 +0000	[diff] [blame]	902	void asan_mz_force_lock() {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	903	malloc_info.ForceLock();
				904	}
				905
Alexey Samsonov	4fd95f1	2012-01-17 06:39:10 +0000	[diff] [blame]	906	void asan_mz_force_unlock() {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	907	malloc_info.ForceUnlock();
				908	}
				909
				910	// ---------------------- Fake stack-------------------- {{{1
				911	FakeStack::FakeStack() {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	912	CHECK(REAL(memset) != 0);
Alexey Samsonov	09672ca	2012-02-08 13:45:31 +0000	[diff] [blame]	913	REAL(memset)(this, 0, sizeof(*this));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	914	}
				915
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	916	bool FakeStack::AddrIsInSizeClass(uptr addr, uptr size_class) {
				917	uptr mem = allocated_size_classes_[size_class];
				918	uptr size = ClassMmapSize(size_class);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	919	bool res = mem && addr >= mem && addr < mem + size;
				920	return res;
				921	}
				922
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	923	uptr FakeStack::AddrIsInFakeStack(uptr addr) {
				924	for (uptr i = 0; i < kNumberOfSizeClasses; i++) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	925	if (AddrIsInSizeClass(addr, i)) return allocated_size_classes_[i];
				926	}
				927	return 0;
				928	}
				929
				930	// We may want to compute this during compilation.
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	931	inline uptr FakeStack::ComputeSizeClass(uptr alloc_size) {
				932	uptr rounded_size = RoundUpToPowerOfTwo(alloc_size);
				933	uptr log = Log2(rounded_size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	934	CHECK(alloc_size <= (1UL << log));
				935	if (!(alloc_size > (1UL << (log-1)))) {
Evgeniy Stepanov	739eb79	2012-03-21 11:32:46 +0000	[diff] [blame]	936	Printf("alloc_size %zu log %zu\n", alloc_size, log);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	937	}
				938	CHECK(alloc_size > (1UL << (log-1)));
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	939	uptr res = log < kMinStackFrameSizeLog ? 0 : log - kMinStackFrameSizeLog;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	940	CHECK(res < kNumberOfSizeClasses);
				941	CHECK(ClassSize(res) >= rounded_size);
				942	return res;
				943	}
				944
				945	void FakeFrameFifo::FifoPush(FakeFrame *node) {
				946	CHECK(node);
				947	node->next = 0;
				948	if (first_ == 0 && last_ == 0) {
				949	first_ = last_ = node;
				950	} else {
				951	CHECK(first_);
				952	CHECK(last_);
				953	last_->next = node;
				954	last_ = node;
				955	}
				956	}
				957
				958	FakeFrame *FakeFrameFifo::FifoPop() {
				959	CHECK(first_ && last_ && "Exhausted fake stack");
				960	FakeFrame *res = 0;
				961	if (first_ == last_) {
				962	res = first_;
				963	first_ = last_ = 0;
				964	} else {
				965	res = first_;
				966	first_ = first_->next;
				967	}
				968	return res;
				969	}
				970
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	971	void FakeStack::Init(uptr stack_size) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	972	stack_size_ = stack_size;
				973	alive_ = true;
				974	}
				975
				976	void FakeStack::Cleanup() {
				977	alive_ = false;
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	978	for (uptr i = 0; i < kNumberOfSizeClasses; i++) {
				979	uptr mem = allocated_size_classes_[i];
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	980	if (mem) {
				981	PoisonShadow(mem, ClassMmapSize(i), 0);
				982	allocated_size_classes_[i] = 0;
Alexey Samsonov	a25b346	2012-06-06 16:15:07 +0000	[diff] [blame]	983	UnmapOrDie((void*)mem, ClassMmapSize(i));
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	984	}
				985	}
				986	}
				987
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	988	uptr FakeStack::ClassMmapSize(uptr size_class) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	989	return RoundUpToPowerOfTwo(stack_size_);
				990	}
				991
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	992	void FakeStack::AllocateOneSizeClass(uptr size_class) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	993	CHECK(ClassMmapSize(size_class) >= kPageSize);
Alexey Samsonov	a25b346	2012-06-06 16:15:07 +0000	[diff] [blame]	994	uptr new_mem = (uptr)MmapOrDie(
Kostya Serebryany	de496f4	2011-12-28 22:58:01 +0000	[diff] [blame]	995	ClassMmapSize(size_class), __FUNCTION__);
Evgeniy Stepanov	739eb79	2012-03-21 11:32:46 +0000	[diff] [blame]	996	// Printf("T%d new_mem[%zu]: %p-%p mmap %zu\n",
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	997	// asanThreadRegistry().GetCurrent()->tid(),
				998	// size_class, new_mem, new_mem + ClassMmapSize(size_class),
				999	// ClassMmapSize(size_class));
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1000	uptr i;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1001	for (i = 0; i < ClassMmapSize(size_class);
				1002	i += ClassSize(size_class)) {
				1003	size_classes_[size_class].FifoPush((FakeFrame*)(new_mem + i));
				1004	}
				1005	CHECK(i == ClassMmapSize(size_class));
				1006	allocated_size_classes_[size_class] = new_mem;
				1007	}
				1008
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1009	uptr FakeStack::AllocateStack(uptr size, uptr real_stack) {
Kostya Serebryany	c4b34d9	2011-12-09 01:49:31 +0000	[diff] [blame]	1010	if (!alive_) return real_stack;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1011	CHECK(size <= kMaxStackMallocSize && size > 1);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1012	uptr size_class = ComputeSizeClass(size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1013	if (!allocated_size_classes_[size_class]) {
				1014	AllocateOneSizeClass(size_class);
				1015	}
				1016	FakeFrame *fake_frame = size_classes_[size_class].FifoPop();
				1017	CHECK(fake_frame);
				1018	fake_frame->size_minus_one = size - 1;
				1019	fake_frame->real_stack = real_stack;
				1020	while (FakeFrame *top = call_stack_.top()) {
				1021	if (top->real_stack > real_stack) break;
				1022	call_stack_.LifoPop();
				1023	DeallocateFrame(top);
				1024	}
				1025	call_stack_.LifoPush(fake_frame);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1026	uptr ptr = (uptr)fake_frame;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1027	PoisonShadow(ptr, size, 0);
				1028	return ptr;
				1029	}
				1030
				1031	void FakeStack::DeallocateFrame(FakeFrame *fake_frame) {
				1032	CHECK(alive_);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1033	uptr size = fake_frame->size_minus_one + 1;
				1034	uptr size_class = ComputeSizeClass(size);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1035	CHECK(allocated_size_classes_[size_class]);
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1036	uptr ptr = (uptr)fake_frame;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1037	CHECK(AddrIsInSizeClass(ptr, size_class));
				1038	CHECK(AddrIsInSizeClass(ptr + size - 1, size_class));
				1039	size_classes_[size_class].FifoPush(fake_frame);
				1040	}
				1041
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1042	void FakeStack::OnFree(uptr ptr, uptr size, uptr real_stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1043	FakeFrame fake_frame = (FakeFrame)ptr;
				1044	CHECK(fake_frame->magic = kRetiredStackFrameMagic);
				1045	CHECK(fake_frame->descr != 0);
				1046	CHECK(fake_frame->size_minus_one == size - 1);
				1047	PoisonShadow(ptr, size, kAsanStackAfterReturnMagic);
				1048	}
				1049
				1050	} // namespace __asan
				1051
				1052	// ---------------------- Interface ---------------- {{{1
				1053	using namespace __asan; // NOLINT
				1054
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1055	uptr __asan_stack_malloc(uptr size, uptr real_stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1056	if (!FLAG_use_fake_stack) return real_stack;
				1057	AsanThread *t = asanThreadRegistry().GetCurrent();
				1058	if (!t) {
				1059	// TSD is gone, use the real stack.
				1060	return real_stack;
				1061	}
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1062	uptr ptr = t->fake_stack().AllocateStack(size, real_stack);
Evgeniy Stepanov	739eb79	2012-03-21 11:32:46 +0000	[diff] [blame]	1063	// Printf("__asan_stack_malloc %p %zu %p\n", ptr, size, real_stack);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1064	return ptr;
				1065	}
				1066
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1067	void __asan_stack_free(uptr ptr, uptr size, uptr real_stack) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1068	if (!FLAG_use_fake_stack) return;
				1069	if (ptr != real_stack) {
				1070	FakeStack::OnFree(ptr, size, real_stack);
				1071	}
				1072	}
				1073
				1074	// ASan allocator doesn't reserve extra bytes, so normally we would
				1075	// just return "size".
Kostya Serebryany	9aead37	2012-05-31 14:11:07 +0000	[diff] [blame]	1076	uptr __asan_get_estimated_allocated_size(uptr size) {
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1077	if (size == 0) return 1;
Kostya Serebryany	2d8b3bd	2011-12-02 18:42:04 +0000	[diff] [blame]	1078	return Min(size, kMaxAllowedMallocSize);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1079	}
				1080
				1081	bool __asan_get_ownership(const void *p) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1082	return malloc_info.AllocationSize((uptr)p) > 0;
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1083	}
				1084
Kostya Serebryany	9aead37	2012-05-31 14:11:07 +0000	[diff] [blame]	1085	uptr __asan_get_allocated_size(const void *p) {
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1086	if (p == 0) return 0;
				1087	uptr allocated_size = malloc_info.AllocationSize((uptr)p);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1088	// Die if p is not malloced or if it is already freed.
Alexey Samsonov	ca2278d	2012-01-18 15:26:55 +0000	[diff] [blame]	1089	if (allocated_size == 0) {
Alexey Samsonov	e954101	2012-06-06 13:11:29 +0000	[diff] [blame]	1090	AsanReport("ERROR: AddressSanitizer attempting to call "
				1091	"__asan_get_allocated_size() for pointer which is "
				1092	"not owned: %p\n", p);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1093	PRINT_CURRENT_STACK();
Kostya Serebryany	3f4c387	2012-05-31 14:35:53 +0000	[diff] [blame]	1094	Describe((uptr)p, 1);
Kostya Serebryany	1e172b4	2011-11-30 01:07:02 +0000	[diff] [blame]	1095	ShowStatsAndAbort();
				1096	}
				1097	return allocated_size;
				1098	}