Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / compiler-rt / e04606631d3cf6e5f9e695a8af4d89c407aea33a / . / lib / asan / asan_allocator.cc
blob: 89746eb618f4627cfb40df2958ea5f2d3fdc7672 [file] [log] [blame]
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]1//===-- asan_allocator.cc ---------------------------------------*- C++ -*-===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file is a part of AddressSanitizer, an address sanity checker.
11//
12// Implementation of ASan's memory allocator.
13// Evey piece of memory (AsanChunk) allocated by the allocator
14// has a left redzone of REDZONE bytes and
15// a right redzone such that the end of the chunk is aligned by REDZONE
16// (i.e. the right redzone is between 0 and REDZONE-1).
17// The left redzone is always poisoned.
18// The right redzone is poisoned on malloc, the body is poisoned on free.
19// Once freed, a chunk is moved to a quarantine (fifo list).
20// After quarantine, a chunk is returned to freelists.
21//
22// The left redzone contains ASan's internal data and the stack trace of
23// the malloc call.
24// Once freed, the body of the chunk contains the stack trace of the free call.
25//
26//===----------------------------------------------------------------------===//
27
28#include "asan_allocator.h"
29#include "asan_interceptors.h"
30#include "asan_interface.h"
31#include "asan_internal.h"
32#include "asan_lock.h"
33#include "asan_mapping.h"
34#include "asan_stats.h"
35#include "asan_thread.h"
36#include "asan_thread_registry.h"
37
Kostya Serebryany85822082012-01-30 20:55:02 +0000[diff] [blame]38#ifdef _WIN32
39#include <intrin.h>
40#endif
41
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]42namespace __asan {
43
44#define REDZONE FLAG_redzone
45static const size_t kMinAllocSize = REDZONE * 2;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]46static const uint64_t kMaxAvailableRam = 128ULL << 30; // 128G
47static const size_t kMaxThreadLocalQuarantine = 1 << 20; // 1M
Evgeniy Stepanov788e1d72012-02-16 13:35:11 +0000[diff] [blame]48
Alexey Samsonov6a3e6fd2012-02-17 08:31:10 +0000[diff] [blame]49#if ASAN_LOW_MEMORY == 1
Evgeniy Stepanov788e1d72012-02-16 13:35:11 +0000[diff] [blame]50static const size_t kMinMmapSize = 4UL << 17; // 128K
Alexey Samsonov6a3e6fd2012-02-17 08:31:10 +0000[diff] [blame]51 static const size_t kMaxSizeForThreadLocalFreeList = 1 << 15; // 32K
Evgeniy Stepanov788e1d72012-02-16 13:35:11 +0000[diff] [blame]52#else
53static const size_t kMinMmapSize = 4UL << 20; // 4M
Alexey Samsonov6a3e6fd2012-02-17 08:31:10 +0000[diff] [blame]54 static const size_t kMaxSizeForThreadLocalFreeList = 1 << 17; // 128K
Evgeniy Stepanov788e1d72012-02-16 13:35:11 +0000[diff] [blame]55#endif
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]56
57// Size classes less than kMallocSizeClassStep are powers of two.
58// All other size classes are multiples of kMallocSizeClassStep.
59static const size_t kMallocSizeClassStepLog = 26;
60static const size_t kMallocSizeClassStep = 1UL << kMallocSizeClassStepLog;
61
62#if __WORDSIZE == 32
63static const size_t kMaxAllowedMallocSize = 3UL << 30; // 3G
64#else
65static const size_t kMaxAllowedMallocSize = 8UL << 30; // 8G
66#endif
67
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]68static inline bool IsAligned(uintptr_t a, uintptr_t alignment) {
69 return (a & (alignment - 1)) == 0;
70}
71
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]72static inline size_t Log2(size_t x) {
73 CHECK(IsPowerOfTwo(x));
Alexander Potapenko6f045292012-01-27 15:15:04 +0000[diff] [blame]74#if defined(_WIN64)
75 unsigned long ret; // NOLINT
76 _BitScanForward64(&ret, x);
77 return ret;
78#elif defined(_WIN32)
79 unsigned long ret; // NOLINT
80 _BitScanForward(&ret, x);
81 return ret;
82#else
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]83 return __builtin_ctzl(x);
Alexander Potapenko6f045292012-01-27 15:15:04 +0000[diff] [blame]84#endif
85}
86
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]87static inline size_t RoundUpToPowerOfTwo(size_t size) {
88 CHECK(size);
89 if (IsPowerOfTwo(size)) return size;
Alexander Potapenko6f045292012-01-27 15:15:04 +0000[diff] [blame]90
Alexey Samsonovf927ddc2012-02-03 08:50:16 +0000[diff] [blame]91 unsigned long up; // NOLINT
92#if defined(_WIN64)
93 _BitScanReverse64(&up, size);
94#elif defined(_WIN32)
95 _BitScanReverse(&up, size);
96#else
97 up = __WORDSIZE - 1 - __builtin_clzl(size);
98#endif
99 CHECK(size < (1ULL << (up + 1)));
100 CHECK(size > (1ULL << up));
101 return 1UL << (up + 1);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]102}
103
104static inline size_t SizeClassToSize(uint8_t size_class) {
105 CHECK(size_class < kNumberOfSizeClasses);
106 if (size_class <= kMallocSizeClassStepLog) {
107 return 1UL << size_class;
108 } else {
109 return (size_class - kMallocSizeClassStepLog) * kMallocSizeClassStep;
110 }
111}
112
113static inline uint8_t SizeToSizeClass(size_t size) {
114 uint8_t res = 0;
115 if (size <= kMallocSizeClassStep) {
116 size_t rounded = RoundUpToPowerOfTwo(size);
117 res = Log2(rounded);
118 } else {
119 res = ((size + kMallocSizeClassStep - 1) / kMallocSizeClassStep)
120 + kMallocSizeClassStepLog;
121 }
122 CHECK(res < kNumberOfSizeClasses);
123 CHECK(size <= SizeClassToSize(res));
124 return res;
125}
126
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]127// Given REDZONE bytes, we need to mark first size bytes
128// as addressable and the rest REDZONE-size bytes as unaddressable.
Kostya Serebryany218a9b72011-11-30 18:50:23 +0000[diff] [blame]129static void PoisonHeapPartialRightRedzone(uintptr_t mem, size_t size) {
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]130 CHECK(size <= REDZONE);
131 CHECK(IsAligned(mem, REDZONE));
132 CHECK(IsPowerOfTwo(SHADOW_GRANULARITY));
133 CHECK(IsPowerOfTwo(REDZONE));
134 CHECK(REDZONE >= SHADOW_GRANULARITY);
Kostya Serebryany218a9b72011-11-30 18:50:23 +0000[diff] [blame]135 PoisonShadowPartialRightRedzone(mem, size, REDZONE,
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]136 kAsanHeapRightRedzoneMagic);
137}
138
139static uint8_t *MmapNewPagesAndPoisonShadow(size_t size) {
140 CHECK(IsAligned(size, kPageSize));
Kostya Serebryanyde496f42011-12-28 22:58:01 +0000[diff] [blame]141 uint8_t *res = (uint8_t*)AsanMmapSomewhereOrDie(size, __FUNCTION__);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]142 PoisonShadow((uintptr_t)res, size, kAsanHeapLeftRedzoneMagic);
143 if (FLAG_debug) {
144 Printf("ASAN_MMAP: [%p, %p)\n", res, res + size);
145 }
146 return res;
147}
148
149// Every chunk of memory allocated by this allocator can be in one of 3 states:
150// CHUNK_AVAILABLE: the chunk is in the free list and ready to be allocated.
151// CHUNK_ALLOCATED: the chunk is allocated and not yet freed.
152// CHUNK_QUARANTINE: the chunk was freed and put into quarantine zone.
153//
154// The pseudo state CHUNK_MEMALIGN is used to mark that the address is not
155// the beginning of a AsanChunk (in which case 'next' contains the address
156// of the AsanChunk).
157//
158// The magic numbers for the enum values are taken randomly.
159enum {
160 CHUNK_AVAILABLE = 0x573B,
161 CHUNK_ALLOCATED = 0x3204,
162 CHUNK_QUARANTINE = 0x1978,
163 CHUNK_MEMALIGN = 0xDC68,
164};
165
166struct ChunkBase {
167 uint16_t chunk_state;
168 uint8_t size_class;
169 uint32_t offset; // User-visible memory starts at this+offset (beg()).
170 int32_t alloc_tid;
171 int32_t free_tid;
172 size_t used_size; // Size requested by the user.
173 AsanChunk *next;
174
175 uintptr_t beg() { return (uintptr_t)this + offset; }
176 size_t Size() { return SizeClassToSize(size_class); }
177 uint8_t SizeClass() { return size_class; }
178};
179
180struct AsanChunk: public ChunkBase {
181 uint32_t *compressed_alloc_stack() {
182 CHECK(REDZONE >= sizeof(ChunkBase));
183 return (uint32_t*)((uintptr_t)this + sizeof(ChunkBase));
184 }
185 uint32_t *compressed_free_stack() {
186 CHECK(REDZONE >= sizeof(ChunkBase));
187 return (uint32_t*)((uintptr_t)this + REDZONE);
188 }
189
190 // The left redzone after the ChunkBase is given to the alloc stack trace.
191 size_t compressed_alloc_stack_size() {
192 return (REDZONE - sizeof(ChunkBase)) / sizeof(uint32_t);
193 }
194 size_t compressed_free_stack_size() {
195 return (REDZONE) / sizeof(uint32_t);
196 }
197
198 bool AddrIsInside(uintptr_t addr, size_t access_size, size_t *offset) {
199 if (addr >= beg() && (addr + access_size) <= (beg() + used_size)) {
200 *offset = addr - beg();
201 return true;
202 }
203 return false;
204 }
205
206 bool AddrIsAtLeft(uintptr_t addr, size_t access_size, size_t *offset) {
207 if (addr < beg()) {
208 *offset = beg() - addr;
209 return true;
210 }
211 return false;
212 }
213
214 bool AddrIsAtRight(uintptr_t addr, size_t access_size, size_t *offset) {
215 if (addr + access_size >= beg() + used_size) {
216 if (addr <= beg() + used_size)
217 *offset = 0;
218 else
219 *offset = addr - (beg() + used_size);
220 return true;
221 }
222 return false;
223 }
224
225 void DescribeAddress(uintptr_t addr, size_t access_size) {
226 size_t offset;
227 Printf("%p is located ", addr);
228 if (AddrIsInside(addr, access_size, &offset)) {
229 Printf("%ld bytes inside of", offset);
230 } else if (AddrIsAtLeft(addr, access_size, &offset)) {
231 Printf("%ld bytes to the left of", offset);
232 } else if (AddrIsAtRight(addr, access_size, &offset)) {
233 Printf("%ld bytes to the right of", offset);
234 } else {
235 Printf(" somewhere around (this is AddressSanitizer bug!)");
236 }
237 Printf(" %lu-byte region [%p,%p)\n",
238 used_size, beg(), beg() + used_size);
239 }
240};
241
242static AsanChunk *PtrToChunk(uintptr_t ptr) {
243 AsanChunk *m = (AsanChunk*)(ptr - REDZONE);
244 if (m->chunk_state == CHUNK_MEMALIGN) {
245 m = m->next;
246 }
247 return m;
248}
249
250
251void AsanChunkFifoList::PushList(AsanChunkFifoList *q) {
Alexey Samsonove0460662012-02-27 09:06:10 +0000[diff] [blame^]252 CHECK(q->size() > 0);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]253 if (last_) {
254 CHECK(first_);
255 CHECK(!last_->next);
256 last_->next = q->first_;
257 last_ = q->last_;
258 } else {
259 CHECK(!first_);
260 last_ = q->last_;
261 first_ = q->first_;
Alexey Samsonove0460662012-02-27 09:06:10 +0000[diff] [blame^]262 CHECK(first_);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]263 }
Alexey Samsonove0460662012-02-27 09:06:10 +0000[diff] [blame^]264 CHECK(last_);
265 CHECK(!last_->next);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]266 size_ += q->size();
267 q->clear();
268}
269
270void AsanChunkFifoList::Push(AsanChunk *n) {
271 CHECK(n->next == NULL);
272 if (last_) {
273 CHECK(first_);
274 CHECK(!last_->next);
275 last_->next = n;
276 last_ = n;
277 } else {
278 CHECK(!first_);
279 last_ = first_ = n;
280 }
281 size_ += n->Size();
282}
283
284// Interesting performance observation: this function takes up to 15% of overal
285// allocator time. That's because *first_ has been evicted from cache long time
286// ago. Not sure if we can or want to do anything with this.
287AsanChunk *AsanChunkFifoList::Pop() {
288 CHECK(first_);
289 AsanChunk *res = first_;
290 first_ = first_->next;
291 if (first_ == NULL)
292 last_ = NULL;
293 CHECK(size_ >= res->Size());
294 size_ -= res->Size();
295 if (last_) {
296 CHECK(!last_->next);
297 }
298 return res;
299}
300
301// All pages we ever allocated.
302struct PageGroup {
303 uintptr_t beg;
304 uintptr_t end;
305 size_t size_of_chunk;
306 uintptr_t last_chunk;
307 bool InRange(uintptr_t addr) {
308 return addr >= beg && addr < end;
309 }
310};
311
312class MallocInfo {
313 public:
314
315 explicit MallocInfo(LinkerInitialized x) : mu_(x) { }
316
317 AsanChunk *AllocateChunks(uint8_t size_class, size_t n_chunks) {
318 AsanChunk *m = NULL;
319 AsanChunk **fl = &free_lists_[size_class];
320 {
321 ScopedLock lock(&mu_);
322 for (size_t i = 0; i < n_chunks; i++) {
323 if (!(*fl)) {
324 *fl = GetNewChunks(size_class);
325 }
326 AsanChunk *t = *fl;
327 *fl = t->next;
328 t->next = m;
329 CHECK(t->chunk_state == CHUNK_AVAILABLE);
330 m = t;
331 }
332 }
333 return m;
334 }
335
336 void SwallowThreadLocalMallocStorage(AsanThreadLocalMallocStorage *x,
337 bool eat_free_lists) {
338 CHECK(FLAG_quarantine_size > 0);
339 ScopedLock lock(&mu_);
340 AsanChunkFifoList *q = &x->quarantine_;
341 if (q->size() > 0) {
342 quarantine_.PushList(q);
343 while (quarantine_.size() > FLAG_quarantine_size) {
344 QuarantinePop();
345 }
346 }
347 if (eat_free_lists) {
348 for (size_t size_class = 0; size_class < kNumberOfSizeClasses;
349 size_class++) {
350 AsanChunk *m = x->free_lists_[size_class];
351 while (m) {
352 AsanChunk *t = m->next;
353 m->next = free_lists_[size_class];
354 free_lists_[size_class] = m;
355 m = t;
356 }
357 x->free_lists_[size_class] = 0;
358 }
359 }
360 }
361
362 void BypassThreadLocalQuarantine(AsanChunk *chunk) {
363 ScopedLock lock(&mu_);
364 quarantine_.Push(chunk);
365 }
366
367 AsanChunk *FindMallocedOrFreed(uintptr_t addr, size_t access_size) {
368 ScopedLock lock(&mu_);
369 return FindChunkByAddr(addr);
370 }
371
372 // TODO(glider): AllocationSize() may become very slow if the size of
373 // page_groups_ grows. This can be fixed by increasing kMinMmapSize,
374 // but a better solution is to speed up the search somehow.
375 size_t AllocationSize(uintptr_t ptr) {
Alexey Samsonovca2278d2012-01-18 15:26:55 +0000[diff] [blame]376 if (!ptr) return 0;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]377 ScopedLock lock(&mu_);
378
379 // first, check if this is our memory
380 PageGroup *g = FindPageGroupUnlocked(ptr);
381 if (!g) return 0;
382 AsanChunk *m = PtrToChunk(ptr);
383 if (m->chunk_state == CHUNK_ALLOCATED) {
384 return m->used_size;
385 } else {
386 return 0;
387 }
388 }
389
390 void ForceLock() {
391 mu_.Lock();
392 }
393
394 void ForceUnlock() {
395 mu_.Unlock();
396 }
397
398 void PrintStatus() {
399 ScopedLock lock(&mu_);
400 size_t malloced = 0;
401
402 Printf(" MallocInfo: in quarantine: %ld malloced: %ld; ",
403 quarantine_.size() >> 20, malloced >> 20);
404 for (size_t j = 1; j < kNumberOfSizeClasses; j++) {
405 AsanChunk *i = free_lists_[j];
406 if (!i) continue;
407 size_t t = 0;
408 for (; i; i = i->next) {
409 t += i->Size();
410 }
411 Printf("%ld:%ld ", j, t >> 20);
412 }
413 Printf("\n");
414 }
415
416 PageGroup *FindPageGroup(uintptr_t addr) {
417 ScopedLock lock(&mu_);
418 return FindPageGroupUnlocked(addr);
419 }
420
421 private:
422 PageGroup *FindPageGroupUnlocked(uintptr_t addr) {
423 for (int i = 0; i < n_page_groups_; i++) {
424 PageGroup *g = page_groups_[i];
425 if (g->InRange(addr)) {
426 return g;
427 }
428 }
429 return NULL;
430 }
431
432 // We have an address between two chunks, and we want to report just one.
433 AsanChunk *ChooseChunk(uintptr_t addr,
434 AsanChunk *left_chunk, AsanChunk *right_chunk) {
435 // Prefer an allocated chunk or a chunk from quarantine.
436 if (left_chunk->chunk_state == CHUNK_AVAILABLE &&
437 right_chunk->chunk_state != CHUNK_AVAILABLE)
438 return right_chunk;
439 if (right_chunk->chunk_state == CHUNK_AVAILABLE &&
440 left_chunk->chunk_state != CHUNK_AVAILABLE)
441 return left_chunk;
442 // Choose based on offset.
Daniel Dunbar514cebb2011-12-02 01:36:38 +0000[diff] [blame]443 size_t l_offset = 0, r_offset = 0;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]444 CHECK(left_chunk->AddrIsAtRight(addr, 1, &l_offset));
445 CHECK(right_chunk->AddrIsAtLeft(addr, 1, &r_offset));
446 if (l_offset < r_offset)
447 return left_chunk;
448 return right_chunk;
449 }
450
451 AsanChunk *FindChunkByAddr(uintptr_t addr) {
452 PageGroup *g = FindPageGroupUnlocked(addr);
453 if (!g) return 0;
454 CHECK(g->size_of_chunk);
455 uintptr_t offset_from_beg = addr - g->beg;
456 uintptr_t this_chunk_addr = g->beg +
457 (offset_from_beg / g->size_of_chunk) * g->size_of_chunk;
458 CHECK(g->InRange(this_chunk_addr));
459 AsanChunk *m = (AsanChunk*)this_chunk_addr;
460 CHECK(m->chunk_state == CHUNK_ALLOCATED ||
461 m->chunk_state == CHUNK_AVAILABLE ||
462 m->chunk_state == CHUNK_QUARANTINE);
Daniel Dunbar514cebb2011-12-02 01:36:38 +0000[diff] [blame]463 size_t offset = 0;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]464 if (m->AddrIsInside(addr, 1, &offset))
465 return m;
466
467 if (m->AddrIsAtRight(addr, 1, &offset)) {
468 if (this_chunk_addr == g->last_chunk) // rightmost chunk
469 return m;
470 uintptr_t right_chunk_addr = this_chunk_addr + g->size_of_chunk;
471 CHECK(g->InRange(right_chunk_addr));
472 return ChooseChunk(addr, m, (AsanChunk*)right_chunk_addr);
473 } else {
474 CHECK(m->AddrIsAtLeft(addr, 1, &offset));
475 if (this_chunk_addr == g->beg) // leftmost chunk
476 return m;
477 uintptr_t left_chunk_addr = this_chunk_addr - g->size_of_chunk;
478 CHECK(g->InRange(left_chunk_addr));
479 return ChooseChunk(addr, (AsanChunk*)left_chunk_addr, m);
480 }
481 }
482
483 void QuarantinePop() {
484 CHECK(quarantine_.size() > 0);
485 AsanChunk *m = quarantine_.Pop();
486 CHECK(m);
487 // if (F_v >= 2) Printf("MallocInfo::pop %p\n", m);
488
489 CHECK(m->chunk_state == CHUNK_QUARANTINE);
490 m->chunk_state = CHUNK_AVAILABLE;
491 CHECK(m->alloc_tid >= 0);
492 CHECK(m->free_tid >= 0);
493
494 size_t size_class = m->SizeClass();
495 m->next = free_lists_[size_class];
496 free_lists_[size_class] = m;
497
Kostya Serebryany30743142011-12-05 19:17:53 +0000[diff] [blame]498 // Statistics.
499 AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
500 thread_stats.real_frees++;
501 thread_stats.really_freed += m->used_size;
502 thread_stats.really_freed_redzones += m->Size() - m->used_size;
503 thread_stats.really_freed_by_size[m->SizeClass()]++;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]504 }
505
506 // Get a list of newly allocated chunks.
507 AsanChunk *GetNewChunks(uint8_t size_class) {
508 size_t size = SizeClassToSize(size_class);
509 CHECK(IsPowerOfTwo(kMinMmapSize));
510 CHECK(size < kMinMmapSize || (size % kMinMmapSize) == 0);
Kostya Serebryany2d8b3bd2011-12-02 18:42:04 +0000[diff] [blame]511 size_t mmap_size = Max(size, kMinMmapSize);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]512 size_t n_chunks = mmap_size / size;
513 CHECK(n_chunks * size == mmap_size);
514 if (size < kPageSize) {
515 // Size is small, just poison the last chunk.
516 n_chunks--;
517 } else {
518 // Size is large, allocate an extra page at right and poison it.
519 mmap_size += kPageSize;
520 }
521 CHECK(n_chunks > 0);
522 uint8_t *mem = MmapNewPagesAndPoisonShadow(mmap_size);
Kostya Serebryany30743142011-12-05 19:17:53 +0000[diff] [blame]523
524 // Statistics.
525 AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
526 thread_stats.mmaps++;
527 thread_stats.mmaped += mmap_size;
528 thread_stats.mmaped_by_size[size_class] += n_chunks;
529
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]530 AsanChunk *res = NULL;
531 for (size_t i = 0; i < n_chunks; i++) {
532 AsanChunk *m = (AsanChunk*)(mem + i * size);
533 m->chunk_state = CHUNK_AVAILABLE;
534 m->size_class = size_class;
535 m->next = res;
536 res = m;
537 }
538 PageGroup *pg = (PageGroup*)(mem + n_chunks * size);
539 // This memory is already poisoned, no need to poison it again.
540 pg->beg = (uintptr_t)mem;
541 pg->end = pg->beg + mmap_size;
542 pg->size_of_chunk = size;
543 pg->last_chunk = (uintptr_t)(mem + size * (n_chunks - 1));
544 int page_group_idx = AtomicInc(&n_page_groups_) - 1;
545 CHECK(page_group_idx < (int)ASAN_ARRAY_SIZE(page_groups_));
546 page_groups_[page_group_idx] = pg;
547 return res;
548 }
549
550 AsanChunk *free_lists_[kNumberOfSizeClasses];
551 AsanChunkFifoList quarantine_;
552 AsanLock mu_;
553
554 PageGroup *page_groups_[kMaxAvailableRam / kMinMmapSize];
555 int n_page_groups_; // atomic
556};
557
558static MallocInfo malloc_info(LINKER_INITIALIZED);
559
560void AsanThreadLocalMallocStorage::CommitBack() {
561 malloc_info.SwallowThreadLocalMallocStorage(this, true);
562}
563
564static void Describe(uintptr_t addr, size_t access_size) {
565 AsanChunk *m = malloc_info.FindMallocedOrFreed(addr, access_size);
566 if (!m) return;
567 m->DescribeAddress(addr, access_size);
568 CHECK(m->alloc_tid >= 0);
569 AsanThreadSummary *alloc_thread =
570 asanThreadRegistry().FindByTid(m->alloc_tid);
571 AsanStackTrace alloc_stack;
572 AsanStackTrace::UncompressStack(&alloc_stack, m->compressed_alloc_stack(),
573 m->compressed_alloc_stack_size());
574 AsanThread *t = asanThreadRegistry().GetCurrent();
575 CHECK(t);
576 if (m->free_tid >= 0) {
577 AsanThreadSummary *free_thread =
578 asanThreadRegistry().FindByTid(m->free_tid);
579 Printf("freed by thread T%d here:\n", free_thread->tid());
580 AsanStackTrace free_stack;
581 AsanStackTrace::UncompressStack(&free_stack, m->compressed_free_stack(),
582 m->compressed_free_stack_size());
583 free_stack.PrintStack();
584 Printf("previously allocated by thread T%d here:\n",
585 alloc_thread->tid());
586
587 alloc_stack.PrintStack();
588 t->summary()->Announce();
589 free_thread->Announce();
590 alloc_thread->Announce();
591 } else {
592 Printf("allocated by thread T%d here:\n", alloc_thread->tid());
593 alloc_stack.PrintStack();
594 t->summary()->Announce();
595 alloc_thread->Announce();
596 }
597}
598
599static uint8_t *Allocate(size_t alignment, size_t size, AsanStackTrace *stack) {
600 __asan_init();
601 CHECK(stack);
602 if (size == 0) {
603 size = 1; // TODO(kcc): do something smarter
604 }
605 CHECK(IsPowerOfTwo(alignment));
606 size_t rounded_size = RoundUpTo(size, REDZONE);
607 size_t needed_size = rounded_size + REDZONE;
608 if (alignment > REDZONE) {
609 needed_size += alignment;
610 }
611 CHECK(IsAligned(needed_size, REDZONE));
612 if (size > kMaxAllowedMallocSize || needed_size > kMaxAllowedMallocSize) {
613 Report("WARNING: AddressSanitizer failed to allocate %p bytes\n", size);
614 return 0;
615 }
616
617 uint8_t size_class = SizeToSizeClass(needed_size);
618 size_t size_to_allocate = SizeClassToSize(size_class);
619 CHECK(size_to_allocate >= kMinAllocSize);
620 CHECK(size_to_allocate >= needed_size);
621 CHECK(IsAligned(size_to_allocate, REDZONE));
622
623 if (FLAG_v >= 2) {
624 Printf("Allocate align: %ld size: %ld class: %d real: %ld\n",
625 alignment, size, size_class, size_to_allocate);
626 }
627
628 AsanThread *t = asanThreadRegistry().GetCurrent();
629 AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
Kostya Serebryany30743142011-12-05 19:17:53 +0000[diff] [blame]630 // Statistics
631 thread_stats.mallocs++;
632 thread_stats.malloced += size;
633 thread_stats.malloced_redzones += size_to_allocate - size;
634 thread_stats.malloced_by_size[size_class]++;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]635
636 AsanChunk *m = NULL;
637 if (!t || size_to_allocate >= kMaxSizeForThreadLocalFreeList) {
638 // get directly from global storage.
639 m = malloc_info.AllocateChunks(size_class, 1);
Kostya Serebryany30743142011-12-05 19:17:53 +0000[diff] [blame]640 thread_stats.malloc_large++;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]641 } else {
642 // get from the thread-local storage.
643 AsanChunk **fl = &t->malloc_storage().free_lists_[size_class];
644 if (!*fl) {
645 size_t n_new_chunks = kMaxSizeForThreadLocalFreeList / size_to_allocate;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]646 *fl = malloc_info.AllocateChunks(size_class, n_new_chunks);
Kostya Serebryany30743142011-12-05 19:17:53 +0000[diff] [blame]647 thread_stats.malloc_small_slow++;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]648 }
649 m = *fl;
650 *fl = (*fl)->next;
651 }
652 CHECK(m);
653 CHECK(m->chunk_state == CHUNK_AVAILABLE);
654 m->chunk_state = CHUNK_ALLOCATED;
655 m->next = NULL;
656 CHECK(m->Size() == size_to_allocate);
657 uintptr_t addr = (uintptr_t)m + REDZONE;
658 CHECK(addr == (uintptr_t)m->compressed_free_stack());
659
660 if (alignment > REDZONE && (addr & (alignment - 1))) {
661 addr = RoundUpTo(addr, alignment);
662 CHECK((addr & (alignment - 1)) == 0);
663 AsanChunk *p = (AsanChunk*)(addr - REDZONE);
664 p->chunk_state = CHUNK_MEMALIGN;
665 p->next = m;
666 }
667 CHECK(m == PtrToChunk(addr));
668 m->used_size = size;
669 m->offset = addr - (uintptr_t)m;
670 CHECK(m->beg() == addr);
671 m->alloc_tid = t ? t->tid() : 0;
672 m->free_tid = AsanThread::kInvalidTid;
673 AsanStackTrace::CompressStack(stack, m->compressed_alloc_stack(),
674 m->compressed_alloc_stack_size());
675 PoisonShadow(addr, rounded_size, 0);
676 if (size < rounded_size) {
Kostya Serebryany218a9b72011-11-30 18:50:23 +0000[diff] [blame]677 PoisonHeapPartialRightRedzone(addr + rounded_size - REDZONE,
678 size & (REDZONE - 1));
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]679 }
680 if (size <= FLAG_max_malloc_fill_size) {
Alexey Samsonov09672ca2012-02-08 13:45:31 +0000[diff] [blame]681 REAL(memset)((void*)addr, 0, rounded_size);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]682 }
683 return (uint8_t*)addr;
684}
685
686static void Deallocate(uint8_t *ptr, AsanStackTrace *stack) {
687 if (!ptr) return;
688 CHECK(stack);
689
690 if (FLAG_debug) {
691 CHECK(malloc_info.FindPageGroup((uintptr_t)ptr));
692 }
693
694 // Printf("Deallocate %p\n", ptr);
695 AsanChunk *m = PtrToChunk((uintptr_t)ptr);
696 if (m->chunk_state == CHUNK_QUARANTINE) {
Kostya Serebryanyc1620132011-12-13 19:16:36 +0000[diff] [blame]697 Report("ERROR: AddressSanitizer attempting double-free on %p:\n", ptr);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]698 stack->PrintStack();
Kostya Serebryany27f49322012-02-08 00:42:29 +0000[diff] [blame]699 Describe((uintptr_t)ptr, 1);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]700 ShowStatsAndAbort();
701 } else if (m->chunk_state != CHUNK_ALLOCATED) {
Kostya Serebryanyc1620132011-12-13 19:16:36 +0000[diff] [blame]702 Report("ERROR: AddressSanitizer attempting free on address which was not"
703 " malloc()-ed: %p\n", ptr);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]704 stack->PrintStack();
705 ShowStatsAndAbort();
706 }
707 CHECK(m->chunk_state == CHUNK_ALLOCATED);
708 CHECK(m->free_tid == AsanThread::kInvalidTid);
709 CHECK(m->alloc_tid >= 0);
710 AsanThread *t = asanThreadRegistry().GetCurrent();
711 m->free_tid = t ? t->tid() : 0;
712 AsanStackTrace::CompressStack(stack, m->compressed_free_stack(),
713 m->compressed_free_stack_size());
714 size_t rounded_size = RoundUpTo(m->used_size, REDZONE);
715 PoisonShadow((uintptr_t)ptr, rounded_size, kAsanHeapFreeMagic);
716
Kostya Serebryany30743142011-12-05 19:17:53 +0000[diff] [blame]717 // Statistics.
718 AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
719 thread_stats.frees++;
720 thread_stats.freed += m->used_size;
721 thread_stats.freed_by_size[m->SizeClass()]++;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]722
723 m->chunk_state = CHUNK_QUARANTINE;
724 if (t) {
725 AsanThreadLocalMallocStorage *ms = &t->malloc_storage();
726 CHECK(!m->next);
727 ms->quarantine_.Push(m);
728
729 if (ms->quarantine_.size() > kMaxThreadLocalQuarantine) {
730 malloc_info.SwallowThreadLocalMallocStorage(ms, false);
731 }
732 } else {
733 CHECK(!m->next);
734 malloc_info.BypassThreadLocalQuarantine(m);
735 }
736}
737
738static uint8_t *Reallocate(uint8_t *old_ptr, size_t new_size,
739 AsanStackTrace *stack) {
740 CHECK(old_ptr && new_size);
Kostya Serebryany30743142011-12-05 19:17:53 +0000[diff] [blame]741
742 // Statistics.
743 AsanStats &thread_stats = asanThreadRegistry().GetCurrentThreadStats();
744 thread_stats.reallocs++;
745 thread_stats.realloced += new_size;
746
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]747 AsanChunk *m = PtrToChunk((uintptr_t)old_ptr);
748 CHECK(m->chunk_state == CHUNK_ALLOCATED);
749 size_t old_size = m->used_size;
Kostya Serebryany2d8b3bd2011-12-02 18:42:04 +0000[diff] [blame]750 size_t memcpy_size = Min(new_size, old_size);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]751 uint8_t *new_ptr = Allocate(0, new_size, stack);
752 if (new_ptr) {
Alexey Samsonov09672ca2012-02-08 13:45:31 +0000[diff] [blame]753 CHECK(REAL(memcpy) != NULL);
754 REAL(memcpy)(new_ptr, old_ptr, memcpy_size);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]755 Deallocate(old_ptr, stack);
756 }
757 return new_ptr;
758}
759
760} // namespace __asan
761
762// Malloc hooks declaration.
763// ASAN_NEW_HOOK(ptr, size) is called immediately after
764// allocation of "size" bytes, which returned "ptr".
765// ASAN_DELETE_HOOK(ptr) is called immediately before
766// deallocation of "ptr".
767// If ASAN_NEW_HOOK or ASAN_DELETE_HOOK is defined, user
768// program must provide implementation of this hook.
769// If macro is undefined, the hook is no-op.
770#ifdef ASAN_NEW_HOOK
771extern "C" void ASAN_NEW_HOOK(void *ptr, size_t size);
772#else
773static inline void ASAN_NEW_HOOK(void *ptr, size_t size) { }
774#endif
775
776#ifdef ASAN_DELETE_HOOK
777extern "C" void ASAN_DELETE_HOOK(void *ptr);
778#else
779static inline void ASAN_DELETE_HOOK(void *ptr) { }
780#endif
781
782namespace __asan {
783
784void *asan_memalign(size_t alignment, size_t size, AsanStackTrace *stack) {
785 void *ptr = (void*)Allocate(alignment, size, stack);
786 ASAN_NEW_HOOK(ptr, size);
787 return ptr;
788}
789
790void asan_free(void *ptr, AsanStackTrace *stack) {
791 ASAN_DELETE_HOOK(ptr);
792 Deallocate((uint8_t*)ptr, stack);
793}
794
795void *asan_malloc(size_t size, AsanStackTrace *stack) {
796 void *ptr = (void*)Allocate(0, size, stack);
797 ASAN_NEW_HOOK(ptr, size);
798 return ptr;
799}
800
801void *asan_calloc(size_t nmemb, size_t size, AsanStackTrace *stack) {
802 void *ptr = (void*)Allocate(0, nmemb * size, stack);
803 if (ptr)
Alexey Samsonov09672ca2012-02-08 13:45:31 +0000[diff] [blame]804 REAL(memset)(ptr, 0, nmemb * size);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]805 ASAN_NEW_HOOK(ptr, nmemb * size);
806 return ptr;
807}
808
809void *asan_realloc(void *p, size_t size, AsanStackTrace *stack) {
810 if (p == NULL) {
811 void *ptr = (void*)Allocate(0, size, stack);
812 ASAN_NEW_HOOK(ptr, size);
813 return ptr;
814 } else if (size == 0) {
815 ASAN_DELETE_HOOK(p);
816 Deallocate((uint8_t*)p, stack);
817 return NULL;
818 }
819 return Reallocate((uint8_t*)p, size, stack);
820}
821
822void *asan_valloc(size_t size, AsanStackTrace *stack) {
823 void *ptr = (void*)Allocate(kPageSize, size, stack);
824 ASAN_NEW_HOOK(ptr, size);
825 return ptr;
826}
827
828void *asan_pvalloc(size_t size, AsanStackTrace *stack) {
829 size = RoundUpTo(size, kPageSize);
830 if (size == 0) {
831 // pvalloc(0) should allocate one page.
832 size = kPageSize;
833 }
834 void *ptr = (void*)Allocate(kPageSize, size, stack);
835 ASAN_NEW_HOOK(ptr, size);
836 return ptr;
837}
838
839int asan_posix_memalign(void **memptr, size_t alignment, size_t size,
840 AsanStackTrace *stack) {
841 void *ptr = Allocate(alignment, size, stack);
842 CHECK(IsAligned((uintptr_t)ptr, alignment));
843 ASAN_NEW_HOOK(ptr, size);
844 *memptr = ptr;
845 return 0;
846}
847
Alexey Samsonov4fd95f12012-01-17 06:39:10 +0000[diff] [blame]848size_t asan_malloc_usable_size(void *ptr, AsanStackTrace *stack) {
Alexey Samsonovca2278d2012-01-18 15:26:55 +0000[diff] [blame]849 CHECK(stack);
850 if (ptr == NULL) return 0;
851 size_t usable_size = malloc_info.AllocationSize((uintptr_t)ptr);
852 if (usable_size == 0) {
Alexey Samsonov4fd95f12012-01-17 06:39:10 +0000[diff] [blame]853 Report("ERROR: AddressSanitizer attempting to call malloc_usable_size() "
854 "for pointer which is not owned: %p\n", ptr);
855 stack->PrintStack();
856 Describe((uintptr_t)ptr, 1);
857 ShowStatsAndAbort();
858 }
859 return usable_size;
860}
861
862size_t asan_mz_size(const void *ptr) {
Alexey Samsonovca2278d2012-01-18 15:26:55 +0000[diff] [blame]863 return malloc_info.AllocationSize((uintptr_t)ptr);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]864}
865
866void DescribeHeapAddress(uintptr_t addr, uintptr_t access_size) {
867 Describe(addr, access_size);
868}
869
Alexey Samsonov4fd95f12012-01-17 06:39:10 +0000[diff] [blame]870void asan_mz_force_lock() {
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]871 malloc_info.ForceLock();
872}
873
Alexey Samsonov4fd95f12012-01-17 06:39:10 +0000[diff] [blame]874void asan_mz_force_unlock() {
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]875 malloc_info.ForceUnlock();
876}
877
878// ---------------------- Fake stack-------------------- {{{1
879FakeStack::FakeStack() {
Alexey Samsonov09672ca2012-02-08 13:45:31 +0000[diff] [blame]880 CHECK(REAL(memset) != NULL);
881 REAL(memset)(this, 0, sizeof(*this));
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]882}
883
884bool FakeStack::AddrIsInSizeClass(uintptr_t addr, size_t size_class) {
885 uintptr_t mem = allocated_size_classes_[size_class];
886 uintptr_t size = ClassMmapSize(size_class);
887 bool res = mem && addr >= mem && addr < mem + size;
888 return res;
889}
890
891uintptr_t FakeStack::AddrIsInFakeStack(uintptr_t addr) {
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]892 for (size_t i = 0; i < kNumberOfSizeClasses; i++) {
893 if (AddrIsInSizeClass(addr, i)) return allocated_size_classes_[i];
894 }
895 return 0;
896}
897
898// We may want to compute this during compilation.
899inline size_t FakeStack::ComputeSizeClass(size_t alloc_size) {
900 size_t rounded_size = RoundUpToPowerOfTwo(alloc_size);
901 size_t log = Log2(rounded_size);
902 CHECK(alloc_size <= (1UL << log));
903 if (!(alloc_size > (1UL << (log-1)))) {
904 Printf("alloc_size %ld log %ld\n", alloc_size, log);
905 }
906 CHECK(alloc_size > (1UL << (log-1)));
907 size_t res = log < kMinStackFrameSizeLog ? 0 : log - kMinStackFrameSizeLog;
908 CHECK(res < kNumberOfSizeClasses);
909 CHECK(ClassSize(res) >= rounded_size);
910 return res;
911}
912
913void FakeFrameFifo::FifoPush(FakeFrame *node) {
914 CHECK(node);
915 node->next = 0;
916 if (first_ == 0 && last_ == 0) {
917 first_ = last_ = node;
918 } else {
919 CHECK(first_);
920 CHECK(last_);
921 last_->next = node;
922 last_ = node;
923 }
924}
925
926FakeFrame *FakeFrameFifo::FifoPop() {
927 CHECK(first_ && last_ && "Exhausted fake stack");
928 FakeFrame *res = 0;
929 if (first_ == last_) {
930 res = first_;
931 first_ = last_ = 0;
932 } else {
933 res = first_;
934 first_ = first_->next;
935 }
936 return res;
937}
938
939void FakeStack::Init(size_t stack_size) {
940 stack_size_ = stack_size;
941 alive_ = true;
942}
943
944void FakeStack::Cleanup() {
945 alive_ = false;
946 for (size_t i = 0; i < kNumberOfSizeClasses; i++) {
947 uintptr_t mem = allocated_size_classes_[i];
948 if (mem) {
949 PoisonShadow(mem, ClassMmapSize(i), 0);
950 allocated_size_classes_[i] = 0;
Kostya Serebryanyde496f42011-12-28 22:58:01 +0000[diff] [blame]951 AsanUnmapOrDie((void*)mem, ClassMmapSize(i));
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]952 }
953 }
954}
955
956size_t FakeStack::ClassMmapSize(size_t size_class) {
957 return RoundUpToPowerOfTwo(stack_size_);
958}
959
960void FakeStack::AllocateOneSizeClass(size_t size_class) {
961 CHECK(ClassMmapSize(size_class) >= kPageSize);
Kostya Serebryanyde496f42011-12-28 22:58:01 +0000[diff] [blame]962 uintptr_t new_mem = (uintptr_t)AsanMmapSomewhereOrDie(
963 ClassMmapSize(size_class), __FUNCTION__);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]964 // Printf("T%d new_mem[%ld]: %p-%p mmap %ld\n",
965 // asanThreadRegistry().GetCurrent()->tid(),
966 // size_class, new_mem, new_mem + ClassMmapSize(size_class),
967 // ClassMmapSize(size_class));
968 size_t i;
969 for (i = 0; i < ClassMmapSize(size_class);
970 i += ClassSize(size_class)) {
971 size_classes_[size_class].FifoPush((FakeFrame*)(new_mem + i));
972 }
973 CHECK(i == ClassMmapSize(size_class));
974 allocated_size_classes_[size_class] = new_mem;
975}
976
977uintptr_t FakeStack::AllocateStack(size_t size, size_t real_stack) {
Kostya Serebryanyc4b34d92011-12-09 01:49:31 +0000[diff] [blame]978 if (!alive_) return real_stack;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]979 CHECK(size <= kMaxStackMallocSize && size > 1);
980 size_t size_class = ComputeSizeClass(size);
981 if (!allocated_size_classes_[size_class]) {
982 AllocateOneSizeClass(size_class);
983 }
984 FakeFrame *fake_frame = size_classes_[size_class].FifoPop();
985 CHECK(fake_frame);
986 fake_frame->size_minus_one = size - 1;
987 fake_frame->real_stack = real_stack;
988 while (FakeFrame *top = call_stack_.top()) {
989 if (top->real_stack > real_stack) break;
990 call_stack_.LifoPop();
991 DeallocateFrame(top);
992 }
993 call_stack_.LifoPush(fake_frame);
994 uintptr_t ptr = (uintptr_t)fake_frame;
995 PoisonShadow(ptr, size, 0);
996 return ptr;
997}
998
999void FakeStack::DeallocateFrame(FakeFrame *fake_frame) {
1000 CHECK(alive_);
1001 size_t size = fake_frame->size_minus_one + 1;
1002 size_t size_class = ComputeSizeClass(size);
1003 CHECK(allocated_size_classes_[size_class]);
1004 uintptr_t ptr = (uintptr_t)fake_frame;
1005 CHECK(AddrIsInSizeClass(ptr, size_class));
1006 CHECK(AddrIsInSizeClass(ptr + size - 1, size_class));
1007 size_classes_[size_class].FifoPush(fake_frame);
1008}
1009
1010void FakeStack::OnFree(size_t ptr, size_t size, size_t real_stack) {
1011 FakeFrame *fake_frame = (FakeFrame*)ptr;
1012 CHECK(fake_frame->magic = kRetiredStackFrameMagic);
1013 CHECK(fake_frame->descr != 0);
1014 CHECK(fake_frame->size_minus_one == size - 1);
1015 PoisonShadow(ptr, size, kAsanStackAfterReturnMagic);
1016}
1017
1018} // namespace __asan
1019
1020// ---------------------- Interface ---------------- {{{1
1021using namespace __asan; // NOLINT
1022
1023size_t __asan_stack_malloc(size_t size, size_t real_stack) {
1024 if (!FLAG_use_fake_stack) return real_stack;
1025 AsanThread *t = asanThreadRegistry().GetCurrent();
1026 if (!t) {
1027 // TSD is gone, use the real stack.
1028 return real_stack;
1029 }
1030 size_t ptr = t->fake_stack().AllocateStack(size, real_stack);
1031 // Printf("__asan_stack_malloc %p %ld %p\n", ptr, size, real_stack);
1032 return ptr;
1033}
1034
1035void __asan_stack_free(size_t ptr, size_t size, size_t real_stack) {
1036 if (!FLAG_use_fake_stack) return;
1037 if (ptr != real_stack) {
1038 FakeStack::OnFree(ptr, size, real_stack);
1039 }
1040}
1041
1042// ASan allocator doesn't reserve extra bytes, so normally we would
1043// just return "size".
1044size_t __asan_get_estimated_allocated_size(size_t size) {
1045 if (size == 0) return 1;
Kostya Serebryany2d8b3bd2011-12-02 18:42:04 +0000[diff] [blame]1046 return Min(size, kMaxAllowedMallocSize);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]1047}
1048
1049bool __asan_get_ownership(const void *p) {
Alexey Samsonovca2278d2012-01-18 15:26:55 +0000[diff] [blame]1050 return malloc_info.AllocationSize((uintptr_t)p) > 0;
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]1051}
1052
1053size_t __asan_get_allocated_size(const void *p) {
Alexey Samsonovca2278d2012-01-18 15:26:55 +0000[diff] [blame]1054 if (p == NULL) return 0;
1055 size_t allocated_size = malloc_info.AllocationSize((uintptr_t)p);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]1056 // Die if p is not malloced or if it is already freed.
Alexey Samsonovca2278d2012-01-18 15:26:55 +0000[diff] [blame]1057 if (allocated_size == 0) {
Alexey Samsonov4fd95f12012-01-17 06:39:10 +0000[diff] [blame]1058 Report("ERROR: AddressSanitizer attempting to call "
1059 "__asan_get_allocated_size() for pointer which is "
1060 "not owned: %p\n", p);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]1061 PRINT_CURRENT_STACK();
Alexey Samsonov4fd95f12012-01-17 06:39:10 +0000[diff] [blame]1062 Describe((uintptr_t)p, 1);
Kostya Serebryany1e172b42011-11-30 01:07:02 +0000[diff] [blame]1063 ShowStatsAndAbort();
1064 }
1065 return allocated_size;
1066}