[sanitizer] enable random shuffling the memory chunks inside the allocator, under a flag. Set this flag for the scudo allocator, add a test. llvm-svn: 279793

commit: 7c5ae7cbc60f1196bd4cde77c68f4b6995596215 [log] [tgz]
author: Kostya Serebryany <kcc@google.com> Fri Aug 26 00:06:03 2016 +0000
committer: Kostya Serebryany <kcc@google.com> Fri Aug 26 00:06:03 2016 +0000
tree: fee79146dcf4b8db1758bfb4111e88854541e704
parent: 1426f59a76591ed507d81f1593e34fd3894b8231 [diff]
diff --git a/compiler-rt/lib/asan/asan_allocator.h b/compiler-rt/lib/asan/asan_allocator.h
index 407639f..625e6ed 100644
--- a/compiler-rt/lib/asan/asan_allocator.h
+++ b/compiler-rt/lib/asan/asan_allocator.h

@@ -135,6 +135,7 @@
   static const uptr kMetadataSize = 0;
   typedef __asan::SizeClassMap SizeClassMap;
   typedef AsanMapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags = 0;
 };
 
 typedef SizeClassAllocator64<AP64> PrimaryAllocator;

diff --git a/compiler-rt/lib/lsan/lsan_allocator.cc b/compiler-rt/lib/lsan/lsan_allocator.cc
index 094ebe1..915e99d 100644
--- a/compiler-rt/lib/lsan/lsan_allocator.cc
+++ b/compiler-rt/lib/lsan/lsan_allocator.cc

@@ -50,6 +50,7 @@
   static const uptr kMetadataSize = sizeof(ChunkMetadata);
   typedef DefaultSizeClassMap SizeClassMap;
   typedef NoOpMapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags = 0;
 };
 
 typedef SizeClassAllocator64<AP64> PrimaryAllocator;

diff --git a/compiler-rt/lib/msan/msan_allocator.cc b/compiler-rt/lib/msan/msan_allocator.cc
index 3d57fba..9eb945a 100644
--- a/compiler-rt/lib/msan/msan_allocator.cc
+++ b/compiler-rt/lib/msan/msan_allocator.cc

@@ -64,6 +64,7 @@
     static const uptr kMetadataSize = sizeof(Metadata);
     typedef DefaultSizeClassMap SizeClassMap;
     typedef MsanMapUnmapCallback MapUnmapCallback;
+    static const uptr kFlags = 0;
   };
 
   typedef SizeClassAllocator64<AP64> PrimaryAllocator;

diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h b/compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h
index 10d840a..2af2684 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h

@@ -37,6 +37,12 @@
 // A Region looks like this:
 // UserChunk1 ... UserChunkN <gap> MetaChunkN ... MetaChunk1 FreeArray
 
+struct SizeClassAllocator64FlagMasks {  //  Bit masks.
+  enum {
+    kRandomShuffleChunks = 1,
+  };
+};
+
 template <class Params>
 class SizeClassAllocator64 {
  public:
@@ -46,6 +52,9 @@
   typedef typename Params::SizeClassMap SizeClassMap;
   typedef typename Params::MapUnmapCallback MapUnmapCallback;
 
+  static const bool kRandomShuffleChunks =
+      Params::kFlags & SizeClassAllocator64FlagMasks::kRandomShuffleChunks;
+
   typedef SizeClassAllocator64<Params> ThisT;
   typedef SizeClassAllocator64LocalCache<ThisT> AllocatorCache;
 
@@ -307,10 +316,23 @@
     uptr allocated_meta;  // Bytes allocated for metadata.
     uptr mapped_user;  // Bytes mapped for user memory.
     uptr mapped_meta;  // Bytes mapped for metadata.
+    u32 rand_state; // Seed for random shuffle, used if kRandomShuffleChunks.
     uptr n_allocated, n_freed;  // Just stats.
   };
   COMPILER_CHECK(sizeof(RegionInfo) >= kCacheLineSize);
 
+  u32 Rand(u32 *state) {  // ANSI C linear congruential PRNG.
+    return (*state = *state * 1103515245 + 12345) >> 16;
+  }
+
+  u32 RandN(u32 *state, u32 n) { return Rand(state) % n; }  // [0, n)
+
+  void RandomShuffle(u32 *a, u32 n, u32 *rand_state) {
+    if (n <= 1) return;
+    for (u32 i = n - 1; i > 0; i--)
+      Swap(a[i], a[RandN(rand_state, i + 1)]);
+  }
+
   RegionInfo *GetRegionInfo(uptr class_id) {
     CHECK_LT(class_id, kNumClasses);
     RegionInfo *regions =
@@ -362,6 +384,8 @@
     uptr end_idx = beg_idx + requested_count * size;
     uptr region_beg = GetRegionBeginBySizeClass(class_id);
     if (end_idx + size > region->mapped_user) {
+      if (!kUsingConstantSpaceBeg && region->mapped_user == 0)
+        region->rand_state = region_beg;  // Comes from ASLR.
       // Do the mmap for the user memory.
       uptr map_size = kUserMapSize;
       while (end_idx + size > region->mapped_user + map_size)
@@ -380,6 +404,9 @@
       free_array[num_freed_chunks + total_count - 1 - i] =
           PointerToCompactPtr(0, chunk);
     }
+    if (kRandomShuffleChunks)
+      RandomShuffle(&free_array[num_freed_chunks], total_count,
+                    &region->rand_state);
     region->num_freed_chunks += total_count;
     region->allocated_user += total_count * size;
     CHECK_LE(region->allocated_user, region->mapped_user);

diff --git a/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_test.cc b/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_test.cc
index d495d4f..443dee5 100644
--- a/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_test.cc
+++ b/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_test.cc

@@ -48,6 +48,7 @@
   static const uptr kMetadataSize = 16;
   typedef DefaultSizeClassMap SizeClassMap;
   typedef NoOpMapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags = 0;
 };
 
 struct AP64Dyn {
@@ -56,6 +57,7 @@
   static const uptr kMetadataSize = 16;
   typedef DefaultSizeClassMap SizeClassMap;
   typedef NoOpMapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags = 0;
 };
 
 struct AP64Compact {
@@ -64,6 +66,7 @@
   static const uptr kMetadataSize = 16;
   typedef DefaultSizeClassMap SizeClassMap;
   typedef NoOpMapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags = 0;
 };
 
 typedef SizeClassAllocator64<AP64> Allocator64;
@@ -315,6 +318,7 @@
     static const uptr kMetadataSize = 16;
     typedef DefaultSizeClassMap SizeClassMap;
     typedef TestMapUnmapCallback MapUnmapCallback;
+    static const uptr kFlags = 0;
 };
 
 TEST(SanitizerCommon, SizeClassAllocator64MapUnmapCallback) {
@@ -879,6 +883,7 @@
   static const uptr kMetadataSize = 0;
   typedef SpecialSizeClassMap SizeClassMap;
   typedef NoOpMapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags = 0;
 };
 
 // Regression test for out-of-memory condition in PopulateFreeList().

diff --git a/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_testlib.cc b/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_testlib.cc
index 64fb19b..c6dd3c4 100644
--- a/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_testlib.cc
+++ b/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_testlib.cc

@@ -43,6 +43,8 @@
   static const uptr kMetadataSize = 0;
   typedef CompactSizeClassMap SizeClassMap;
   typedef NoOpMapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags =
+      SizeClassAllocator64FlagMasks::kRandomShuffleChunks;
 };
 
 namespace {

diff --git a/compiler-rt/lib/scudo/scudo_allocator.cpp b/compiler-rt/lib/scudo/scudo_allocator.cpp
index b5d8fc8..d5284a5 100644
--- a/compiler-rt/lib/scudo/scudo_allocator.cpp
+++ b/compiler-rt/lib/scudo/scudo_allocator.cpp

@@ -38,6 +38,8 @@
   static const uptr kMetadataSize = 0;
   typedef DefaultSizeClassMap SizeClassMap;
   typedef NoOpMapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags =
+      SizeClassAllocator64FlagMasks::kRandomShuffleChunks;
 };
 
 typedef SizeClassAllocator64<AP> PrimaryAllocator;

diff --git a/compiler-rt/lib/tsan/rtl/tsan_rtl.h b/compiler-rt/lib/tsan/rtl/tsan_rtl.h
index 889a79d..c2bddd8 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_rtl.h
+++ b/compiler-rt/lib/tsan/rtl/tsan_rtl.h

@@ -72,6 +72,7 @@
   static const uptr kMetadataSize = 0;
   typedef DefaultSizeClassMap SizeClassMap;
   typedef __tsan::MapUnmapCallback MapUnmapCallback;
+  static const uptr kFlags = 0;
 };
 typedef SizeClassAllocator64<AP64> PrimaryAllocator;
 #endif
commit	7c5ae7cbc60f1196bd4cde77c68f4b6995596215	[log] [tgz]
author	Kostya Serebryany <kcc@google.com>	Fri Aug 26 00:06:03 2016 +0000
committer	Kostya Serebryany <kcc@google.com>	Fri Aug 26 00:06:03 2016 +0000
tree	fee79146dcf4b8db1758bfb4111e88854541e704
parent	1426f59a76591ed507d81f1593e34fd3894b8231 [diff]