2016-04-22 05:32:25 +08:00
|
|
|
//===-- esan.cpp ----------------------------------------------------------===//
|
|
|
|
|
//
|
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
|
//
|
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
|
//
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
//
|
|
|
|
|
// This file is a part of EfficiencySanitizer, a family of performance tuners.
|
|
|
|
|
//
|
|
|
|
|
// Main file (entry points) for the Esan run-time.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
#include "esan.h"
|
2016-05-21 03:26:52 +08:00
|
|
|
#include "esan_flags.h"
|
2016-04-22 05:32:25 +08:00
|
|
|
#include "esan_interface_internal.h"
|
[esan] EfficiencySanitizer shadow memory
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
2016-05-11 23:47:54 +08:00
|
|
|
#include "esan_shadow.h"
|
2016-05-26 01:49:00 +08:00
|
|
|
#include "cache_frag.h"
|
2016-04-22 05:32:25 +08:00
|
|
|
#include "sanitizer_common/sanitizer_common.h"
|
|
|
|
|
#include "sanitizer_common/sanitizer_flag_parser.h"
|
|
|
|
|
#include "sanitizer_common/sanitizer_flags.h"
|
2016-05-25 10:04:04 +08:00
|
|
|
#include "working_set.h"
|
2016-04-22 05:32:25 +08:00
|
|
|
|
|
|
|
|
// See comment below.
|
|
|
|
|
extern "C" {
|
|
|
|
|
extern void __cxa_atexit(void (*function)(void));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
namespace __esan {
|
|
|
|
|
|
|
|
|
|
bool EsanIsInitialized;
|
|
|
|
|
ToolType WhichTool;
|
[esan] EfficiencySanitizer shadow memory
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
2016-05-11 23:47:54 +08:00
|
|
|
ShadowMapping Mapping;
|
2016-04-22 05:32:25 +08:00
|
|
|
|
2016-05-25 10:04:04 +08:00
|
|
|
// Different tools use different scales within the same shadow mapping scheme.
|
|
|
|
|
// The scale used here must match that used by the compiler instrumentation.
|
|
|
|
|
// This array is indexed by the ToolType enum.
|
|
|
|
|
static const uptr ShadowScale[] = {
|
|
|
|
|
0, // ESAN_None.
|
|
|
|
|
2, // ESAN_CacheFrag: 4B:1B, so 4 to 1 == >>2.
|
|
|
|
|
6, // ESAN_WorkingSet: 64B:1B, so 64 to 1 == >>6.
|
|
|
|
|
};
|
|
|
|
|
|
2016-04-22 05:32:25 +08:00
|
|
|
// We are combining multiple performance tuning tools under the umbrella of
|
|
|
|
|
// one EfficiencySanitizer super-tool. Most of our tools have very similar
|
|
|
|
|
// memory access instrumentation, shadow memory mapping, libc interception,
|
|
|
|
|
// etc., and there is typically more shared code than distinct code.
|
|
|
|
|
//
|
|
|
|
|
// We are not willing to dispatch on tool dynamically in our fastpath
|
|
|
|
|
// instrumentation: thus, which tool to use is a static option selected
|
|
|
|
|
// at compile time and passed to __esan_init().
|
|
|
|
|
//
|
|
|
|
|
// We are willing to pay the overhead of tool dispatch in the slowpath to more
|
|
|
|
|
// easily share code. We expect to only come here rarely.
|
|
|
|
|
// If this becomes a performance hit, we can add separate interface
|
|
|
|
|
// routines for each subtool (e.g., __esan_cache_frag_aligned_load_4).
|
|
|
|
|
// But for libc interceptors, we'll have to do one of the following:
|
|
|
|
|
// A) Add multiple-include support to sanitizer_common_interceptors.inc,
|
|
|
|
|
// instantiate it separately for each tool, and call the selected
|
|
|
|
|
// tool's intercept setup code.
|
|
|
|
|
// B) Build separate static runtime libraries, one for each tool.
|
|
|
|
|
// C) Completely split the tools into separate sanitizers.
|
|
|
|
|
|
|
|
|
|
void processRangeAccess(uptr PC, uptr Addr, int Size, bool IsWrite) {
|
|
|
|
|
VPrintf(3, "in esan::%s %p: %c %p %d\n", __FUNCTION__, PC,
|
|
|
|
|
IsWrite ? 'w' : 'r', Addr, Size);
|
|
|
|
|
if (WhichTool == ESAN_CacheFrag) {
|
|
|
|
|
// TODO(bruening): add shadow mapping and update shadow bits here.
|
|
|
|
|
// We'll move this to cache_frag.cpp once we have something.
|
2016-05-25 10:04:04 +08:00
|
|
|
} else if (WhichTool == ESAN_WorkingSet) {
|
|
|
|
|
processRangeAccessWorkingSet(PC, Addr, Size, IsWrite);
|
2016-04-22 05:32:25 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
[esan] EfficiencySanitizer shadow memory
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
2016-05-11 23:47:54 +08:00
|
|
|
#if SANITIZER_DEBUG
|
|
|
|
|
static bool verifyShadowScheme() {
|
|
|
|
|
// Sanity checks for our shadow mapping scheme.
|
2016-05-21 03:19:06 +08:00
|
|
|
uptr AppStart, AppEnd;
|
|
|
|
|
if (Verbosity() >= 3) {
|
|
|
|
|
for (int i = 0; getAppRegion(i, &AppStart, &AppEnd); ++i) {
|
|
|
|
|
VPrintf(3, "App #%d: [%zx-%zx) (%zuGB)\n", i, AppStart, AppEnd,
|
|
|
|
|
(AppEnd - AppStart) >> 30);
|
|
|
|
|
}
|
|
|
|
|
}
|
[esan] EfficiencySanitizer shadow memory
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
2016-05-11 23:47:54 +08:00
|
|
|
for (int Scale = 0; Scale < 8; ++Scale) {
|
|
|
|
|
Mapping.initialize(Scale);
|
2016-05-21 03:19:06 +08:00
|
|
|
if (Verbosity() >= 3) {
|
|
|
|
|
VPrintf(3, "\nChecking scale %d\n", Scale);
|
|
|
|
|
uptr ShadowStart, ShadowEnd;
|
|
|
|
|
for (int i = 0; getShadowRegion(i, &ShadowStart, &ShadowEnd); ++i) {
|
|
|
|
|
VPrintf(3, "Shadow #%d: [%zx-%zx) (%zuGB)\n", i, ShadowStart,
|
|
|
|
|
ShadowEnd, (ShadowEnd - ShadowStart) >> 30);
|
|
|
|
|
}
|
|
|
|
|
for (int i = 0; getShadowRegion(i, &ShadowStart, &ShadowEnd); ++i) {
|
|
|
|
|
VPrintf(3, "Shadow(Shadow) #%d: [%zx-%zx)\n", i,
|
|
|
|
|
appToShadow(ShadowStart), appToShadow(ShadowEnd - 1)+1);
|
|
|
|
|
}
|
|
|
|
|
}
|
[esan] EfficiencySanitizer shadow memory
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
2016-05-11 23:47:54 +08:00
|
|
|
for (int i = 0; getAppRegion(i, &AppStart, &AppEnd); ++i) {
|
|
|
|
|
DCHECK(isAppMem(AppStart));
|
|
|
|
|
DCHECK(!isAppMem(AppStart - 1));
|
|
|
|
|
DCHECK(isAppMem(AppEnd - 1));
|
|
|
|
|
DCHECK(!isAppMem(AppEnd));
|
|
|
|
|
DCHECK(!isShadowMem(AppStart));
|
|
|
|
|
DCHECK(!isShadowMem(AppEnd - 1));
|
|
|
|
|
DCHECK(isShadowMem(appToShadow(AppStart)));
|
|
|
|
|
DCHECK(isShadowMem(appToShadow(AppEnd - 1)));
|
|
|
|
|
// Double-shadow checks.
|
|
|
|
|
DCHECK(!isShadowMem(appToShadow(appToShadow(AppStart))));
|
|
|
|
|
DCHECK(!isShadowMem(appToShadow(appToShadow(AppEnd - 1))));
|
|
|
|
|
}
|
|
|
|
|
// Ensure no shadow regions overlap each other.
|
|
|
|
|
uptr ShadowAStart, ShadowBStart, ShadowAEnd, ShadowBEnd;
|
|
|
|
|
for (int i = 0; getShadowRegion(i, &ShadowAStart, &ShadowAEnd); ++i) {
|
|
|
|
|
for (int j = 0; getShadowRegion(j, &ShadowBStart, &ShadowBEnd); ++j) {
|
|
|
|
|
DCHECK(i == j || ShadowAStart >= ShadowBEnd ||
|
|
|
|
|
ShadowAEnd <= ShadowBStart);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
static void initializeShadow() {
|
2016-05-28 08:25:16 +08:00
|
|
|
verifyAddressSpace();
|
|
|
|
|
|
[esan] EfficiencySanitizer shadow memory
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
2016-05-11 23:47:54 +08:00
|
|
|
DCHECK(verifyShadowScheme());
|
|
|
|
|
|
2016-05-25 10:04:04 +08:00
|
|
|
Mapping.initialize(ShadowScale[WhichTool]);
|
[esan] EfficiencySanitizer shadow memory
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
2016-05-11 23:47:54 +08:00
|
|
|
|
|
|
|
|
VPrintf(1, "Shadow scale=%d offset=%p\n", Mapping.Scale, Mapping.Offset);
|
|
|
|
|
|
|
|
|
|
uptr ShadowStart, ShadowEnd;
|
|
|
|
|
for (int i = 0; getShadowRegion(i, &ShadowStart, &ShadowEnd); ++i) {
|
|
|
|
|
VPrintf(1, "Shadow #%d: [%zx-%zx) (%zuGB)\n", i, ShadowStart, ShadowEnd,
|
|
|
|
|
(ShadowEnd - ShadowStart) >> 30);
|
|
|
|
|
|
|
|
|
|
uptr Map = (uptr)MmapFixedNoReserve(ShadowStart, ShadowEnd - ShadowStart,
|
|
|
|
|
"shadow");
|
|
|
|
|
if (Map != ShadowStart) {
|
|
|
|
|
Printf("FATAL: EfficiencySanitizer failed to map its shadow memory.\n");
|
|
|
|
|
Die();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (common_flags()->no_huge_pages_for_shadow)
|
|
|
|
|
NoHugePagesInRegion(ShadowStart, ShadowEnd - ShadowStart);
|
|
|
|
|
if (common_flags()->use_madv_dontdump)
|
|
|
|
|
DontDumpShadowMemory(ShadowStart, ShadowEnd - ShadowStart);
|
|
|
|
|
|
|
|
|
|
// TODO: Call MmapNoAccess() on in-between regions.
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-22 05:32:25 +08:00
|
|
|
void initializeLibrary(ToolType Tool) {
|
|
|
|
|
// We assume there is only one thread during init.
|
|
|
|
|
if (EsanIsInitialized) {
|
|
|
|
|
CHECK(Tool == WhichTool);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
WhichTool = Tool;
|
|
|
|
|
SanitizerToolName = "EfficiencySanitizer";
|
|
|
|
|
initializeFlags();
|
|
|
|
|
|
|
|
|
|
// Intercepting libc _exit or exit via COMMON_INTERCEPTOR_ON_EXIT only
|
|
|
|
|
// finalizes on an explicit exit call by the app. To handle a normal
|
|
|
|
|
// exit we register an atexit handler.
|
|
|
|
|
::__cxa_atexit((void (*)())finalizeLibrary);
|
|
|
|
|
|
|
|
|
|
VPrintf(1, "in esan::%s\n", __FUNCTION__);
|
2016-05-25 10:04:04 +08:00
|
|
|
if (WhichTool <= ESAN_None || WhichTool >= ESAN_Max) {
|
2016-04-22 05:32:25 +08:00
|
|
|
Printf("ERROR: unknown tool %d requested\n", WhichTool);
|
|
|
|
|
Die();
|
|
|
|
|
}
|
|
|
|
|
|
[esan] EfficiencySanitizer shadow memory
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
2016-05-11 23:47:54 +08:00
|
|
|
initializeShadow();
|
2016-04-24 00:41:24 +08:00
|
|
|
initializeInterceptors();
|
|
|
|
|
|
2016-05-25 10:04:04 +08:00
|
|
|
if (WhichTool == ESAN_CacheFrag) {
|
2016-05-26 01:49:00 +08:00
|
|
|
initializeCacheFrag();
|
2016-05-25 10:04:04 +08:00
|
|
|
} else if (WhichTool == ESAN_WorkingSet) {
|
|
|
|
|
initializeWorkingSet();
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-22 05:32:25 +08:00
|
|
|
EsanIsInitialized = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int finalizeLibrary() {
|
|
|
|
|
VPrintf(1, "in esan::%s\n", __FUNCTION__);
|
|
|
|
|
if (WhichTool == ESAN_CacheFrag) {
|
2016-05-26 01:49:00 +08:00
|
|
|
return finalizeCacheFrag();
|
2016-05-25 10:04:04 +08:00
|
|
|
} else if (WhichTool == ESAN_WorkingSet) {
|
|
|
|
|
return finalizeWorkingSet();
|
2016-04-22 05:32:25 +08:00
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-25 06:22:20 +08:00
|
|
|
void processCompilationUnitInit(void *Ptr) {
|
|
|
|
|
VPrintf(2, "in esan::%s\n", __FUNCTION__);
|
2016-05-26 01:49:00 +08:00
|
|
|
if (WhichTool == ESAN_CacheFrag) {
|
|
|
|
|
processCacheFragCompilationUnitInit(Ptr);
|
|
|
|
|
}
|
2016-05-25 06:22:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// This is called when the containing module is unloaded.
|
|
|
|
|
// For the main executable module, this is called after finalizeLibrary.
|
|
|
|
|
void processCompilationUnitExit(void *Ptr) {
|
|
|
|
|
VPrintf(2, "in esan::%s\n", __FUNCTION__);
|
2016-05-26 01:49:00 +08:00
|
|
|
if (WhichTool == ESAN_CacheFrag) {
|
|
|
|
|
processCacheFragCompilationUnitExit(Ptr);
|
|
|
|
|
}
|
2016-05-25 06:22:20 +08:00
|
|
|
}
|
|
|
|
|
|
2016-04-22 05:32:25 +08:00
|
|
|
} // namespace __esan
|
