summaryrefslogtreecommitdiff
path: root/absl/debugging
diff options
context:
space:
mode:
authorGravatar Abseil Team <absl-team@google.com>2021-12-13 14:47:02 -0800
committerGravatar rogeeff <rogeeff@google.com>2021-12-13 17:57:09 -0500
commit1065514ef332d036f3437e950e78d35ce6b7c740 (patch)
treee77e2b82db0160e569b62f0f68d70d1a69f97d9e /absl/debugging
parentfb7dd24b18e82893e5922be5d1c8ae0f3fe3c9fa (diff)
Export of internal Abseil changes
-- 07240ca7822d007cdcc79f2c40bd58b2c2010348 by Abseil Team <absl-team@google.com>: Correct the comment from "AlphaNum" to "Arg". PiperOrigin-RevId: 416139192 -- adcba4a6b3763626e1db7b1e8c108b3114903557 by Martijn Vels <mvels@google.com>: Fix NewExternalRep() to require data being non-empty, and remove nullptr return. PiperOrigin-RevId: 416135865 -- c0d14cd918fb16f15d1d84de9284b5c5ecc1f8f2 by Abseil Team <absl-team@google.com>: Fix doc comment for absl::ascii_isprint(). The comment was incorrectly saying that it includes all whitespace. It doesn't; the only whitespace char it includes is ' '. PiperOrigin-RevId: 416112524 -- d83327800159c07002b6865e21232a12463e02dd by Abseil Team <absl-team@google.com>: Internal change PiperOrigin-RevId: 416099978 -- baf11e9ca42ca9140cdbf8075f971db8d65b1195 by Ilya Tokar <tokarip@google.com>: Prevent compiler from optimizing Group_Match* benchmarks away. Currently we benchmark single store of precomputed value. Not all affected benchmarks show performance changes: BM_Group_Match 0.53ns ± 1% 0.53ns ± 0% -0.42% (p=0.038 n=10+10) BM_Group_MatchEmpty 0.26ns ± 1% 0.26ns ± 1% ~ (p=1.000 n=10+10) BM_Group_MatchEmptyOrDeleted 0.26ns ± 1% 0.26ns ± 1% ~ (p=0.121 n=10+10) BM_Group_CountLeadingEmptyOrDeleted 0.26ns ± 1% 0.45ns ± 0% +70.05% (p=0.000 n=10+8) BM_Group_MatchFirstEmptyOrDeleted 0.26ns ± 0% 0.44ns ± 1% +65.91% (p=0.000 n=8+9) But inspecting the generated code shows the difference, e. g. BM_Group_MatchFirstEmptyOrDeleted Before: add $0xffffffffffffffff,%rbx jne 30 After: pcmpeqd %xmm0,%xmm0 pcmpgtb -0x30(%rbp),%xmm0 pmovmskb %xmm0,%eax add: 0x23$0xffffffffffffffff,%rbx jne 40 PiperOrigin-RevId: 416083515 -- 122fbff893dc4571b3e75e4b241eb4495b925610 by Abseil Team <absl-team@google.com>: Put namespace guard in ABSL_DECLARE_FLAG to make declaring a flag in a namespace a compiler error instead of a linker error. PiperOrigin-RevId: 416036072 -- 020fd8a20f5fa319e948846e003391fcb9e03868 by Ilya Tokar <tokarip@google.com>: Make Cord::InlineRep::set_data unconditionally zero out memory. Currently there is a single case where we don't zero out memory as an optimization. Unconditional zeroing doesn't show any changes in benchmarks, except for the unrelated improvement: BM_CordPartialCopyToCord/1M/1 12.6ns ± 4% 12.6ns ± 4% ~ (p=0.857 n=16+19) BM_CordPartialCopyToCord/1M/128 44.9ns ± 7% 45.0ns ± 3% ~ (p=0.468 n=18+17) BM_CordPartialCopyToCord/1M/1k 64.5ns ± 4% 61.4ns ± 4% -4.82% (p=0.000 n=19+17) BM_CordPartialCopyToCord/1M/8k 139ns ± 3% 128ns ±15% -7.76% (p=0.009 n=17+20) BM_CordPartialCopyToCord/1M/16k 193ns ± 6% 168ns ± 6% -13.17% (p=0.000 n=17+17) BM_CordPartialCopyToCord/4M/16k 199ns ± 4% 177ns ± 4% -11.36% (p=0.000 n=17+18) BM_CordPartialCopyToCord/4M/32k 275ns ± 3% 250ns ± 4% -9.00% (p=0.000 n=18+18) BM_CordPartialCopyToCord/4M/64k 291ns ± 4% 266ns ± 5% -8.53% (p=0.000 n=18+16) BM_CordPartialCopyToCord/4M/128k 322ns ± 5% 291ns ± 4% -9.43% (p=0.000 n=20+18) BM_CordPartialCopyToCord/8M/32k 281ns ± 5% 251ns ± 4% -10.38% (p=0.000 n=20+16) BM_CordPartialCopyToCord/8M/64k 293ns ± 6% 267ns ± 4% -8.87% (p=0.000 n=16+19) BM_CordPartialCopyToCord/8M/128k 334ns ± 3% 305ns ± 2% -8.56% (p=0.000 n=17+16) This is clearly an alignmnet effect since number of the executed instructions is the same: M_CordPartialCopyToCord/1M/1 155 ± 0% 155 ± 0% ~ (all samples are equal) BM_CordPartialCopyToCord/1M/128 446 ± 0% 446 ± 0% ~ (p=0.332 n=36+39) BM_CordPartialCopyToCord/1M/1k 473 ± 0% 473 ± 0% ~ (p=0.969 n=40+40) BM_CordPartialCopyToCord/1M/8k 808 ± 0% 808 ± 0% ~ (p=0.127 n=40+39) BM_CordPartialCopyToCord/1M/16k 957 ± 0% 957 ± 0% ~ (p=0.532 n=40+40) BM_CordPartialCopyToCord/4M/16k 952 ± 0% 952 ± 0% ~ (p=0.686 n=39+39) BM_CordPartialCopyToCord/4M/32k 1.12k ± 0% 1.12k ± 0% ~ (p=0.690 n=40+40) BM_CordPartialCopyToCord/4M/64k 1.23k ± 0% 1.23k ± 0% ~ (p=0.182 n=40+39) BM_CordPartialCopyToCord/4M/128k 1.44k ± 0% 1.44k ± 0% ~ (p=0.711 n=40+40) BM_CordPartialCopyToCord/8M/32k 1.12k ± 0% 1.12k ± 0% ~ (p=0.697 n=40+40) BM_CordPartialCopyToCord/8M/64k 1.23k ± 0% 1.23k ± 0% +0.00% (p=0.049 n=40+40) BM_CordPartialCopyToCord/8M/128k 1.44k ± 0% 1.44k ± 0% ~ (p=0.507 n=40+40) This makes code simpler and doesn't regress performance. PiperOrigin-RevId: 415560574 -- 37305b2690b31682088749e4d62f40d7095bdc54 by Derek Mauro <dmauro@google.com>: Internal change PiperOrigin-RevId: 415558737 -- 86aaed569b9e743c1eb813a5f48def978a793db3 by Martijn Vels <mvels@google.com>: Internal change PiperOrigin-RevId: 415515201 -- 6cdb8786cdcb4fa0b8a4b72fc98940877d1fdeff by Abseil Team <absl-team@google.com>: Update SubmitMutexProfileData to accept wait_cycles instead of wait_timestamp PiperOrigin-RevId: 415360871 -- 9f979d307aa16ad09f214e04876cbe84395c0901 by Abseil Team <absl-team@google.com>: absl::flat_hash_set compiles with -Wconversion -Wsign-compare PiperOrigin-RevId: 415357498 -- 9eceb14174708f15e61259d449b214a8a4c7f9e7 by Abseil Team <absl-team@google.com>: Fix AddressIsReadable for the corner case of (aligned) addr == NULL. PiperOrigin-RevId: 415307792 -- 1a39ffe55898375e2d7f88c17c99db5a1b95b313 by Martijn Vels <mvels@google.com>: Internal change PiperOrigin-RevId: 415162872 -- 64378549b110d5f5762185a5906c520fba70f0e7 by Abseil Team <absl-team@google.com>: Fix a typo in the comments PiperOrigin-RevId: 415088461 -- 41aae8322e913b82710153c22b97c611fdb6e1fb by Abseil Team <absl-team@google.com>: Switch from `connect` to `rt_sigreturn` -- the latter is much less problematic for system call sandboxes. PiperOrigin-RevId: 415073965 -- 870c5e3388b6a35611bff538626fe7a1c8c87171 by Abseil Team <absl-team@google.com>: Add ABSL_HAVE_HWADDRESS_SANITIZER and ABSL_HAVE_LEAK_SANITIZER PiperOrigin-RevId: 414871189 -- f213ed60a66b58da7ac40555adfb1d529ff0a4db by Derek Mauro <dmauro@google.com>: Remove reference to __SANITIZE_MEMORY__, which does not exist It appears to have been copied by pattern matching from the ASAN/TSAN code blocks. https://github.com/gcc-mirror/gcc/blob/f47662204de27f7685699eeef89aa173ccf32d85/gcc/cppbuiltin.c#L79-L126 PiperOrigin-RevId: 414806587 -- b152891e73ab515f397ceb53f66c8ee2f33863ea by Abseil Team <absl-team@google.com>: Rollback previous commit: SYS_open is not defined in certain environments. PiperOrigin-RevId: 414521820 -- 5a1cbb282331023902e1374dd0d920c4effbe47f by Abseil Team <absl-team@google.com>: Use syscall(SYS_open, ...) instead of open() to avoid possible symbol interposition. Also add some warning notes. PiperOrigin-RevId: 414508186 -- 1824d6593612710aafdc599a89b0adced7d787f6 by Abseil Team <absl-team@google.com>: Correct aarch64 macro check The macro is __aarch64__, not __arch64__. PiperOrigin-RevId: 414446225 -- a1536a57b64dfd53945d33a01cfc08b18c99c97b by Abseil Team <absl-team@google.com>: Fix backwards comment in the last commit. PiperOrigin-RevId: 414281214 -- 11ac021ba779513667a31cf2563ddafc57d6d913 by Abseil Team <absl-team@google.com>: AddressIsReadable() didn't work correctly on ARM when the given pointer was misaligned at the end of the page. Fix that by aligning the pointer on an 8-byte boundary before checking it. PiperOrigin-RevId: 414203863 GitOrigin-RevId: 07240ca7822d007cdcc79f2c40bd58b2c2010348 Change-Id: If5f129194d59f5c9e5d84efd8cd9e17a70e072ab
Diffstat (limited to 'absl/debugging')
-rw-r--r--absl/debugging/internal/address_is_readable.cc102
1 files changed, 46 insertions, 56 deletions
diff --git a/absl/debugging/internal/address_is_readable.cc b/absl/debugging/internal/address_is_readable.cc
index 26df3289..4be6256b 100644
--- a/absl/debugging/internal/address_is_readable.cc
+++ b/absl/debugging/internal/address_is_readable.cc
@@ -30,16 +30,12 @@ bool AddressIsReadable(const void* /* addr */) { return true; }
ABSL_NAMESPACE_END
} // namespace absl
-#else
+#else // __linux__ && !__ANDROID__
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <sys/syscall.h>
-#include <sys/types.h>
+#include <stdint.h>
+#include <syscall.h>
#include <unistd.h>
-#include <cerrno>
-
#include "absl/base/internal/errno_saver.h"
#include "absl/base/internal/raw_logging.h"
@@ -47,60 +43,54 @@ namespace absl {
ABSL_NAMESPACE_BEGIN
namespace debugging_internal {
+// NOTE: be extra careful about adding any interposable function calls here
+// (such as open(), read(), etc.). These symbols may be interposed and will get
+// invoked in contexts they don't expect.
+//
+// NOTE: any new system calls here may also require sandbox reconfiguration.
+//
bool AddressIsReadable(const void *addr) {
- int fd = 0;
+ // Align address on 8-byte boundary. On aarch64, checking last
+ // byte before inaccessible page returned unexpected EFAULT.
+ const uintptr_t u_addr = reinterpret_cast<uintptr_t>(addr) & ~7;
+ addr = reinterpret_cast<const void *>(u_addr);
+
+ // rt_sigprocmask below will succeed for this input.
+ if (addr == nullptr) return false;
+
absl::base_internal::ErrnoSaver errno_saver;
- for (int j = 0; j < 2; j++) {
- // Here we probe with some syscall which
- // - accepts a one-byte region of user memory as input
- // - tests for EFAULT before other validation
- // - has no problematic side-effects
- //
- // connect(2) works for this. It copies the address into kernel
- // memory before any validation beyond requiring an open fd.
- // But a one byte address is never valid (sa_family is two bytes),
- // so the call cannot succeed and change any state.
- //
- // This strategy depends on Linux implementation details,
- // so we rely on the test to alert us if it stops working.
- //
- // Some discarded past approaches:
- // - msync() doesn't reject PROT_NONE regions
- // - write() on /dev/null doesn't return EFAULT
- // - write() on a pipe requires creating it and draining the writes
- //
- // Use syscall(SYS_connect, ...) instead of connect() to prevent ASAN
- // and other checkers from complaining about accesses to arbitrary memory.
- do {
- ABSL_RAW_CHECK(syscall(SYS_connect, fd, addr, 1) == -1,
- "should never succeed");
- } while (errno == EINTR);
- if (errno == EFAULT) return false;
- if (errno == EBADF) {
- if (j != 0) {
- // Unclear what happened.
- ABSL_RAW_LOG(ERROR, "unexpected EBADF on fd %d", fd);
- return false;
- }
- // fd 0 must have been closed. Try opening it again.
- // Note: we shouldn't leak too many file descriptors here, since we expect
- // to get fd==0 reopened.
- fd = open("/dev/null", O_RDONLY);
- if (fd == -1) {
- ABSL_RAW_LOG(ERROR, "can't open /dev/null");
- return false;
- }
- } else {
- // probably EINVAL or ENOTSOCK; we got past EFAULT validation.
- return true;
- }
- }
- ABSL_RAW_CHECK(false, "unreachable");
- return false;
+
+ // Here we probe with some syscall which
+ // - accepts an 8-byte region of user memory as input
+ // - tests for EFAULT before other validation
+ // - has no problematic side-effects
+ //
+ // rt_sigprocmask(2) works for this. It copies sizeof(kernel_sigset_t)==8
+ // bytes from the address into the kernel memory before any validation.
+ //
+ // The call can never succeed, since the `how` parameter is not one of
+ // SIG_BLOCK, SIG_UNBLOCK, SIG_SETMASK.
+ //
+ // This strategy depends on Linux implementation details,
+ // so we rely on the test to alert us if it stops working.
+ //
+ // Some discarded past approaches:
+ // - msync() doesn't reject PROT_NONE regions
+ // - write() on /dev/null doesn't return EFAULT
+ // - write() on a pipe requires creating it and draining the writes
+ // - connect() works but is problematic for sandboxes and needs a valid
+ // file descriptor
+ //
+ // This can never succeed (invalid first argument to sigprocmask).
+ ABSL_RAW_CHECK(syscall(SYS_rt_sigprocmask, ~0, addr, nullptr,
+ /*sizeof(kernel_sigset_t)*/ 8) == -1,
+ "unexpected success");
+ ABSL_RAW_CHECK(errno == EFAULT || errno == EINVAL, "unexpected errno");
+ return errno != EFAULT;
}
} // namespace debugging_internal
ABSL_NAMESPACE_END
} // namespace absl
-#endif
+#endif // __linux__ && !__ANDROID__