Use RoundUp on demand instead of a new util function

Camsyn · Camsyn · commit eedddb99bfbf · 2025-06-25T15:28:31.000+08:00
We don't always need to get the real shadow end, for example, some
shadow clear, if using the real shadow end, it will cause overcleaning
(i.e., clear [0, 1) makes [1, 8) inaccessible when kShadowCell == 8).

So when we do need to get the real end, use RoundUp in place.
For example, `unmap(addr, sz)` makes `[addr + sz, addr + PageSize)`
inaccessible, so we can safely clean up the full shadow (by getting
the real shadow end).
diff --git a/compiler-rt/lib/tsan/rtl/tsan_interface_java.cpp b/compiler-rt/lib/tsan/rtl/tsan_interface_java.cpp
@@ -131,7 +131,7 @@ void __tsan_java_move(jptr src, jptr dst, jptr size) {
   // We used to move shadow from src to dst, but the trace format does not
   // support that anymore as it contains addresses of accesses.
   RawShadow *d = MemToShadow(dst);
-  RawShadow *dend = MemToEndShadow(dst + size);
+  RawShadow *dend = MemToShadow(dst + size);
   ShadowSet(d, dend, Shadow::kEmpty);
 }
 
diff --git a/compiler-rt/lib/tsan/rtl/tsan_platform.h b/compiler-rt/lib/tsan/rtl/tsan_platform.h
@@ -968,24 +968,6 @@ RawShadow *MemToShadow(uptr x) {
   return reinterpret_cast<RawShadow *>(SelectMapping<MemToShadowImpl>(x));
 }
 
-struct MemToEndShadowImpl {
-  template <typename Mapping>
-  static uptr Apply(uptr x) {
-    return (((x + kShadowCell - 1) &
-             ~(Mapping::kShadowMsk | (kShadowCell - 1))) ^
-            Mapping::kShadowXor) *
-               kShadowMultiplier +
-           Mapping::kShadowAdd;
-  }
-};
-
-// If addr % kShadowCell == 0, then MemToEndShadow(addr) == MemToShadow(addr)
-// Otherwise, MemToEndShadow(addr) == MemToShadow(addr) + kShadowCnt
-ALWAYS_INLINE
-RawShadow *MemToEndShadow(uptr x) {
-  return reinterpret_cast<RawShadow *>(SelectMapping<MemToEndShadowImpl>(x));
-}
-
 struct MemToMetaImpl {
   template <typename Mapping>
   static u32 *Apply(uptr x) {
diff --git a/compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp b/compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp
@@ -195,7 +195,7 @@ static NOINLINE void MapRodata(char* buffer, uptr size) {
         !segment.IsWritable() && IsAppMem(segment.start)) {
       // Assume it's .rodata
       char *shadow_start = (char *)MemToShadow(segment.start);
-      char *shadow_end = (char *)MemToEndShadow(segment.end);
+      char *shadow_end = (char *)MemToShadow(segment.end);
       for (char *p = shadow_start; p < shadow_end;
            p += marker.size() * sizeof(RawShadow)) {
         internal_mmap(
diff --git a/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp b/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp
@@ -532,7 +532,7 @@ static void StopBackgroundThread() {
 
 void DontNeedShadowFor(uptr addr, uptr size) {
   ReleaseMemoryPagesToOS(reinterpret_cast<uptr>(MemToShadow(addr)),
-                         reinterpret_cast<uptr>(MemToEndShadow(addr + size)));
+                         reinterpret_cast<uptr>(MemToShadow(addr + size)));
 }
 
 #if !SANITIZER_GO
@@ -566,13 +566,18 @@ static bool IsValidMmapRange(uptr addr, uptr size) {
   return false;
 }
 
-void UnmapShadow(ThreadState *thr, uptr addr, uptr size) {
+void UnmapShadow(ThreadState* thr, uptr addr, uptr size) {
   if (size == 0 || !IsValidMmapRange(addr, size))
     return;
-  DontNeedShadowFor(addr, size);
+  // unmap shadow is related to semantic of mmap/munmap, so we
+  // should clear the whole shadow range, including the tail shadow
+  // while addr + size % kShadowCell != 0.
+  uptr size_for_shadow = RoundUp(addr + size, kShadowCell) - addr;
+  DontNeedShadowFor(addr, size_for_shadow);
   ScopedGlobalProcessor sgp;
   SlotLocker locker(thr, true);
-  ctx->metamap.ResetRange(thr->proc(), addr, size, true);
+  uptr size_for_meta = RoundUp(addr + size, kMetaShadowCell) - addr;
+  ctx->metamap.ResetRange(thr->proc(), addr, size_for_meta, true);
 }
 #endif
 
diff --git a/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp b/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
@@ -688,8 +688,10 @@ void MemoryAccessRangeT(ThreadState* thr, uptr pc, uptr addr, uptr size) {
     DCHECK(IsShadowMem(shadow_mem));
   }
 
-  RawShadow* shadow_mem_end = MemToEndShadow(addr + size);
-  if (size > 0 && !IsShadowMem(shadow_mem_end - 1)) {
+  uptr size1 =
+      (RoundUpTo(addr + size, kShadowCell) - RoundDownTo(addr, kShadowCell));
+  RawShadow* shadow_mem_end = shadow_mem + size1 / kShadowCell * kShadowCnt;
+  if (!IsShadowMem(shadow_mem_end - 1)) {
     Printf("Bad shadow end addr: %p (%p)\n", shadow_mem_end - 1,
            (void*)(addr + size - 1));
     Printf(

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ void __tsan_java_move(jptr src, jptr dst, jptr size) {`
`131`	`131`	`// We used to move shadow from src to dst, but the trace format does not`
`132`	`132`	`// support that anymore as it contains addresses of accesses.`
`133`	`133`	`RawShadow *d = MemToShadow(dst);`
`134`		`- RawShadow *dend = MemToEndShadow(dst + size);`
	`134`	`+ RawShadow *dend = MemToShadow(dst + size);`
`135`	`135`	`ShadowSet(d, dend, Shadow::kEmpty);`
`136`	`136`	`}`
`137`	`137`