Skip to content

Revert "[TSan] Clarify and enforce shadow end alignment" #146674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 2, 2025
Merged

Revert "[TSan] Clarify and enforce shadow end alignment" #146674

merged 1 commit into from
Jul 2, 2025

Conversation

@Camsyn
Copy link
Contributor

@Camsyn Camsyn commented Jul 2, 2025
edited
Loading

Reverts #144648 due to a test failure of the new added test case munmap_clear_shadow.c in IOS .

@llvmbot
Copy link
Member

llvmbot commented Jul 2, 2025

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: Kunqiu Chen (Camsyn)

Changes

Reverts llvm/llvm-project#144648

Full diff: https://github.com/llvm/llvm-project/pull/146674.diff

6 Files Affected:

  • (modified) compiler-rt/lib/tsan/rtl/tsan_interface_java.cpp (+1)
  • (modified) compiler-rt/lib/tsan/rtl/tsan_rtl.cpp (+3-18)
  • (modified) compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp (+8-10)
  • (modified) compiler-rt/lib/tsan/rtl/tsan_sync.cpp (-14)
  • (modified) compiler-rt/test/tsan/java_heap_init2.cpp (+1)
  • (modified) compiler-rt/test/tsan/munmap_clear_shadow.c (+1)
diff --git a/compiler-rt/lib/tsan/rtl/tsan_interface_java.cpp b/compiler-rt/lib/tsan/rtl/tsan_interface_java.cpp
index cb4d767d903d3..7c15a16388268 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_interface_java.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_interface_java.cpp
@@ -122,6 +122,7 @@ void __tsan_java_move(jptr src, jptr dst, jptr size) {
   DCHECK_GE(dst, jctx->heap_begin);
   DCHECK_LE(dst + size, jctx->heap_begin + jctx->heap_size);
   DCHECK_NE(dst, src);
+  DCHECK_NE(size, 0);
 
   // Assuming it's not running concurrently with threads that do
   // memory accesses and mutex operations (stop-the-world phase).
diff --git a/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp b/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp
index 0d7247a56a4c2..981f37b89e784 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp
@@ -566,32 +566,17 @@ static bool IsValidMmapRange(uptr addr, uptr size) {
   return false;
 }
 
-void UnmapShadow(ThreadState* thr, uptr addr, uptr size) {
+void UnmapShadow(ThreadState *thr, uptr addr, uptr size) {
   if (size == 0 || !IsValidMmapRange(addr, size))
     return;
-  // unmap shadow is related to semantic of mmap/munmap, so we
-  // should clear the whole shadow range, including the tail shadow
-  // while addr + size % kShadowCell != 0.
-  uptr rounded_size_shadow = RoundUp(addr + size, kShadowCell) - addr;
-  DontNeedShadowFor(addr, rounded_size_shadow);
+  DontNeedShadowFor(addr, size);
   ScopedGlobalProcessor sgp;
   SlotLocker locker(thr, true);
-  uptr rounded_size_meta = RoundUp(addr + size, kMetaShadowCell) - addr;
-  ctx->metamap.ResetRange(thr->proc(), addr, rounded_size_meta, true);
+  ctx->metamap.ResetRange(thr->proc(), addr, size, true);
 }
 #endif
 
 void MapShadow(uptr addr, uptr size) {
-  // Although named MapShadow, this function's semantic is unrelated to
-  // UnmapShadow. This function currently only used for Go's lazy allocation
-  // of shadow, whose targets are program section (e.g., bss, data, etc.).
-  // Therefore, we can guarantee that the addr and size align to kShadowCell
-  // and kMetaShadowCell by the following assertions.
-  DCHECK_EQ(addr % kShadowCell, 0);
-  DCHECK_EQ(size % kShadowCell, 0);
-  DCHECK_EQ(addr % kMetaShadowCell, 0);
-  DCHECK_EQ(size % kMetaShadowCell, 0);
-
   // Ensure thead registry lock held, so as to synchronize
   // with DoReset, which also access the mapped_shadow_* ctxt fields.
   ThreadRegistryLock lock0(&ctx->thread_registry);
diff --git a/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp b/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
index 487fa490636eb..bd8deefefa1bc 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp
@@ -688,18 +688,16 @@ void MemoryAccessRangeT(ThreadState* thr, uptr pc, uptr addr, uptr size) {
     DCHECK(IsShadowMem(shadow_mem));
   }
 
-  uptr rounded_size =
-      (RoundUpTo(addr + size, kShadowCell) - RoundDownTo(addr, kShadowCell));
-  RawShadow* shadow_mem_end =
-      shadow_mem + rounded_size / kShadowCell * kShadowCnt;
-  if (!IsShadowMem(shadow_mem_end - 1)) {
-    Printf("Bad shadow end addr: %p (%p)\n", shadow_mem_end - 1,
+  RawShadow* shadow_mem_end = reinterpret_cast<RawShadow*>(
+      reinterpret_cast<uptr>(shadow_mem) + size * kShadowMultiplier - 1);
+  if (!IsShadowMem(shadow_mem_end)) {
+    Printf("Bad shadow end addr: %p (%p)\n", shadow_mem_end,
            (void*)(addr + size - 1));
     Printf(
-        "Shadow start addr (ok): %p (%p); size: 0x%zx; rounded_size: 0x%zx; "
-        "kShadowMultiplier: %zx\n",
-        shadow_mem, (void*)addr, size, rounded_size, kShadowMultiplier);
-    DCHECK(IsShadowMem(shadow_mem_end - 1));
+        "Shadow start addr (ok): %p (%p); size: 0x%zx; kShadowMultiplier: "
+        "%zx\n",
+        shadow_mem, (void*)addr, size, kShadowMultiplier);
+    DCHECK(IsShadowMem(shadow_mem_end));
   }
 #endif
 
diff --git a/compiler-rt/lib/tsan/rtl/tsan_sync.cpp b/compiler-rt/lib/tsan/rtl/tsan_sync.cpp
index be5829bc823dc..97335bc8ecf71 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_sync.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_sync.cpp
@@ -246,20 +246,6 @@ void MetaMap::MoveMemory(uptr src, uptr dst, uptr sz) {
   // there are no concurrent accesses to the regions (e.g. stop-the-world).
   CHECK_NE(src, dst);
   CHECK_NE(sz, 0);
-
-  // The current MoveMemory implementation behaves incorrectly when src, dst,
-  // and sz are not aligned to kMetaShadowCell.
-  // For example, with kMetaShadowCell == 8:
-  // - src = 4: unexpectedly clears the metadata for the range [0, 4).
-  // - src = 16, dst = 4, size = 8: A sync variable for addr = 20, which should
-  //   be moved to the metadata for address 8, is incorrectly moved to the
-  //   metadata for address 0 instead.
-  // - src = 0, sz = 4: fails to move the tail metadata.
-  // Therefore, the following assertions is needed.
-  DCHECK_EQ(src % kMetaShadowCell, 0);
-  DCHECK_EQ(dst % kMetaShadowCell, 0);
-  DCHECK_EQ(sz % kMetaShadowCell, 0);
-
   uptr diff = dst - src;
   u32 *src_meta, *dst_meta, *src_meta_end;
   uptr inc;
diff --git a/compiler-rt/test/tsan/java_heap_init2.cpp b/compiler-rt/test/tsan/java_heap_init2.cpp
index 3317a5b3c2f43..2e5724d930e8f 100644
--- a/compiler-rt/test/tsan/java_heap_init2.cpp
+++ b/compiler-rt/test/tsan/java_heap_init2.cpp
@@ -1,4 +1,5 @@
 // RUN: %clangxx_tsan -O1 %s -o %t && %run %t 2>&1 | FileCheck %s
+// XFAIL: *
 
 #include "java.h"
 #include <errno.h>
diff --git a/compiler-rt/test/tsan/munmap_clear_shadow.c b/compiler-rt/test/tsan/munmap_clear_shadow.c
index f48a12a4cc0cb..8a435a84258f5 100644
--- a/compiler-rt/test/tsan/munmap_clear_shadow.c
+++ b/compiler-rt/test/tsan/munmap_clear_shadow.c
@@ -1,4 +1,5 @@
 // RUN: %clang_tsan %s -o %t && %run %t | FileCheck %s
+// XFAIL: *
 
 #include "test.h"
 #include <assert.h>

@Camsyn Camsyn merged commit 9eac5f7 into main Jul 2, 2025
9 of 11 checks passed
@Camsyn Camsyn deleted the revert-144648-tsan-shadow-end branch July 2, 2025 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

compiler-rt:sanitizer compiler-rt:tsan Thread sanitizer compiler-rt

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Camsyn @llvmbot