llvm-project.git/compiler-rt/lib/tsan/rtl/tsan_interface_java.cpp, branch main Unnamed repository; edit this file 'description' to name the repository. Reland [TSan] Clarify and enforce shadow end alignment (#146676) 2025-07-02T12:28:30+00:00 Kunqiu Chen camsyn@foxmail.com 2025-07-02T12:28:30+00:00 0aafeb8ba1b1adcf04d5d82553228ca82845fcb0 #144648 was reverted because it failed the new sanitizer test `munmap_clear_shadow.c` in IOS's CI. That issue could be fixed by disabling the test on some platforms, due to the incompatibility of the test on these platforms. In detail, we should disable the test in FreeBSD, Apple, NetBSD, Solaris, and Haiku, where `ReleaseMemoryPagesToOS` executes `madvise(beg, end, MADV_FREE)`, which tags the relevant pages as 'FREE' and does not release them immediately. 
#144648 was reverted because it failed the new sanitizer test
`munmap_clear_shadow.c` in IOS's CI.
That issue could be fixed by disabling the test on some platforms, due
to the incompatibility of the test on these platforms.

In detail, we should disable the test in FreeBSD, Apple, NetBSD,
Solaris, and Haiku, where `ReleaseMemoryPagesToOS` executes
`madvise(beg, end, MADV_FREE)`, which tags the relevant pages as 'FREE'
and does not release them immediately.
 Revert "[TSan] Clarify and enforce shadow end alignment" (#146674) 2025-07-02T12:11:11+00:00 Kunqiu Chen camsyn@foxmail.com 2025-07-02T12:11:11+00:00 9eac5f72f6296812ecc8dc23ce2b312b4f3e75e8 Reverts llvm/llvm-project#144648 due to a test failure of the new added test case `munmap_clear_shadow.c` in IOS . 
Reverts llvm/llvm-project#144648 due to a test failure of the new added
test case `munmap_clear_shadow.c` in IOS .
 [TSan] Clarify and enforce shadow end alignment (#144648) 2025-06-27T06:43:34+00:00 Kunqiu Chen camsyn@foxmail.com 2025-06-27T06:43:34+00:00 bc90166a50c4197b7666889c128e70c8f8fad2f3 In TSan, every `k` bytes of application memory (where `k = 8`) maps to a single shadow/meta cell. This design leads to two distinct outcomes when calculating the end of a shadow range using `MemToShadow(addr_end)`, depending on the alignment of `addr_end`: - **Exclusive End:** If `addr_end` is aligned (`addr_end % k == 0`), `MemToShadow(addr_end)` points to the first shadow cell *past* the intended range. This address is an exclusive boundary marker, not a cell to be operated on. - **Inclusive End:** If `addr_end` is not aligned (`addr_end % k != 0`), `MemToShadow(addr_end)` points to the last shadow cell that *is* part of the range (i.e., the same cell as `MemToShadow(addr_end - 1)`). Different TSan functions have different expectations for whether the shadow end should be inclusive or exclusive. However, these expectations are not always explicitly enforced, which can lead to subtle bugs or reliance on unstated invariants. The core of this patch is to ensure that functions ONLY requiring an **exclusive shadow end** behave correctly. 1. Enforcing Existing Invariants: For functions like `MetaMap::MoveMemory` and `MapShadow`, the assumption is that the end address is always `k`-aligned. While this holds true in the current codebase (e.g., due to some external implicit conditions), this invariant is not guaranteed by the function's internal context. We add explicit assertions to make this requirement clear and to catch any future changes that might violate this assumption. 2. Fixing Latent Bugs: In other cases, unaligned end addresses are possible, representing a latent bug. This was the case in `UnmapShadow`. The `size` of a memory region being unmapped is not always a multiple of `k`. When this happens, `UnmapShadow` would fail to clear the final (tail) portion of the shadow memory. This patch fixes `UnmapShadow` by rounding up the `size` to the next multiple of `k` before clearing the shadow memory. This is safe because the underlying OS `unmap` operation is page-granular, and the page size is guaranteed to be a multiple of `k`. Notably, this fix makes `UnmapShadow` consistent with its inverse operation, `MemoryRangeImitateWriteOrResetRange`, which already performs a similar size round-up. In summary, this PR: - **Adds assertions** to `MetaMap::MoveMemory` and `MapShadow` to enforce their implicit requirement for k-aligned end addresses. - **Fixes a latent bug** in `UnmapShadow` by rounding up the size to ensure the entire shadow range is cleared. Two new test cases have been added to cover this scenario. - Removes a redundant assertion in `__tsan_java_move`. - Fixes an incorrect shadow end calculation introduced in commit 4052de6. The previous logic, while fixing an overestimation issue, did not properly account for `kShadowCell` alignment and could lead to underestimation. 
In TSan, every `k` bytes of application memory (where `k = 8`) maps to a
single shadow/meta cell. This design leads to two distinct outcomes when
calculating the end of a shadow range using `MemToShadow(addr_end)`,
depending on the alignment of `addr_end`:

- **Exclusive End:** If `addr_end` is aligned (`addr_end % k == 0`),
`MemToShadow(addr_end)` points to the first shadow cell *past* the
intended range. This address is an exclusive boundary marker, not a cell
to be operated on.
- **Inclusive End:** If `addr_end` is not aligned (`addr_end % k != 0`),
`MemToShadow(addr_end)` points to the last shadow cell that *is* part of
the range (i.e., the same cell as `MemToShadow(addr_end - 1)`).

Different TSan functions have different expectations for whether the
shadow end should be inclusive or exclusive. However, these expectations
are not always explicitly enforced, which can lead to subtle bugs or
reliance on unstated invariants.


The core of this patch is to ensure that functions ONLY requiring an
**exclusive shadow end** behave correctly.

1.  Enforcing Existing Invariants:
For functions like `MetaMap::MoveMemory` and `MapShadow`, the assumption
is that the end address is always `k`-aligned. While this holds true in
the current codebase (e.g., due to some external implicit conditions),
this invariant is not guaranteed by the function's internal context. We
add explicit assertions to make this requirement clear and to catch any
future changes that might violate this assumption.

2.  Fixing Latent Bugs:
In other cases, unaligned end addresses are possible, representing a
latent bug. This was the case in `UnmapShadow`. The `size` of a memory
region being unmapped is not always a multiple of `k`. When this
happens, `UnmapShadow` would fail to clear the final (tail) portion of
the shadow memory.

This patch fixes `UnmapShadow` by rounding up the `size` to the next
multiple of `k` before clearing the shadow memory. This is safe because
the underlying OS `unmap` operation is page-granular, and the page size
is guaranteed to be a multiple of `k`.

Notably, this fix makes `UnmapShadow` consistent with its inverse
operation, `MemoryRangeImitateWriteOrResetRange`, which already performs
a similar size round-up.

In summary, this PR:

- **Adds assertions** to `MetaMap::MoveMemory` and `MapShadow` to
enforce their implicit requirement for k-aligned end addresses.
- **Fixes a latent bug** in `UnmapShadow` by rounding up the size to
ensure the entire shadow range is cleared. Two new test cases have been
added to cover this scenario.
  - Removes a redundant assertion in `__tsan_java_move`.
- Fixes an incorrect shadow end calculation introduced in commit
4052de6. The previous logic, while fixing an overestimation issue, did
not properly account for `kShadowCell` alignment and could lead to
underestimation.
 tsan: new runtime (v3) 2021-12-13T11:48:34+00:00 Dmitry Vyukov dvyukov@google.com 2021-12-02T07:36:44+00:00 b332134921b42796c6b46453eaf2affdc09e3154 This change switches tsan to the new runtime which features: - 2x smaller shadow memory (2x of app memory) - faster fully vectorized race detection - small fixed-size vector clocks (512b) - fast vectorized vector clock operations - unlimited number of alive threads/goroutimes Depends on D112602. Reviewed By: melver Differential Revision: https://reviews.llvm.org/D112603 
This change switches tsan to the new runtime which features:
 - 2x smaller shadow memory (2x of app memory)
 - faster fully vectorized race detection
 - small fixed-size vector clocks (512b)
 - fast vectorized vector clock operations
 - unlimited number of alive threads/goroutimes

Depends on D112602.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D112603
Revert "tsan: new runtime (v3)" 2021-12-09T17:18:10+00:00 Jonas Devlieghere jonas@devlieghere.com 2021-12-09T17:18:10+00:00 396113c19fd1dc3bb9771d04ffb3a0319e018558 This reverts commit 5a33e412815b8847610425a2a3b86d2c7c313b71 becuase it breaks LLDB. https://green.lab.llvm.org/green/view/LLDB/job/lldb-cmake/39208/ 
This reverts commit 5a33e412815b8847610425a2a3b86d2c7c313b71 becuase it
breaks LLDB.

https://green.lab.llvm.org/green/view/LLDB/job/lldb-cmake/39208/
tsan: new runtime (v3) 2021-12-09T08:09:52+00:00 Dmitry Vyukov dvyukov@google.com 2021-12-02T07:36:44+00:00 5a33e412815b8847610425a2a3b86d2c7c313b71 This change switches tsan to the new runtime which features: - 2x smaller shadow memory (2x of app memory) - faster fully vectorized race detection - small fixed-size vector clocks (512b) - fast vectorized vector clock operations - unlimited number of alive threads/goroutimes Depends on D112602. Reviewed By: melver Differential Revision: https://reviews.llvm.org/D112603 
This change switches tsan to the new runtime which features:
 - 2x smaller shadow memory (2x of app memory)
 - faster fully vectorized race detection
 - small fixed-size vector clocks (512b)
 - fast vectorized vector clock operations
 - unlimited number of alive threads/goroutimes

Depends on D112602.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D112603
Revert "tsan: new runtime (v3)" 2021-12-01T17:00:46+00:00 Dmitry Vyukov dvyukov@google.com 2021-12-01T16:55:14+00:00 09859113ed23ea11ce5726f0d19bc57e93ecbaab This reverts commit 66d4ce7e26a5ab00f7e4946b6e1bac8f805010fa. Chromium tests started failing: https://bugs.chromium.org/p/chromium/issues/detail?id=1275581 
This reverts commit 66d4ce7e26a5ab00f7e4946b6e1bac8f805010fa.

Chromium tests started failing:
https://bugs.chromium.org/p/chromium/issues/detail?id=1275581
tsan: new runtime (v3) 2021-11-25T17:32:04+00:00 Dmitry Vyukov dvyukov@google.com 2021-04-27T11:55:41+00:00 66d4ce7e26a5ab00f7e4946b6e1bac8f805010fa This change switches tsan to the new runtime which features: - 2x smaller shadow memory (2x of app memory) - faster fully vectorized race detection - small fixed-size vector clocks (512b) - fast vectorized vector clock operations - unlimited number of alive threads/goroutimes Depends on D112602. Reviewed By: melver Differential Revision: https://reviews.llvm.org/D112603 
This change switches tsan to the new runtime which features:
 - 2x smaller shadow memory (2x of app memory)
 - faster fully vectorized race detection
 - small fixed-size vector clocks (512b)
 - fast vectorized vector clock operations
 - unlimited number of alive threads/goroutimes

Depends on D112602.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D112603
Revert "tsan: new runtime (v3)" 2021-11-24T02:32:32+00:00 Weverything rtrieu@google.com 2021-11-24T01:51:32+00:00 1150f02c77b81adca4d0c67afdef23321e93db89 This reverts commit ebd47b0fb78fa11758da6ffcd3e6b415cbb8fa28. This was causing unexpected behavior in programs. 
This reverts commit ebd47b0fb78fa11758da6ffcd3e6b415cbb8fa28.
This was causing unexpected behavior in programs.
tsan: new runtime (v3) 2021-11-23T10:44:59+00:00 Dmitry Vyukov dvyukov@google.com 2021-04-27T11:55:41+00:00 ebd47b0fb78fa11758da6ffcd3e6b415cbb8fa28 This change switches tsan to the new runtime which features: - 2x smaller shadow memory (2x of app memory) - faster fully vectorized race detection - small fixed-size vector clocks (512b) - fast vectorized vector clock operations - unlimited number of alive threads/goroutimes Differential Revision: https://reviews.llvm.org/D112603 
This change switches tsan to the new runtime which features:
 - 2x smaller shadow memory (2x of app memory)
 - faster fully vectorized race detection
 - small fixed-size vector clocks (512b)
 - fast vectorized vector clock operations
 - unlimited number of alive threads/goroutimes

Differential Revision: https://reviews.llvm.org/D112603