Derive-C
Loading...
Searching...
No Matches
memory_tracker.h File Reference
#include <derive-c/core/panic.h>
#include <derive-c/core/math.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>

Go to the source code of this file.

Enumerations

enum  dc_memory_tracker_capability { DC_MEMORY_TRACKER_CAP_NONE , DC_MEMORY_TRACKER_CAP_WRITE , DC_MEMORY_TRACKER_CAP_READ_WRITE }
 a wrapper over asan & msan Containers and allocators can use this for custom asan & msan poisoning, provided: More...
enum  dc_memory_tracker_level { DC_MEMORY_TRACKER_LVL_NONE = 0 , DC_MEMORY_TRACKER_LVL_ALLOC = 1 , DC_MEMORY_TRACKER_LVL_CONTAINER = 2 }

Functions

static DC_PUBLIC void dc_memory_tracker_set (dc_memory_tracker_level level, dc_memory_tracker_capability cap, const volatile void *addr, size_t size)
static DC_PUBLIC void dc_memory_tracker_check (dc_memory_tracker_level level, dc_memory_tracker_capability cap, const void *addr, size_t size)
static DC_PUBLIC void dc_memory_tracker_debug (FILE *stream, const void *addr, size_t size)

Variables

static const dc_memory_tracker_level dc_memory_tracker_global_level

Enumeration Type Documentation

◆ dc_memory_tracker_capability

enum dc_memory_tracker_capability

a wrapper over asan & msan Containers and allocators can use this for custom asan & msan poisoning, provided:

  • The appropriate level is set (so that container, or allocator poisoning can be disabled)
  • Allocators / containers setting capabilities must set capabilities when providing to the level below. e.g. a container may set CAP to None for user access checks, but set to uninit before passing to allocator free. Capabilities to assign to memory regions
Enumerator
DC_MEMORY_TRACKER_CAP_NONE 
DC_MEMORY_TRACKER_CAP_WRITE 
DC_MEMORY_TRACKER_CAP_READ_WRITE 

Definition at line 46 of file memory_tracker.h.

46 { // NOLINT(performance-enum-size)
47 DC_MEMORY_TRACKER_CAP_NONE,
48 DC_MEMORY_TRACKER_CAP_WRITE,
49 DC_MEMORY_TRACKER_CAP_READ_WRITE,
50} dc_memory_tracker_capability;
dc_memory_tracker_capability
dc_memory_tracker_capability
a wrapper over asan & msan Containers and allocators can use this for custom asan & msan poisoning,...
Definition memory_tracker.h:46
DC_MEMORY_TRACKER_CAP_WRITE
@ DC_MEMORY_TRACKER_CAP_WRITE
Definition memory_tracker.h:48
DC_MEMORY_TRACKER_CAP_NONE
@ DC_MEMORY_TRACKER_CAP_NONE
Definition memory_tracker.h:47
DC_MEMORY_TRACKER_CAP_READ_WRITE
@ DC_MEMORY_TRACKER_CAP_READ_WRITE
Definition memory_tracker.h:49

◆ dc_memory_tracker_level

enum dc_memory_tracker_level

The level at which to track memory state:

  • when testing allocators, none
  • when testing containers, at the allocator level
  • when testing users code, at the container and below level
Enumerator
DC_MEMORY_TRACKER_LVL_NONE 
DC_MEMORY_TRACKER_LVL_ALLOC 
DC_MEMORY_TRACKER_LVL_CONTAINER 

Definition at line 59 of file memory_tracker.h.

59 { // NOLINT(performance-enum-size)
60 DC_MEMORY_TRACKER_LVL_NONE = 0,
61 DC_MEMORY_TRACKER_LVL_ALLOC = 1,
62 DC_MEMORY_TRACKER_LVL_CONTAINER = 2,
63} dc_memory_tracker_level;
dc_memory_tracker_level
dc_memory_tracker_level
Definition memory_tracker.h:59
DC_MEMORY_TRACKER_LVL_CONTAINER
@ DC_MEMORY_TRACKER_LVL_CONTAINER
Definition memory_tracker.h:62
DC_MEMORY_TRACKER_LVL_ALLOC
@ DC_MEMORY_TRACKER_LVL_ALLOC
Definition memory_tracker.h:61
DC_MEMORY_TRACKER_LVL_NONE
@ DC_MEMORY_TRACKER_LVL_NONE
Definition memory_tracker.h:60

Function Documentation

◆ dc_memory_tracker_check()

DC_PUBLIC void dc_memory_tracker_check ( dc_memory_tracker_level level,
dc_memory_tracker_capability cap,
const void * addr,
size_t size )
static

Definition at line 115 of file memory_tracker.h.

117 {
118 DC_ASSERT(size > 0, "Cannot check zero sized region");
119 if (level <= dc_memory_tracker_global_level) {
120#if defined(DC_MSAN_ON)
121 // msan tracks the initialised state, so for none & write we want poisoned / unreadable.
122 switch (cap) {
123 case DC_MEMORY_TRACKER_CAP_NONE:
124 case DC_MEMORY_TRACKER_CAP_WRITE: {
125 for (size_t offset = 0; offset < size; offset++) {
126 const unsigned char* p = (const unsigned char*)addr + offset;
127
128 // For size == 1:
129 // - return -1 => unpoisoned (initialized) -> ERROR here
130 // - return 0 => poisoned (uninitialized) -> OK
131 if (__msan_test_shadow(p, 1) == -1) {
132 DC_PANIC("Memory region %p (%zu bytes) is not fully uninitialised: "
133 "byte %zu (%p) is unpoisoned",
134 addr, size, offset, p);
135 }
136 }
137 return;
138 }
139 case DC_MEMORY_TRACKER_CAP_READ_WRITE: {
140 for (size_t offset = 0; offset < size; offset++) {
141 const unsigned char* p = (const unsigned char*)addr + offset;
142 if (__msan_test_shadow(p, 1) != -1) {
143 DC_PANIC("Memory region %p (%zu bytes) is not initialised: "
144 "byte %zu (%p) is poisoned",
145 addr, size, offset, p);
146 }
147 }
148 return;
149 }
150 }
151 DC_UNREACHABLE("Invalid capability");
152#elif defined(DC_ASAN_ON)
153 bool const region_is_poisoned = __asan_region_is_poisoned((void*)(uintptr_t)addr, size);
154 switch (cap) {
155 case DC_MEMORY_TRACKER_CAP_NONE: {
156 if (!region_is_poisoned) {
157 const char* addr_char = (const char*)addr;
158 bool const is_at_end_of_granule = dc_math_is_aligned_pow2(addr_char - 7, 8);
159 bool const is_next_byte_poisoned =
160 __asan_region_is_poisoned((void*)(uintptr_t)(addr_char + 1), 1);
161
162 // JUSTIFY: panic conditionally
163 // - Asan tracks poisoning at the granule/8 byte level, with the number of bytes
164 // poisoned from the end of the granule
165 // - Hence if we have a poisoned byte, in the middle of a granule, with the rest
166 // unpoisoned, asan will mark that byte as unpoisoned
167 // Therefore, we only throw if we are certain the poisoning is wrong (e.g. it would
168 // be continuing contiguous poisoned part of a granule, or its at the start of a
169 // granule)
170 if (is_at_end_of_granule || is_next_byte_poisoned) {
171
172 DC_PANIC("Memory region %p (%zu bytes) is not poisoned, but should be", addr,
173 size);
174 }
175 }
176 return;
177 }
178 case DC_MEMORY_TRACKER_CAP_WRITE:
179 case DC_MEMORY_TRACKER_CAP_READ_WRITE: {
180 if (region_is_poisoned) {
181 DC_PANIC("Memory region %p (%zu bytes) is poisoned, but should be accessible", addr,
182 size);
183 }
184 return;
185 }
186 }
187 DC_UNREACHABLE("Invalid capability");
188#else
189 (void)addr;
190 (void)size;
191 (void)cap;
192#endif
193 }
194}
size
static DC_PUBLIC size_t size(SELF const *self)
Definition template.h:252
dc_math_is_aligned_pow2
static DC_PUBLIC bool DC_INLINE DC_CONST dc_math_is_aligned_pow2(const void *ptr, unsigned alignment)
Definition math.h:67
dc_memory_tracker_global_level
static const dc_memory_tracker_level dc_memory_tracker_global_level
Definition memory_tracker.h:72
DC_PANIC
#define DC_PANIC(str,...)
Definition panic.h:29
DC_UNREACHABLE
#define DC_UNREACHABLE(...)
Definition panic.h:44
DC_ASSERT
#define DC_ASSERT(expr,...)
Definition panic.h:37

◆ dc_memory_tracker_debug()

DC_PUBLIC void dc_memory_tracker_debug ( FILE * stream,
const void * addr,
size_t size )
static

Definition at line 196 of file memory_tracker.h.

196 {
197 fprintf(stream, "memory tracker debug (%zu bytes) at %p ", size, addr);
198#if defined DC_MSAN_ON
199 fprintf(stream, "[MSAN]:");
200 // msan tracks the initialised state, so for none & write we want poisoned / unreadable.
201 for (size_t i = 0; i < size; i++) {
202 char const* ptr = (char const*)addr + i;
203 fprintf(stream, "\n%p: ", ptr);
204 if (__msan_test_shadow(ptr, 1) != -1) {
205 __msan_unpoison(ptr, 1);
206 fprintf(stream, "U [%02x]", *((unsigned char*)ptr));
207 __msan_poison(ptr, 1);
208 } else {
209 fprintf(stream, "I [%02x]", *((unsigned char*)ptr));
210 }
211 }
212#elif defined DC_ASAN_ON
213 // Each shadow memory entry covers 8 bytes of memory, aligned to 8 bytes, so we print this.
214 const char* addr_start = (const char*)addr;
215 const char* addr_end = addr_start + size;
216 const char* granule_base =
217 (const char*)((uintptr_t)addr & ~(uintptr_t)0x7U); // NOLINT(performance-no-int-to-ptr)
218 const char* granule_end = (const char*)(((uintptr_t)addr + size + 7U) &
219 ~(uintptr_t)0x7U); // NOLINT(performance-no-int-to-ptr)
220
221 fprintf(stream, "[ASAN]:");
222 fprintf(stream,
223 "\ndisplaying each 8 byte grandule (asan tracks poisoning as 0-8 bytes from the end)");
224 fprintf(stream, "\n");
225 fprintf(stream, "\n ");
226 for (size_t b = 0; b < 8; b++) {
227 fprintf(stream, " %lu ", b);
228 }
229 fprintf(stream, "\n");
230 for (const char* p = granule_base; p < granule_end; p += 8) {
231 fprintf(stream, "%p: ", p);
232 for (const char* b = p; b < p + 8; b++) {
233 bool const poisoned = __asan_region_is_poisoned((void*)(uintptr_t)b, 1);
234 bool const in_selected = (b >= addr_start && b < addr_end);
235 uint8_t value;
236 if (poisoned) {
237 __asan_unpoison_memory_region((void*)(uintptr_t)b, 1);
238 value = (uint8_t)*b;
239 __asan_poison_memory_region((void*)(uintptr_t)b, 1);
240 } else {
241 value = (uint8_t)*b;
242 }
243
244 char const status = poisoned ? 'P' : 'U';
245
246 if (in_selected) {
247 fprintf(stream, "[%c|%02x] ", status, value);
248 } else {
249 fprintf(stream, "|%c|%02x| ", status, value);
250 }
251 }
252 fprintf(stream, "\n");
253 }
254#else
255 fprintf(stream, "[NO TRACKING]");
256 (void)addr;
257 (void)size;
258#endif
259 fprintf(stream, "\n");
260}
stream
static DC_PUBLIC FILE * stream(SELF *self)
Definition template.h:108

◆ dc_memory_tracker_set()

DC_PUBLIC void dc_memory_tracker_set ( dc_memory_tracker_level level,
dc_memory_tracker_capability cap,
const volatile void * addr,
size_t size )
static

Definition at line 76 of file memory_tracker.h.

78 {
79 if (level <= dc_memory_tracker_global_level) {
80#if defined(DC_MSAN_ON)
81 // msan tracks the initialised state, so for none & write we want poisoned / unreadable.
82 switch (cap) {
83 case DC_MEMORY_TRACKER_CAP_NONE:
84 case DC_MEMORY_TRACKER_CAP_WRITE: {
85 __msan_poison(addr, size);
86 return;
87 }
88 case DC_MEMORY_TRACKER_CAP_READ_WRITE: {
89 __msan_unpoison(addr, size);
90 return;
91 }
92 }
93 DC_UNREACHABLE("Invalid capability");
94#elif defined(DC_ASAN_ON)
95 switch (cap) {
96 case DC_MEMORY_TRACKER_CAP_NONE: {
97 __asan_poison_memory_region(addr, size);
98 return;
99 }
100 case DC_MEMORY_TRACKER_CAP_WRITE:
101 case DC_MEMORY_TRACKER_CAP_READ_WRITE: {
102 __asan_unpoison_memory_region(addr, size);
103 return;
104 }
105 }
106 DC_UNREACHABLE("Invalid capability");
107#else
108 (void)addr;
109 (void)size;
110 (void)cap;
111#endif
112 }
113}

Variable Documentation

◆ dc_memory_tracker_global_level

const dc_memory_tracker_level dc_memory_tracker_global_level
static
Initial value:
=
DC_MEMORY_TRACKER_LVL_CONTAINER

Definition at line 72 of file memory_tracker.h.