On Thu, Mar 14, 2019 at 11:01:37PM +0100, Eric Botcazou wrote:
> > Not if the >> 3 shift is arithmetic shift.
>
> Sorry, I don't understand how this can work.
For some configurations, libasan defines SHADOW_OFFSET to
__asan_shadow_memory_dynamic_address (exported uptr symbol from libasan),
so SHADOW_OFFSET would be also __asan_shadow_memory_dynamic_address and
#define MEM_TO_SHADOW(mem) ((sptr(mem) >> SHADOW_SCALE) + (SHADOW_OFFSET))
For the different sizes of the address space hole:
[0x0000080000000000UL,0xfffff80000000000UL)
[0x0000800000000000UL,0xffff800000000000UL)
[0x0008000000000000UL,0xfff8000000000000UL)
[0x0010000000000000UL,0xfff0000000000000UL)
it would then be up to the asan initialization to figure out what value
of the __asan_shadow_memory_dynamic_address it wants to use.
Say for the largest hole, sptr(0)>>3 is 0,
sptr(0x0000080000000000UL)>>3 is 0x0000010000000000UL,
sptr(0xfffff80000000000UL)>>3 is 0xffffff0000000000UL,
sptr(0xffffffffffffffffUL)>>3 is 0xffffffffffffffffUL.
The VA has 8TiB before hole and 8TiB after hole, and needs 2TiB of shadow
memory. You pick some 2TiB region, either in the area below hole, or above
hole, where nothing is mapped, let's say you pick
[0x0000020000000000UL,0x0000040000000000UL) as the shadow memory
and then __asan_shadow_memory_dynamic_address will be
0x0000020000000000UL + sptr(0x0000080000000000UL)>>3, i.e.
0x0000030000000000UL.
kLowMemBeg is 0, kLowMemEnd is 0x0000020000000000UL-1 (first region
where you can have normal data), then there would be a shadow memory
corresponding to all of memory above the hole (i.e.
0x0000020000000000UL..0x0000030000000000UL) followed immediately
by shadow memory for kLowMemBeg..kLowMemEnd (0x0000030000000000UL..
0x0000034000000000UL-1), followed by
kShadowGapBeg 0x0000034000000000UL through kShadowGapEnd
0x0000038000000000UL-1 and finally again shadow memory for the normal
memory between 0x0000040000000000UL..0x0000080000000000UL
(i.e. 0x0000038000000000UL..0x0000040000000000UL-1).
Note, the 0x0000020000000000UL choice was just an example, I believe
it would work if you just tried to mmap without MAP_FIXED a 2TiB region
for the shadow and whatever you get used together with the start and end
of VA hole to compute everything else.
Similarly for all the other VA hole sizes, just instead of 2TiB you need
32TiB, 512TiB or 1PiB of shadow memory (always size of memory before
VA hole divided by 4 (== size of both regions outside of hole divided by 8)).
gcc would then emit whatever sequence the memory model emits to
access external __asan_shadow_memory_dynamic_address symbol, shifted
arithmetically address >> 3 and added that to value of
__asan_shadow_memory_dynamic_address.
Jakub
