[compiler-rt][lsan] Update CanBeAHeapPointer for AArch64

PiJoules · PiJoules · commit c8644ea88ea2 · 2022-05-24T10:22:46.000-07:00
While attempting to get the 64-bit lsan allocator working for Fuchsia, I noticed this function would incorrectly return false for pointers returned by the 64-bit allocator. On AArch64, this function attempts to get the VMA size dynamically by counting the number of leading zeros from the function frame address. This will fail if the frame address is significantly below an allocated pointer (that is, the frame address has more leading zeros than an allocated pointer). This is possible on Fuchsia and linux (when not called from the initial thread stack). It seems the intended use of this function is to speed up pointer scanning by filtering out addresses that user code might not be able to access. Other platforms this check is done on seem to hardcode the VMA size/shift, so it seems appropriate to do this for aarch64 as well. This implies pointers on aarch64 where the VMA size is <64 will pass through, but bad pointers will still be caught by subsequent scan checks. This patch also renames the function to something more fitting of what it's trying to do. Differential Revision: https://reviews.llvm.org/D123814
diff --git a/compiler-rt/lib/lsan/lsan_common.cpp b/compiler-rt/lib/lsan/lsan_common.cpp
@@ -240,7 +240,7 @@ class Decorator : public __sanitizer::SanitizerCommonDecorator {
   const char *Leak() { return Blue(); }
 };
 
-static inline bool CanBeAHeapPointer(uptr p) {
+static inline bool MaybeUserPointer(uptr p) {
   // Since our heap is located in mmap-ed memory, we can assume a sensible lower
   // bound on heap addresses.
   const uptr kMinAddress = 4 * 4096;
@@ -252,8 +252,8 @@ static inline bool CanBeAHeapPointer(uptr p) {
 #  elif defined(__mips64)
   return ((p >> 40) == 0);
 #  elif defined(__aarch64__)
-  unsigned runtimeVMA = (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1);
-  return ((p >> runtimeVMA) == 0);
+  // Accept up to 48 bit VMA.
+  return ((p >> 48) == 0);
 #  else
   return true;
 #  endif
@@ -276,7 +276,7 @@ void ScanRangeForPointers(uptr begin, uptr end, Frontier *frontier,
     pp = pp + alignment - pp % alignment;
   for (; pp + sizeof(void *) <= end; pp += alignment) {
     void *p = *reinterpret_cast<void **>(pp);
-    if (!CanBeAHeapPointer(reinterpret_cast<uptr>(p)))
+    if (!MaybeUserPointer(reinterpret_cast<uptr>(p)))
       continue;
     uptr chunk = PointsIntoChunk(p);
     if (!chunk)
