[TSan][Darwin] Handle NULL argument in interceptor

Julian Lettner · Julian Lettner · commit 2b7a2cbb15c4 · 2020-08-24T11:36:02.000-07:00
Handle NULL address argument in the `mach_vm_[de]allocate()`
interceptors and fix test: `Assignment 2` is not valid if we weren't
able to re-allocate memory.

rdar://67680613
diff --git a/compiler-rt/lib/tsan/rtl/tsan_interceptors_mach_vm.cpp b/compiler-rt/lib/tsan/rtl/tsan_interceptors_mach_vm.cpp
@@ -19,34 +19,35 @@
 
 namespace __tsan {
 
-static bool intersects_with_shadow(mach_vm_address_t *address,
+static bool intersects_with_shadow(mach_vm_address_t address,
                                    mach_vm_size_t size, int flags) {
   // VM_FLAGS_FIXED is 0x0, so we have to test for VM_FLAGS_ANYWHERE.
   if (flags & VM_FLAGS_ANYWHERE) return false;
-  uptr ptr = *address;
-  return !IsAppMem(ptr) || !IsAppMem(ptr + size - 1);
+  return !IsAppMem(address) || !IsAppMem(address + size - 1);
 }
 
 TSAN_INTERCEPTOR(kern_return_t, mach_vm_allocate, vm_map_t target,
                  mach_vm_address_t *address, mach_vm_size_t size, int flags) {
   SCOPED_TSAN_INTERCEPTOR(mach_vm_allocate, target, address, size, flags);
   if (target != mach_task_self())
     return REAL(mach_vm_allocate)(target, address, size, flags);
-  if (intersects_with_shadow(address, size, flags))
+  if (address && intersects_with_shadow(*address, size, flags))
     return KERN_NO_SPACE;
-  kern_return_t res = REAL(mach_vm_allocate)(target, address, size, flags);
-  if (res == KERN_SUCCESS)
+  kern_return_t kr = REAL(mach_vm_allocate)(target, address, size, flags);
+  if (kr == KERN_SUCCESS)
     MemoryRangeImitateWriteOrResetRange(thr, pc, *address, size);
-  return res;
+  return kr;
 }
 
 TSAN_INTERCEPTOR(kern_return_t, mach_vm_deallocate, vm_map_t target,
                  mach_vm_address_t address, mach_vm_size_t size) {
   SCOPED_TSAN_INTERCEPTOR(mach_vm_deallocate, target, address, size);
   if (target != mach_task_self())
     return REAL(mach_vm_deallocate)(target, address, size);
-  UnmapShadow(thr, address, size);
-  return REAL(mach_vm_deallocate)(target, address, size);
+  kern_return_t kr = REAL(mach_vm_deallocate)(target, address, size);
+  if (kr == KERN_SUCCESS && address)
+    UnmapShadow(thr, address, size);
+  return kr;
 }
 
 }  // namespace __tsan
diff --git a/compiler-rt/test/tsan/Darwin/mach_vm_allocate.c b/compiler-rt/test/tsan/Darwin/mach_vm_allocate.c
@@ -13,28 +13,28 @@
 
 const mach_vm_size_t alloc_size = sizeof(int);
 static int *global_ptr;
-static bool realloc_success = false;
 
 static int *alloc() {
   mach_vm_address_t addr;
-  kern_return_t res =
+  kern_return_t kr =
       mach_vm_allocate(mach_task_self(), &addr, alloc_size, VM_FLAGS_ANYWHERE);
-  assert(res == KERN_SUCCESS);
+  assert(kr == KERN_SUCCESS);
   return (int *)addr;
 }
 
 static void alloc_fixed(int *ptr) {
   mach_vm_address_t addr = (mach_vm_address_t)ptr;
   // Re-allocation via VM_FLAGS_FIXED sporadically fails.
-  kern_return_t res =
+  kern_return_t kr =
       mach_vm_allocate(mach_task_self(), &addr, alloc_size, VM_FLAGS_FIXED);
-  realloc_success = res == KERN_SUCCESS;
+  if (kr != KERN_SUCCESS)
+    global_ptr = NULL;
 }
 
 static void dealloc(int *ptr) {
-  kern_return_t res =
+  kern_return_t kr =
       mach_vm_deallocate(mach_task_self(), (mach_vm_address_t)ptr, alloc_size);
-  assert(res == KERN_SUCCESS);
+  assert(kr == KERN_SUCCESS);
 }
 
 static void *Thread(void *arg) {
@@ -53,26 +53,30 @@ static void *Thread(void *arg) {
   return NULL;
 }
 
-static void try_realloc_on_same_address() {
+static bool try_realloc_on_same_address() {
   barrier_init(&barrier, 2);
   global_ptr = alloc();
   pthread_t t;
   pthread_create(&t, NULL, Thread, NULL);
 
   barrier_wait(&barrier);
-  *global_ptr = 8;  // Assignment 2
+  if (global_ptr)
+    *global_ptr = 8;  // Assignment 2
 
   pthread_join(t, NULL);
   dealloc(global_ptr);
+
+  return global_ptr != NULL;
 }
 
 int main(int argc, const char *argv[]) {
+  bool success;
   for (int i = 0; i < 10; i++) {
-    try_realloc_on_same_address();
-    if (realloc_success) break;
+    success = try_realloc_on_same_address();
+    if (success) break;
   }
 
-  if (!realloc_success)
+  if (!success)
     fprintf(stderr, "Unable to set up testing condition; silently pass test\n");
 
   printf("Done.\n");
