Граф коммитов

98 Коммитов

Автор SHA1 Сообщение Дата
David Chisnall 6c5626fe5f Install test headers.
Verona uses these.
2021-09-07 08:45:20 +01:00
David Chisnall c70c23ad74
CMake cleanup. (#384)
Modernise and tidy the CMake a bit:

 - Use generator expressions for a lot of conditionals so that things
   are more reliable with multi-config generators (and less verbose).
 - Remove C as a needed language.  None of the code was C but we were
   using C to test if headers worked.  This was fragile because a build
   with `CMAKE_CXX_COMPILER` set might have checked things compiled with
   the system C compiler and then failed when the specified C++ compiler
   used different headers.
 - Rename the `BACKTRACE_HEADER` macro to `SNMALLOC_BACKTRACE_HEADER`.
   This is exposed into code that consumes snmalloc and so should be
   'namespaced' (to the degree that's possible with C macros).
 - Clean up the options and use dependent options to hide options 
   that are not always relevant.
 - Use functions instead of macros for better variable scoping.
 - Factor out some duplicated bits into functions.
 - Update to the latest way of telling CMake to use C++17 or C++20.
 - Migrate everything that's setting global properties to setting only
   per-target properties.
 - Link with -nostdlib++ if it's available.  If it isn't, fall back to
   enabling the C language and linking with the C compiler.
 - Make the per-test log messages verbose outputs.  These kept scrolling
   important messages off the top of the screen for me.
 - Make building as a header-only library a public option.
 - Add install targets that install all of the headers and provide a
   config option.  This works with the header-only configuration for
   integration with things like vcpkg.
 - Fix a missing `#endif` in the `malloc_useable_size` check.  This was
   failing co compile on all platforms because of the missing `#endif`.
 - Bump the minimum version to 3.14 so that we have access to
   target_link_options.  This is necessary to use generator expressions
   for linker flags.
 - Make the linker error if the shim libraries depend on symbols that
   are not defined in the explicitly-provided libraries.
 - Make the old-Ubuntu CI jobs use C++17 explicitly (previously CMake 
   was silently ignoring the fact that the compiler didn't support C++20)
 - Fix errors found by the more aggressive linking mode.

With these changes, it's now possible to install snmalloc and then, in
another project, do something like this:

```cmake
find_package(snmalloc CONFIG REQUIRED)
target_link_libraries(t1 snmalloc::snmalloc)
target_link_libraries(t2 snmalloc::snmallocshim-static)
```

In this example, `t1` gets all of the compile flags necessary to include
snmalloc headers for its build configuration.  `t2` is additionally
linked to the snmalloc static shim library.
2021-09-03 11:31:05 +01:00
Matthew Parkinson 0f70494d55 Enable passthrough to an underlying allocator
This passes though to an underlying allocator rather than using
snmalloc.  This is required for using ASAN in Verona.  Verona takes a
close coupling with snmalloc, but to use with ASAN would require a
more work, so we pass to the system allocator in this case.
2021-08-26 14:34:36 +01:00
Istvan Haller b84a7afb06
Merge pull request #381 from ihaller/ihaller/msvc17
Improved support for MSVC with C++17
2021-08-26 14:24:38 +01:00
Istvan Haller 935f3ccd29 Improved support for MSVC with C++17 2021-08-26 12:18:53 +01:00
Matthew Parkinson b52e2a6e27 Expose pthread feature flag
The code was able to use pthread destructors rather than C++ thread
local destructors.  This removes the dependence on a C++ .so on linux.
However, this is not stable on other platforms such as Apple. Where the
C++ thread local state can be cleared before the pthread destructor
runs.
2021-08-25 17:04:08 +01:00
Matthew Parkinson c1001ae7a4 Merge remote-tracking branch 'origin/master' into snmalloc2 2021-07-21 09:58:22 +01:00
Matthew Parkinson 9df0101dfd Enable guard pages in CHECK_CLIENT
Change the behaviour to use PROT_NONE for reservations in CHECK_CLIENT
mode.  This means that we only provide access once data is actually
being used.
2021-07-21 09:36:06 +01:00
Schrodinger ZHU Yifan 704bc423cc
refact(cmake): change mcx16 detection to facilitate cross compiling (#351)
* refact(cmake): change mcx16 detection to facilitate cross compiling

Signed-off-by: SchrodingerZhu <i@zhuyi.fan>
2021-07-20 08:59:44 +01:00
Matthew Parkinson f0e2ab702a
Major refactor of snmalloc (#343)
# Pagemap
 
The Pagemap now stores all the meta-data for the object allocation. The meta-data in the pagemap is effectively a triple of the sizeclass, the remote allocator, and a pointer to a 64 byte block of meta-data for this chunk of memory. By storing the pointer to a block, it allows the pagemap to handle multiple slab sizes without branching on the fast path. There is one entry in the pagemap per 16KiB of address space, but by using the same entry in the pagemap for 4 adjacent entries, then we can treat a 64KiB range can be treated as a single slab of allocations.

This change also means there is almost no capability amplification required by the implementation on CHERI for finding meta-data. The only amplification is required, when we change the way a chunk is used to a size of object allocation.


# Backend

There is a second major aspect of the refactor that there is now a narrow API that abstracts the Pagemap, PAL and address space management. This should better enable the compartmentalisation and makes it easier to produce alternative backends for various research directions. This is a template parameter that can be used to specialised by the front-end in different ways.

# Thread local state

The thread local state has been refactored into two components, one (called 'localalloc') that is stored directly in the TLS and is constant initialised, and one that is allocated in the address space (called 'coreallloc') which is lazily created and pooled.

# Difference

This removes Superslabs/Medium slabs as there meta-data is now part of the pagemap.
2021-07-12 15:53:36 +01:00
David Carlier 9e88691ce6 Fix still non getentropy platform builds 2021-06-01 20:35:52 +01:00
Istvan Haller aefd149f0a
Gated the mcx16 flag to C++ compilation (#332)
* Restricted mcx16 option to C++ files as only those can include the snmalloc header
2021-05-28 17:13:49 +01:00
Matthias Wahl 589ecfab02
Fix building on old libc systems without `getentropy` (#329)
Signed-off-by: Matthias Wahl <mwahl@wayfair.com>
2021-05-25 16:46:06 +01:00
Matthew Parkinson e77a5d9c58 Remove cache-friendly offset. 2021-05-18 14:58:15 +01:00
David Carlier 83e6208862 backtrace cmake vars build fix, got undetected if the system package include was already in the flags. 2021-05-06 11:54:51 +01:00
Nathaniel Filardo 71db09423f CMake: add SNMALLOC_USE_CXX20 option 2021-04-22 01:28:24 +01:00
Matthew Parkinson 578abd8db4
Randomise slab allocation pattern (#304)
The slab allocation pattern is randomised based on the deallocation
pattern.  This achieved by using two queues to enqueue free elements
onto.  We pick "randomly", which queue to add to, and then when we take
the free_queue to use, we splice the two queues together.
2021-03-24 16:12:22 +00:00
Matthew Parkinson d56a99a747 Remove USE_MEASURE
The initial performance monitoring for snmalloc used timing of small
operations to guide the design. This feature has not been maintained or
used for several years.

This commit removes the feature.
2021-03-21 19:00:54 +00:00
Matthew Parkinson 50f412157f Protect free list pointers stored in object space
Free list pointers can be exploited by attackers. This commit implements
a simple encoding scheme to detect corruption of the pointers.  This can
be used to detect UAF and double free.

This does not currently address anything for Medium or Large
allocations.  It also does not address cross thread deallocations.

Co-authored-by: Nathaniel Wesley Filardo <nfilardo@microsoft.com>
2021-03-19 11:28:39 +00:00
Matthew Parkinson afe53e71af Restrict clangformat search. 2021-03-19 11:28:39 +00:00
Nathaniel Filardo db0ca64ff3 NFC: Add an AAL Concept, too
While here, pull out some constants to their own header.  Eventually we'll
want to match on AalFeatures in the AAL Concept.
2021-03-16 09:29:19 +00:00
Nathaniel Filardo 6259457790 Add -Wconversion to clang builds
MSVC has strong opinions on implicit conversions as used in CI, while Clang both
locally and in CI has weaker opinions.  In an effort to avoid subsequent
roundtrips through CI, make clang more strict.  Adding -Wconversion definitely
increases the strength of clang's opinions, apparently to include frowning on
some that even MSVC considers OK, so go make explicit the current implicit
behavior.
2021-03-01 20:18:01 +00:00
Matthew Parkinson 60cd538c28 Change behaviour of USE_POSIX_COMMIT_CHECKS
The previous setting applied USE_POSIX_COMMIT_CHECKS to snmalloc if it
was a non-release build.  This caused issues in CCF virtual mode, as it
was being built in RelWithDebInfo.

This commit changes the flag to be applied less, but for tests to always
apply the setting independent of build type.

This means that when snmalloc is being used as a library, it will be
off, unless explicitly requested.
2021-02-19 15:34:11 +00:00
David Chisnall c33f355736
Fix the sandbox use case and add a test. (#269)
Summary of changes:

- Add a new PAL that doesn't allocate memory, which can be used with a
  memory provider that is pre-initialised with a range of memory.
- Add a `NoAllocation` PAL property so that the methods on a PAL that 
  doesn't support dynamically reserving address space will never be
  called and therefore don't need to be implemented.
- Slightly refactor the memory provider class so that it has a narrower
  interface with LargeAlloc and is easier to proxy.
- Allow the address space manager and the memory provider to be
  initialised with a range of memory.

This may eventually also remove the need for (or, at least, simplify)
the Open Enclave PAL.

This commit also ends up with a few other cleanups:

 - The `malloc_useable_size` CMake test that checks whether the
   parameter is const qualified was failing on FreeBSD where this
   function is declared in `malloc_np.h` but where including
   `malloc.h` raises an error.  This should now be more robust.
 - The BSD aligned PAL inherited from the BSD PAL, which does not
   expose aligned allocation. This meant that it exposed both the
   aligned and non-aligned allocation interfaces and so happily
   accepted incorrect `constexpr` if blocks that expected one or 
   the other but accidentally required both to exist. The unaligned
   function is now deleted so the same failures that appear in CI should
   appear locally for anyone using this PAL.
2021-01-11 14:06:51 +00:00
David Chisnall c89f594b07 Add missing clang-format name. 2021-01-07 14:52:40 +00:00
David Carlier 08d0f42cc5 Solaris based system build fix.
malloc_usable_size or similar unsupported.
2020-11-27 15:26:37 +00:00
Robert Norton 0db4633ee7 Fix typo in macro definition for 16MiB shared library shim (#253).
This has been present since 4e1f5829a7 and resulted in the 16MiB shared library shim using the default 1MiB chunk size.
2020-10-12 15:27:59 +01:00
David Carlier 49b9856ed0 DragonFly support (userland).
- Close to OpenBSD as there is no malloc*size api nor arbritrary
 alignment support.
- Like FreeBSD, MAP_NORESERVE never had been implemented even tough
 still present in the header but not mentioned in the man page,
FreeBSD has reserved the value for another later usage seems
 DragonFly has just out of sync header.
2020-10-05 10:44:30 +01:00
Matthew Parkinson 923705e514
Natural alignment for USE_MALLOC (#248)
* Add concept of natural alignment to tests.

snmalloc naturally aligns blocks very heavily, so that
the largest power-of-two in the rounded size is the alignment.
This checks that in the test, and provides a method for
finding the natural alignment of a block.

* Improve USE_MALLOC to provide alignment

snmalloc provides a lot of alginment guarantees. This ensures that when
we pass through to the system allocator we still get those alignment
guarantees.

The commit also fixes the tests to work with USE_MALLOC, and builds a
set of unit tests for ctest to check behaviour.
2020-09-28 10:08:19 +01:00
David Carlier e615c33f7a Haiku debug build, rdynamic flag unsupported. 2020-09-14 09:43:18 +01:00
Nathaniel Filardo 3e21ea1f65 Add C++ concept for PAL
This will not be used unless the C++ standard version is raised to 20.  As
concepts and C++20 more generally are quite new, this does not do so.
Nevertheless, the use of concepts can improve the local development experience
as type mismatches are discovered earlier (at template invocation rather than
only during expansion).
2020-09-09 12:55:48 +01:00
Matthew Parkinson 4e1f5829a7
Change default chunksize to 1MiB (#229)
This change makes the original 16MiB option not the common option.

It also changes the names of the defines to
  SNMALLOC_USE_LARGE_CHUNKS
  SNMALLOC_USE_SMALL_CHUNKS

The second should be set for Open Enclave configuration, and results in
256KiB chunk sizes.  The first being set builds the original 16MiB chunk
sizes.  If neither is set, then we default to 1MiB chunk sizes.
2020-07-09 13:22:32 +01:00
David CARLIER 4a3102fedb
Haiku support proposal. (#218)
* Haiku support proposal.
Basic PAL implementation.
This platform does not support TLS modes.

* MAP_NORESERVE usage
2020-06-30 11:01:49 +01:00
Matthew Parkinson e393ac882f New configuration of slab sizes for OE. 2020-06-18 13:09:06 +01:00
Matthew Parkinson 4c22c5b02f
Make binaries more compatible by default (#206)
* Make binaries more compatible by default

Turn `-march=native` off by default. This makes binaries more portable,
but may harm performance. However, fast paths look unaltered

* Change setting to on if specified.
2020-05-28 16:56:48 +01:00
Amaury Chamayou 7ccd6c36e8
Fix clang-format lookup to do what the comment says (#197) 2020-05-21 17:11:01 +01:00
SchrodingerZhu 497f9d9386
add static library (#189)
* add static library

* leave static library on by default

* fix 1mib layout

* code reviews
2020-05-19 06:46:40 +01:00
Nathaniel Wesley Filardo 6dae830ea0
Use cmake to find backtrace() (#187)
On FreeBSD, this notably requires the use of -lexecinfo, as backtrace()
is not available in -lc.  Rather than testing in C, test in cmake.
2020-05-16 12:45:51 +01:00
Matthew Parkinson 79ca9bdd9d
Default build to Release. (#177) 2020-05-06 18:24:45 +01:00
SchrodingerZhu a43773c5b7
add android support (#171)
* adjust for android

* update docs

* add const qualifier to `alloc_size`

* check const qualifier in cmake
2020-04-18 07:58:13 +01:00
Matthew Parkinson 47547c4f66 Re-enable GCC warning. 2020-04-14 11:39:00 +01:00
Matthew Parkinson 89ad538ccc Disable GCC warning. 2020-04-13 08:33:52 +01:00
Matthew Parkinson 74657d9dbc
Defensive code for alloc/dealloc during TLS teardown (#161)
* Defensive code for alloc/dealloc during TLS teardown

If an allocation or deallocation occurs during TLS teardown, then it is
possible for a new allocator to be created and then this is leaked. On
the mimalloc-bench mstressN benchmark this was observed leading to a
large memory leak.

This fix, detects if we are in the TLS teardown phase, and if so,
the calls to alloc or dealloc must return the allocator once they have
perform the specific operation.

Uses a separate variable to represent if a thread_local's destructor has
run already.  This is used to detect thread teardown to put the
allocator into a special slow path to avoid leaks.

* Added some printing first operation to track progress

* Improve error messages on posix

Flush errors, print assert details, and present stack traces.

* Detect incorrect use of pool.

* Clang format.

* Replace broken LL/SC implementation

LL/SC implementation was broken, this replaces it with
a locking implementation. Changes the API to support LL/SC
for future implementation on ARM.

* Improve TLS teardown.

* Make std::function fully inlined.

* Factor out PALLinux stack trace.

* Add checks for leaking allocators.

* Add release build of Windows Clang
2020-04-07 15:37:26 +01:00
Amaury Chamayou 60861eef44
CI for both arms (#151)
* Add another ARM
2020-03-20 09:17:38 +00:00
Matthew Parkinson 4246d9a065
Workaround for QEMU behaviour. (#147)
* Fixes for ARM

* Workaround for QEMU behaviour.
2020-03-19 12:37:44 +00:00
David Carlier 55f1237df9 Few build tweaks. 2020-03-17 12:16:21 +00:00
David Carlier e7f020cf76 implementations moved on the composer class. 2020-03-13 15:39:49 +00:00
David Carlier 2d4f2c3867 AAL, basic arm implementation proposal. 2020-03-13 08:09:14 +00:00
SchrodingerZhu 65de3c41bc fix mingw 2020-03-08 22:13:49 +08:00
Matthew Parkinson cae3317964 Update to use clangformat9
With clangformat9 the AfterCaseLabel is introduced.
And this defaults to false, but our code is formatted
implicitly with this set to true.

PRs to Verona and Snmalloc are being formatted with clangformat9,
and this is causing complexity. Let's move forward to clangformat9
in CI.
2020-02-06 09:09:32 +00:00