Remove the is_nested bit from the BlockInfo structure.

syzygy/agent/asan/shadow.h

 // Copyright 2012 Google Inc. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 // Implements a class that manages shadow memory for Asan.
 //
 // The layout of a block is fully encoded in shadow memory, allowing for

[Sigurður Ásgeirsson, 2016/11/22 19:15:37]

maybe this comment can be relocated to a .md file (in a separate CL)?

[Sébastien Marchand, 2016/11/22 22:12:23]

Maybe, we don't really use .md files (yet) so if we move this one then we should
probably move more documentation at the same time, not sure if we'll have the
bandwidth for this.

 // recovery of the block simply by inspecting the shadow memory. This is
 // accomplished as follows:
 //
 // - Blocks are always a multiple of kShadowRatio in size and alignment.
 // - Each group of kShadowRatio contiguous bytes is represented by a single
 //   marker in the shadow.
 // - The first marker of a block is a single block start marker, and the last
 //   is a single block end marker. This uniquely identifies the beginning
 //   and end of a block simply by scanning and looking for balanced markers.
 // - The left and right redzones are uniquely identified by distinct markers.
 // - The location of the header and trailer of a block are always at the
 //   extremes, thus knowing the locations of the start and end markers
 //   uniquely identifies their positions.
 // - The left redzone markers uniquely encodes the length of the header padding
 //   as it must also be a multiple of kShadowRatio in length.
 // - The right redzone implies the length of the body of the allocation and
 //   the trailer padding modulo kShadowRatio. The remaining bits are encoded
 //   directly in the block start marker.
-// - Nested blocks and regular blocks use differing block start/end markers.
-//   This allows navigation through allocation hierarchies to terminate
-//   without necessitating a scan through the entire shadow memory.
 //
 // A typical block will look something like the following in shadow memory:
 //
 //   00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 //   E7 FA FA FA 00 00 00 00 00 00 FB FB FB FB FB F4
 //   |  \______/ \_______________/ \____________/ |
 //   |     :             |                :       +-- Block end.
 //   |     :             |                + - - - - - Right redzone.
 //   |     :             +--------------------------- Body of allocation.
 //   |     +- - - - - - - - - - - - - - - - - - - - - Left redzone.
 //   +----------------------------------------------- Block start.
 //
-// - Both the end marker and the start marker indicate the block
-//   is not nested. Together they indicate the total length of the
-//   block is 128 bytes.
 // - The start marker indicates that the body length is 7 % 8.
 // - The header padding indicates that the 16 byte header is followed
 //   by a further 16 bytes of padding.
 // - The 6 body markers indicate an allocation size of 41..48 bytes.
 //   Combined with the start marker bits the allocation size can be
 //   inferred as being 47 bytes, with the last byte contributing to
 //   the trailer padding.
 // - The 5 right redzone markers indicate that the 20 byte trailer is
 //   preceded by at least 28 trailer padding bytes. The additional
 //   padding from the body means that there are in total 29 trailer
@@ skipping 69 matching lines @@
   // @param size The size of the memory to poison.
   // @param shadow_val The poison marker value.
   void Poison(const void* addr, size_t size, ShadowMarker shadow_val);
 
   // Un-poisons @p size bytes starting at @p addr.
   // @pre addr mod 8 == 0 && size mod 8 == 0.
   // @param addr The starting address.
   // @param size The size of the memory to unpoison.
   void Unpoison(const void* addr, size_t size);
 
-  // Mark @p size bytes starting at @p addr as freed. This will preserve
-  // nested block headers/trailers/redzones, but mark all contents as freed.
-  // It is expected that the states of all nested blocks have already been
-  // marked as freed prior to possibly freeing the parent block.
+  // Mark @p size bytes starting at @p addr as freed.
   // @param addr The starting address.
   // @param size The size of the memory to mark as freed.
   void MarkAsFreed(const void* addr, size_t size);
 
   // Returns true iff the byte at @p addr is not poisoned.
   // @param addr The address that we want to check.
   // @returns true if this address is accessible, false otherwise.
   bool IsAccessible(const void* addr) const;
 
   // Returns true iff all the bytes from @p addr to @p addrs + size - 1 are
@@ skipping 64 matching lines @@
   template<typename type>
   bool GetNullTerminatedArraySize(const void* addr,
                                   size_t max_size,
                                   size_t* size) const;
 
   // Calculate the allocation size of a block by using the shadow memory.
   // @param mem A pointer inside the memory block for which we want to calculate
   //     the underlying allocation size.
   // @returns The underlying allocation size or 0 if it can't find a valid block
   //     at this address.
-  // @note This function doesn't work for nested blocks.
-  // TODO(sebmarchand): Add support for nested blocks.
   size_t GetAllocSize(const uint8_t* mem) const;
 
   // Poisons memory for an freshly allocated block.
   // @param info Info about the block layout.
   // @note The block must be readable.
   void PoisonAllocatedBlock(const BlockInfo& info);
 
-  // Determines if the block is nested simply by inspecting shadow memory.
-  bool BlockIsNested(const BlockInfo& info) const;
-
   // Inspects shadow memory to determine the layout of a block in memory.
   // Does not rely on any block content itself, strictly reading from the
-  // shadow memory. In the case of nested blocks this will always return
-  // the innermost containing block.
+  // shadow memory.
   // @param addr An address in the block to be inspected.
   // @param info The block information to be populated.
   // @returns true on success, false otherwise.
   bool BlockInfoFromShadow(const void* addr, CompactBlockInfo* info) const;
   bool BlockInfoFromShadow(const void* addr, BlockInfo* info) const;
 
-  // Inspects shadow memory to find the block containing a nested block.
-  // @param nested Information about the nested block.
-  // @param info The block information to be populated.
-  // @returns true on success, false otherwise.
-  bool ParentBlockInfoFromShadow(
-      const BlockInfo& nested, BlockInfo* info) const;
-
   // Checks if the address @p addr corresponds to the beginning of a block's
   // body, i.e. if it's preceded by a left redzone.
   // @param addr The address that we want to check.
   // @returns true if the address corresponds to the beginning of a block's
   //     body, false otherwise.
   bool IsBeginningOfBlockBody(const void* addr) const;
 
   // Queries a given page's protection status.
   // @param addr An address in the page to be queried.
   // @returns true if the address containing the given page is protected,
@@ skipping 75 matching lines @@
   // shadow_[index] to shadow_[index + 7], prefixed by @p prefix. If the index
   // @p bug_index is present in this range then its value will be surrounded by
   // brackets.
   void AppendShadowByteText(const char *prefix,
                             uintptr_t index,
                             std::string* output,
                             size_t bug_index) const;
 
   // Scans to the left of the provided cursor, looking for the presence of a
   // block start marker that brackets the cursor.
-  // @param initial_nesting_depth If zero then this will return the inner
-  //     most block containing the cursor. If 1 then this will find the start of
-  //     the block containing that block, and so on.
   // @param cursor The position in shadow memory from which to start the scan.
   // @param location Will be set to the location of the start marker, if found.
   // @returns true on success, false otherwise.
-  bool ScanLeftForBracketingBlockStart(
-      size_t initial_nesting_depth, size_t cursor, size_t* location) const;
+  bool ScanLeftForBracketingBlockStart(size_t cursor, size_t* location) const;
 
   // Scans to the right of the provided cursor, looking for the presence of a
   // block end marker that brackets the cursor.
-  // @param initial_nesting_depth If zero then this will return the inner
-  //     most block containing the cursor. If 1 then this will find the end of
-  //     the block containing that block, and so on.
   // @param cursor The position in shadow memory from which to start the scan.
   // @param location Will be set to the location of the end marker, if found.
   // @returns true on success, false otherwise.
-  bool ScanRightForBracketingBlockEnd(
-      size_t initial_nesting_depth, size_t cursor, size_t* location) const;
+  bool ScanRightForBracketingBlockEnd(size_t cursor, size_t* location) const;
 
   // Inspects shadow memory to determine the layout of a block in memory.
-  // @param initial_nesting_depth If zero then this will return the inner
-  //     most block containing the cursor. If 1 then this will find the end of
-  //     the block containing that block, and so on.
   // @param addr An address in the block to be inspected.
   // @param info The block information to be populated.
   // @returns true on success, false otherwise.
   bool BlockInfoFromShadowImpl(
-      size_t initial_nesting_depth,
       const void* addr,
       CompactBlockInfo* info) const;
 
   // If this is true then this shadow object owns the memory.
   bool own_memory_;
 
   // The actual shadow that is being referred to. In case of large
   // address spaces it's stored as a sparse array
   // (see ShadowExceptionHandler in the .cc file).
   uint8_t* shadow_;
@@ skipping 18 matching lines @@
   HANDLE exception_handler_;
 #endif
 };
 
 // A helper class to walk over the blocks contained in a given memory region.
 // This uses only the metadata present in the shadow to identify the blocks.
 class ShadowWalker {
  public:
   // Constructor.
   // @param shadow The shadow memory object to walk.
-  // @param recursive If true then this will recursively descend into nested
-  //     blocks. Otherwise it will only return the outermost blocks in the
-  //     provided region.
   // @param lower_bound The lower bound of the region that this walker should
   //     cover in the actual memory.
   // @param upper_bound The upper bound of the region that this walker should
   //     cover in the actual memory. This can overflow to 0 to indicate walking
   //     all of memory.
   ShadowWalker(const Shadow* shadow,
-               bool recursive,
                const void* lower_bound,
                const void* upper_bound);
 
   // Return the next block in this memory region.
   // @param info The block information to be populated.
   // @return true if a block was found, false otherwise.
   bool Next(BlockInfo* info);
 
   // Reset the walker to its initial state.
   void Reset();
 
-  // @returns the nesting depth of the last returned block. If no blocks have
-  //     been walked then this returns -1.
-  int nesting_depth() const { return nesting_depth_; }
-
  private:
   // The shadow memory being walked.
   const Shadow* shadow_;
 
-  // Indicates whether or not the walker will descend recursively into nested
-  // blocks.
-  bool recursive_;
-
   // The bounds of the memory region for this walker, expressed as pointers in
   // the shadow memory. This allows walking to occur without worrying about
   // overflow.
   size_t lower_index_;
   size_t upper_index_;
 
   // The shadow cursor.
   const uint8_t* shadow_cursor_;
 
-  // The current nesting depth. Starts at -1.
-  int nesting_depth_;
-
   DISALLOW_COPY_AND_ASSIGN(ShadowWalker);
 };
 
 // The static shadow memory that is referred to by the memory interceptors.
 // These are provided by one of 'dummy_shadow.cc' or 'static_shadow.cc'.
 extern "C" {
 extern const size_t asan_memory_interceptors_shadow_memory_size;
 extern uint8_t asan_memory_interceptors_shadow_memory[];
 }
 
 // Bring in the implementation of the templated functions.
 #include "syzygy/agent/asan/shadow_impl.h"
 
 }  // namespace asan
 }  // namespace agent
 
 #endif  // SYZYGY_AGENT_ASAN_SHADOW_H_