Enable a seconary allocator support (e.g. GWP-Asan)

[SchrodingerZhu]

No description provided.

[mjp41]

This looks great to me. Thanks for doing this.

I think you are missing the malloc_usable_size path, which if called on a GWP Asan allocation will not be correct.

I am keen to explore using this for two other things:

• Sampling profiler - We could pass allocations to a sampling allocator as the secondary allocator. This secondary allocator would keep track of stack traces, etc.
• Windows malloc replacement using Detours. This is tricky to do, and if you don't get in quick enough, then deallocations can be passed in that were from the Windows Heap. With this, we could take the undetours functions as the secondary free path, and _msize path. We would ignore the allocation path.

I think you design mostly works for this, and certainly meets the #697. I think tracking enough information to unbias the sampling profiler would need more work, but shouldn't be part of this PR.

[mjp41]

I would prefer this to check that the allocation is not owned by snmalloc, rather than rely on the secondary allocator having this. For GWP Asan, it is fine.

But I would also been keen to use this to build an approach on Windows to replace the allocator, and pass any original frees back to the Windows Heap.

[SchrodingerZhu]

    SNMALLOC_FAST_PATH size_t alloc_size(const void* p_raw)
    {
#ifdef SNMALLOC_PASS_THROUGH
      return external_alloc::malloc_usable_size(const_cast<void*>(p_raw));
#else

      if (!check_domestication(p_raw))
        return SecondaryAllocator::alloc_size(p_raw);
      
      // ......
  }

Could you illustrate a better way to do this? If do it the way above, we will always have the overhead for domestication test.

[mjp41]

      const PagemapEntry& entry =
        Config::Backend::get_metaentry(address_cast(p_raw));

      // Check is managed by snmalloc
      if (SNMALLOC_LIKELY(entry.get_remote() != nullptr)
        return sizeclass_full_to_size(entry.get_sizeclass());

      // If not managed by snmalloc, pass to secondary allocator.
      return SecondaryAllocator::alloc_size(p_raw);

[mjp41]

As this is only getting called when a free list is exhausted should we be doing something else here. I.e. should we be passing how many requests of this size have been handled since we last called this allocator?

[SchrodingerZhu]

shouldSample is implemented as

    // NextSampleCounter == 0 means we "should regenerate the counter".
    //                   == 1 means we "should sample this allocation".
    // AdjustedSampleRatePlusOne is designed to intentionally underflow. This
    // class must be valid when zero-initialised, and we wish to sample as
    // infrequently as possible when this is the case, hence we underflow to
    // UINT32_MAX.
    if (GWP_ASAN_UNLIKELY(getThreadLocals()->NextSampleCounter == 0))
      getThreadLocals()->NextSampleCounter =
          ((getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1) &
          ThreadLocalPackedVariables::NextSampleCounterMask;

    return GWP_ASAN_UNLIKELY(--getThreadLocals()->NextSampleCounter == 0);

[mjp41]

Sorry, I meant. Normally usage of GWP Asan, every call to malloc will call shouldSample. But this usage has moved it from the fast path, so we will call it every new free list for that size. This in the case of 16 byte allocations worst case could be 1024 allocations between calls. This will alter the likelihood of it being called, and might bias away from small allocations. I think for GWP Asan on we would want randomisation too, so that the free list that gets exhausted.

I think this is probably the same information that would be required to unbias profiling, so should probably be left to a subsequent PR, but we should perhaps add either an issue or a comment about this.

[devnexen]

nit: do not think [maybe_unused] is necessary here ?

[mjp41]

Suggested change

	static void* allocate([[maybe_unused]] size_t size)
	static void* allocate(size_t)

[mjp41]

Suggested change

	static bool has_secondary_ownership([[maybe_unused]] const void* pointer)
	static bool has_secondary_ownership(const void*)

[mjp41]

Suggested change

	static size_t alloc_size([[maybe_unused]] const void* pointer)
	static size_t alloc_size(const void*)

[mjp41]

Sorry, I meant. Normally usage of GWP Asan, every call to malloc will call shouldSample. But this usage has moved it from the fast path, so we will call it every new free list for that size. This in the case of 16 byte allocations worst case could be 1024 allocations between calls. This will alter the likelihood of it being called, and might bias away from small allocations. I think for GWP Asan on we would want randomisation too, so that the free list that gets exhausted.

I think this is probably the same information that would be required to unbias profiling, so should probably be left to a subsequent PR, but we should perhaps add either an issue or a comment about this.

[mjp41]

I think we should probably move this inside the check_init call. I.e. just before // Grab slab of correct size, I think we might have initialisation issues if we haven't fully initialised snmalloc as the pagemap won't exist when we look up a GWP Asan allocation.

[mjp41]

Thinking about this a bit more. I wonder if this should be at the start of small_alloc. I think there are allocation patterns that would never hit this path. It is possible to work completely without having to grab a new chunk from the backend.

Sorry, I think I had this wrong in my original issue.

[SchrodingerZhu]

@mjp41 could you help rerun the failed test in the latest action submission

[SchrodingerZhu]

seems working :D

[mjp41]

Thanks for all the changes. Just one small bit left.

@nwf would you be able to take a look at the comment below?

[mjp41]

Awesome work. Thanks