This is an archive of the discontinued LLVM Phabricator instance.

Differential D102475

Prevent introduction of a dependency of libasan.a on libstdc++
ClosedPublic

Authored by serge-sans-paille on May 14 2021, 2:59 AM.

Details

Reviewers
eugenis
kcc
vitalybuka
Commits
rG414482751452: Prevent generation of dependency on _cxa_guard for static initialization
Summary

This an attempty to fix an issue introduced by https://reviews.llvm.org/D70662

Function-scope static initialization are guarded in C++, so we should probably not use it because it introduces a dependency on __cxa_guard* symbols.
In the context of clang, libasan is linked statically, and it currently needs to the odd situation where compiling C code with clang and asan requires -lstdc++.

I'm unsure of the portability requirements, providing a potential solution in this review.

Diff Detail

Event Timeline

serge-sans-paille requested review of this revision.May 14 2021, 2:59 AM
serge-sans-paille created this revision.
jakubjelinek added a comment.May 14 2021, 3:25 AM

This is certainly wrong. It will happily return 1 when some other thread is changing it, and the store is non-atomic.
Perhaps you want something like:

static atomic_uint32_t  kAltStackSize;
uptr ret = atomic_load(&kAltStackSize, memory_order_relaxed);
if (ret == 0) {
  ret = SIGSTKSZ * 4;
  atomic_store(&kAltStackSize, ret, memory_order_relaxed);
}
return ret;

on the assumption that SIGSTKSZ will always evaluate to the same non-zero constant and it is ok to evaluate it more than once, but faster not to do that if possible.
Would be nice to get rid of the overhead if SIGSTKSZ is a constant expression though, maybe:

if (__builtin_constant_p (SIGSTKSZ * 4))
  return SIGSTKSZ * 4;
else {
  // Above atomic stuff.
}
Harbormaster completed remote builds in B104453: Diff 345380.May 14 2021, 3:42 AM
serge-sans-paille retitled this revision from Prevent introduction of a dependecy of libasan.a on libstdc++ to Prevent introduction of a dependency of libasan.a on libstdc++.May 14 2021, 5:23 AM
serge-sans-paille added a comment.May 14 2021, 5:27 AM
In D102475#2759153, @jakubjelinek wrote:

This is certainly wrong. It will happily return 1 when some other thread is changing it, and the store is non-atomic.

I understand why the store needs to be atomic, but I don't understand why the CAS may return true more than once (assuming that SIGSTKSZ is different from zero) ?

jakubjelinek added a comment.May 14 2021, 5:38 AM

It will succeed once. But if another thread calls GetAltStackSize() while the first one just returned from __sync_bool_compare_and_swap(&kAltStackSize, 0, 1) but hasn't yet stored the SIGSTKSZ * 4 value (e.g. is inside of sysconf), or even has stored, but the value hasn't propagated to other CPU caches yet, then they can see kAltStackSize of 1 rather than the right value.

serge-sans-paille updated this revision to Diff 346184.May 18 2021, 8:55 AM
Herald added subscribers: jfb, fedor.sergeev, krytarowski. · View Herald TranscriptMay 18 2021, 8:55 AM
serge-sans-paille added a comment.May 18 2021, 8:56 AM

@eugenis are you fine with that change? the maintenance cost seems low, and the benefit for the end user seems valuable enough (?)

Harbormaster completed remote builds in B105054: Diff 346184.May 18 2021, 11:37 AM
serge-sans-paille updated this revision to Diff 346645.May 20 2021, 12:52 AM

Remove clang-formatted noise

Harbormaster completed remote builds in B105365: Diff 346645.May 20 2021, 1:04 AM
serge-sans-paille added a comment.May 21 2021, 12:10 AM

@eugenis any thought on that one? Without this patch, clang -fsanitize=address main.c fails because it needs C++ symbol.

serge-sans-paille added a reviewer: kcc.May 21 2021, 12:15 AM
serge-sans-paille updated this revision to Diff 347615.May 25 2021, 2:46 AM
serge-sans-paille added a comment.May 25 2021, 2:56 AM

@kcc any thoughts on that one?

Harbormaster completed remote builds in B106057: Diff 347615.May 25 2021, 3:31 AM
serge-sans-paille added a comment.Jun 3 2021, 10:16 PM

@kcc @eugenis : up ? I applied the patch to the Fedora package because it ruins the user experience otherwise. I think it's worth considering applying it to main too.

kcc added subscribers: eugenis, kuhnel, morehouse and 2 others.Jun 7 2021, 10:19 AM

+Vitaly Buka <vitalybuka@google.com> +Matt Morehouse <mascasa@google.com>

vitalybuka accepted this revision.Jun 7 2021, 10:53 AM

LGTM

This revision is now accepted and ready to land.Jun 7 2021, 10:53 AM
jakubjelinek added inline comments.Jun 7 2021, 10:56 AM
compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp
170

As I said earlier, I'd add before this

#ifdef __has_builtin
#if __has_builtin(__builtin_constant_p)
  if (__builtin_constant_p(SIGSTKSZ * 4))
    return SIGSTKSZ * 4;
#endif
#endif

because if SIGSTKSZ * 4 is a constant, there is no need to bother with the atomic loads/stores.

vitalybuka requested changes to this revision.Jun 7 2021, 11:11 AM
vitalybuka added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp
170

Thanks, I agree.
Looks like there was a claim that SIGSTKSZ is not constant https://reviews.llvm.org/D100645
I believe unless we have an evidence of that we should threat this as a constant.

This revision now requires changes to proceed.Jun 7 2021, 11:11 AM
vitalybuka added inline comments.Jun 7 2021, 11:13 AM
compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp
170

And if we know a platform where it's not constant please use __builtin_constant_p trick

vitalybuka added inline comments.Jun 7 2021, 11:14 AM
compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp
170

Actually how about just static_assert(_builtin_constant_p(SIGSTKSZ * 4)) so we quickly find what is broken?

jakubjelinek added a comment.Jun 7 2021, 11:17 AM

The reason why the previous change was done is because it is no longer a constant on Linux with recent glibc (2.34 to be released later this year). But it is still constant for older glibcs, or on non-Linux.

vitalybuka added a comment.Jun 7 2021, 11:30 AM
In D102475#2803426, @jakubjelinek wrote:

The reason why the previous change was done is because it is no longer a constant on Linux with recent glibc (2.34 to be released later this year). But it is still constant for older glibcs, or on non-Linux.

__builtin_constant_p then

Can we have a link into glibc source for future reference with a short explanation why we can just "return SIGSTKSZ * 4;" always ?

jakubjelinek added a comment.Jun 7 2021, 12:16 PM

https://reviews.llvm.org/D100645 contains the details.

vitalybuka added a comment.Jun 7 2021, 12:40 PM

I looked up all calls to this function and we use this function once per thread, I don't see a point in this caching
Following should be enough and solve symbols issues.

static uptr GetAltStackSize() {
  return SIGSTKSZ * 4;
}
jakubjelinek added a comment.Jun 7 2021, 12:43 PM

It used to be 3 times per thread, now it is 2 times per thread.

vitalybuka added a comment.Jun 7 2021, 12:45 PM

I am fine with up to 10 :)

serge-sans-paille updated this revision to Diff 350532.Jun 8 2021, 1:59 AM

Do not cache the (potential) function call.

Harbormaster completed remote builds in B108160: Diff 350532.Jun 8 2021, 2:27 AM
vitalybuka accepted this revision.Jun 8 2021, 10:04 AM
This revision is now accepted and ready to land.Jun 8 2021, 10:04 AM
This revision was landed with ongoing or failed builds.Jun 9 2021, 12:40 AM
Closed by commit rG414482751452: Prevent generation of dependency on _cxa_guard for static initialization (authored by serge-sans-paille). · Explain Why
This revision was automatically updated to reflect the committed changes.
serge-sans-paille added a commit: rG414482751452: Prevent generation of dependency on _cxa_guard for static initialization.
Herald added a project: Restricted Project. · View Herald TranscriptJun 9 2021, 12:40 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript

Revision Contents

PathSize
compiler-rt/
lib/
sanitizer_common/
12 lines

Diff 347615

compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp

Show All 9 Lines
// run-time libraries and implements libc-dependent POSIX-specific functions // run-time libraries and implements libc-dependent POSIX-specific functions
// from sanitizer_libc.h. // from sanitizer_libc.h.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "sanitizer_platform.h" #include "sanitizer_platform.h"
#if SANITIZER_POSIX #if SANITIZER_POSIX
#include "sanitizer_atomic.h"
Lint: Pre-merge checks
Inline Actions

clang-format: please reformat the code

-#include "sanitizer_atomic.h"
-#include "sanitizer_common.h"
-#include "sanitizer_flags.h"
-#include "sanitizer_platform_limits_netbsd.h"
-#include "sanitizer_platform_limits_posix.h"
-#include "sanitizer_platform_limits_solaris.h"
-#include "sanitizer_posix.h"
-#include "sanitizer_procmaps.h"
+#  include <errno.h>
+#  include <fcntl.h>

10 diff lines are omitted. See full path.

Lint: Pre-merge checks: clang-format: please reformat the code ``` -#include "sanitizer_atomic.h" -#include…
#include "sanitizer_common.h" #include "sanitizer_common.h"
#include "sanitizer_flags.h" #include "sanitizer_flags.h"
#include "sanitizer_platform_limits_netbsd.h" #include "sanitizer_platform_limits_netbsd.h"
#include "sanitizer_platform_limits_posix.h" #include "sanitizer_platform_limits_posix.h"
#include "sanitizer_platform_limits_solaris.h" #include "sanitizer_platform_limits_solaris.h"
#include "sanitizer_posix.h" #include "sanitizer_posix.h"
#include "sanitizer_procmaps.h" #include "sanitizer_procmaps.h"
#include <errno.h> #include <errno.h>
Lint: Pre-merge checks
Inline Actions

clang-format: please reformat the code

-#include <errno.h>
-#include <fcntl.h>
-#include <pthread.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <sys/mman.h>
-#include <sys/resource.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/types.h>

10 diff lines are omitted. See full path.

Lint: Pre-merge checks: clang-format: please reformat the code ``` -#include <errno.h> -#include <fcntl.h> -#include…
#include <fcntl.h> #include <fcntl.h>
#include <pthread.h> #include <pthread.h>
#include <signal.h> #include <signal.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/mman.h> #include <sys/mman.h>
#include <sys/resource.h> #include <sys/resource.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/time.h> #include <sys/time.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <unistd.h> #include <unistd.h>
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
Lint: Pre-merge checks
Inline Actions

clang-format: please reformat the code

-#if SANITIZER_FREEBSD
+#  if SANITIZER_FREEBSD
Lint: Pre-merge checks: clang-format: please reformat the code ``` -#if SANITIZER_FREEBSD +# if SANITIZER_FREEBSD ```
// The MAP_NORESERVE define has been removed in FreeBSD 11.x, and even before // The MAP_NORESERVE define has been removed in FreeBSD 11.x, and even before
// that, it was never implemented. So just define it to zero. // that, it was never implemented. So just define it to zero.
#undef MAP_NORESERVE #undef MAP_NORESERVE
#define MAP_NORESERVE 0 #define MAP_NORESERVE 0
#endif #endif
typedef void (*sa_sigaction_t)(int, siginfo_t *, void *); typedef void (*sa_sigaction_t)(int, siginfo_t *, void *);
▲ Show 20 LinesShow All 113 Lines▼ Show 20 Lines
bool SupportsColoredOutput(fd_t fd) { bool SupportsColoredOutput(fd_t fd) {
return isatty(fd) != 0; return isatty(fd) != 0;
} }
#if !SANITIZER_GO #if !SANITIZER_GO
// TODO(glider): different tools may require different altstack size. // TODO(glider): different tools may require different altstack size.
static uptr GetAltStackSize() { static uptr GetAltStackSize() {
static atomic_uintptr_t kAltStackSize{0};
jakubjelinekUnsubmitted
Done
ReplyInline Actions

As I said earlier, I'd add before this

#ifdef __has_builtin
#if __has_builtin(__builtin_constant_p)
  if (__builtin_constant_p(SIGSTKSZ * 4))
    return SIGSTKSZ * 4;
#endif
#endif

because if SIGSTKSZ * 4 is a constant, there is no need to bother with the atomic loads/stores.

jakubjelinek: As I said earlier, I'd add before this ``` #ifdef __has_builtin #if __has_builtin…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Thanks, I agree.
Looks like there was a claim that SIGSTKSZ is not constant https://reviews.llvm.org/D100645
I believe unless we have an evidence of that we should threat this as a constant.

vitalybuka: Thanks, I agree. Looks like there was a claim that SIGSTKSZ is not constant https://reviews.
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

And if we know a platform where it's not constant please use __builtin_constant_p trick

vitalybuka: And if we know a platform where it's not constant please use __builtin_constant_p trick
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Actually how about just static_assert(_builtin_constant_p(SIGSTKSZ * 4)) so we quickly find what is broken?

vitalybuka: Actually how about just static_assert(_builtin_constant_p(SIGSTKSZ * 4)) so we quickly find…
uptr ret = atomic_load(&kAltStackSize, memory_order_relaxed);
if (ret == 0) {
// SIGSTKSZ is not enough. // SIGSTKSZ is not enough.
static const uptr kAltStackSize = SIGSTKSZ * 4; ret = SIGSTKSZ * 4;
return kAltStackSize; atomic_store(&kAltStackSize, ret, memory_order_relaxed);
}
return ret;
} }
void SetAlternateSignalStack() { void SetAlternateSignalStack() {
stack_t altstack, oldstack; stack_t altstack, oldstack;
CHECK_EQ(0, sigaltstack(nullptr, &oldstack)); CHECK_EQ(0, sigaltstack(nullptr, &oldstack));
// If the alternate stack is already in place, do nothing. // If the alternate stack is already in place, do nothing.
// Android always sets an alternate stack, but it's too small for us. // Android always sets an alternate stack, but it's too small for us.
if (!SANITIZER_ANDROID && !(oldstack.ss_flags & SS_DISABLE)) return; if (!SANITIZER_ANDROID && !(oldstack.ss_flags & SS_DISABLE)) return;
▲ Show 20 LinesShow All 329 LinesShow Last 20 Lines