This is an archive of the discontinued LLVM Phabricator instance.

Thread safety analysis: Warn when demoting locks on back edges
ClosedPublic

Authored by aaronpuchert on Jul 23 2021, 2:06 PM.

Download Raw Diff

Details

Reviewers

aaron.ballman
delesley

Commits

rG9b889f826ff5: Thread safety analysis: Warn when demoting locks on back edges

Summary

Previously in D104261 we warned about dropping locks from back edges,
this is the corresponding change for exclusive/shared joins. If we're
entering the loop with an exclusive change, which is then relaxed to a
shared lock before we loop back, we have already analyzed the loop body
with the stronger exclusive lock and thus might have false positives.

There is a minor non-observable change: we modify the exit lock set of a
function, but since that isn't used further it doesn't change anything.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

aaronpuchert requested review of this revision.Jul 23 2021, 2:06 PM

aaronpuchert created this revision.

Herald added a project: Restricted Project. · View Herald TranscriptJul 23 2021, 2:06 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

Harbormaster completed remote builds in B115956: Diff 361346.Jul 23 2021, 3:03 PM

aaronpuchert retitled this revision from Thread safety: Warn when demoting locks on back edges to Thread safety analysis: Warn when demoting locks on back edges.Jul 24 2021, 5:45 AM

This seems reasonable to me, but I leave it to @delesley for the final sign-off.

Ping @delesley.

Ping.

Accepting the review -- if you don't hear back from @delesley in the next few days, I think it's fine to land.

This revision is now accepted and ready to land.Sep 13 2021, 6:50 AM

This revision was landed with ongoing or failed builds.Sep 18 2021, 5:02 AM

Closed by commit rG9b889f826ff5: Thread safety analysis: Warn when demoting locks on back edges (authored by aaronpuchert). · Explain Why

This revision was automatically updated to reflect the committed changes.

aaronpuchert added a commit: rG9b889f826ff5: Thread safety analysis: Warn when demoting locks on back edges.

@aaron.ballman, since this is reintroducing some warnings after the relaxation in D102026, should we bring this to Clang 13?

In D106713#3007878, @aaronpuchert wrote:

@aaron.ballman, since this is reintroducing some warnings after the relaxation in D102026, should we bring this to Clang 13?

I think that's reasonable; the alternative is that we warn in Clang 12, don't warn in Clang 13, then start warning again in Clang 14 which does not seem very user friendly.

In D106713#3009130, @aaron.ballman wrote:

In D106713#3007878, @aaronpuchert wrote:

@aaron.ballman, since this is reintroducing some warnings after the relaxation in D102026, should we bring this to Clang 13?

I think that's reasonable; the alternative is that we warn in Clang 12, don't warn in Clang 13, then start warning again in Clang 14 which does not seem very user friendly.

@tstellar, could we still bring this into release/13.x? Doesn't fix a crash, but it prevents inconsistencies between our releases and I also tested it on a pretty large code base. So I'm pretty confident it doesn't regress anything.

@aaronpuchert Can you file a bug?

In D106713#3009542, @tstellar wrote:

@aaronpuchert Can you file a bug?

Done: https://bugs.llvm.org/show_bug.cgi?id=51913.

Revision Contents

Path

Size

clang/

lib/

Analysis/

ThreadSafety.cpp

31 lines

test/

SemaCXX/

warn-thread-safety-analysis.cpp

42 lines

Diff 373409

clang/lib/Analysis/ThreadSafety.cpp

Show First 20 Lines • Show All 1,044 Lines • ▼ Show 20 Lines	public:

const CallExpr* getTrylockCallExpr(const Stmt *Cond, LocalVarContext C,		const CallExpr* getTrylockCallExpr(const Stmt *Cond, LocalVarContext C,
bool &Negate);		bool &Negate);

void getEdgeLockset(FactSet &Result, const FactSet &ExitSet,		void getEdgeLockset(FactSet &Result, const FactSet &ExitSet,
const CFGBlock* PredBlock,		const CFGBlock* PredBlock,
const CFGBlock *CurrBlock);		const CFGBlock *CurrBlock);

bool join(const FactEntry &a, const FactEntry &b);		bool join(const FactEntry &a, const FactEntry &b, bool CanModify);

void intersectAndWarn(FactSet &EntrySet, const FactSet &ExitSet,		void intersectAndWarn(FactSet &EntrySet, const FactSet &ExitSet,
SourceLocation JoinLoc, LockErrorKind EntryLEK,		SourceLocation JoinLoc, LockErrorKind EntryLEK,
LockErrorKind ExitLEK);		LockErrorKind ExitLEK);

void intersectAndWarn(FactSet &EntrySet, const FactSet &ExitSet,		void intersectAndWarn(FactSet &EntrySet, const FactSet &ExitSet,
SourceLocation JoinLoc, LockErrorKind LEK) {		SourceLocation JoinLoc, LockErrorKind LEK) {
intersectAndWarn(EntrySet, ExitSet, JoinLoc, LEK, LEK);		intersectAndWarn(EntrySet, ExitSet, JoinLoc, LEK, LEK);
▲ Show 20 Lines • Show All 1,121 Lines • ▼ Show 20 Lines	if (auto *VD = dyn_cast_or_null<VarDecl>(D)) {
if (!CtorD \|\| !CtorD->hasAttrs())		if (!CtorD \|\| !CtorD->hasAttrs())
continue;		continue;
handleCall(buildFakeCtorCall(CtorD, {E}, E->getBeginLoc()), CtorD, VD);		handleCall(buildFakeCtorCall(CtorD, {E}, E->getBeginLoc()), CtorD, VD);
}		}
}		}
}		}
}		}

/// Given two facts merging on a join point, decide whether to warn and which		/// Given two facts merging on a join point, possibly warn and decide whether to
/// one to keep.		/// keep or replace.
///		///
/// \return false if we should keep \p A, true if we should keep \p B.		/// \param CanModify Whether we can replace \p A by \p B.
bool ThreadSafetyAnalyzer::join(const FactEntry &A, const FactEntry &B) {		/// \return false if we should keep \p A, true if we should take \p B.
		bool ThreadSafetyAnalyzer::join(const FactEntry &A, const FactEntry &B,
		bool CanModify) {
if (A.kind() != B.kind()) {		if (A.kind() != B.kind()) {
// For managed capabilities, the destructor should unlock in the right mode		// For managed capabilities, the destructor should unlock in the right mode
// anyway. For asserted capabilities no unlocking is needed.		// anyway. For asserted capabilities no unlocking is needed.
if ((A.managed() \|\| A.asserted()) && (B.managed() \|\| B.asserted())) {		if ((A.managed() \|\| A.asserted()) && (B.managed() \|\| B.asserted())) {
// The shared capability subsumes the exclusive capability.		// The shared capability subsumes the exclusive capability, if possible.
return B.kind() == LK_Shared;		bool ShouldTakeB = B.kind() == LK_Shared;
} else {		if (CanModify \|\| !ShouldTakeB)
		return ShouldTakeB;
		}
Handler.handleExclusiveAndShared("mutex", B.toString(), B.loc(), A.loc());		Handler.handleExclusiveAndShared("mutex", B.toString(), B.loc(), A.loc());
// Take the exclusive capability to reduce further warnings.		// Take the exclusive capability to reduce further warnings.
return B.kind() == LK_Exclusive;		return CanModify && B.kind() == LK_Exclusive;
}
} else {		} else {
// The non-asserted capability is the one we want to track.		// The non-asserted capability is the one we want to track.
return A.asserted() && !B.asserted();		return CanModify && A.asserted() && !B.asserted();
}		}
}		}

/// Compute the intersection of two locksets and issue warnings for any		/// Compute the intersection of two locksets and issue warnings for any
/// locks in the symmetric difference.		/// locks in the symmetric difference.
///		///
/// This function is used at a merge point in the CFG when comparing the lockset		/// This function is used at a merge point in the CFG when comparing the lockset
/// of each branch being merged. For example, given the following sequence:		/// of each branch being merged. For example, given the following sequence:
Show All 14 Lines	void ThreadSafetyAnalyzer::intersectAndWarn(FactSet &EntrySet,
FactSet EntrySetOrig = EntrySet;		FactSet EntrySetOrig = EntrySet;

// Find locks in ExitSet that conflict or are not in EntrySet, and warn.		// Find locks in ExitSet that conflict or are not in EntrySet, and warn.
for (const auto &Fact : ExitSet) {		for (const auto &Fact : ExitSet) {
const FactEntry &ExitFact = FactMan[Fact];		const FactEntry &ExitFact = FactMan[Fact];

FactSet::iterator EntryIt = EntrySet.findLockIter(FactMan, ExitFact);		FactSet::iterator EntryIt = EntrySet.findLockIter(FactMan, ExitFact);
if (EntryIt != EntrySet.end()) {		if (EntryIt != EntrySet.end()) {
if (join(FactMan[*EntryIt], ExitFact) &&		if (join(FactMan[*EntryIt], ExitFact,
EntryLEK == LEK_LockedSomePredecessors)		EntryLEK != LEK_LockedSomeLoopIterations))
*EntryIt = Fact;		*EntryIt = Fact;
} else if (!ExitFact.managed()) {		} else if (!ExitFact.managed()) {
ExitFact.handleRemovalFromIntersection(ExitSet, FactMan, JoinLoc,		ExitFact.handleRemovalFromIntersection(ExitSet, FactMan, JoinLoc,
EntryLEK, Handler);		EntryLEK, Handler);
}		}
}		}

// Find locks in EntrySet that are not in ExitSet, and remove them.		// Find locks in EntrySet that are not in ExitSet, and remove them.
▲ Show 20 Lines • Show All 345 Lines • Show Last 20 Lines

clang/test/SemaCXX/warn-thread-safety-analysis.cpp

Show First 20 Lines • Show All 2,783 Lines • ▼ Show 20 Lines	void loopRelease() {
// We have to warn on this join point despite the lock being managed ...		// We have to warn on this join point despite the lock being managed ...
for (unsigned i = 1; i < 10; ++i) { // expected-warning {{expecting mutex 'mu' to be held at start of each loop}}		for (unsigned i = 1; i < 10; ++i) { // expected-warning {{expecting mutex 'mu' to be held at start of each loop}}
x = 1; // ... because we might miss that this doesn't always happen under lock.		x = 1; // ... because we might miss that this doesn't always happen under lock.
if (i == 5)		if (i == 5)
scope.Unlock();		scope.Unlock();
}		}
}		}

		void loopPromote() {
		RelockableMutexLock scope(&mu, SharedTraits{});
		for (unsigned i = 1; i < 10; ++i) {
		x = 1; // expected-warning {{writing variable 'x' requires holding mutex 'mu' exclusively}}
		if (i == 5)
		scope.PromoteShared();
		}
		}

		void loopDemote() {
		RelockableMutexLock scope(&mu, ExclusiveTraits{}); // expected-note {{the other acquisition of mutex 'mu' is here}}
		// We have to warn on this join point despite the lock being managed ...
		for (unsigned i = 1; i < 10; ++i) {
		x = 1; // ... because we might miss that this doesn't always happen under exclusive lock.
		if (i == 5)
		scope.DemoteExclusive(); // expected-warning {{mutex 'mu' is acquired exclusively and shared in the same scope}}
		}
		}

void loopAcquireContinue() {		void loopAcquireContinue() {
RelockableMutexLock scope(&mu, DeferTraits{});		RelockableMutexLock scope(&mu, DeferTraits{});
for (unsigned i = 1; i < 10; ++i) {		for (unsigned i = 1; i < 10; ++i) {
x = 1; // expected-warning {{writing variable 'x' requires holding mutex 'mu' exclusively}}		x = 1; // expected-warning {{writing variable 'x' requires holding mutex 'mu' exclusively}}
if (i == 5) {		if (i == 5) {
scope.Lock();		scope.Lock();
continue;		continue;
}		}
}		}
}		}

void loopReleaseContinue() {		void loopReleaseContinue() {
RelockableMutexLock scope(&mu, ExclusiveTraits{}); // expected-note {{mutex acquired here}}		RelockableMutexLock scope(&mu, ExclusiveTraits{}); // expected-note {{mutex acquired here}}
// We have to warn on this join point despite the lock being managed ...		// We have to warn on this join point despite the lock being managed ...
for (unsigned i = 1; i < 10; ++i) {		for (unsigned i = 1; i < 10; ++i) {
x = 1; // ... because we might miss that this doesn't always happen under lock.		x = 1; // ... because we might miss that this doesn't always happen under lock.
if (i == 5) {		if (i == 5) {
scope.Unlock();		scope.Unlock();
continue; // expected-warning {{expecting mutex 'mu' to be held at start of each loop}}		continue; // expected-warning {{expecting mutex 'mu' to be held at start of each loop}}
}		}
}		}
}		}

		void loopPromoteContinue() {
		RelockableMutexLock scope(&mu, SharedTraits{});
		for (unsigned i = 1; i < 10; ++i) {
		x = 1; // expected-warning {{writing variable 'x' requires holding mutex 'mu' exclusively}}
		if (i == 5) {
		scope.PromoteShared();
		continue;
		}
		}
		}

		void loopDemoteContinue() {
		RelockableMutexLock scope(&mu, ExclusiveTraits{}); // expected-note {{the other acquisition of mutex 'mu' is here}}
		// We have to warn on this join point despite the lock being managed ...
		for (unsigned i = 1; i < 10; ++i) {
		x = 1; // ... because we might miss that this doesn't always happen under exclusive lock.
		if (i == 5) {
		scope.DemoteExclusive(); // expected-warning {{mutex 'mu' is acquired exclusively and shared in the same scope}}
		continue;
		}
		}
		}

void exclusiveSharedJoin() {		void exclusiveSharedJoin() {
RelockableMutexLock scope(&mu, DeferTraits{});		RelockableMutexLock scope(&mu, DeferTraits{});
if (b)		if (b)
scope.Lock();		scope.Lock();
else		else
scope.ReaderLock();		scope.ReaderLock();
// No warning on join point because the lock will be released by the scope object anyway.		// No warning on join point because the lock will be released by the scope object anyway.
print(x);		print(x);
▲ Show 20 Lines • Show All 3,123 Lines • Show Last 20 Lines