This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/
-
lib/
-
asan/
2/2
asan_mac.cpp
-
sanitizer_common/
-
sanitizer_mac.h
-
sanitizer_mac.cpp
-
tsan/rtl/
-
rtl/
-
tsan_platform_mac.cpp

Differential D126351

[ASan][Darwin] Ensure we always register GCD worker threads
ClosedPublic

Authored by yln on May 24 2022, 9:14 PM.

Download Raw Diff

Details

Reviewers

delcypher
kubamracek
thetruestblue
rsundahl
wrotki

Commits

rG2f469839817a: [Sanitizer][Darwin] Factor out code for GCD worker registration

Summary

In rare cases, our interceptors for dispatch_async (and friends) are
not enough to reliably observe GCD worker thread creation. When we
later find a bug (via interceptors) on a thread that hasn't been
registered we crash during report generation because we never set the
current thread context (via SetCurrentThread()).

This change adds a "pthread introspection hook", to guarantee ASan
initialization for GCD worker threads. This code is similiar to what we
are already doing for TSan, so I tried to factor out the common code.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

yln created this revision.May 24 2022, 9:14 PM

Herald added a project: Restricted Project. · View Herald TranscriptMay 24 2022, 9:14 PM

yln requested review of this revision.May 24 2022, 9:14 PM

Herald added a project: Restricted Project. · View Herald TranscriptMay 24 2022, 9:14 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

Harbormaster completed remote builds in B166193: Diff 431874.May 24 2022, 9:34 PM

LVGTM - very DRY :)

This revision is now accepted and ready to land.Jul 21 2022, 3:10 PM

Herald added a subscriber: Enna1. · View Herald TranscriptJul 21 2022, 3:10 PM

Really nice refactor. LGTM.

delcypher added inline comments.Jul 22 2022, 6:54 AM

compiler-rt/lib/asan/asan_mac.cpp
167	Sidenote: Should we eventually move (i.e. not in this patch) to this mechanism to register all threads (i.e. not just GCD worker threads)? It might be nice if there was only one way we registered threads rather than two.

This revision was landed with ongoing or failed builds.Jul 22 2022, 1:29 PM

Closed by commit rG2f469839817a: [Sanitizer][Darwin] Factor out code for GCD worker registration (authored by yln). · Explain Why

This revision was automatically updated to reflect the committed changes.

yln added a commit: rG2f469839817a: [Sanitizer][Darwin] Factor out code for GCD worker registration.

yln marked an inline comment as done.Jul 22 2022, 1:48 PM

yln added inline comments.

compiler-rt/lib/asan/asan_mac.cpp
167	I thought about this as well. There is 2 questions: "Should we do it?" and "Is it worth it?". For the first question, I think the main argument for it is: Consistency: it would be nice to have one place/code path that does it But my feeling is the the argument against it is stronger: Minimize differences with other platforms. When other things/places in the sanitizer make assumptions then "mostly default + Apple corner cases" is probably a better situation then "Apple uses different mechanism". Both options aren't optimal for maintenance, but I feel like the 2nd one is lower risk.

Revision Contents

Path

Size

compiler-rt/

lib/

asan/

asan_mac.cpp

17 lines

sanitizer_common/

sanitizer_mac.h

11 lines

sanitizer_mac.cpp

56 lines

tsan/

rtl/

tsan_platform_mac.cpp

59 lines

Diff 431874

compiler-rt/lib/asan/asan_mac.cpp

//===-- asan_mac.cpp ------------------------------------------------------===//		//===-- asan_mac.cpp ------------------------------------------------------===//
		Lint: Lint Inline Actions clang-format not found in user’s local PATH; not linting file. Lint: Lint: clang-format not found in user’s local PATH; not linting file.
//		//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.		// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.		// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception		// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
//		//
Show All 31 Lines
// from <crt_externs.h>, but we don't have that file on iOS		// from <crt_externs.h>, but we don't have that file on iOS
extern "C" {		extern "C" {
extern char ***_NSGetArgv(void);		extern char ***_NSGetArgv(void);
extern char ***_NSGetEnviron(void);		extern char ***_NSGetEnviron(void);
}		}

namespace __asan {		namespace __asan {

void InitializePlatformInterceptors() {}		static void ThreadCreateCallback(uptr thread, bool gcd_worker);
		void InitializePlatformInterceptors() {
		ThreadEventCallbacks callbacks = {
		.create = ThreadCreateCallback,
		};
		InstallPthreadIntrospectionHook(callbacks);
		}
void InitializePlatformExceptionHandlers() {}		void InitializePlatformExceptionHandlers() {}
bool IsSystemHeapAddress (uptr addr) { return false; }		bool IsSystemHeapAddress (uptr addr) { return false; }

// No-op. Mac does not support static linkage anyway.		// No-op. Mac does not support static linkage anyway.
void *AsanDoesNotSupportStaticLinkage() {		void *AsanDoesNotSupportStaticLinkage() {
return 0;		return 0;
}		}

▲ Show 20 Lines • Show All 93 Lines • ▼ Show 20 Lines	t = AsanThread::Create(/* start_routine / nullptr, / arg */ nullptr,
parent_tid, stack, /* detached */ true);		parent_tid, stack, /* detached */ true);
t->Init();		t->Init();
asanThreadRegistry().StartThread(t->tid(), GetTid(), ThreadType::Worker,		asanThreadRegistry().StartThread(t->tid(), GetTid(), ThreadType::Worker,
nullptr);		nullptr);
SetCurrentThread(t);		SetCurrentThread(t);
}		}
}		}

		// Make sure we observe the creation of all GCD worker threads, even those that
		// run blocks that aren't scheduled via the intercepted APIs below.
		static void ThreadCreateCallback(uptr thread, bool gcd_worker) {
		if (gcd_worker) {
		delcypherUnsubmitted Not Done Reply Inline Actions Sidenote: Should we eventually move (i.e. not in this patch) to this mechanism to register all threads (i.e. not just GCD worker threads)? It might be nice if there was only one way we registered threads rather than two. delcypher: Sidenote: Should we eventually move (i.e. not in this patch) to this mechanism to register all…
		ylnAuthorUnsubmitted Done Reply Inline Actions I thought about this as well. There is 2 questions: "Should we do it?" and "Is it worth it?". For the first question, I think the main argument for it is: Consistency: it would be nice to have one place/code path that does it But my feeling is the the argument against it is stronger: Minimize differences with other platforms. When other things/places in the sanitizer make assumptions then "mostly default + Apple corner cases" is probably a better situation then "Apple uses different mechanism". Both options aren't optimal for maintenance, but I feel like the 2nd one is lower risk. yln: I thought about this as well. There is 2 questions: "Should we do it?" and "Is it worth it?".
		GET_STACK_TRACE_THREAD;
		asan_register_worker_thread(/parent_tid=/0, &stack);
		}
		}

// For use by only those functions that allocated the context via		// For use by only those functions that allocated the context via
// alloc_asan_context().		// alloc_asan_context().
extern "C"		extern "C"
void asan_dispatch_call_block_and_release(void *block) {		void asan_dispatch_call_block_and_release(void *block) {
GET_STACK_TRACE_THREAD;		GET_STACK_TRACE_THREAD;
asan_block_context_t context = (asan_block_context_t)block;		asan_block_context_t context = (asan_block_context_t)block;
VReport(2,		VReport(2,
"asan_dispatch_call_block_and_release(): "		"asan_dispatch_call_block_and_release(): "
▲ Show 20 Lines • Show All 134 Lines • Show Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_mac.h

	//===-- sanitizer_mac.h ------------------------------------------ C++ --===//			//===-- sanitizer_mac.h ------------------------------------------ C++ --===//
				Lint: Lint Inline Actions clang-format not found in user’s local PATH; not linting file. Lint: Lint: clang-format not found in user’s local PATH; not linting file.
	//			//
	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.			// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
	// See https://llvm.org/LICENSE.txt for license information.			// See https://llvm.org/LICENSE.txt for license information.
	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception			// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	//			//
	▲ Show 20 Lines • Show All 48 Lines • ▼ Show 20 Lines

	MacosVersion GetMacosAlignedVersion();			MacosVersion GetMacosAlignedVersion();
	DarwinKernelVersion GetDarwinKernelVersion();			DarwinKernelVersion GetDarwinKernelVersion();

	char **GetEnviron();			char **GetEnviron();

	void RestrictMemoryToMaxAddress(uptr max_address);			void RestrictMemoryToMaxAddress(uptr max_address);

				using ThreadEventCallback = void (*)(uptr thread);
				using ThreadCreateEventCallback = void (*)(uptr thread, bool gcd_worker);
				struct ThreadEventCallbacks {
				ThreadCreateEventCallback create;
				ThreadEventCallback start;
				ThreadEventCallback terminate;
				ThreadEventCallback destroy;
				};

				void InstallPthreadIntrospectionHook(const ThreadEventCallbacks &callbacks);

	} // namespace __sanitizer			} // namespace __sanitizer

	#endif // SANITIZER_MAC			#endif // SANITIZER_MAC
	#endif // SANITIZER_MAC_H			#endif // SANITIZER_MAC_H

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp

	//===-- sanitizer_mac.cpp -------------------------------------------------===//			//===-- sanitizer_mac.cpp -------------------------------------------------===//
				Lint: Lint Inline Actions clang-format not found in user’s local PATH; not linting file. Lint: Lint: clang-format not found in user’s local PATH; not linting file.
	//			//
	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.			// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
	// See https://llvm.org/LICENSE.txt for license information.			// See https://llvm.org/LICENSE.txt for license information.
	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception			// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	//			//
	▲ Show 20 Lines • Show All 59 Lines • ▼ Show 20 Lines
	#include <libkern/OSAtomic.h>			#include <libkern/OSAtomic.h>
	#include <mach-o/dyld.h>			#include <mach-o/dyld.h>
	#include <mach/mach.h>			#include <mach/mach.h>
	#include <mach/mach_time.h>			#include <mach/mach_time.h>
	#include <mach/vm_statistics.h>			#include <mach/vm_statistics.h>
	#include <malloc/malloc.h>			#include <malloc/malloc.h>
	#include <os/log.h>			#include <os/log.h>
	#include <pthread.h>			#include <pthread.h>
				#include <pthread/introspection.h>
	#include <sched.h>			#include <sched.h>
	#include <signal.h>			#include <signal.h>
	#include <spawn.h>			#include <spawn.h>
	#include <stdlib.h>			#include <stdlib.h>
	#include <sys/ioctl.h>			#include <sys/ioctl.h>
	#include <sys/mman.h>			#include <sys/mman.h>
	#include <sys/resource.h>			#include <sys/resource.h>
	#include <sys/stat.h>			#include <sys/stat.h>
	▲ Show 20 Lines • Show All 1,338 Lines • ▼ Show 20 Lines
	}			}

	u32 GetNumberOfCPUs() {			u32 GetNumberOfCPUs() {
	return (u32)sysconf(_SC_NPROCESSORS_ONLN);			return (u32)sysconf(_SC_NPROCESSORS_ONLN);
	}			}

	void InitializePlatformCommonFlags(CommonFlags *cf) {}			void InitializePlatformCommonFlags(CommonFlags *cf) {}

				// Pthread introspection hook
				//
				// * GCD worker threads are created without a call to pthread_create(), but we
				// still need to register these threads (with ThreadCreate/Start()).
				// * We use the "pthread introspection hook" below to observe the creation of
				// such threads.
				// * GCD worker threads don't have parent threads and the CREATE event is
				// delivered in the context of the thread itself. CREATE events for regular
				// threads, are delivered on the parent. We use this to tell apart which
				// threads are GCD workers with `thread == pthread_self()`.
				//
				static pthread_introspection_hook_t prev_pthread_introspection_hook;
				static ThreadEventCallbacks thread_event_callbacks;

				static void sanitizer_pthread_introspection_hook(unsigned int event,
				pthread_t thread, void *addr,
				size_t size) {
				// create -> start -> terminate -> destroy
				// * create/destroy are usually (not guaranteed) delivered on the parent and
				// track resource allocation/reclamation
				// * start/terminate are guaranteed to be delivered in the context of the
				// thread and give hooks into "just after (before) thread starts (stops)
				// executing"
				DCHECK(event >= PTHREAD_INTROSPECTION_THREAD_CREATE &&
				event <= PTHREAD_INTROSPECTION_THREAD_DESTROY);

				if (event == PTHREAD_INTROSPECTION_THREAD_CREATE) {
				bool gcd_worker = thread == pthread_self();
				if (thread_event_callbacks.create)
				thread_event_callbacks.create((uptr)thread, gcd_worker);
				} else if (event == PTHREAD_INTROSPECTION_THREAD_START) {
				CHECK_EQ(thread, pthread_self());
				if (thread_event_callbacks.start)
				thread_event_callbacks.start((uptr)thread);
				}

				if (prev_pthread_introspection_hook)
				prev_pthread_introspection_hook(event, thread, addr, size);

				if (event == PTHREAD_INTROSPECTION_THREAD_TERMINATE) {
				CHECK_EQ(thread, pthread_self());
				if (thread_event_callbacks.terminate)
				thread_event_callbacks.terminate((uptr)thread);
				} else if (event == PTHREAD_INTROSPECTION_THREAD_DESTROY) {
				if (thread_event_callbacks.destroy)
				thread_event_callbacks.destroy((uptr)thread);
				}
				}

				void InstallPthreadIntrospectionHook(const ThreadEventCallbacks &callbacks) {
				prev_pthread_introspection_hook =
				pthread_introspection_hook_install(&sanitizer_pthread_introspection_hook);
				thread_event_callbacks = callbacks;
				}

	} // namespace __sanitizer			} // namespace __sanitizer

	#endif // SANITIZER_MAC			#endif // SANITIZER_MAC

compiler-rt/lib/tsan/rtl/tsan_platform_mac.cpp

//===-- tsan_platform_mac.cpp ---------------------------------------------===//		//===-- tsan_platform_mac.cpp ---------------------------------------------===//
		Lint: Lint Inline Actions clang-format not found in user’s local PATH; not linting file. Lint: Lint: clang-format not found in user’s local PATH; not linting file.
//		//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.		// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.		// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception		// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
//		//
▲ Show 20 Lines • Show All 186 Lines • ▼ Show 20 Lines	# else // !SANITIZER_GO
LoAppMemBeg(), LoAppMemEnd(), app_res / 1024, app_dirty / 1024,		LoAppMemBeg(), LoAppMemEnd(), app_res / 1024, app_dirty / 1024,
# endif		# endif
stacks.n_uniq_ids, stacks.allocated / 1024, nthread, nlive);		stacks.n_uniq_ids, stacks.allocated / 1024, nthread, nlive);
}		}

# if !SANITIZER_GO		# if !SANITIZER_GO
void InitializeShadowMemoryPlatform() { }		void InitializeShadowMemoryPlatform() { }

// On OS X, GCD worker threads are created without a call to pthread_create. We		// Register GCD worker threads, which are created without an observable call to
// need to properly register these threads with ThreadCreate and ThreadStart.		// pthread_create().
// These threads don't have a parent thread, as they are created "spuriously".		static void ThreadCreateCallback(uptr thread, bool gcd_worker) {
// We're using a libpthread API that notifies us about a newly created thread.		if (gcd_worker) {
// The `thread == pthread_self()` check indicates this is actually a worker
// thread. If it's just a regular thread, this hook is called on the parent
// thread.
typedef void (*pthread_introspection_hook_t)(unsigned int event,
pthread_t thread, void *addr,
size_t size);
extern "C" pthread_introspection_hook_t pthread_introspection_hook_install(
pthread_introspection_hook_t hook);
static const uptr PTHREAD_INTROSPECTION_THREAD_CREATE = 1;
static const uptr PTHREAD_INTROSPECTION_THREAD_TERMINATE = 3;
static pthread_introspection_hook_t prev_pthread_introspection_hook;
static void my_pthread_introspection_hook(unsigned int event, pthread_t thread,
void *addr, size_t size) {
if (event == PTHREAD_INTROSPECTION_THREAD_CREATE) {
if (thread == pthread_self()) {
// The current thread is a newly created GCD worker thread.
ThreadState *thr = cur_thread();		ThreadState *thr = cur_thread();
Processor *proc = ProcCreate();		Processor *proc = ProcCreate();
ProcWire(proc, thr);		ProcWire(proc, thr);
ThreadState *parent_thread_state = nullptr; // No parent.		ThreadState *parent_thread_state = nullptr; // No parent.
Tid tid = ThreadCreate(parent_thread_state, 0, (uptr)thread, true);		Tid tid = ThreadCreate(parent_thread_state, 0, (uptr)thread, true);
CHECK_NE(tid, kMainTid);		CHECK_NE(tid, kMainTid);
ThreadStart(thr, tid, GetTid(), ThreadType::Worker);		ThreadStart(thr, tid, GetTid(), ThreadType::Worker);
}		}
} else if (event == PTHREAD_INTROSPECTION_THREAD_TERMINATE) {		}
CHECK_EQ(thread, pthread_self());
		// Destroy thread state for all threads.
		static void ThreadTerminateCallback(uptr thread) {
ThreadState *thr = cur_thread();		ThreadState *thr = cur_thread();
if (thr->tctx) {		if (thr->tctx) {
DestroyThreadState();		DestroyThreadState();
}		}
}		}

if (prev_pthread_introspection_hook != nullptr)
prev_pthread_introspection_hook(event, thread, addr, size);
}
#endif		#endif

void InitializePlatformEarly() {		void InitializePlatformEarly() {
# if !SANITIZER_GO && SANITIZER_IOS		# if !SANITIZER_GO && SANITIZER_IOS
uptr max_vm = GetMaxUserVirtualAddress() + 1;		uptr max_vm = GetMaxUserVirtualAddress() + 1;
if (max_vm != HiAppMemEnd()) {		if (max_vm != HiAppMemEnd()) {
Printf("ThreadSanitizer: unsupported vm address limit %p, expected %p.\n",		Printf("ThreadSanitizer: unsupported vm address limit %p, expected %p.\n",
(void )max_vm, (void )HiAppMemEnd());		(void )max_vm, (void )HiAppMemEnd());
Die();		Die();
}		}
#endif		#endif
}		}

static uptr longjmp_xor_key = 0;		static uptr longjmp_xor_key = 0;

void InitializePlatform() {		void InitializePlatform() {
DisableCoreDumperIfNecessary();		DisableCoreDumperIfNecessary();
#if !SANITIZER_GO		#if !SANITIZER_GO
CheckAndProtect();		CheckAndProtect();

InitializeThreadStateStorage();		InitializeThreadStateStorage();

prev_pthread_introspection_hook =		ThreadEventCallbacks callbacks = {
pthread_introspection_hook_install(&my_pthread_introspection_hook);		.create = ThreadCreateCallback,
		.terminate = ThreadTerminateCallback,
		};
		InstallPthreadIntrospectionHook(callbacks);
#endif		#endif

if (GetMacosAlignedVersion() >= MacosVersion(10, 14)) {		if (GetMacosAlignedVersion() >= MacosVersion(10, 14)) {
// Libsystem currently uses a process-global key; this might change.		// Libsystem currently uses a process-global key; this might change.
const unsigned kTLSLongjmpXorKeySlot = 0x7;		const unsigned kTLSLongjmpXorKeySlot = 0x7;
longjmp_xor_key = (uptr)pthread_getspecific(kTLSLongjmpXorKeySlot);		longjmp_xor_key = (uptr)pthread_getspecific(kTLSLongjmpXorKeySlot);
}		}
}		}
▲ Show 20 Lines • Show All 46 Lines • Show Last 20 Lines