Download Raw Diff

Details

Reviewers

zaks.anna
kcc
vitalybuka
MaskRay
kubamracek
yln
rsundahl

Commits

rGeb0e3319bf94: [sanitizer] Don't call dlerror() after swift_demangle lookup through dlsym

Summary

Because the call to dlerror() may actually want to print something, which turns into a deadlock
as showcased in #49223.

Instead rely on further call to dlsym to clear dlerror internal state if they
need to check the return status.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

serge-sans-paille created this revision.Jul 1 2022, 7:05 AM

Herald added a project: Restricted Project. · View Herald TranscriptJul 1 2022, 7:05 AM

Herald added a subscriber: Enna1. · View Herald Transcript

serge-sans-paille requested review of this revision.Jul 1 2022, 7:05 AM

Herald added a project: Restricted Project. · View Herald TranscriptJul 1 2022, 7:05 AM

Herald added a subscriber: Restricted Project. · View Herald Transcript

Harbormaster completed remote builds in B173238: Diff 441686.Jul 1 2022, 7:37 AM

vitalybuka edited reviewers, added: vitalybuka; removed: aizatsky.Jul 7 2022, 3:46 PM

vitalybuka added a subscriber: vitalybuka.

vitalybuka added inline comments.

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
61	Unrelated to the patch, but this is used only in sanitizer_symbolizer_mac.cpp, so it's better to be moved there.
72	Maybe better just make SANITIZER_WEAK_ATTRIBUTE DemangleSwift() and remove swift_demangle_ft related stuff?

serge-sans-paille added inline comments.Jul 8 2022, 3:45 AM

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
72	The idea of this patch is to delegate detection of the `swift_demangle` symbol from `dlsym` to weak/strong symbol. I don't see how making `DemangleSwift` weak achieves that goal?

vitalybuka added a reviewer: MaskRay.Jul 10 2022, 9:02 PM

Herald added a subscriber: StephenFan. · View Herald TranscriptJul 10 2022, 9:02 PM

vitalybuka added inline comments.Jul 10 2022, 9:02 PM

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
61	My mistake, it's not just mac
65	shouldn't this be like: extern "C" SANITIZER_WEAK_ATTRIBUTE swift_demangle( const char mangledName, size_t mangledNameLength, char outputBuffer, size_t *outputBufferSize, uint32_t flags);
71	why do we need InitializeSwiftDemangler here at all can we just check if (swift_demangle) in DemangleSwift?

Follow reviewer's advice

serge-sans-paille marked 4 inline comments as done.Jul 11 2022, 1:55 AM

serge-sans-paille added inline comments.

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
65	I don't think so, because in that case if the symbol is not available externally we get a link error.
71	Correct!

Harbormaster completed remote builds in B174625: Diff 443581.Jul 11 2022, 1:58 AM

vitalybuka added inline comments.Jul 11 2022, 10:48 AM

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp

I believe it should be

// As of now, there are no headers for the Swift runtime. Provide a weak version
// of that symbol and rely on weak symbol resolution to pick the right one.
extern "C" char *SANITIZER_WEAK_ATTRIBUTE
swift_demangle(const char *mangledName, size_t mangledNameLength,
               char *outputBuffer, size_t *outputBufferSize, uint32_t flags);

// Attempts to demangle a Swift name. The demangler will return nullptr if a
// non-Swift name is passed in.
const char *DemangleSwift(const char *name) {
  if (&swift_demangle)
    return swift_demangle(name, internal_strlen(name), 0, 0, 0);
  return nullptr;
}

SANITIZER_WEAK_ATTRIBUTE makes it null if it's not linked, not linking error

"swift_demangle" symbol is a function, not function ptr, not sure how patch as is can work at all
Have you tried to run this with swift_demangle linked into the binary?

Maybe we should have a test with a fake version of the function
https://github.com/apple/swift/blob/de16c9a7385e61b6bf6dd604e832c64a02358d84/stdlib/public/runtime/Demangle.cpp#L721

501

does not compile with this line

vitalybuka added a reviewer: kubamracek.Jul 11 2022, 10:54 AM

zaks.anna added a reviewer: yln.Jul 11 2022, 12:39 PM

yln added a reviewer: rsundahl.Jul 11 2022, 2:01 PM

For the technicalities, I agree with Vitaly.

However, @rsundahl has discovered that the whole "strong overrides weak symbol across dylibs" pattern isn't reliably anymore. See here: https://reviews.llvm.org/D127929
Roy, can you confirm that we are running into this case here>

Also: does this still work right now? Should depend on the swift runtime dylib defining a weak symbol/being marked as in participating in weak symbol lookup. Can we promise that the Swift runtime dylib will always define a weak symbol?

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
65	I agree that this is what we would want if we take this path.

rsundahl added inline comments.Jul 11 2022, 2:34 PM

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
501	What is the compiler complaining about in this case @vitalybuka?

vitalybuka added inline comments.Jul 11 2022, 3:04 PM

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
501	it's trivial. @serge-sans-paille removed InitializeSwiftDemangler as I asked, but forgot to remove the call.

There are very significant differences between Linux, Windows and Darwin w.r.t. how weak symbols are (possibly) overridden by so-called "strong" symbols. The discussion with @MaskRay in https://reviews.llvm.org/D127929 is worth a look for context but I would encourage moving in the other direction, completely away from weak symbols and/or any expectation that the loader will "do what we want it to do".

In D128992#3643688, @rsundahl wrote:

There are very significant differences between Linux, Windows and Darwin w.r.t. how weak symbols are (possibly) overridden by so-called "strong" symbols. The discussion with @MaskRay in https://reviews.llvm.org/D127929 is worth a look for context but I would encourage moving in the other direction, completely away from weak symbols and/or any expectation that the loader will "do what we want it to do".

The file handles ELF systems and macOS. It doesn't deal with Windows.
Again, this is a use case which unnecessarily regressed on macOS with the latest dyld :(

Another approach: make sure swift_demangle is setup before or after symbol lookup, but not during interception.
It solves the issue because it prevents calling the intiialization routine as a consequence of lazy initialization when hooking the malloc call from dlerror

Please update description, as this approach does not match, it still uses dlsym.

Can you show a pseudo-stack trace of the case you are trying to solve?

serge-sans-paille edited the summary of this revision. (Show Details)Jul 13 2022, 8:03 AM

title is still "Don't lookup swift_demangle through dlsym"

Because it can fail if the symbol is not there, the subsequent (and legit) call to dlerror()

legit but unnecessary. Most code in sanitizer does not call dlerror after dlsym.
Doc says: https://linux.die.net/man/3/dlerror

the correct way to test for an error is to call dlerror() to clear any old error conditions, then call dlsym(), and then call dlerror() again, saving its return value into a variable, and check whether this saved value is not NULL.

We don't check dlerror here, so it's up to the next caller to clear it before next dlsym, and only if they care about dlerror.

compiler-rt/lib/interception/interception_linux.cpp is the main and very early origin of dlsym calls for sanitizers

serge-sans-paille updated this revision to Diff 445399.Jul 18 2022, 12:27 AM

serge-sans-paille retitled this revision from [sanitizer] Don't lookup swift_demangle through dlsym to [sanitizer] Don't call dlerror() after swift_demangle lookup through dlsym.

serge-sans-paille edited the summary of this revision. (Show Details)

Harbormaster completed remote builds in B175958: Diff 445399.Jul 18 2022, 1:03 AM

yln added inline comments.Jul 18 2022, 11:57 AM

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
75	I like that we settled on this very simple (and reasonable) change to solve the problem. LGTM, but deferring to Vitaly since he suggested the change! :)

vitalybuka accepted this revision.Jul 18 2022, 2:09 PM

This revision is now accepted and ready to land.Jul 18 2022, 2:09 PM

MaskRay accepted this revision.Jul 18 2022, 2:26 PM

Closed by commit rGeb0e3319bf94: [sanitizer] Don't call dlerror() after swift_demangle lookup through dlsym (authored by serge-sans-paille). · Explain WhyJul 19 2022, 12:08 AM

This revision was automatically updated to reflect the committed changes.

serge-sans-paille added a commit: rGeb0e3319bf94: [sanitizer] Don't call dlerror() after swift_demangle lookup through dlsym.

pcc mentioned this in D40382: Plug dlerror() leak for swift_demangle.Mar 21 2023, 5:52 PM

Diff 441686

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp

Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines	const char DemangleCXXABI(const char name) {
// the returned value.		// the returned value.
if (&__cxxabiv1::__cxa_demangle)		if (&__cxxabiv1::__cxa_demangle)
if (const char *demangled_name =		if (const char *demangled_name =
__cxxabiv1::__cxa_demangle(name, 0, 0, 0))		__cxxabiv1::__cxa_demangle(name, 0, 0, 0))
return demangled_name;		return demangled_name;

return name;		return name;
}		}

		vitalybukaUnsubmitted Done Reply Inline Actions Unrelated to the patch, but this is used only in sanitizer_symbolizer_mac.cpp, so it's better to be moved there. vitalybuka: Unrelated to the patch, but this is used only in sanitizer_symbolizer_mac.cpp, so it's better…
		vitalybukaUnsubmitted Done Reply Inline Actions My mistake, it's not just mac vitalybuka: My mistake, it's not just mac
// As of now, there are no headers for the Swift runtime. Once they are		// As of now, there are no headers for the Swift runtime. Provide a weak version
// present, we will weakly link since we do not require Swift runtime to be		// of that symbol and rely on weak symbol resolution to pick the right one.
// linked.
typedef char (swift_demangle_ft)(const char *mangledName,		typedef char (swift_demangle_ft)(const char *mangledName,
size_t mangledNameLength, char *outputBuffer,		size_t mangledNameLength, char *outputBuffer,
		vitalybukaUnsubmitted Not Done Reply Inline Actions shouldn't this be like: extern "C" SANITIZER_WEAK_ATTRIBUTE swift_demangle( const char mangledName, size_t mangledNameLength, char outputBuffer, size_t outputBufferSize, uint32_t flags); vitalybuka:* shouldn't this be like: ``` extern "C" SANITIZER_WEAK_ATTRIBUTE swift_demangle( const char…
		serge-sans-pailleAuthorUnsubmitted Done Reply Inline Actions I don't think so, because in that case if the symbol is not available externally we get a link error. serge-sans-paille: I don't think so, because in that case if the symbol is not available externally we get a link…
		vitalybukaUnsubmitted Not Done Reply Inline Actions I believe it should be // As of now, there are no headers for the Swift runtime. Provide a weak version // of that symbol and rely on weak symbol resolution to pick the right one. extern "C" char SANITIZER_WEAK_ATTRIBUTE swift_demangle(const char mangledName, size_t mangledNameLength, char outputBuffer, size_t outputBufferSize, uint32_t flags); // Attempts to demangle a Swift name. The demangler will return nullptr if a // non-Swift name is passed in. const char DemangleSwift(const char name) { if (&swift_demangle) return swift_demangle(name, internal_strlen(name), 0, 0, 0); return nullptr; } SANITIZER_WEAK_ATTRIBUTE makes it null if it's not linked, not linking error "swift_demangle" symbol is a function, not function ptr, not sure how patch as is can work at all Have you tried to run this with swift_demangle linked into the binary? Maybe we should have a test with a fake version of the function https://github.com/apple/swift/blob/de16c9a7385e61b6bf6dd604e832c64a02358d84/stdlib/public/runtime/Demangle.cpp#L721 vitalybuka: I believe it should be ``` // As of now, there are no headers for the Swift runtime. Provide a…
		ylnUnsubmitted Not Done Reply Inline Actions I agree that this is what we would want if we take this path. yln: I agree that this is what we would want if we take this path.
size_t *outputBufferSize, uint32_t flags);		size_t *outputBufferSize, uint32_t flags);
static swift_demangle_ft swift_demangle_f;

// This must not happen lazily at symbolication time, because dlsym uses		extern "C" SANITIZER_WEAK_ATTRIBUTE swift_demangle_ft swift_demangle = nullptr;
// malloc and thread-local storage, which is not a good thing to do during
// symbolication.		static swift_demangle_ft swift_demangle_f;
static void InitializeSwiftDemangler() {		static void InitializeSwiftDemangler() { swift_demangle_f = swift_demangle; }
		vitalybukaUnsubmitted Done Reply Inline Actions why do we need InitializeSwiftDemangler here at all can we just check if (swift_demangle) in DemangleSwift? vitalybuka: why do we need InitializeSwiftDemangler here at all can we just check if (swift_demangle) in…
		serge-sans-pailleAuthorUnsubmitted Done Reply Inline Actions Correct! serge-sans-paille: Correct!
swift_demangle_f = (swift_demangle_ft)dlsym(RTLD_DEFAULT, "swift_demangle");
(void)dlerror(); // Cleanup error message in case of failure
ylnUnsubmitted Not Done Reply Inline Actions I like that we settled on this very simple (and reasonable) change to solve the problem. LGTM, but deferring to Vitaly since he suggested the change! :) yln: I like that we settled on this very simple (and reasonable) change to solve the problem. LGTM…
}

		vitalybukaUnsubmitted Done Reply Inline Actions Maybe better just make SANITIZER_WEAK_ATTRIBUTE DemangleSwift() and remove swift_demangle_ft related stuff? vitalybuka: Maybe better just make SANITIZER_WEAK_ATTRIBUTE DemangleSwift() and remove swift_demangle_ft…
		serge-sans-pailleAuthorUnsubmitted Done Reply Inline Actions The idea of this patch is to delegate detection of the `swift_demangle` symbol from `dlsym` to weak/strong symbol. I don't see how making `DemangleSwift` weak achieves that goal? serge-sans-paille: The idea of this patch is to delegate detection of the `swift_demangle` symbol from `dlsym` to…
// Attempts to demangle a Swift name. The demangler will return nullptr if a		// Attempts to demangle a Swift name. The demangler will return nullptr if a
// non-Swift name is passed in.		// non-Swift name is passed in.
const char DemangleSwift(const char name) {		const char DemangleSwift(const char name) {
if (swift_demangle_f)		if (swift_demangle_f)
return swift_demangle_f(name, internal_strlen(name), 0, 0, 0);		return swift_demangle_f(name, internal_strlen(name), 0, 0, 0);

return nullptr;		return nullptr;
}		}
▲ Show 20 Lines • Show All 412 Lines • ▼ Show 20 Lines	Symbolizer *Symbolizer::PlatformInit() {
IntrusiveList<SymbolizerTool> list;		IntrusiveList<SymbolizerTool> list;
list.clear();		list.clear();
ChooseSymbolizerTools(&list, &symbolizer_allocator_);		ChooseSymbolizerTools(&list, &symbolizer_allocator_);
return new(symbolizer_allocator_) Symbolizer(list);		return new(symbolizer_allocator_) Symbolizer(list);
}		}

void Symbolizer::LateInitialize() {		void Symbolizer::LateInitialize() {
Symbolizer::GetOrInit();		Symbolizer::GetOrInit();
InitializeSwiftDemangler();		InitializeSwiftDemangler();
		vitalybukaUnsubmitted Not Done Reply Inline Actions does not compile with this line vitalybuka: does not compile with this line
		rsundahlUnsubmitted Not Done Reply Inline Actions What is the compiler complaining about in this case @vitalybuka? rsundahl: What is the compiler complaining about in this case @vitalybuka?
		vitalybukaUnsubmitted Not Done Reply Inline Actions it's trivial. @serge-sans-paille removed InitializeSwiftDemangler as I asked, but forgot to remove the call. vitalybuka: it's trivial. @serge-sans-paille removed InitializeSwiftDemangler as I asked, but forgot to…
}		}

} // namespace __sanitizer		} // namespace __sanitizer

#endif // SANITIZER_POSIX		#endif // SANITIZER_POSIX

This is an archive of the discontinued LLVM Phabricator instance.

[sanitizer] Don't call dlerror() after swift_demangle lookup through dlsym
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 441686

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp

This is an archive of the discontinued LLVM Phabricator instance.

[sanitizer] Don't call dlerror() after swift_demangle lookup through dlsymClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 441686

compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp

[sanitizer] Don't call dlerror() after swift_demangle lookup through dlsym
ClosedPublic