This is an archive of the discontinued LLVM Phabricator instance.

Differential D135516

[lldb] [MainLoopPosix] Fix crash upon adding lots of pending callbacks
ClosedPublic

Authored by mgorny on Oct 8 2022, 9:34 AM.

Details

Reviewers
labath
krytarowski
emaste
jingham
Commits
rGe8ee0f121dbc: [lldb] [MainLoopPosix] Fix crash upon adding lots of pending callbacks
Summary

If lots of pending callbacks are added while the main loop has exited
already, the trigger pipe buffer fills in, causing the write to fail
and the related assertion to fail. To avoid this, add a boolean member
indicating whether the callbacks have been triggered already.
If the trigger was done, avoid writing to the pipe until loops proceeds
to run them and resets the variable.

Besides fixing the issue, this also avoids writing to the pipe multiple
times if callbacks are added faster than the loop is able to process
them. Previously, this would lead to the loop performing multiple read
iterations from pipe unnecessarily.

Diff Detail

Event Timeline

mgorny created this revision.Oct 8 2022, 9:34 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 8 2022, 9:34 AM
mgorny requested review of this revision.Oct 8 2022, 9:34 AM
Harbormaster completed remote builds in B191106: Diff 466295.Oct 8 2022, 9:36 AM
labath added a comment.Oct 10 2022, 12:34 AM

I never expected we would have so many callbacks that we'd have to worry about this, but yes, this is one way to fix the problem. Another (slightly simpler, but also less performant) would be to make the write pipe nonblocking, and do not treat EAGAIN as an error.

lldb/source/Host/posix/MainLoopPosix.cpp
408

I /think/ this is not right. The other thread can wake up as soon as the Write call is done, and can proceed to clear the done flag before we are able to set it. If we set it afterwards, then we we suppress all subsequent writes, and the callbacks would never run. If we set the flag before we make the Write call, then it should be ok -- though the flag should probably have a different name then.

mgorny added a comment.Oct 10 2022, 9:09 AM
In D135516#3846182, @labath wrote:

I never expected we would have so many callbacks that we'd have to worry about this, but yes, this is one way to fix the problem. Another (slightly simpler, but also less performant) would be to make the write pipe nonblocking, and do not treat EAGAIN as an error.

Well, I've only hit this in a pathological case (sending a lot of small packets without checking whether the loop in the communication thread didn't exit) but I've figured out we want some protection anyway.

The pipe logic uses select helper anyway, so it does return a timeout error if the buffer is full. However, I've figured that it'd be better to avoid polluting the buffer with tons of "interrupts" if only one is really meaningful.

mgorny added inline comments.Oct 14 2022, 9:01 AM
lldb/source/Host/posix/MainLoopPosix.cpp
408

I think you are correct. Will update that soonish.

mgorny updated this revision to Diff 467834.Oct 14 2022, 10:36 AM

Move and rename the bool.

mgorny marked an inline comment as done.Oct 14 2022, 10:37 AM
Harbormaster completed remote builds in B192224: Diff 467834.Oct 14 2022, 10:39 AM
labath accepted this revision.Oct 17 2022, 6:54 AM
labath added inline comments.
lldb/source/Host/posix/MainLoopPosix.cpp
399–402

Maybe something like if (m_triggering.exchange(true)) return; ?
This version should work as well, but it may save someone from wondering what will happen if two threads execute this concurrently.

This revision is now accepted and ready to land.Oct 17 2022, 6:54 AM
mgorny marked an inline comment as done.Oct 17 2022, 8:11 AM

Thanks. I'll do a fresh test run on the updated version and push if it passes.

lldb/source/Host/posix/MainLoopPosix.cpp
399–402

Sure, I'll try that.

Closed by commit rGe8ee0f121dbc: [lldb] [MainLoopPosix] Fix crash upon adding lots of pending callbacks (authored by mgorny). · Explain WhyOct 17 2022, 8:48 AM
This revision was automatically updated to reflect the committed changes.
mgorny marked an inline comment as done.
mgorny added a commit: rGe8ee0f121dbc: [lldb] [MainLoopPosix] Fix crash upon adding lots of pending callbacks.
Herald added a project: Restricted Project. · View Herald TranscriptOct 17 2022, 8:48 AM

Revision Contents

PathSize
lldb/
include/
lldb/
Host/
posix/
2 lines
source/
Host/
posix/
6 lines
unittests/
Host/
11 lines

Diff 468222

lldb/include/lldb/Host/posix/MainLoopPosix.h

//===-- MainLoopPosix.h -----------------------------------------*- C++ -*-===// //===-- MainLoopPosix.h -----------------------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLDB_HOST_POSIX_MAINLOOPPOSIX_H #ifndef LLDB_HOST_POSIX_MAINLOOPPOSIX_H
#define LLDB_HOST_POSIX_MAINLOOPPOSIX_H #define LLDB_HOST_POSIX_MAINLOOPPOSIX_H
#include "lldb/Host/Config.h" #include "lldb/Host/Config.h"
#include "lldb/Host/MainLoopBase.h" #include "lldb/Host/MainLoopBase.h"
#include "lldb/Host/Pipe.h" #include "lldb/Host/Pipe.h"
#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"
#include <atomic>
#include <csignal> #include <csignal>
#include <list> #include <list>
#include <vector> #include <vector>
namespace lldb_private { namespace lldb_private {
// Implementation of the MainLoopBase class. It can monitor file descriptors for // Implementation of the MainLoopBase class. It can monitor file descriptors for
// readability using ppoll, kqueue, or pselect. In addition to the common base, // readability using ppoll, kqueue, or pselect. In addition to the common base,
▲ Show 20 LinesShow All 58 Lines▼ Show 20 Lines struct SignalInfo {
struct sigaction old_action; struct sigaction old_action;
bool was_blocked : 1; bool was_blocked : 1;
}; };
class RunImpl; class RunImpl;
llvm::DenseMap<IOObject::WaitableHandle, Callback> m_read_fds; llvm::DenseMap<IOObject::WaitableHandle, Callback> m_read_fds;
llvm::DenseMap<int, SignalInfo> m_signals; llvm::DenseMap<int, SignalInfo> m_signals;
Pipe m_trigger_pipe; Pipe m_trigger_pipe;
std::atomic<bool> m_triggering;
#if HAVE_SYS_EVENT_H #if HAVE_SYS_EVENT_H
int m_kqueue; int m_kqueue;
#endif #endif
}; };
} // namespace lldb_private } // namespace lldb_private
#endif // LLDB_HOST_POSIX_MAINLOOPPOSIX_H #endif // LLDB_HOST_POSIX_MAINLOOPPOSIX_H

lldb/source/Host/posix/MainLoopPosix.cpp

Show First 20 LinesShow All 216 Lines▼ Show 20 Lines for (const auto &signal : signals) {
if (loop.m_terminate_request) if (loop.m_terminate_request)
return; return;
g_signal_flags[signal] = 0; g_signal_flags[signal] = 0;
loop.ProcessSignal(signal); loop.ProcessSignal(signal);
} }
} }
#endif #endif
MainLoopPosix::MainLoopPosix() { MainLoopPosix::MainLoopPosix() : m_triggering(false) {
Status error = m_trigger_pipe.CreateNew(/*child_process_inherit=*/false); Status error = m_trigger_pipe.CreateNew(/*child_process_inherit=*/false);
assert(error.Success()); assert(error.Success());
const int trigger_pipe_fd = m_trigger_pipe.GetReadFileDescriptor(); const int trigger_pipe_fd = m_trigger_pipe.GetReadFileDescriptor();
m_read_fds.insert({trigger_pipe_fd, [trigger_pipe_fd](MainLoopBase &loop) { m_read_fds.insert({trigger_pipe_fd, [trigger_pipe_fd](MainLoopBase &loop) {
char c; char c;
ssize_t bytes_read = llvm::sys::RetryAfterSignal( ssize_t bytes_read = llvm::sys::RetryAfterSignal(
-1, ::read, trigger_pipe_fd, &c, 1); -1, ::read, trigger_pipe_fd, &c, 1);
assert(bytes_read == 1); assert(bytes_read == 1);
▲ Show 20 LinesShow All 132 Lines▼ Show 20 LinesStatus MainLoopPosix::Run() {
while (!m_terminate_request && while (!m_terminate_request &&
(m_read_fds.size() > 1 || !m_signals.empty())) { (m_read_fds.size() > 1 || !m_signals.empty())) {
error = impl.Poll(); error = impl.Poll();
if (error.Fail()) if (error.Fail())
return error; return error;
impl.ProcessEvents(); impl.ProcessEvents();
m_triggering = false;
ProcessPendingCallbacks(); ProcessPendingCallbacks();
} }
return Status(); return Status();
} }
void MainLoopPosix::ProcessReadObject(IOObject::WaitableHandle handle) { void MainLoopPosix::ProcessReadObject(IOObject::WaitableHandle handle) {
auto it = m_read_fds.find(handle); auto it = m_read_fds.find(handle);
if (it != m_read_fds.end()) if (it != m_read_fds.end())
it->second(*this); // Do the work it->second(*this); // Do the work
} }
void MainLoopPosix::ProcessSignal(int signo) { void MainLoopPosix::ProcessSignal(int signo) {
auto it = m_signals.find(signo); auto it = m_signals.find(signo);
if (it != m_signals.end()) { if (it != m_signals.end()) {
// The callback may actually register/unregister signal handlers, // The callback may actually register/unregister signal handlers,
// so we need to create a copy first. // so we need to create a copy first.
llvm::SmallVector<Callback, 4> callbacks_to_run{ llvm::SmallVector<Callback, 4> callbacks_to_run{
it->second.callbacks.begin(), it->second.callbacks.end()}; it->second.callbacks.begin(), it->second.callbacks.end()};
for (auto &x : callbacks_to_run) for (auto &x : callbacks_to_run)
x(*this); // Do the work x(*this); // Do the work
} }
} }
void MainLoopPosix::TriggerPendingCallbacks() { void MainLoopPosix::TriggerPendingCallbacks() {
if (m_triggering.exchange(true))
return;
char c = '.'; char c = '.';
labathUnsubmitted
Done
ReplyInline Actions

Maybe something like if (m_triggering.exchange(true)) return; ?
This version should work as well, but it may save someone from wondering what will happen if two threads execute this concurrently.

labath: Maybe something like `if (m_triggering.exchange(true)) return;` ? This version should work as…
mgornyAuthorUnsubmitted
Done
ReplyInline Actions

Sure, I'll try that.

mgorny: Sure, I'll try that.
size_t bytes_written; size_t bytes_written;
Status error = m_trigger_pipe.Write(&c, 1, bytes_written); Status error = m_trigger_pipe.Write(&c, 1, bytes_written);
assert(error.Success()); assert(error.Success());
UNUSED_IF_ASSERT_DISABLED(error); UNUSED_IF_ASSERT_DISABLED(error);
assert(bytes_written == 1); assert(bytes_written == 1);
} }
labathUnsubmitted
Done
ReplyInline Actions

I /think/ this is not right. The other thread can wake up as soon as the Write call is done, and can proceed to clear the done flag before we are able to set it. If we set it afterwards, then we we suppress all subsequent writes, and the callbacks would never run. If we set the flag before we make the Write call, then it should be ok -- though the flag should probably have a different name then.

labath: I /think/ this is not right. The other thread can wake up as soon as the Write call is done…
mgornyAuthorUnsubmitted
Done
ReplyInline Actions

I think you are correct. Will update that soonish.

mgorny: I think you are correct. Will update that soonish.

lldb/unittests/Host/MainLoopTest.cpp

Show First 20 LinesShow All 165 Lines▼ Show 20 Lines std::thread callback2_adder([&]() {
}); });
}); });
ASSERT_THAT_ERROR(loop.Run().ToError(), llvm::Succeeded()); ASSERT_THAT_ERROR(loop.Run().ToError(), llvm::Succeeded());
callback2_adder.join(); callback2_adder.join();
ASSERT_TRUE(callback1_called); ASSERT_TRUE(callback1_called);
ASSERT_TRUE(callback2_called); ASSERT_TRUE(callback2_called);
} }
// Regression test for assertion failure if a lot of callbacks end up
// being queued after loop exits.
TEST_F(MainLoopTest, PendingCallbackAfterLoopExited) {
MainLoop loop;
Status error;
ASSERT_TRUE(loop.Run().Success());
// Try to fill the pipe buffer in.
for (int i = 0; i < 65536; ++i)
loop.AddPendingCallback([&](MainLoopBase &loop) {});
}
#ifdef LLVM_ON_UNIX #ifdef LLVM_ON_UNIX
TEST_F(MainLoopTest, DetectsEOF) { TEST_F(MainLoopTest, DetectsEOF) {
PseudoTerminal term; PseudoTerminal term;
ASSERT_THAT_ERROR(term.OpenFirstAvailablePrimary(O_RDWR), llvm::Succeeded()); ASSERT_THAT_ERROR(term.OpenFirstAvailablePrimary(O_RDWR), llvm::Succeeded());
ASSERT_THAT_ERROR(term.OpenSecondary(O_RDWR | O_NOCTTY), llvm::Succeeded()); ASSERT_THAT_ERROR(term.OpenSecondary(O_RDWR | O_NOCTTY), llvm::Succeeded());
auto conn = std::make_unique<ConnectionFileDescriptor>( auto conn = std::make_unique<ConnectionFileDescriptor>(
term.ReleasePrimaryFileDescriptor(), true); term.ReleasePrimaryFileDescriptor(), true);
▲ Show 20 LinesShow All 87 LinesShow Last 20 Lines