This is an archive of the discontinued LLVM Phabricator instance.

Differential D14855

[tsan] Support thread sanitizer on Android.
AbandonedPublic

Authored by yabinc on Nov 19 2015, 7:13 PM.

Details

Reviewers
kcc
danalbert
dvyukov
enh
kubamracek
eugenis
srhines
Summary

This patch contains three parts of work:

  1. As Android doesn't support __thread, use a tls slot to store the

pointer to ThreadState for current thread. Add check for thr->is_inited
as bionic libc can call intercepted functions before ThreadStart().
Add dead_thread_state as bionic libc can call intercepted functions
after DestroyThreadState().

  1. Add special considerations to intercept bionic libc functions, like

removing unsupported functions.

  1. Add address space support for android aarch64 devices. I have tested

on N9 and N5X, but I can't guarantee it is suitable for all android
aarch64 devices.

Diff Detail

Event Timeline

yabinc updated this revision to Diff 40734.Nov 19 2015, 7:13 PM
yabinc retitled this revision from to [tsan] Support thread sanitizer on Android..
yabinc updated this object.
Herald added subscribers: srhines, danalbert, tberghammer, aemerson. · View Herald TranscriptNov 19 2015, 7:13 PM
danalbert added reviewers: eugenis, dvyukov.Nov 19 2015, 9:36 PM
danalbert added a subscriber: llvm-commits.
yabinc added reviewers: kcc, enh, danalbert, srhines.Nov 19 2015, 9:41 PM
danalbert added inline comments.Nov 19 2015, 9:43 PM
lib/tsan/rtl/tsan_interceptors.h
35

I can't say much for the rest of the change, but the is_inited checks can easily be a separate, smaller patch, and I can pretty much guarantee that someone else would say so if I didn't :)

dvyukov edited edge metadata.Nov 20 2015, 1:32 PM

This needs to be split into smaller changes. But otherwise I think we can get something like this in.

lib/tsan/rtl/tsan_interceptors.cc
253

fix internal_sigfillset to work on android instead
the existing layer of indirection is exactly to hide such differences

269–273

ditto

271

drop {} for if with single-statement/single-line body
whole tsan codebase does it that way

284

ditto

lib/tsan/rtl/tsan_platform.h
181

drop {}

181

drop {}

lib/tsan/rtl/tsan_platform_linux.cc
371

please use a const here, it does not need to be a macro

const int kTsanTlsSlot = 8;  // allocated by bionic for tsan
372

add a comment explaining what it is for

378

this is still not completely async-signal-safe
consider that a thread is preempted by a signal handler on this line: now signal handler will allocate thread context and work for some time with it, then thread will allocate another context and lead the first one
see how mac does this, a similar change for mac recently went it

383

use MmapOrDie, it does not have zillion of uninteresting arguments and does not return nullptr

392

I wonder if there will be some races on dead_thread_state since it is shared between threads. I think it is a good idea to mprotect(PROT_READ) it after initialization. It can save us lots of debugging in future.

lib/tsan/rtl/tsan_platform_posix.cc
125–130

can't we keep these ProtectRange's on android?

applications do weird things like mmaps on strange fixed addresses, or mmaps at completely random addresses (a-la home-grown ASLR), such things cause unpleasant debugging

lib/tsan/rtl/tsan_rtl.cc
292 ↗(On Diff #40734)

why is this change made?

yabinc updated this revision to Diff 41003.Nov 23 2015, 5:40 PM
yabinc marked 7 inline comments as done.
yabinc edited edge metadata.

Update code based on review, will split the patch after finishing all comments.

lib/tsan/rtl/tsan_interceptors.cc
253

I use internal_sigfillset() for android because sigfillset() is not intercepted on android (maybe because of asan). And I think we can't use internal_sigfillset() for mac or windows.

lib/tsan/rtl/tsan_interceptors.h
35

I will split the patch into 3 parts as in the summary, if no one complains that it should be smaller.

lib/tsan/rtl/tsan_platform_linux.cc
378

why it is not signal-safe? There is another check of thr in L365. And I think L364-L365 will not be moved above L363 because L364 is inlined assemble language.

392

yes, it's a good idea.

lib/tsan/rtl/tsan_platform_posix.cc
125–130

surely we can. I commented this out just because the address map for android aarch64 doesn't conform the assumption here. I found that by commenting these out, the core dump becomes reasonable small, which helps debugging.

lib/tsan/rtl/tsan_rtl.cc
292 ↗(On Diff #40734)

Because previously I made kHeapMemBeg == kHeapMemEnd on android/aarch64. I am not sure how I should set kHeapMemBeg and kHeapMemEnd. The brk() space goes after main binary. But android uses jemalloc which uses common mmap() to allocate heap space. This makes real heap space mixed with kHiAppMem. As the correctness of kHeapMem is not very important, I changed it to follow linux/aarch64.
By the way, I am a little curious whether kxxxEnd should be accessible. From tsan_platform.h, it gives me a sense that kxxEnd should not be accessible, but kHiAppMemEnd should be accessible when it is 0x7fffffffffull.

yabinc added a comment.Dec 2 2015, 10:43 AM

ping

dvyukov added a reviewer: kubamracek.Dec 3 2015, 5:16 AM
dvyukov added a comment.Dec 3 2015, 5:34 AM

+Kuba for sigfillset Mac question.

lib/tsan/rtl/tsan_interceptors.cc
253

This file calls REAL(sigfillset) just because it was written before internal_sigfillset appeared. The right thing to do is to replace all calls of REAL(sigfillset) to internal_sigfillset in this file, and then make internal_sigfillset work on all platforms. Windows is not an issue, because tsan does not work on windows yet. Mac calls just sigfillset inside of internal_sigfillset, not sure whether it can lead to infinite recursion or not... +Kuba for this. Anyway we need to fix internal_sigfillset.

lib/tsan/rtl/tsan_platform_linux.cc
378

I missed the second check. Yes, this looks signal-safe. Sorry.

lib/tsan/rtl/tsan_platform_posix.cc
125–130

I think we need let each platform define what regions need to be protected (see GetUserRegion function for similar functionality). Then you can support Android mapping.

I don't understand how it helps with core dumps. These regions should not be in core dump as they are all zeros. And anyway you still protect huge regions of memory. And we have huge shadow that we need to map anyway.

lib/tsan/rtl/tsan_rtl.cc
292 ↗(On Diff #40734)

There is a check below:

if (p < beg || p >= end)

which ensures that we don't actually end address. So correct constant for kHiAppMemEnd is 0x8000000000 rather than 0x7fffffffff.

All sanitizers replace default malloc, so jemalloc behavior is irrelevant here.
Tsan allocator is defined in tsan_rtl.h, search for "SizeClassAllocator". For mips64 and arm64 it actually does not use kHeapMemBeg/kHeapMemEnd, it just uses whatever mmap returns (this again makes it important to mprotect all unused holes in address space so that mmap does not return that addresses). So it should be irrelevant how you define it for arm64 (not sure why it defined these constants at all).

kubamracek added inline comments.Dec 3 2015, 5:50 AM
lib/tsan/rtl/tsan_interceptors.cc
253

Calling just sigfillset on OS X will call REAL(sigfillset), so it won't infinitely recurse. (Actually, sigfillset is a macro that sets the value to ~0, so nothing is called at all.)

dvyukov added inline comments.Dec 3 2015, 6:17 AM
lib/tsan/rtl/tsan_interceptors.cc
253

Great, thanks.
Then we just need to call internal_sigfillset in this file.

yabinc updated this revision to Diff 41927.Dec 4 2015, 12:33 PM
yabinc marked an inline comment as done.

update based on review comments and rebase code.

yabinc added inline comments.Dec 4 2015, 12:57 PM
lib/tsan/rtl/tsan_interceptors.cc
253

Inorder to use internal_sigfillset() in all cases, I have to move internal_sigfillset() from sanitizer_linux.cc to sanitizer_posix.cc. I included "sanitizer_platform_limits_posix.h" in sanitizer_posix.h, I am not very sure that
it is fine.

lib/tsan/rtl/tsan_platform_posix.cc
125–130

If we provide a GetProtectRegion() function, it is much longer (about 50~60 lines) than code here. And personally I think that is less clear. Sadly I can't use address range array. So I improved the code here
a little by using #if, which may make it clearer. But if you really think we should use GetProtectRegion(),
feel free to let me know.
I don't know the detail of core dump, maybe dive into this question later.

dvyukov added a comment.Dec 7 2015, 3:18 AM

It generally looks good to me, please start splitting this into smaller patches. For example, disable of interceptors is a separate patch; sigfillset is a separate patch; android cur_thread() is a separate patch, etc.

yabinc abandoned this revision.Dec 9 2015, 4:26 PM

Abandon this, as it has been split.

Revision Contents

Diff 41927

lib/sanitizer_common/sanitizer_linux.h

Show All 28 Lines
struct linux_dirent; struct linux_dirent;
// Syscall wrappers. // Syscall wrappers.
uptr internal_getdents(fd_t fd, struct linux_dirent *dirp, unsigned int count); uptr internal_getdents(fd_t fd, struct linux_dirent *dirp, unsigned int count);
uptr internal_sigaltstack(const struct sigaltstack* ss, uptr internal_sigaltstack(const struct sigaltstack* ss,
struct sigaltstack* oss); struct sigaltstack* oss);
uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set, uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set,
__sanitizer_sigset_t *oldset); __sanitizer_sigset_t *oldset);
void internal_sigfillset(__sanitizer_sigset_t *set);
// Linux-only syscalls. // Linux-only syscalls.
#if SANITIZER_LINUX #if SANITIZER_LINUX
uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr arg5); uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr arg5);
// Used only by sanitizer_stoptheworld. Signal handlers that are actually used // Used only by sanitizer_stoptheworld. Signal handlers that are actually used
// (like the process-wide error reporting SEGV handler) must use // (like the process-wide error reporting SEGV handler) must use
// internal_sigaction instead. // internal_sigaction instead.
int internal_sigaction_norestorer(int signum, const void *act, void *oldact); int internal_sigaction_norestorer(int signum, const void *act, void *oldact);
▲ Show 20 LinesShow All 44 LinesShow Last 20 Lines

lib/sanitizer_common/sanitizer_linux.cc

Show First 20 LinesShow All 612 Lines▼ Show 20 Lines#else
__sanitizer_kernel_sigset_t *k_set = (__sanitizer_kernel_sigset_t *)set; __sanitizer_kernel_sigset_t *k_set = (__sanitizer_kernel_sigset_t *)set;
__sanitizer_kernel_sigset_t *k_oldset = (__sanitizer_kernel_sigset_t *)oldset; __sanitizer_kernel_sigset_t *k_oldset = (__sanitizer_kernel_sigset_t *)oldset;
return internal_syscall(SYSCALL(rt_sigprocmask), (uptr)how, return internal_syscall(SYSCALL(rt_sigprocmask), (uptr)how,
(uptr)&k_set->sig[0], (uptr)&k_oldset->sig[0], (uptr)&k_set->sig[0], (uptr)&k_oldset->sig[0],
sizeof(__sanitizer_kernel_sigset_t)); sizeof(__sanitizer_kernel_sigset_t));
#endif #endif
} }
void internal_sigfillset(__sanitizer_sigset_t *set) {
internal_memset(set, 0xff, sizeof(*set));
}
#if SANITIZER_LINUX #if SANITIZER_LINUX
void internal_sigdelset(__sanitizer_sigset_t *set, int signum) { void internal_sigdelset(__sanitizer_sigset_t *set, int signum) {
signum -= 1; signum -= 1;
CHECK_GE(signum, 0); CHECK_GE(signum, 0);
CHECK_LT(signum, sizeof(*set) * 8); CHECK_LT(signum, sizeof(*set) * 8);
__sanitizer_kernel_sigset_t *k_set = (__sanitizer_kernel_sigset_t *)set; __sanitizer_kernel_sigset_t *k_set = (__sanitizer_kernel_sigset_t *)set;
const uptr idx = signum / (sizeof(k_set->sig[0]) * 8); const uptr idx = signum / (sizeof(k_set->sig[0]) * 8);
const uptr bit = signum % (sizeof(k_set->sig[0]) * 8); const uptr bit = signum % (sizeof(k_set->sig[0]) * 8);
▲ Show 20 LinesShow All 524 LinesShow Last 20 Lines

lib/sanitizer_common/sanitizer_posix.h

Show All 10 Lines
// run-time libraries and declares some useful POSIX-specific functions. // run-time libraries and declares some useful POSIX-specific functions.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef SANITIZER_POSIX_H #ifndef SANITIZER_POSIX_H
#define SANITIZER_POSIX_H #define SANITIZER_POSIX_H
// ----------- ATTENTION ------------- // ----------- ATTENTION -------------
// This header should NOT include any other headers from sanitizer runtime. // This header should NOT include any other headers from sanitizer runtime.
#include "sanitizer_internal_defs.h" #include "sanitizer_internal_defs.h"
#include "sanitizer_platform_limits_posix.h"
#if !SANITIZER_POSIX #if !SANITIZER_POSIX
// Make it hard to accidentally use any of functions declared in this file: // Make it hard to accidentally use any of functions declared in this file:
#error This file should only be included on POSIX #error This file should only be included on POSIX
#endif #endif
namespace __sanitizer { namespace __sanitizer {
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines#define DEFINE_REAL_PTHREAD_FUNCTIONS \
int real_pthread_join(void *th, void **ret) { \ int real_pthread_join(void *th, void **ret) { \
return REAL(pthread_join(th, ret)); \ return REAL(pthread_join(th, ret)); \
} \ } \
} // namespace __sanitizer } // namespace __sanitizer
int my_pthread_attr_getstack(void *attr, void **addr, uptr *size); int my_pthread_attr_getstack(void *attr, void **addr, uptr *size);
int internal_sigaction(int signum, const void *act, void *oldact); int internal_sigaction(int signum, const void *act, void *oldact);
void internal_sigfillset(__sanitizer_sigset_t *set);
} // namespace __sanitizer } // namespace __sanitizer
#endif // SANITIZER_POSIX_H #endif // SANITIZER_POSIX_H

lib/sanitizer_common/sanitizer_posix.cc

Show First 20 LinesShow All 315 Lines▼ Show 20 Lines
SignalContext SignalContext::Create(void *siginfo, void *context) { SignalContext SignalContext::Create(void *siginfo, void *context) {
uptr addr = (uptr)((siginfo_t*)siginfo)->si_addr; uptr addr = (uptr)((siginfo_t*)siginfo)->si_addr;
uptr pc, sp, bp; uptr pc, sp, bp;
GetPcSpBp(context, &pc, &sp, &bp); GetPcSpBp(context, &pc, &sp, &bp);
return SignalContext(context, addr, pc, sp, bp); return SignalContext(context, addr, pc, sp, bp);
} }
void internal_sigfillset(__sanitizer_sigset_t *set) {
internal_memset(set, 0xff, sizeof(*set));
}
} // namespace __sanitizer } // namespace __sanitizer
#endif // SANITIZER_POSIX #endif // SANITIZER_POSIX

lib/tsan/rtl/tsan_interceptors.h

Show All 26 Lines
/**/ /**/
#define SCOPED_TSAN_INTERCEPTOR(func, ...) \ #define SCOPED_TSAN_INTERCEPTOR(func, ...) \
SCOPED_INTERCEPTOR_RAW(func, __VA_ARGS__); \ SCOPED_INTERCEPTOR_RAW(func, __VA_ARGS__); \
if (REAL(func) == 0) { \ if (REAL(func) == 0) { \
Report("FATAL: ThreadSanitizer: failed to intercept %s\n", #func); \ Report("FATAL: ThreadSanitizer: failed to intercept %s\n", #func); \
Die(); \ Die(); \
} \ } \
if (thr->ignore_interceptors || thr->in_ignored_lib) \ if (!thr->is_inited || thr->ignore_interceptors || thr->in_ignored_lib) \
danalbertUnsubmitted
Not Done
ReplyInline Actions

I can't say much for the rest of the change, but the is_inited checks can easily be a separate, smaller patch, and I can pretty much guarantee that someone else would say so if I didn't :)

danalbert: I can't say much for the rest of the change, but the `is_inited` checks can easily be a…
yabincAuthorUnsubmitted
Not Done
ReplyInline Actions

I will split the patch into 3 parts as in the summary, if no one complains that it should be smaller.

yabinc: I will split the patch into 3 parts as in the summary, if no one complains that it should be…
return REAL(func)(__VA_ARGS__); \ return REAL(func)(__VA_ARGS__); \
/**/ /**/
#define TSAN_INTERCEPTOR(ret, func, ...) INTERCEPTOR(ret, func, __VA_ARGS__) #define TSAN_INTERCEPTOR(ret, func, ...) INTERCEPTOR(ret, func, __VA_ARGS__)
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
#define __libc_free __free #define __libc_free __free
#define __libc_malloc __malloc #define __libc_malloc __malloc
#endif #endif
extern "C" void __libc_free(void *ptr); extern "C" void __libc_free(void *ptr);
extern "C" void *__libc_malloc(uptr size); extern "C" void *__libc_malloc(uptr size);
#endif // TSAN_INTERCEPTORS_H #endif // TSAN_INTERCEPTORS_H

lib/tsan/rtl/tsan_interceptors.cc

Show First 20 LinesShow All 42 Lines▼ Show 20 Lines
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
#define __libc_realloc __realloc #define __libc_realloc __realloc
#define __libc_calloc __calloc #define __libc_calloc __calloc
#elif SANITIZER_MAC #elif SANITIZER_MAC
#define __libc_malloc REAL(malloc) #define __libc_malloc REAL(malloc)
#define __libc_realloc REAL(realloc) #define __libc_realloc REAL(realloc)
#define __libc_calloc REAL(calloc) #define __libc_calloc REAL(calloc)
#define __libc_free REAL(free) #define __libc_free REAL(free)
#elif SANITIZER_ANDROID
#define __errno_location __errno
#define __libc_malloc REAL(malloc)
#define __libc_realloc REAL(realloc)
#define __libc_calloc REAL(calloc)
#define __libc_free REAL(free)
#define mallopt(a, b)
#endif #endif
#if SANITIZER_LINUX || SANITIZER_FREEBSD #if SANITIZER_LINUX || SANITIZER_FREEBSD
#define PTHREAD_CREATE_DETACHED 1 #define PTHREAD_CREATE_DETACHED 1
#elif SANITIZER_MAC #elif SANITIZER_MAC
#define PTHREAD_CREATE_DETACHED 2 #define PTHREAD_CREATE_DETACHED 2
#endif #endif
Show All 30 Lines
extern "C" int pthread_attr_destroy(void *attr); extern "C" int pthread_attr_destroy(void *attr);
DECLARE_REAL(int, pthread_attr_getdetachstate, void *, void *) DECLARE_REAL(int, pthread_attr_getdetachstate, void *, void *)
extern "C" int pthread_attr_setstacksize(void *attr, uptr stacksize); extern "C" int pthread_attr_setstacksize(void *attr, uptr stacksize);
extern "C" int pthread_key_create(unsigned *key, void (*destructor)(void* v)); extern "C" int pthread_key_create(unsigned *key, void (*destructor)(void* v));
extern "C" int pthread_setspecific(unsigned key, const void *v); extern "C" int pthread_setspecific(unsigned key, const void *v);
DECLARE_REAL(int, pthread_mutexattr_gettype, void *, void *) DECLARE_REAL(int, pthread_mutexattr_gettype, void *, void *)
extern "C" int pthread_sigmask(int how, const __sanitizer_sigset_t *set, extern "C" int pthread_sigmask(int how, const __sanitizer_sigset_t *set,
__sanitizer_sigset_t *oldset); __sanitizer_sigset_t *oldset);
// REAL(sigfillset) defined in common interceptors.
DECLARE_REAL(int, sigfillset, __sanitizer_sigset_t *set)
DECLARE_REAL(int, fflush, __sanitizer_FILE *fp) DECLARE_REAL(int, fflush, __sanitizer_FILE *fp)
DECLARE_REAL_AND_INTERCEPTOR(void *, malloc, uptr size) DECLARE_REAL_AND_INTERCEPTOR(void *, malloc, uptr size)
DECLARE_REAL_AND_INTERCEPTOR(void, free, void *ptr) DECLARE_REAL_AND_INTERCEPTOR(void, free, void *ptr)
extern "C" void *pthread_self(); extern "C" void *pthread_self();
extern "C" void _exit(int status); extern "C" void _exit(int status);
extern "C" int *__errno_location(); extern "C" int *__errno_location();
extern "C" int fileno_unlocked(void *stream); extern "C" int fileno_unlocked(void *stream);
#if !SANITIZER_ANDROID
extern "C" void *__libc_calloc(uptr size, uptr n); extern "C" void *__libc_calloc(uptr size, uptr n);
extern "C" void *__libc_realloc(void *ptr, uptr size); extern "C" void *__libc_realloc(void *ptr, uptr size);
#endif
extern "C" int dirfd(void *dirp); extern "C" int dirfd(void *dirp);
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD && !SANITIZER_ANDROID
extern "C" int mallopt(int param, int value); extern "C" int mallopt(int param, int value);
#endif #endif
extern __sanitizer_FILE *stdout, *stderr; extern __sanitizer_FILE *stdout, *stderr;
const int PTHREAD_MUTEX_RECURSIVE = 1; const int PTHREAD_MUTEX_RECURSIVE = 1;
const int PTHREAD_MUTEX_RECURSIVE_NP = 1; const int PTHREAD_MUTEX_RECURSIVE_NP = 1;
const int EINVAL = 22; const int EINVAL = 22;
const int EBUSY = 16; const int EBUSY = 16;
const int EOWNERDEAD = 130; const int EOWNERDEAD = 130;
Show All 26 Lines
# define F_TLOCK 2 /* Test and lock a region for exclusive use. */ # define F_TLOCK 2 /* Test and lock a region for exclusive use. */
# define F_TEST 3 /* Test a region for other processes locks. */ # define F_TEST 3 /* Test a region for other processes locks. */
#define errno (*__errno_location()) #define errno (*__errno_location())
typedef void (*sighandler_t)(int sig); typedef void (*sighandler_t)(int sig);
typedef void (*sigactionhandler_t)(int sig, my_siginfo_t *siginfo, void *uctx); typedef void (*sigactionhandler_t)(int sig, my_siginfo_t *siginfo, void *uctx);
#if SANITIZER_ANDROID
struct sigaction_t {
u32 sa_flags;
union {
sighandler_t sa_handler;
sigactionhandler_t sa_sigaction;
};
__sanitizer_sigset_t sa_mask;
void (*sa_restorer)();
};
#else
struct sigaction_t { struct sigaction_t {
#ifdef __mips__ #ifdef __mips__
u32 sa_flags; u32 sa_flags;
#endif #endif
union { union {
sighandler_t sa_handler; sighandler_t sa_handler;
sigactionhandler_t sa_sigaction; sigactionhandler_t sa_sigaction;
}; };
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
int sa_flags; int sa_flags;
__sanitizer_sigset_t sa_mask; __sanitizer_sigset_t sa_mask;
#elif SANITIZER_MAC #elif SANITIZER_MAC
__sanitizer_sigset_t sa_mask; __sanitizer_sigset_t sa_mask;
int sa_flags; int sa_flags;
#else #else
__sanitizer_sigset_t sa_mask; __sanitizer_sigset_t sa_mask;
#ifndef __mips__ #ifndef __mips__
int sa_flags; int sa_flags;
#endif #endif
void (*sa_restorer)(); void (*sa_restorer)();
#endif #endif
}; };
#endif // SANITIZER_ANDROID
const sighandler_t SIG_DFL = (sighandler_t)0; const sighandler_t SIG_DFL = (sighandler_t)0;
const sighandler_t SIG_IGN = (sighandler_t)1; const sighandler_t SIG_IGN = (sighandler_t)1;
const sighandler_t SIG_ERR = (sighandler_t)-1; const sighandler_t SIG_ERR = (sighandler_t)-1;
#if SANITIZER_FREEBSD || SANITIZER_MAC #if SANITIZER_FREEBSD || SANITIZER_MAC
const int SA_SIGINFO = 0x40; const int SA_SIGINFO = 0x40;
const int SIG_SETMASK = 3; const int SIG_SETMASK = 3;
#elif defined(__mips__) #elif defined(__mips__)
Show All 17 Linesstruct SignalDesc {
ucontext_t ctx; ucontext_t ctx;
}; };
struct ThreadSignalContext { struct ThreadSignalContext {
int int_signal_send; int int_signal_send;
atomic_uintptr_t in_blocking_func; atomic_uintptr_t in_blocking_func;
atomic_uintptr_t have_pending_signals; atomic_uintptr_t have_pending_signals;
SignalDesc pending_signals[kSigCount]; SignalDesc pending_signals[kSigCount];
// emptyset and oldset are too big for stack.
__sanitizer_sigset_t emptyset;
__sanitizer_sigset_t oldset;
}; };
// The object is 64-byte aligned, because we want hot data to be located in // The object is 64-byte aligned, because we want hot data to be located in
// a single cache line if possible (it's accessed in every interceptor). // a single cache line if possible (it's accessed in every interceptor).
static ALIGNED(64) char libignore_placeholder[sizeof(LibIgnore)]; static ALIGNED(64) char libignore_placeholder[sizeof(LibIgnore)];
static LibIgnore *libignore() { static LibIgnore *libignore() {
return reinterpret_cast<LibIgnore*>(&libignore_placeholder[0]); return reinterpret_cast<LibIgnore*>(&libignore_placeholder[0]);
} }
void InitializeLibIgnore() { void InitializeLibIgnore() {
const SuppressionContext &supp = *Suppressions(); const SuppressionContext &supp = *Suppressions();
const uptr n = supp.SuppressionCount(); const uptr n = supp.SuppressionCount();
for (uptr i = 0; i < n; i++) { for (uptr i = 0; i < n; i++) {
const Suppression *s = supp.SuppressionAt(i); const Suppression *s = supp.SuppressionAt(i);
if (0 == internal_strcmp(s->type, kSuppressionLib)) if (0 == internal_strcmp(s->type, kSuppressionLib))
libignore()->AddIgnoredLibrary(s->templ); libignore()->AddIgnoredLibrary(s->templ);
} }
libignore()->OnLibraryLoaded(0); libignore()->OnLibraryLoaded(0);
} }
} // namespace __tsan } // namespace __tsan
static ThreadSignalContext *SigCtx(ThreadState *thr) { static ThreadSignalContext *SigCtx(ThreadState *thr) {
ThreadSignalContext *ctx = (ThreadSignalContext*)thr->signal_ctx; ThreadSignalContext *ctx = (ThreadSignalContext*)thr->signal_ctx;
if (ctx == 0 && !thr->is_dead) { if (ctx == 0 && !thr->is_dead) {
dvyukovUnsubmitted
Not Done
ReplyInline Actions

fix internal_sigfillset to work on android instead
the existing layer of indirection is exactly to hide such differences

dvyukov: fix internal_sigfillset to work on android instead the existing layer of indirection is exactly…
yabincAuthorUnsubmitted
Not Done
ReplyInline Actions

I use internal_sigfillset() for android because sigfillset() is not intercepted on android (maybe because of asan). And I think we can't use internal_sigfillset() for mac or windows.

yabinc: I use internal_sigfillset() for android because sigfillset() is not intercepted on android…
dvyukovUnsubmitted
Not Done
ReplyInline Actions

This file calls REAL(sigfillset) just because it was written before internal_sigfillset appeared. The right thing to do is to replace all calls of REAL(sigfillset) to internal_sigfillset in this file, and then make internal_sigfillset work on all platforms. Windows is not an issue, because tsan does not work on windows yet. Mac calls just sigfillset inside of internal_sigfillset, not sure whether it can lead to infinite recursion or not... +Kuba for this. Anyway we need to fix internal_sigfillset.

dvyukov: This file calls REAL(sigfillset) just because it was written before internal_sigfillset…
kubamracekUnsubmitted
Not Done
ReplyInline Actions

Calling just sigfillset on OS X will call REAL(sigfillset), so it won't infinitely recurse. (Actually, sigfillset is a macro that sets the value to ~0, so nothing is called at all.)

kubamracek: Calling just `sigfillset` on OS X will call `REAL(sigfillset)`, so it won't infinitely recurse.
dvyukovUnsubmitted
Done
ReplyInline Actions

Great, thanks.
Then we just need to call internal_sigfillset in this file.

dvyukov: Great, thanks. Then we just need to call internal_sigfillset in this file.
yabincAuthorUnsubmitted
Not Done
ReplyInline Actions

Inorder to use internal_sigfillset() in all cases, I have to move internal_sigfillset() from sanitizer_linux.cc to sanitizer_posix.cc. I included "sanitizer_platform_limits_posix.h" in sanitizer_posix.h, I am not very sure that
it is fine.

yabinc: Inorder to use internal_sigfillset() in all cases, I have to move internal_sigfillset() from…
ctx = (ThreadSignalContext*)MmapOrDie(sizeof(*ctx), "ThreadSignalContext"); ctx = (ThreadSignalContext*)MmapOrDie(sizeof(*ctx), "ThreadSignalContext");
MemoryResetRange(thr, (uptr)&SigCtx, (uptr)ctx, sizeof(*ctx)); MemoryResetRange(thr, (uptr)&SigCtx, (uptr)ctx, sizeof(*ctx));
thr->signal_ctx = ctx; thr->signal_ctx = ctx;
} }
return ctx; return ctx;
} }
#if !SANITIZER_MAC #if !SANITIZER_MAC
static unsigned g_thread_finalize_key; static unsigned g_thread_finalize_key;
#endif #endif
ScopedInterceptor::ScopedInterceptor(ThreadState *thr, const char *fname, ScopedInterceptor::ScopedInterceptor(ThreadState *thr, const char *fname,
uptr pc) uptr pc)
: thr_(thr) : thr_(thr)
, pc_(pc) , pc_(pc)
, in_ignored_lib_(false) { , in_ignored_lib_(false) {
if (!thr_->ignore_interceptors) {
Initialize(thr); Initialize(thr);
if (!thr_->is_inited)
dvyukovUnsubmitted
Done
ReplyInline Actions

drop {} for if with single-statement/single-line body
whole tsan codebase does it that way

dvyukov: drop {} for if with single-statement/single-line body whole tsan codebase does it that way
return;
if (!thr_->ignore_interceptors)
dvyukovUnsubmitted
Done
ReplyInline Actions

ditto

dvyukov: ditto
FuncEntry(thr, pc); FuncEntry(thr, pc);
}
DPrintf("#%d: intercept %s()\n", thr_->tid, fname); DPrintf("#%d: intercept %s()\n", thr_->tid, fname);
if (!thr_->in_ignored_lib && libignore()->IsIgnored(pc)) { if (!thr_->in_ignored_lib && libignore()->IsIgnored(pc)) {
in_ignored_lib_ = true; in_ignored_lib_ = true;
thr_->in_ignored_lib = true; thr_->in_ignored_lib = true;
ThreadIgnoreBegin(thr_, pc_); ThreadIgnoreBegin(thr_, pc_);
} }
} }
ScopedInterceptor::~ScopedInterceptor() { ScopedInterceptor::~ScopedInterceptor() {
if (!thr_->is_inited)
dvyukovUnsubmitted
Done
ReplyInline Actions

ditto

dvyukov: ditto
return;
if (in_ignored_lib_) { if (in_ignored_lib_) {
thr_->in_ignored_lib = false; thr_->in_ignored_lib = false;
ThreadIgnoreEnd(thr_, pc_); ThreadIgnoreEnd(thr_, pc_);
} }
if (!thr_->ignore_interceptors) { if (!thr_->ignore_interceptors) {
ProcessPendingSignals(thr_); ProcessPendingSignals(thr_);
FuncExit(thr_); FuncExit(thr_);
CheckNoLocks(thr_); CheckNoLocks(thr_);
▲ Show 20 LinesShow All 79 Lines▼ Show 20 Linesstatic void at_exit_wrapper(void *arg) {
AtExitCtx *ctx = (AtExitCtx*)arg; AtExitCtx *ctx = (AtExitCtx*)arg;
((void(*)(void *arg))ctx->f)(ctx->arg); ((void(*)(void *arg))ctx->f)(ctx->arg);
__libc_free(ctx); __libc_free(ctx);
} }
static int setup_at_exit_wrapper(ThreadState *thr, uptr pc, void(*f)(), static int setup_at_exit_wrapper(ThreadState *thr, uptr pc, void(*f)(),
void *arg, void *dso); void *arg, void *dso);
#if !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, atexit, void (*f)()) { TSAN_INTERCEPTOR(int, atexit, void (*f)()) {
if (cur_thread()->in_symbolizer) if (cur_thread()->in_symbolizer)
return 0; return 0;
// We want to setup the atexit callback even if we are in ignored lib // We want to setup the atexit callback even if we are in ignored lib
// or after fork. // or after fork.
SCOPED_INTERCEPTOR_RAW(atexit, f); SCOPED_INTERCEPTOR_RAW(atexit, f);
return setup_at_exit_wrapper(thr, pc, (void(*)())f, 0, 0); return setup_at_exit_wrapper(thr, pc, (void(*)())f, 0, 0);
} }
#endif
TSAN_INTERCEPTOR(int, __cxa_atexit, void (*f)(void *a), void *arg, void *dso) { TSAN_INTERCEPTOR(int, __cxa_atexit, void (*f)(void *a), void *arg, void *dso) {
if (cur_thread()->in_symbolizer) if (cur_thread()->in_symbolizer)
return 0; return 0;
SCOPED_TSAN_INTERCEPTOR(__cxa_atexit, f, arg, dso); SCOPED_TSAN_INTERCEPTOR(__cxa_atexit, f, arg, dso);
return setup_at_exit_wrapper(thr, pc, (void(*)())f, arg, dso); return setup_at_exit_wrapper(thr, pc, (void(*)())f, arg, dso);
} }
▲ Show 20 LinesShow All 973 Lines▼ Show 20 Lines while (v != 2) {
v = atomic_load(a, memory_order_acquire); v = atomic_load(a, memory_order_acquire);
} }
if (!thr->in_ignored_lib) if (!thr->in_ignored_lib)
Acquire(thr, pc, (uptr)o); Acquire(thr, pc, (uptr)o);
} }
return 0; return 0;
} }
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, __xstat, int version, const char *path, void *buf) { TSAN_INTERCEPTOR(int, __xstat, int version, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__xstat, version, path, buf); SCOPED_TSAN_INTERCEPTOR(__xstat, version, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(__xstat)(version, path, buf); return REAL(__xstat)(version, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT___XSTAT TSAN_INTERCEPT(__xstat) #define TSAN_MAYBE_INTERCEPT___XSTAT TSAN_INTERCEPT(__xstat)
#else #else
#define TSAN_MAYBE_INTERCEPT___XSTAT #define TSAN_MAYBE_INTERCEPT___XSTAT
#endif #endif
TSAN_INTERCEPTOR(int, stat, const char *path, void *buf) { TSAN_INTERCEPTOR(int, stat, const char *path, void *buf) {
#if SANITIZER_FREEBSD || SANITIZER_MAC #if SANITIZER_FREEBSD || SANITIZER_MAC || SANITIZER_ANDROID
SCOPED_TSAN_INTERCEPTOR(stat, path, buf); SCOPED_TSAN_INTERCEPTOR(stat, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(stat)(path, buf); return REAL(stat)(path, buf);
#else #else
SCOPED_TSAN_INTERCEPTOR(__xstat, 0, path, buf); SCOPED_TSAN_INTERCEPTOR(__xstat, 0, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(__xstat)(0, path, buf); return REAL(__xstat)(0, path, buf);
#endif #endif
} }
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, __xstat64, int version, const char *path, void *buf) { TSAN_INTERCEPTOR(int, __xstat64, int version, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__xstat64, version, path, buf); SCOPED_TSAN_INTERCEPTOR(__xstat64, version, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(__xstat64)(version, path, buf); return REAL(__xstat64)(version, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT___XSTAT64 TSAN_INTERCEPT(__xstat64) #define TSAN_MAYBE_INTERCEPT___XSTAT64 TSAN_INTERCEPT(__xstat64)
#else #else
#define TSAN_MAYBE_INTERCEPT___XSTAT64 #define TSAN_MAYBE_INTERCEPT___XSTAT64
#endif #endif
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, stat64, const char *path, void *buf) { TSAN_INTERCEPTOR(int, stat64, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__xstat64, 0, path, buf); SCOPED_TSAN_INTERCEPTOR(__xstat64, 0, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(__xstat64)(0, path, buf); return REAL(__xstat64)(0, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT_STAT64 TSAN_INTERCEPT(stat64) #define TSAN_MAYBE_INTERCEPT_STAT64 TSAN_INTERCEPT(stat64)
#else #else
#define TSAN_MAYBE_INTERCEPT_STAT64 #define TSAN_MAYBE_INTERCEPT_STAT64
#endif #endif
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, __lxstat, int version, const char *path, void *buf) { TSAN_INTERCEPTOR(int, __lxstat, int version, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__lxstat, version, path, buf); SCOPED_TSAN_INTERCEPTOR(__lxstat, version, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(__lxstat)(version, path, buf); return REAL(__lxstat)(version, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT___LXSTAT TSAN_INTERCEPT(__lxstat) #define TSAN_MAYBE_INTERCEPT___LXSTAT TSAN_INTERCEPT(__lxstat)
#else #else
#define TSAN_MAYBE_INTERCEPT___LXSTAT #define TSAN_MAYBE_INTERCEPT___LXSTAT
#endif #endif
TSAN_INTERCEPTOR(int, lstat, const char *path, void *buf) { TSAN_INTERCEPTOR(int, lstat, const char *path, void *buf) {
#if SANITIZER_FREEBSD || SANITIZER_MAC #if SANITIZER_FREEBSD || SANITIZER_MAC || SANITIZER_ANDROID
SCOPED_TSAN_INTERCEPTOR(lstat, path, buf); SCOPED_TSAN_INTERCEPTOR(lstat, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(lstat)(path, buf); return REAL(lstat)(path, buf);
#else #else
SCOPED_TSAN_INTERCEPTOR(__lxstat, 0, path, buf); SCOPED_TSAN_INTERCEPTOR(__lxstat, 0, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(__lxstat)(0, path, buf); return REAL(__lxstat)(0, path, buf);
#endif #endif
} }
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, __lxstat64, int version, const char *path, void *buf) { TSAN_INTERCEPTOR(int, __lxstat64, int version, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__lxstat64, version, path, buf); SCOPED_TSAN_INTERCEPTOR(__lxstat64, version, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(__lxstat64)(version, path, buf); return REAL(__lxstat64)(version, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT___LXSTAT64 TSAN_INTERCEPT(__lxstat64) #define TSAN_MAYBE_INTERCEPT___LXSTAT64 TSAN_INTERCEPT(__lxstat64)
#else #else
#define TSAN_MAYBE_INTERCEPT___LXSTAT64 #define TSAN_MAYBE_INTERCEPT___LXSTAT64
#endif #endif
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, lstat64, const char *path, void *buf) { TSAN_INTERCEPTOR(int, lstat64, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__lxstat64, 0, path, buf); SCOPED_TSAN_INTERCEPTOR(__lxstat64, 0, path, buf);
READ_STRING(thr, pc, path, 0); READ_STRING(thr, pc, path, 0);
return REAL(__lxstat64)(0, path, buf); return REAL(__lxstat64)(0, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT_LSTAT64 TSAN_INTERCEPT(lstat64) #define TSAN_MAYBE_INTERCEPT_LSTAT64 TSAN_INTERCEPT(lstat64)
#else #else
#define TSAN_MAYBE_INTERCEPT_LSTAT64 #define TSAN_MAYBE_INTERCEPT_LSTAT64
#endif #endif
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, __fxstat, int version, int fd, void *buf) { TSAN_INTERCEPTOR(int, __fxstat, int version, int fd, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__fxstat, version, fd, buf); SCOPED_TSAN_INTERCEPTOR(__fxstat, version, fd, buf);
if (fd > 0) if (fd > 0)
FdAccess(thr, pc, fd); FdAccess(thr, pc, fd);
return REAL(__fxstat)(version, fd, buf); return REAL(__fxstat)(version, fd, buf);
} }
#define TSAN_MAYBE_INTERCEPT___FXSTAT TSAN_INTERCEPT(__fxstat) #define TSAN_MAYBE_INTERCEPT___FXSTAT TSAN_INTERCEPT(__fxstat)
#else #else
#define TSAN_MAYBE_INTERCEPT___FXSTAT #define TSAN_MAYBE_INTERCEPT___FXSTAT
#endif #endif
TSAN_INTERCEPTOR(int, fstat, int fd, void *buf) { TSAN_INTERCEPTOR(int, fstat, int fd, void *buf) {
#if SANITIZER_FREEBSD || SANITIZER_MAC #if SANITIZER_FREEBSD || SANITIZER_MAC || SANITIZER_ANDROID
SCOPED_TSAN_INTERCEPTOR(fstat, fd, buf); SCOPED_TSAN_INTERCEPTOR(fstat, fd, buf);
if (fd > 0) if (fd > 0)
FdAccess(thr, pc, fd); FdAccess(thr, pc, fd);
return REAL(fstat)(fd, buf); return REAL(fstat)(fd, buf);
#else #else
SCOPED_TSAN_INTERCEPTOR(__fxstat, 0, fd, buf); SCOPED_TSAN_INTERCEPTOR(__fxstat, 0, fd, buf);
if (fd > 0) if (fd > 0)
FdAccess(thr, pc, fd); FdAccess(thr, pc, fd);
return REAL(__fxstat)(0, fd, buf); return REAL(__fxstat)(0, fd, buf);
#endif #endif
} }
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, __fxstat64, int version, int fd, void *buf) { TSAN_INTERCEPTOR(int, __fxstat64, int version, int fd, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__fxstat64, version, fd, buf); SCOPED_TSAN_INTERCEPTOR(__fxstat64, version, fd, buf);
if (fd > 0) if (fd > 0)
FdAccess(thr, pc, fd); FdAccess(thr, pc, fd);
return REAL(__fxstat64)(version, fd, buf); return REAL(__fxstat64)(version, fd, buf);
} }
#define TSAN_MAYBE_INTERCEPT___FXSTAT64 TSAN_INTERCEPT(__fxstat64) #define TSAN_MAYBE_INTERCEPT___FXSTAT64 TSAN_INTERCEPT(__fxstat64)
#else #else
#define TSAN_MAYBE_INTERCEPT___FXSTAT64 #define TSAN_MAYBE_INTERCEPT___FXSTAT64
#endif #endif
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(int, fstat64, int fd, void *buf) { TSAN_INTERCEPTOR(int, fstat64, int fd, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__fxstat64, 0, fd, buf); SCOPED_TSAN_INTERCEPTOR(__fxstat64, 0, fd, buf);
if (fd > 0) if (fd > 0)
FdAccess(thr, pc, fd); FdAccess(thr, pc, fd);
return REAL(__fxstat64)(0, fd, buf); return REAL(__fxstat64)(0, fd, buf);
} }
#define TSAN_MAYBE_INTERCEPT_FSTAT64 TSAN_INTERCEPT(fstat64) #define TSAN_MAYBE_INTERCEPT_FSTAT64 TSAN_INTERCEPT(fstat64)
#else #else
▲ Show 20 LinesShow All 208 Lines▼ Show 20 LinesTSAN_INTERCEPTOR(int, __close, int fd) {
return REAL(__close)(fd); return REAL(__close)(fd);
} }
#define TSAN_MAYBE_INTERCEPT___CLOSE TSAN_INTERCEPT(__close) #define TSAN_MAYBE_INTERCEPT___CLOSE TSAN_INTERCEPT(__close)
#else #else
#define TSAN_MAYBE_INTERCEPT___CLOSE #define TSAN_MAYBE_INTERCEPT___CLOSE
#endif #endif
// glibc guts // glibc guts
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
TSAN_INTERCEPTOR(void, __res_iclose, void *state, bool free_addr) { TSAN_INTERCEPTOR(void, __res_iclose, void *state, bool free_addr) {
SCOPED_TSAN_INTERCEPTOR(__res_iclose, state, free_addr); SCOPED_TSAN_INTERCEPTOR(__res_iclose, state, free_addr);
int fds[64]; int fds[64];
int cnt = ExtractResolvFDs(state, fds, ARRAY_SIZE(fds)); int cnt = ExtractResolvFDs(state, fds, ARRAY_SIZE(fds));
for (int i = 0; i < cnt; i++) { for (int i = 0; i < cnt; i++) {
if (fds[i] > 0) if (fds[i] > 0)
FdClose(thr, pc, fds[i]); FdClose(thr, pc, fds[i]);
} }
▲ Show 20 LinesShow All 215 Lines▼ Show 20 Lines
void ProcessPendingSignals(ThreadState *thr) { void ProcessPendingSignals(ThreadState *thr) {
ThreadSignalContext *sctx = SigCtx(thr); ThreadSignalContext *sctx = SigCtx(thr);
if (sctx == 0 || if (sctx == 0 ||
atomic_load(&sctx->have_pending_signals, memory_order_relaxed) == 0) atomic_load(&sctx->have_pending_signals, memory_order_relaxed) == 0)
return; return;
atomic_store(&sctx->have_pending_signals, 0, memory_order_relaxed); atomic_store(&sctx->have_pending_signals, 0, memory_order_relaxed);
atomic_fetch_add(&thr->in_signal_handler, 1, memory_order_relaxed); atomic_fetch_add(&thr->in_signal_handler, 1, memory_order_relaxed);
// These are too big for stack. internal_sigfillset(&sctx->emptyset);
static THREADLOCAL __sanitizer_sigset_t emptyset, oldset; CHECK_EQ(0, pthread_sigmask(SIG_SETMASK, &sctx->emptyset, &sctx->oldset));
CHECK_EQ(0, REAL(sigfillset)(&emptyset));
CHECK_EQ(0, pthread_sigmask(SIG_SETMASK, &emptyset, &oldset));
for (int sig = 0; sig < kSigCount; sig++) { for (int sig = 0; sig < kSigCount; sig++) {
SignalDesc *signal = &sctx->pending_signals[sig]; SignalDesc *signal = &sctx->pending_signals[sig];
if (signal->armed) { if (signal->armed) {
signal->armed = false; signal->armed = false;
CallUserSignalHandler(thr, false, true, signal->sigaction, sig, CallUserSignalHandler(thr, false, true, signal->sigaction, sig,
&signal->siginfo, &signal->ctx); &signal->siginfo, &signal->ctx);
} }
} }
CHECK_EQ(0, pthread_sigmask(SIG_SETMASK, &oldset, 0)); CHECK_EQ(0, pthread_sigmask(SIG_SETMASK, &sctx->oldset, 0));
atomic_fetch_add(&thr->in_signal_handler, -1, memory_order_relaxed); atomic_fetch_add(&thr->in_signal_handler, -1, memory_order_relaxed);
} }
} // namespace __tsan } // namespace __tsan
static bool is_sync_signal(ThreadSignalContext *sctx, int sig) { static bool is_sync_signal(ThreadSignalContext *sctx, int sig) {
return sig == SIGSEGV || sig == SIGBUS || sig == SIGILL || return sig == SIGSEGV || sig == SIGBUS || sig == SIGILL ||
sig == SIGABRT || sig == SIGFPE || sig == SIGPIPE || sig == SIGSYS || sig == SIGABRT || sig == SIGFPE || sig == SIGPIPE || sig == SIGSYS ||
▲ Show 20 LinesShow All 77 Lines▼ Show 20 LinesTSAN_INTERCEPTOR(int, sigaction, int sig, sigaction_t *act, sigaction_t *old) {
sigactions[sig].sa_flags = *(volatile int*)&act->sa_flags; sigactions[sig].sa_flags = *(volatile int*)&act->sa_flags;
internal_memcpy(&sigactions[sig].sa_mask, &act->sa_mask, internal_memcpy(&sigactions[sig].sa_mask, &act->sa_mask,
sizeof(sigactions[sig].sa_mask)); sizeof(sigactions[sig].sa_mask));
#if !SANITIZER_FREEBSD && !SANITIZER_MAC #if !SANITIZER_FREEBSD && !SANITIZER_MAC
sigactions[sig].sa_restorer = act->sa_restorer; sigactions[sig].sa_restorer = act->sa_restorer;
#endif #endif
sigaction_t newact; sigaction_t newact;
internal_memcpy(&newact, act, sizeof(newact)); internal_memcpy(&newact, act, sizeof(newact));
REAL(sigfillset)(&newact.sa_mask); internal_sigfillset(&newact.sa_mask);
if (act->sa_handler != SIG_IGN && act->sa_handler != SIG_DFL) { if (act->sa_handler != SIG_IGN && act->sa_handler != SIG_DFL) {
if (newact.sa_flags & SA_SIGINFO) if (newact.sa_flags & SA_SIGINFO)
newact.sa_sigaction = rtl_sigaction; newact.sa_sigaction = rtl_sigaction;
else else
newact.sa_handler = rtl_sighandler; newact.sa_handler = rtl_sighandler;
} }
ReleaseStore(thr, pc, (uptr)&sigactions[sig]); ReleaseStore(thr, pc, (uptr)&sigactions[sig]);
int res = REAL(sigaction)(sig, &newact, 0); int res = REAL(sigaction)(sig, &newact, 0);
▲ Show 20 LinesShow All 111 Lines▼ Show 20 LinesTSAN_INTERCEPTOR(int, vfork, int fake) {
// We could disable interceptors in the child process. But it's not possible // We could disable interceptors in the child process. But it's not possible
// to simply intercept and wrap vfork, because vfork child is not allowed // to simply intercept and wrap vfork, because vfork child is not allowed
// to return from the function that calls vfork, and that's exactly what // to return from the function that calls vfork, and that's exactly what
// we would do. So this would require some assembly trickery as well. // we would do. So this would require some assembly trickery as well.
// Instead we simply turn vfork into fork. // Instead we simply turn vfork into fork.
return WRAP(fork)(fake); return WRAP(fork)(fake);
} }
#if !SANITIZER_MAC #if !SANITIZER_MAC && !SANITIZER_ANDROID
typedef int (*dl_iterate_phdr_cb_t)(__sanitizer_dl_phdr_info *info, SIZE_T size, typedef int (*dl_iterate_phdr_cb_t)(__sanitizer_dl_phdr_info *info, SIZE_T size,
void *data); void *data);
struct dl_iterate_phdr_data { struct dl_iterate_phdr_data {
ThreadState *thr; ThreadState *thr;
uptr pc; uptr pc;
dl_iterate_phdr_cb_t cb; dl_iterate_phdr_cb_t cb;
void *data; void *data;
}; };
▲ Show 20 LinesShow All 305 Lines▼ Show 20 Linesstatic void finalize(void *arg) {
ThreadState *thr = cur_thread(); ThreadState *thr = cur_thread();
int status = Finalize(thr); int status = Finalize(thr);
// Make sure the output is not lost. // Make sure the output is not lost.
FlushStreams(); FlushStreams();
if (status) if (status)
Die(); Die();
} }
#if !SANITIZER_MAC #if !SANITIZER_MAC && !SANITIZER_ANDROID
static void unreachable() { static void unreachable() {
Report("FATAL: ThreadSanitizer: unreachable called\n"); Report("FATAL: ThreadSanitizer: unreachable called\n");
Die(); Die();
} }
#endif #endif
void InitializeInterceptors() { void InitializeInterceptors() {
#if !SANITIZER_MAC #if !SANITIZER_MAC
▲ Show 20 LinesShow All 148 Lines▼ Show 20 Lines#endif
TSAN_INTERCEPT(sleep); TSAN_INTERCEPT(sleep);
TSAN_INTERCEPT(usleep); TSAN_INTERCEPT(usleep);
TSAN_INTERCEPT(nanosleep); TSAN_INTERCEPT(nanosleep);
TSAN_INTERCEPT(gettimeofday); TSAN_INTERCEPT(gettimeofday);
TSAN_INTERCEPT(getaddrinfo); TSAN_INTERCEPT(getaddrinfo);
TSAN_INTERCEPT(fork); TSAN_INTERCEPT(fork);
TSAN_INTERCEPT(vfork); TSAN_INTERCEPT(vfork);
#if !SANITIZER_ANDROID
TSAN_INTERCEPT(dl_iterate_phdr); TSAN_INTERCEPT(dl_iterate_phdr);
#endif
TSAN_INTERCEPT(on_exit); TSAN_INTERCEPT(on_exit);
TSAN_INTERCEPT(__cxa_atexit); TSAN_INTERCEPT(__cxa_atexit);
TSAN_INTERCEPT(_exit); TSAN_INTERCEPT(_exit);
#if !SANITIZER_MAC #if !SANITIZER_MAC && !SANITIZER_ANDROID
// Need to setup it, because interceptors check that the function is resolved. // Need to setup it, because interceptors check that the function is resolved.
// But atexit is emitted directly into the module, so can't be resolved. // But atexit is emitted directly into the module, so can't be resolved.
REAL(atexit) = (int(*)(void(*)()))unreachable; REAL(atexit) = (int(*)(void(*)()))unreachable;
#endif #endif
if (REAL(__cxa_atexit)(&finalize, 0, 0)) { if (REAL(__cxa_atexit)(&finalize, 0, 0)) {
Printf("ThreadSanitizer: failed to setup atexit callback\n"); Printf("ThreadSanitizer: failed to setup atexit callback\n");
Die(); Die();
Show All 13 Lines

lib/tsan/rtl/tsan_new_delete.cc

Show All 17 Lines
using namespace __tsan; // NOLINT using namespace __tsan; // NOLINT
namespace std { namespace std {
struct nothrow_t {}; struct nothrow_t {};
} // namespace std } // namespace std
DECLARE_REAL(void *, malloc, uptr size) DECLARE_REAL(void *, malloc, uptr size)
DECLARE_REAL(void, free, void *ptr) DECLARE_REAL(void, free, void *ptr)
#if SANITIZER_MAC #if SANITIZER_MAC || SANITIZER_ANDROID
#define __libc_malloc REAL(malloc) #define __libc_malloc REAL(malloc)
#define __libc_free REAL(free) #define __libc_free REAL(free)
#endif #endif
#define OPERATOR_NEW_BODY(mangled_name) \ #define OPERATOR_NEW_BODY(mangled_name) \
if (cur_thread()->in_symbolizer) \ if (cur_thread()->in_symbolizer) \
return __libc_malloc(size); \ return __libc_malloc(size); \
void *p = 0; \ void *p = 0; \
▲ Show 20 LinesShow All 62 LinesShow Last 20 Lines

lib/tsan/rtl/tsan_platform.h

Show First 20 LinesShow All 85 Lines▼ Show 20 Linesstruct Mapping {
static const uptr kLoAppMemEnd = 0x0200000000ull; static const uptr kLoAppMemEnd = 0x0200000000ull;
static const uptr kHiAppMemBeg = 0xff80000000ull; static const uptr kHiAppMemBeg = 0xff80000000ull;
static const uptr kHiAppMemEnd = 0xffffffffffull; static const uptr kHiAppMemEnd = 0xffffffffffull;
static const uptr kAppMemMsk = 0xfc00000000ull; static const uptr kAppMemMsk = 0xfc00000000ull;
static const uptr kAppMemXor = 0x0400000000ull; static const uptr kAppMemXor = 0x0400000000ull;
static const uptr kVdsoBeg = 0xfffff00000ull; static const uptr kVdsoBeg = 0xfffff00000ull;
}; };
#elif defined(__aarch64__) #elif defined(__aarch64__)
#if SANITIZER_ANDROID
/*
C/C++ on android/aarch64 (39-bit VMA)
On Android, the executable file is shared library, so it is loaded
to address space near TASK_SIZE*2/3. Vdso area is not guaranteed
to be higher than stack, so disable it.
2000 0000 00 - 4000 0000 00: shadow memory
4000 0000 00 - 5000 0000 00: metainfo
5000 0000 00 - 5500 0000 00: -
5500 0000 00 - 5700 0000 00: main binary
5700 0000 00 - 6000 0000 00: -
6000 0000 00 - 6200 0000 00: traces
6200 0000 00 - 7d00 0000 00: -
7d00 0000 00 - 7e00 0000 00: heap
7e00 0000 00 - 8000 0000 00: modules and main thread stack
*/
struct Mapping {
static const uptr kShadowBeg = 0x2000000000ull;
static const uptr kShadowEnd = 0x4000000000ull;
static const uptr kMetaShadowBeg = 0x4000000000ull;
static const uptr kMetaShadowEnd = 0x5000000000ull;
static const uptr kLoAppMemBeg = 0x5500000000ull;
static const uptr kLoAppMemEnd = 0x5700000000ull;
static const uptr kTraceMemBeg = 0x6000000000ull;
static const uptr kTraceMemEnd = 0x6200000000ull;
static const uptr kHeapMemBeg = 0x7d00000000ull;
static const uptr kHeapMemEnd = 0x7e00000000ull;
static const uptr kHiAppMemBeg = 0x7e00000000ull;
static const uptr kHiAppMemEnd = 0x8000000000ull;
static const uptr kVdsoBeg = 0x8000000000ull;
static const uptr kLoAppMemAdd = 0x0300000000ull;
static const uptr kLoAppMemMsk = 0x5000000000ull;
static const uptr kHiAppMemMsk = 0x7000000000ull;
};
#else
// AArch64 supports multiple VMA which leads to multiple address transformation // AArch64 supports multiple VMA which leads to multiple address transformation
// functions. To support these multiple VMAS transformations and mappings TSAN // functions. To support these multiple VMAS transformations and mappings TSAN
// runtime for AArch64 uses an external memory read (vmaSize) to select which // runtime for AArch64 uses an external memory read (vmaSize) to select which
// mapping to use. Although slower, it make a same instrumented binary run on // mapping to use. Although slower, it make a same instrumented binary run on
// multiple kernels. // multiple kernels.
/* /*
C/C++ on linux/aarch64 (39-bit VMA) C/C++ on linux/aarch64 (39-bit VMA)
Show All 35 Lines
26000 0000 00 - 28000 0000 00: metainfo 26000 0000 00 - 28000 0000 00: metainfo
28000 0000 00 - 36200 0000 00: - 28000 0000 00 - 36200 0000 00: -
36200 0000 00 - 36240 0000 00: traces 36200 0000 00 - 36240 0000 00: traces
36240 0000 00 - 3e000 0000 00: - 36240 0000 00 - 3e000 0000 00: -
3e000 0000 00 - 3f000 0000 00: heap 3e000 0000 00 - 3f000 0000 00: heap
3f000 0000 00 - 3ffff ffff ff: modules and main thread stack 3f000 0000 00 - 3ffff ffff ff: modules and main thread stack
*/ */
struct Mapping42 { struct Mapping42 {
static const uptr kLoAppMemBeg = 0x00000001000ull; static const uptr kLoAppMemBeg = 0x00000001000ull;
dvyukovUnsubmitted
Done
ReplyInline Actions

drop {}

dvyukov: drop {}
dvyukovUnsubmitted
Done
ReplyInline Actions

drop {}

dvyukov: drop {}
static const uptr kLoAppMemEnd = 0x01000000000ull; static const uptr kLoAppMemEnd = 0x01000000000ull;
static const uptr kShadowBeg = 0x10000000000ull; static const uptr kShadowBeg = 0x10000000000ull;
static const uptr kShadowEnd = 0x20000000000ull; static const uptr kShadowEnd = 0x20000000000ull;
static const uptr kMetaShadowBeg = 0x26000000000ull; static const uptr kMetaShadowBeg = 0x26000000000ull;
static const uptr kMetaShadowEnd = 0x28000000000ull; static const uptr kMetaShadowEnd = 0x28000000000ull;
static const uptr kTraceMemBeg = 0x36200000000ull; static const uptr kTraceMemBeg = 0x36200000000ull;
static const uptr kTraceMemEnd = 0x36400000000ull; static const uptr kTraceMemEnd = 0x36400000000ull;
static const uptr kHeapMemBeg = 0x3e000000000ull; static const uptr kHeapMemBeg = 0x3e000000000ull;
static const uptr kHeapMemEnd = 0x3f000000000ull; static const uptr kHeapMemEnd = 0x3f000000000ull;
static const uptr kHiAppMemBeg = 0x3f000000000ull; static const uptr kHiAppMemBeg = 0x3f000000000ull;
static const uptr kHiAppMemEnd = 0x3ffffffffffull; static const uptr kHiAppMemEnd = 0x3ffffffffffull;
static const uptr kAppMemMsk = 0x3c000000000ull; static const uptr kAppMemMsk = 0x3c000000000ull;
static const uptr kAppMemXor = 0x04000000000ull; static const uptr kAppMemXor = 0x04000000000ull;
static const uptr kVdsoBeg = 0x37f00000000ull; static const uptr kVdsoBeg = 0x37f00000000ull;
}; };
// Indicates the runtime will define the memory regions at runtime. // Indicates the runtime will define the memory regions at runtime.
#define TSAN_RUNTIME_VMA 1 #define TSAN_RUNTIME_VMA 1
#endif #endif // !SANITIZER_ANDROID
#endif // defined(__aarch64__)
#elif defined(SANITIZER_GO) && !SANITIZER_WINDOWS #elif defined(SANITIZER_GO) && !SANITIZER_WINDOWS
/* Go on linux, darwin and freebsd /* Go on linux, darwin and freebsd
0000 0000 1000 - 0000 1000 0000: executable 0000 0000 1000 - 0000 1000 0000: executable
0000 1000 0000 - 00c0 0000 0000: - 0000 1000 0000 - 00c0 0000 0000: -
00c0 0000 0000 - 00e0 0000 0000: heap 00c0 0000 0000 - 00e0 0000 0000: heap
00e0 0000 0000 - 2000 0000 0000: - 00e0 0000 0000 - 2000 0000 0000: -
▲ Show 20 LinesShow All 90 Lines▼ Show 20 Lines#endif
case MAPPING_META_SHADOW_END: return Mapping::kMetaShadowEnd; case MAPPING_META_SHADOW_END: return Mapping::kMetaShadowEnd;
case MAPPING_TRACE_BEG: return Mapping::kTraceMemBeg; case MAPPING_TRACE_BEG: return Mapping::kTraceMemBeg;
case MAPPING_TRACE_END: return Mapping::kTraceMemEnd; case MAPPING_TRACE_END: return Mapping::kTraceMemEnd;
} }
} }
template<int Type> template<int Type>
uptr MappingArchImpl(void) { uptr MappingArchImpl(void) {
#ifdef __aarch64__ #if defined(__aarch64__) && !SANITIZER_ANDROID
if (vmaSize == 39) if (vmaSize == 39)
return MappingImpl<Mapping39, Type>(); return MappingImpl<Mapping39, Type>();
else else
return MappingImpl<Mapping42, Type>(); return MappingImpl<Mapping42, Type>();
DCHECK(0); DCHECK(0);
#else #else
return MappingImpl<Mapping, Type>(); return MappingImpl<Mapping, Type>();
#endif #endif
▲ Show 20 LinesShow All 108 Lines▼ Show 20 Lines return (mem >= Mapping::kHeapMemBeg && mem < Mapping::kHeapMemEnd) ||
(mem >= Mapping::kHiAppMemBeg && mem < Mapping::kHiAppMemEnd); (mem >= Mapping::kHiAppMemBeg && mem < Mapping::kHiAppMemEnd);
#else #else
return mem >= Mapping::kAppMemBeg && mem < Mapping::kAppMemEnd; return mem >= Mapping::kAppMemBeg && mem < Mapping::kAppMemEnd;
#endif #endif
} }
ALWAYS_INLINE ALWAYS_INLINE
bool IsAppMem(uptr mem) { bool IsAppMem(uptr mem) {
#ifdef __aarch64__ #if defined(__aarch64__) && !SANITIZER_ANDROID
if (vmaSize == 39) if (vmaSize == 39)
return IsAppMemImpl<Mapping39>(mem); return IsAppMemImpl<Mapping39>(mem);
else else
return IsAppMemImpl<Mapping42>(mem); return IsAppMemImpl<Mapping42>(mem);
DCHECK(0); DCHECK(0);
#else #else
return IsAppMemImpl<Mapping>(mem); return IsAppMemImpl<Mapping>(mem);
#endif #endif
} }
template<typename Mapping> template<typename Mapping>
bool IsShadowMemImpl(uptr mem) { bool IsShadowMemImpl(uptr mem) {
return mem >= Mapping::kShadowBeg && mem <= Mapping::kShadowEnd; return mem >= Mapping::kShadowBeg && mem <= Mapping::kShadowEnd;
} }
ALWAYS_INLINE ALWAYS_INLINE
bool IsShadowMem(uptr mem) { bool IsShadowMem(uptr mem) {
#ifdef __aarch64__ #if defined(__aarch64__) && !SANITIZER_ANDROID
if (vmaSize == 39) if (vmaSize == 39)
return IsShadowMemImpl<Mapping39>(mem); return IsShadowMemImpl<Mapping39>(mem);
else else
return IsShadowMemImpl<Mapping42>(mem); return IsShadowMemImpl<Mapping42>(mem);
DCHECK(0); DCHECK(0);
#else #else
return IsShadowMemImpl<Mapping>(mem); return IsShadowMemImpl<Mapping>(mem);
#endif #endif
} }
template<typename Mapping> template<typename Mapping>
bool IsMetaMemImpl(uptr mem) { bool IsMetaMemImpl(uptr mem) {
return mem >= Mapping::kMetaShadowBeg && mem <= Mapping::kMetaShadowEnd; return mem >= Mapping::kMetaShadowBeg && mem <= Mapping::kMetaShadowEnd;
} }
ALWAYS_INLINE ALWAYS_INLINE
bool IsMetaMem(uptr mem) { bool IsMetaMem(uptr mem) {
#ifdef __aarch64__ #if defined(__aarch64__) && !SANITIZER_ANDROID
if (vmaSize == 39) if (vmaSize == 39)
return IsMetaMemImpl<Mapping39>(mem); return IsMetaMemImpl<Mapping39>(mem);
else else
return IsMetaMemImpl<Mapping42>(mem); return IsMetaMemImpl<Mapping42>(mem);
DCHECK(0); DCHECK(0);
#else #else
return IsMetaMemImpl<Mapping>(mem); return IsMetaMemImpl<Mapping>(mem);
#endif #endif
} }
template<typename Mapping> template<typename Mapping>
uptr MemToShadowImpl(uptr x) { uptr MemToShadowImpl(uptr x) {
DCHECK(IsAppMem(x)); DCHECK(IsAppMem(x));
#ifndef SANITIZER_GO #ifndef SANITIZER_GO
return (((x) & ~(Mapping::kAppMemMsk | (kShadowCell - 1))) return (((x) & ~(Mapping::kAppMemMsk | (kShadowCell - 1)))
^ Mapping::kAppMemXor) * kShadowCnt; ^ Mapping::kAppMemXor) * kShadowCnt;
#else #else
return ((x & ~(kShadowCell - 1)) * kShadowCnt) | Mapping::kShadowBeg; return ((x & ~(kShadowCell - 1)) * kShadowCnt) | Mapping::kShadowBeg;
#endif #endif
} }
template<typename Mapping>
uptr MemToShadowAndroidImpl(uptr x) {
DCHECK(IsAppMem(x));
if (x <= Mapping::kLoAppMemEnd)
return ((x & ~(Mapping::kLoAppMemMsk | (kShadowCell - 1)))
+ Mapping::kLoAppMemAdd) * kShadowCnt;
else
return ((x & ~(Mapping::kHiAppMemMsk | (kShadowCell - 1)))) * kShadowCnt;
}
ALWAYS_INLINE ALWAYS_INLINE
uptr MemToShadow(uptr x) { uptr MemToShadow(uptr x) {
#ifdef __aarch64__ #ifdef __aarch64__
#if SANITIZER_ANDROID
return MemToShadowAndroidImpl<Mapping>(x);
#else
if (vmaSize == 39) if (vmaSize == 39)
return MemToShadowImpl<Mapping39>(x); return MemToShadowImpl<Mapping39>(x);
else else
return MemToShadowImpl<Mapping42>(x); return MemToShadowImpl<Mapping42>(x);
DCHECK(0); DCHECK(0);
#endif
#else #else
return MemToShadowImpl<Mapping>(x); return MemToShadowImpl<Mapping>(x);
#endif #endif
} }
template<typename Mapping> template<typename Mapping>
u32 *MemToMetaImpl(uptr x) { u32 *MemToMetaImpl(uptr x) {
DCHECK(IsAppMem(x)); DCHECK(IsAppMem(x));
#ifndef SANITIZER_GO #ifndef SANITIZER_GO
return (u32*)(((((x) & ~(Mapping::kAppMemMsk | (kMetaShadowCell - 1))) return (u32*)(((((x) & ~(Mapping::kAppMemMsk | (kMetaShadowCell - 1)))
^ Mapping::kAppMemXor) / kMetaShadowCell * kMetaShadowSize) ^ Mapping::kAppMemXor) / kMetaShadowCell * kMetaShadowSize)
| Mapping::kMetaShadowBeg); | Mapping::kMetaShadowBeg);
#else #else
return (u32*)(((x & ~(kMetaShadowCell - 1)) / \ return (u32*)(((x & ~(kMetaShadowCell - 1)) / \
kMetaShadowCell * kMetaShadowSize) | Mapping::kMetaShadowBeg); kMetaShadowCell * kMetaShadowSize) | Mapping::kMetaShadowBeg);
#endif #endif
} }
template<typename Mapping>
u32 *MemToMetaAndroidImpl(uptr x) {
DCHECK(IsAppMem(x));
if (x <= Mapping::kLoAppMemEnd)
return (u32*)((((x & ~(Mapping::kLoAppMemMsk | (kMetaShadowCell - 1)))
+ Mapping::kLoAppMemAdd) / kMetaShadowCell * kMetaShadowSize)
| Mapping::kMetaShadowBeg);
else
return (u32*)(((x & ~(Mapping::kHiAppMemMsk | (kMetaShadowCell - 1)))
/ kMetaShadowCell * kMetaShadowSize) | Mapping::kMetaShadowBeg);
}
ALWAYS_INLINE ALWAYS_INLINE
u32 *MemToMeta(uptr x) { u32 *MemToMeta(uptr x) {
#ifdef __aarch64__ #ifdef __aarch64__
#if SANITIZER_ANDROID
return MemToMetaAndroidImpl<Mapping>(x);
#else
if (vmaSize == 39) if (vmaSize == 39)
return MemToMetaImpl<Mapping39>(x); return MemToMetaImpl<Mapping39>(x);
else else
return MemToMetaImpl<Mapping42>(x); return MemToMetaImpl<Mapping42>(x);
DCHECK(0); DCHECK(0);
#endif
#else #else
return MemToMetaImpl<Mapping>(x); return MemToMetaImpl<Mapping>(x);
#endif #endif
} }
template<typename Mapping> template<typename Mapping>
uptr ShadowToMemImpl(uptr s) { uptr ShadowToMemImpl(uptr s) {
Show All 9 Lines# ifndef SANITIZER_WINDOWS
return (s & ~Mapping::kShadowBeg) / kShadowCnt; return (s & ~Mapping::kShadowBeg) / kShadowCnt;
# else # else
// FIXME(dvyukov): this is most likely wrong as the mapping is not bijection. // FIXME(dvyukov): this is most likely wrong as the mapping is not bijection.
return (s - Mapping::kShadowBeg) / kShadowCnt; return (s - Mapping::kShadowBeg) / kShadowCnt;
# endif // SANITIZER_WINDOWS # endif // SANITIZER_WINDOWS
#endif #endif
} }
template<typename Mapping>
uptr ShadowToMemAndroidImpl(uptr s) {
DCHECK(IsShadowMem(s));
if (s <= MemToShadow(Mapping::kLoAppMemEnd))
return ((s / kShadowCnt) - Mapping::kLoAppMemAdd) | Mapping::kLoAppMemMsk;
else
return ((s / kShadowCnt)) | Mapping::kHiAppMemMsk;
}
ALWAYS_INLINE ALWAYS_INLINE
uptr ShadowToMem(uptr s) { uptr ShadowToMem(uptr s) {
#ifdef __aarch64__ #ifdef __aarch64__
#if SANITIZER_ANDROID
return ShadowToMemAndroidImpl<Mapping>(s);
#else
if (vmaSize == 39) if (vmaSize == 39)
return ShadowToMemImpl<Mapping39>(s); return ShadowToMemImpl<Mapping39>(s);
else else
return ShadowToMemImpl<Mapping42>(s); return ShadowToMemImpl<Mapping42>(s);
DCHECK(0); DCHECK(0);
#endif
#else #else
return ShadowToMemImpl<Mapping>(s); return ShadowToMemImpl<Mapping>(s);
#endif #endif
} }
// The additional page is to catch shadow stack overflow as paging fault. // The additional page is to catch shadow stack overflow as paging fault.
// Windows wants 64K alignment for mmaps. // Windows wants 64K alignment for mmaps.
const uptr kTotalTraceSize = (kTraceSize * sizeof(Event) + sizeof(Trace) const uptr kTotalTraceSize = (kTraceSize * sizeof(Event) + sizeof(Trace)
+ (64 << 10) + (64 << 10) - 1) & ~((64 << 10) - 1); + (64 << 10) + (64 << 10) - 1) & ~((64 << 10) - 1);
template<typename Mapping> template<typename Mapping>
uptr GetThreadTraceImpl(int tid) { uptr GetThreadTraceImpl(int tid) {
uptr p = Mapping::kTraceMemBeg + (uptr)tid * kTotalTraceSize; uptr p = Mapping::kTraceMemBeg + (uptr)tid * kTotalTraceSize;
DCHECK_LT(p, Mapping::kTraceMemEnd); DCHECK_LT(p, Mapping::kTraceMemEnd);
return p; return p;
} }
ALWAYS_INLINE ALWAYS_INLINE
uptr GetThreadTrace(int tid) { uptr GetThreadTrace(int tid) {
#ifdef __aarch64__ #if defined(__aarch64__) && !SANITIZER_ANDROID
if (vmaSize == 39) if (vmaSize == 39)
return GetThreadTraceImpl<Mapping39>(tid); return GetThreadTraceImpl<Mapping39>(tid);
else else
return GetThreadTraceImpl<Mapping42>(tid); return GetThreadTraceImpl<Mapping42>(tid);
DCHECK(0); DCHECK(0);
#else #else
return GetThreadTraceImpl<Mapping>(tid); return GetThreadTraceImpl<Mapping>(tid);
#endif #endif
} }
template<typename Mapping> template<typename Mapping>
uptr GetThreadTraceHeaderImpl(int tid) { uptr GetThreadTraceHeaderImpl(int tid) {
uptr p = Mapping::kTraceMemBeg + (uptr)tid * kTotalTraceSize uptr p = Mapping::kTraceMemBeg + (uptr)tid * kTotalTraceSize
+ kTraceSize * sizeof(Event); + kTraceSize * sizeof(Event);
DCHECK_LT(p, Mapping::kTraceMemEnd); DCHECK_LT(p, Mapping::kTraceMemEnd);
return p; return p;
} }
ALWAYS_INLINE ALWAYS_INLINE
uptr GetThreadTraceHeader(int tid) { uptr GetThreadTraceHeader(int tid) {
#ifdef __aarch64__ #if defined(__aarch64__) && !SANITIZER_ANDROID
if (vmaSize == 39) if (vmaSize == 39)
return GetThreadTraceHeaderImpl<Mapping39>(tid); return GetThreadTraceHeaderImpl<Mapping39>(tid);
else else
return GetThreadTraceHeaderImpl<Mapping42>(tid); return GetThreadTraceHeaderImpl<Mapping42>(tid);
DCHECK(0); DCHECK(0);
#else #else
return GetThreadTraceHeaderImpl<Mapping>(tid); return GetThreadTraceHeaderImpl<Mapping>(tid);
#endif #endif
Show All 24 Lines

lib/tsan/rtl/tsan_platform_linux.cc

Show All 12 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "sanitizer_common/sanitizer_platform.h" #include "sanitizer_common/sanitizer_platform.h"
#if SANITIZER_LINUX || SANITIZER_FREEBSD #if SANITIZER_LINUX || SANITIZER_FREEBSD
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_libc.h" #include "sanitizer_common/sanitizer_libc.h"
#include "sanitizer_common/sanitizer_linux.h"
#include "sanitizer_common/sanitizer_platform_limits_posix.h"
#include "sanitizer_common/sanitizer_posix.h" #include "sanitizer_common/sanitizer_posix.h"
#include "sanitizer_common/sanitizer_procmaps.h" #include "sanitizer_common/sanitizer_procmaps.h"
#include "sanitizer_common/sanitizer_stoptheworld.h" #include "sanitizer_common/sanitizer_stoptheworld.h"
#include "sanitizer_common/sanitizer_stackdepot.h" #include "sanitizer_common/sanitizer_stackdepot.h"
#include "tsan_platform.h" #include "tsan_platform.h"
#include "tsan_rtl.h" #include "tsan_rtl.h"
#include "tsan_flags.h" #include "tsan_flags.h"
▲ Show 20 LinesShow All 266 Lines▼ Show 20 Linesbool IsGlobalVar(uptr addr) {
return g_data_start && addr >= g_data_start && addr < g_data_end; return g_data_start && addr >= g_data_start && addr < g_data_end;
} }
#ifndef SANITIZER_GO #ifndef SANITIZER_GO
// Extract file descriptors passed to glibc internal __res_iclose function. // Extract file descriptors passed to glibc internal __res_iclose function.
// This is required to properly "close" the fds, because we do not see internal // This is required to properly "close" the fds, because we do not see internal
// closes within glibc. The code is a pure hack. // closes within glibc. The code is a pure hack.
int ExtractResolvFDs(void *state, int *fds, int nfd) { int ExtractResolvFDs(void *state, int *fds, int nfd) {
#if SANITIZER_LINUX #if SANITIZER_LINUX && !SANITIZER_ANDROID
int cnt = 0; int cnt = 0;
__res_state *statp = (__res_state*)state; __res_state *statp = (__res_state*)state;
for (int i = 0; i < MAXNS && cnt < nfd; i++) { for (int i = 0; i < MAXNS && cnt < nfd; i++) {
if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1) if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1)
fds[cnt++] = statp->_u._ext.nssocks[i]; fds[cnt++] = statp->_u._ext.nssocks[i];
} }
return cnt; return cnt;
#else #else
Show All 35 Linesint call_pthread_cancel_with_cleanup(int(*fn)(void *c, void *m,
return res; return res;
} }
#endif #endif
#ifndef SANITIZER_GO #ifndef SANITIZER_GO
void ReplaceSystemMalloc() { } void ReplaceSystemMalloc() { }
#endif #endif
#ifndef SANITIZER_GO
#if SANITIZER_ANDROID
#if defined(__aarch64__)
# define __get_tls() ({ void** __val; __asm__("mrs %0, tpidr_el0" : "=r"(__val)); __val; })
#elif defined(__x86_64__)
# define __get_tls() ({ void** __val; __asm__("mov %%fs:0, %0" : "=r"(__val)); __val; })
#else
#error unsupported architecture
#endif
// On Android, __thread is not supported. So we store the pointer to ThreadState
// in TLS_SLOT_TSAN, which is the tls slot allocated by bionic for tsan.
static const int TLS_SLOT_TSAN = 8;
dvyukovUnsubmitted
Done
ReplyInline Actions

please use a const here, it does not need to be a macro

const int kTsanTlsSlot = 8;  // allocated by bionic for tsan
dvyukov: please use a const here, it does not need to be a macro const int kTsanTlsSlot = 8; //…
// On Android, one thread can call intercepted functions after DestroyThreadState(),
dvyukovUnsubmitted
Not Done
ReplyInline Actions

add a comment explaining what it is for

dvyukov: add a comment explaining what it is for
// so add a fake thread state for "dead" threads.
static ThreadState *dead_thread_state = nullptr;
ThreadState *cur_thread() {
ThreadState* thr = (ThreadState*)__get_tls()[TLS_SLOT_TSAN];
if (thr == nullptr) {
dvyukovUnsubmitted
Not Done
ReplyInline Actions

this is still not completely async-signal-safe
consider that a thread is preempted by a signal handler on this line: now signal handler will allocate thread context and work for some time with it, then thread will allocate another context and lead the first one
see how mac does this, a similar change for mac recently went it

dvyukov: this is still not completely async-signal-safe consider that a thread is preempted by a signal…
yabincAuthorUnsubmitted
Not Done
ReplyInline Actions

why it is not signal-safe? There is another check of thr in L365. And I think L364-L365 will not be moved above L363 because L364 is inlined assemble language.

yabinc: why it is not signal-safe? There is another check of thr in L365. And I think L364-L365 will…
dvyukovUnsubmitted
Not Done
ReplyInline Actions

I missed the second check. Yes, this looks signal-safe. Sorry.

dvyukov: I missed the second check. Yes, this looks signal-safe. Sorry.
__sanitizer_sigset_t emptyset;
internal_sigfillset(&emptyset);
__sanitizer_sigset_t oldset;
CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &emptyset, &oldset));
thr = reinterpret_cast<ThreadState*>(__get_tls()[TLS_SLOT_TSAN]);
dvyukovUnsubmitted
Done
ReplyInline Actions

use MmapOrDie, it does not have zillion of uninteresting arguments and does not return nullptr

dvyukov: use MmapOrDie, it does not have zillion of uninteresting arguments and does not return nullptr
if (thr == nullptr) {
thr = reinterpret_cast<ThreadState*>(MmapOrDie(sizeof(ThreadState),
"ThreadState"));
__get_tls()[TLS_SLOT_TSAN] = thr;
if (dead_thread_state == nullptr) {
dead_thread_state = reinterpret_cast<ThreadState*>(
MmapOrDie(sizeof(ThreadState), "ThreadState"));
dead_thread_state->fast_state.SetIgnoreBit();
dead_thread_state->ignore_interceptors = 1;
dvyukovUnsubmitted
Not Done
ReplyInline Actions

I wonder if there will be some races on dead_thread_state since it is shared between threads. I think it is a good idea to mprotect(PROT_READ) it after initialization. It can save us lots of debugging in future.

dvyukov: I wonder if there will be some races on dead_thread_state since it is shared between threads. I…
yabincAuthorUnsubmitted
Not Done
ReplyInline Actions

yes, it's a good idea.

yabinc: yes, it's a good idea.
dead_thread_state->is_dead = true;
*const_cast<int*>(&dead_thread_state->tid) = -1;
CHECK_EQ(0, internal_mprotect(dead_thread_state, sizeof(ThreadState),
PROT_READ));
}
}
CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &oldset, nullptr));
}
return thr;
}
void cur_thread_finalize() {
__sanitizer_sigset_t emptyset;
internal_sigfillset(&emptyset);
__sanitizer_sigset_t oldset;
CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &emptyset, &oldset));
ThreadState* thr = (ThreadState*)__get_tls()[TLS_SLOT_TSAN];
if (thr != dead_thread_state) {
__get_tls()[TLS_SLOT_TSAN] = dead_thread_state;
UnmapOrDie(thr, sizeof(ThreadState));
}
CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &oldset, nullptr));
}
#endif // SANITIZER_ANDROID
#endif // ifndef SANITIZER_GO
} // namespace __tsan } // namespace __tsan
#endif // SANITIZER_LINUX || SANITIZER_FREEBSD #endif // SANITIZER_LINUX || SANITIZER_FREEBSD

lib/tsan/rtl/tsan_platform_posix.cc

Show First 20 LinesShow All 41 Lines▼ Show 20 Linesvoid InitializeShadowMemory() {
// FIXME: don't use constants here. // FIXME: don't use constants here.
#if defined(__x86_64__) #if defined(__x86_64__)
const uptr kMadviseRangeBeg = 0x7f0000000000ull; const uptr kMadviseRangeBeg = 0x7f0000000000ull;
const uptr kMadviseRangeSize = 0x010000000000ull; const uptr kMadviseRangeSize = 0x010000000000ull;
#elif defined(__mips64) #elif defined(__mips64)
const uptr kMadviseRangeBeg = 0xff00000000ull; const uptr kMadviseRangeBeg = 0xff00000000ull;
const uptr kMadviseRangeSize = 0x0100000000ull; const uptr kMadviseRangeSize = 0x0100000000ull;
#elif defined(__aarch64__) #elif defined(__aarch64__)
#if SANITIZER_ANDROID
const uptr kMadviseRangeBeg = 0x7d00000000ull;
const uptr kMadviseRangeSize = 0x0300000000ull;
#else
uptr kMadviseRangeBeg = 0; uptr kMadviseRangeBeg = 0;
uptr kMadviseRangeSize = 0; uptr kMadviseRangeSize = 0;
if (vmaSize == 39) { if (vmaSize == 39) {
kMadviseRangeBeg = 0x7d00000000ull; kMadviseRangeBeg = 0x7d00000000ull;
kMadviseRangeSize = 0x0300000000ull; kMadviseRangeSize = 0x0300000000ull;
} else if (vmaSize == 42) { } else if (vmaSize == 42) {
kMadviseRangeBeg = 0x3f000000000ull; kMadviseRangeBeg = 0x3f000000000ull;
kMadviseRangeSize = 0x01000000000ull; kMadviseRangeSize = 0x01000000000ull;
} else { } else {
DCHECK(0); DCHECK(0);
} }
#endif // !SANITIZER_ANDROID
#endif #endif
NoHugePagesInRegion(MemToShadow(kMadviseRangeBeg), NoHugePagesInRegion(MemToShadow(kMadviseRangeBeg),
kMadviseRangeSize * kShadowMultiplier); kMadviseRangeSize * kShadowMultiplier);
// Meta shadow is compressing and we don't flush it, // Meta shadow is compressing and we don't flush it,
// so it makes sense to mark it as NOHUGEPAGE to not over-allocate memory. // so it makes sense to mark it as NOHUGEPAGE to not over-allocate memory.
// On one program it reduces memory consumption from 5GB to 2.5GB. // On one program it reduces memory consumption from 5GB to 2.5GB.
NoHugePagesInRegion(MetaShadowBeg(), MetaShadowEnd() - MetaShadowBeg()); NoHugePagesInRegion(MetaShadowBeg(), MetaShadowEnd() - MetaShadowBeg());
if (common_flags()->use_madv_dontdump) if (common_flags()->use_madv_dontdump)
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Lines if (p >= HeapMemEnd() &&
continue; continue;
if (prot == 0) // Zero page or mprotected. if (prot == 0) // Zero page or mprotected.
continue; continue;
if (p >= VdsoBeg()) // vdso if (p >= VdsoBeg()) // vdso
break; break;
Printf("FATAL: ThreadSanitizer: unexpected memory mapping %p-%p\n", p, end); Printf("FATAL: ThreadSanitizer: unexpected memory mapping %p-%p\n", p, end);
Die(); Die();
} }
#if defined(__aarch64__) && SANITIZER_ANDROID
ProtectRange(MetaShadowEnd(), LoAppMemBeg());
ProtectRange(LoAppMemEnd(), TraceMemBeg());
#else
ProtectRange(LoAppMemEnd(), ShadowBeg()); ProtectRange(LoAppMemEnd(), ShadowBeg());
dvyukovUnsubmitted
Not Done
ReplyInline Actions

can't we keep these ProtectRange's on android?

applications do weird things like mmaps on strange fixed addresses, or mmaps at completely random addresses (a-la home-grown ASLR), such things cause unpleasant debugging

dvyukov: can't we keep these ProtectRange's on android? applications do weird things like mmaps on…
yabincAuthorUnsubmitted
Not Done
ReplyInline Actions

surely we can. I commented this out just because the address map for android aarch64 doesn't conform the assumption here. I found that by commenting these out, the core dump becomes reasonable small, which helps debugging.

yabinc: surely we can. I commented this out just because the address map for android aarch64 doesn't…
dvyukovUnsubmitted
Not Done
ReplyInline Actions

I think we need let each platform define what regions need to be protected (see GetUserRegion function for similar functionality). Then you can support Android mapping.

I don't understand how it helps with core dumps. These regions should not be in core dump as they are all zeros. And anyway you still protect huge regions of memory. And we have huge shadow that we need to map anyway.

dvyukov: I think we need let each platform define what regions need to be protected (see GetUserRegion…
yabincAuthorUnsubmitted
Not Done
ReplyInline Actions

If we provide a GetProtectRegion() function, it is much longer (about 50~60 lines) than code here. And personally I think that is less clear. Sadly I can't use address range array. So I improved the code here
a little by using #if, which may make it clearer. But if you really think we should use GetProtectRegion(),
feel free to let me know.
I don't know the detail of core dump, maybe dive into this question later.

yabinc: If we provide a GetProtectRegion() function, it is much longer (about 50~60 lines) than code…
ProtectRange(ShadowEnd(), MetaShadowBeg());
ProtectRange(MetaShadowEnd(), TraceMemBeg()); ProtectRange(MetaShadowEnd(), TraceMemBeg());
#endif
ProtectRange(ShadowEnd(), MetaShadowBeg());
// Memory for traces is mapped lazily in MapThreadTrace. // Memory for traces is mapped lazily in MapThreadTrace.
// Protect the whole range for now, so that user does not map something here. // Protect the whole range for now, so that user does not map something here.
ProtectRange(TraceMemBeg(), TraceMemEnd()); ProtectRange(TraceMemBeg(), TraceMemEnd());
ProtectRange(TraceMemEnd(), HeapMemBeg()); ProtectRange(TraceMemEnd(), HeapMemBeg());
ProtectRange(HeapEnd(), HiAppMemBeg()); ProtectRange(HeapEnd(), HiAppMemBeg());
} }
#endif #endif
} // namespace __tsan } // namespace __tsan
#endif // SANITIZER_POSIX #endif // SANITIZER_POSIX

lib/tsan/rtl/tsan_rtl.h

Show First 20 LinesShow All 405 Lines▼ Show 20 Lines#endif
explicit ThreadState(Context *ctx, int tid, int unique_id, u64 epoch, explicit ThreadState(Context *ctx, int tid, int unique_id, u64 epoch,
unsigned reuse_count, unsigned reuse_count,
uptr stk_addr, uptr stk_size, uptr stk_addr, uptr stk_size,
uptr tls_addr, uptr tls_size); uptr tls_addr, uptr tls_size);
}; };
#ifndef SANITIZER_GO #ifndef SANITIZER_GO
#if SANITIZER_MAC #if SANITIZER_MAC || SANITIZER_ANDROID
ThreadState *cur_thread(); ThreadState *cur_thread();
void cur_thread_finalize(); void cur_thread_finalize();
#else #else
__attribute__((tls_model("initial-exec"))) __attribute__((tls_model("initial-exec")))
extern THREADLOCAL char cur_thread_placeholder[]; extern THREADLOCAL char cur_thread_placeholder[];
INLINE ThreadState *cur_thread() { INLINE ThreadState *cur_thread() {
return reinterpret_cast<ThreadState *>(&cur_thread_placeholder); return reinterpret_cast<ThreadState *>(&cur_thread_placeholder);
} }
INLINE void cur_thread_finalize() { } INLINE void cur_thread_finalize() { }
#endif // SANITIZER_MAC #endif // SANITIZER_MAC || SANITIZER_ANDROID
#endif // SANITIZER_GO #endif // SANITIZER_GO
class ThreadContext : public ThreadContextBase { class ThreadContext : public ThreadContextBase {
public: public:
explicit ThreadContext(int tid); explicit ThreadContext(int tid);
~ThreadContext(); ~ThreadContext();
ThreadState *thr; ThreadState *thr;
u32 creation_stack_id; u32 creation_stack_id;
▲ Show 20 LinesShow All 339 LinesShow Last 20 Lines