This is an archive of the discontinued LLVM Phabricator instance.

Differential D158034

[lldb] Fix data race in ThreadList
ClosedPublic

Authored by augusto2112 on Aug 15 2023, 4:12 PM.

Details

Reviewers
JDevlieghere
bulbazord
jingham
Commits
rGbb9006324970: [lldb] Fix data race in ThreadList
Summary

ThreadSanitizer reports the following issue:

Write of size 8 at 0x00010a70abb0 by thread T3 (mutexes: write M0):
  #0 lldb_private::ThreadList::Update(lldb_private::ThreadList&) ThreadList.cpp:741 (liblldb.18.0.0git.dylib:arm64+0x5dedf4) (BuildId: 9bced2aafa373580ae9d750d9cf79a8f32000000200000000100000000000e00)
  #1 lldb_private::Process::UpdateThreadListIfNeeded() Process.cpp:1212 (liblldb.18.0.0git.dylib:arm64+0x53bbec) (BuildId: 9bced2aafa373580ae9d750d9cf79a8f32000000200000000100000000000e00)

Previous read of size 8 at 0x00010a70abb0 by main thread (mutexes: write M1):
  #0 lldb_private::ThreadList::GetMutex() const ThreadList.cpp:785 (liblldb.18.0.0git.dylib:arm64+0x5df138) (BuildId: 9bced2aafa373580ae9d750d9cf79a8f32000000200000000100000000000e00)
  #1 lldb_private::ThreadList::DidResume() ThreadList.cpp:656 (liblldb.18.0.0git.dylib:arm64+0x5de5c0) (BuildId: 9bced2aafa373580ae9d750d9cf79a8f32000000200000000100000000000e00)
  #2 lldb_private::Process::PrivateResume() Process.cpp:3130 (liblldb.18.0.0git.dylib:arm64+0x53cd7c) (BuildId: 9bced2aafa373580ae9d750d9cf79a8f32000000200000000100000000000e00)

Fix this by only using the mutex in ThreadList and removing the one in
process entirely.

Diff Detail

Event Timeline

augusto2112 created this revision.Aug 15 2023, 4:12 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 15 2023, 4:12 PM
Herald added a subscriber: kristof.beyls. · View Herald Transcript
augusto2112 requested review of this revision.Aug 15 2023, 4:12 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 15 2023, 4:12 PM
Herald added a subscriber: lldb-commits. · View Herald Transcript
Harbormaster completed remote builds in B252782: Diff 550519.Aug 15 2023, 4:15 PM
JDevlieghere accepted this revision.Aug 15 2023, 4:26 PM

LGTM

This revision is now accepted and ready to land.Aug 15 2023, 4:26 PM
augusto2112 added reviewers: bulbazord, jingham.Aug 15 2023, 4:28 PM
Closed by commit rGbb9006324970: [lldb] Fix data race in ThreadList (authored by augusto2112). · Explain WhyAug 18 2023, 4:55 PM
This revision was automatically updated to reflect the committed changes.
augusto2112 added a commit: rGbb9006324970: [lldb] Fix data race in ThreadList.
labath added a subscriber: labath.Aug 22 2023, 2:52 AM

After this patch, python_api/run_locker/TestRunLocker.py becomes flaky. https://lab.llvm.org/buildbot/#/builders/68/builds/58456 is the first such failure, but there have been about a dozen failures since then. The backtraces on the buildbot page are fairly useless, but I was able to capture this backtrace locally:

include/c++/v1/vector:1537: assertion __n < size() failed: vector[] index out of bounds
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0  0x000055dd180146be llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 46
1  0x000055dd18014d6c
2  0x00007fea9b3ce1c0
3  0x00007fea9b236347 raise + 167
4  0x00007fea9b237797 abort + 247
5  0x000055dd18862597
6  0x000055dd124c4563 lldb_private::process_gdb_remote::ProcessGDBRemote::SetThreadPc(std::__u::shared_ptr<lldb_private::Thread> const&, unsigned long) + 275
7  0x000055dd124c42fc lldb_private::process_gdb_remote::ProcessGDBRemote::DoUpdateThreadList(lldb_private::ThreadList&, lldb_private::ThreadList&) + 748
8  0x000055dd129c8687 lldb_private::Process::UpdateThreadListIfNeeded() + 247
9  0x000055dd12a39797 lldb_private::ThreadList::FindThreadByID(unsigned long, bool) + 55
10 0x000055dd12a396db lldb_private::ThreadList::GetSelectedThread() + 43
11 0x000055dd129a8dea lldb_private::ExecutionContext::ExecutionContext(lldb_private::Target*, bool) + 234
12 0x00007fea99840bf9 lldb::SBTarget::EvaluateExpression(char const*, lldb::SBExpressionOptions const&) + 281
13 0x00007fea99840a7b lldb::SBTarget::EvaluateExpression(char const*) + 187
14 0x00007fea9995eb77
15 0x000055dd185907cd
16 0x000055dd18545814 _PyObject_Call + 292
17 0x000055dd1865fecb _PyEval_EvalFrameDefault + 11515
18 0x000055dd1865cfa8 _PyEval_Vector + 184
19 0x000055dd186666c3
20 0x000055dd18666906
21 0x000055dd1865e56f _PyEval_EvalFrameDefault + 5023
22 0x000055dd1865cfa8 _PyEval_Vector + 184
23 0x000055dd186666c3
24 0x000055dd18666906
25 0x000055dd1865e56f _PyEval_EvalFrameDefault + 5023
26 0x000055dd1865cfa8 _PyEval_Vector + 184
27 0x000055dd1865fecb _PyEval_EvalFrameDefault + 11515
28 0x000055dd1865cfa8 _PyEval_Vector + 184
<a lot of additional python frames>

Given that the failure is in the DoUpdateThreadList function, I'm guessing that this patch removed/reduced some existing synchronization which prevented this code from executing concurrently with something else (I don't know what), although it's possible that the right fix (since updating the thread list while the process is running doesn't make sense) is to bail out of EvaluateExpression sooner (@jingham ?).

If you want to reproduce this, note that the bug reproduces relatively infrequently (~1% for me, though it seems to be a bit higher on the buildbot), so you may need to run it many times before you can catch it in action. The failing part is not always the same (e.g. sometimes it just hangs), but I expect the root cause to be the same. I've also confirmed that the failure rate of the test goes down to zero after reverting this patch.

Can you investigate (and possibly revert this patch in the mean time)?

augusto2112 added a reverting change: rGfef609d2d1da: Revert "[lldb] Fix data race in ThreadList".Aug 22 2023, 11:14 AM

Revision Contents

PathSize
lldb/
include/
lldb/
Target/
1 line
2 lines
2 lines
source/
Target/
4 lines
7 lines

Diff 551673

lldb/include/lldb/Target/Process.h

Show First 20 LinesShow All 2,964 Lines▼ Show 20 Lines uint32_t m_process_unique_id; ///< Each lldb_private::Process class that is
///increments with each new instance ///increments with each new instance
uint32_t m_thread_index_id; ///< Each thread is created with a 1 based index uint32_t m_thread_index_id; ///< Each thread is created with a 1 based index
///that won't get re-used. ///that won't get re-used.
std::map<uint64_t, uint32_t> m_thread_id_to_index_id_map; std::map<uint64_t, uint32_t> m_thread_id_to_index_id_map;
int m_exit_status; ///< The exit status of the process, or -1 if not set. int m_exit_status; ///< The exit status of the process, or -1 if not set.
std::string m_exit_string; ///< A textual description of why a process exited. std::string m_exit_string; ///< A textual description of why a process exited.
std::mutex m_exit_status_mutex; ///< Mutex so m_exit_status m_exit_string can std::mutex m_exit_status_mutex; ///< Mutex so m_exit_status m_exit_string can
///be safely accessed from multiple threads ///be safely accessed from multiple threads
std::recursive_mutex m_thread_mutex;
ThreadList m_thread_list_real; ///< The threads for this process as are known ThreadList m_thread_list_real; ///< The threads for this process as are known
///to the protocol we are debugging with ///to the protocol we are debugging with
ThreadList m_thread_list; ///< The threads for this process as the user will ThreadList m_thread_list; ///< The threads for this process as the user will
///see them. This is usually the same as ///see them. This is usually the same as
///< m_thread_list_real, but might be different if there is an OS plug-in ///< m_thread_list_real, but might be different if there is an OS plug-in
///creating memory threads ///creating memory threads
ThreadPlanStackMap m_thread_plans; ///< This is the list of thread plans for ThreadPlanStackMap m_thread_plans; ///< This is the list of thread plans for
/// threads in m_thread_list, as well as /// threads in m_thread_list, as well as
▲ Show 20 LinesShow All 209 LinesShow Last 20 Lines

lldb/include/lldb/Target/ThreadCollection.h

Show First 20 LinesShow All 41 Lines▼ Show 20 Linespublic:
// index to accessing the current threads, whereas "thread_index" is a unique // index to accessing the current threads, whereas "thread_index" is a unique
// index assigned // index assigned
lldb::ThreadSP GetThreadAtIndex(uint32_t idx); lldb::ThreadSP GetThreadAtIndex(uint32_t idx);
virtual ThreadIterable Threads() { virtual ThreadIterable Threads() {
return ThreadIterable(m_threads, GetMutex()); return ThreadIterable(m_threads, GetMutex());
} }
virtual std::recursive_mutex &GetMutex() const { return m_mutex; } std::recursive_mutex &GetMutex() const { return m_mutex; }
protected: protected:
collection m_threads; collection m_threads;
mutable std::recursive_mutex m_mutex; mutable std::recursive_mutex m_mutex;
}; };
} // namespace lldb_private } // namespace lldb_private
#endif // LLDB_TARGET_THREADCOLLECTION_H #endif // LLDB_TARGET_THREADCOLLECTION_H

lldb/include/lldb/Target/ThreadList.h

Show First 20 LinesShow All 127 Lines▼ Show 20 Linespublic:
void DidStop(); void DidStop();
void DiscardThreadPlans(); void DiscardThreadPlans();
uint32_t GetStopID() const; uint32_t GetStopID() const;
void SetStopID(uint32_t stop_id); void SetStopID(uint32_t stop_id);
std::recursive_mutex &GetMutex() const override;
void Update(ThreadList &rhs); void Update(ThreadList &rhs);
protected: protected:
void SetShouldReportStop(Vote vote); void SetShouldReportStop(Vote vote);
void NotifySelectedThreadChanged(lldb::tid_t tid); void NotifySelectedThreadChanged(lldb::tid_t tid);
// Classes that inherit from Process can see and modify these // Classes that inherit from Process can see and modify these
Show All 14 Lines

lldb/source/Target/Process.cpp

Show First 20 LinesShow All 429 Lines▼ Show 20 Lines : ProcessProperties(this),
m_private_state_broadcaster(nullptr, m_private_state_broadcaster(nullptr,
"lldb.process.internal_state_broadcaster"), "lldb.process.internal_state_broadcaster"),
m_private_state_control_broadcaster( m_private_state_control_broadcaster(
nullptr, "lldb.process.internal_state_control_broadcaster"), nullptr, "lldb.process.internal_state_control_broadcaster"),
m_private_state_listener_sp( m_private_state_listener_sp(
Listener::MakeListener("lldb.process.internal_state_listener")), Listener::MakeListener("lldb.process.internal_state_listener")),
m_mod_id(), m_process_unique_id(0), m_thread_index_id(0), m_mod_id(), m_process_unique_id(0), m_thread_index_id(0),
m_thread_id_to_index_id_map(), m_exit_status(-1), m_exit_string(), m_thread_id_to_index_id_map(), m_exit_status(-1), m_exit_string(),
m_exit_status_mutex(), m_thread_mutex(), m_thread_list_real(this), m_exit_status_mutex(), m_thread_list_real(this),
m_thread_list(this), m_thread_plans(*this), m_extended_thread_list(this), m_thread_list(this), m_thread_plans(*this), m_extended_thread_list(this),
m_extended_thread_stop_id(0), m_queue_list(this), m_queue_list_stop_id(0), m_extended_thread_stop_id(0), m_queue_list(this), m_queue_list_stop_id(0),
m_notifications(), m_image_tokens(), m_notifications(), m_image_tokens(),
m_breakpoint_site_list(), m_dynamic_checkers_up(), m_breakpoint_site_list(), m_dynamic_checkers_up(),
m_unix_signals_sp(unix_signals_sp), m_abi_sp(), m_process_input_reader(), m_unix_signals_sp(unix_signals_sp), m_abi_sp(), m_process_input_reader(),
m_stdio_communication("process.stdio"), m_stdio_communication_mutex(), m_stdio_communication("process.stdio"), m_stdio_communication_mutex(),
m_stdin_forward(false), m_stdout_data(), m_stderr_data(), m_stdin_forward(false), m_stdout_data(), m_stderr_data(),
m_profile_data_comm_mutex(), m_profile_data(), m_iohandler_sync(0), m_profile_data_comm_mutex(), m_profile_data(), m_iohandler_sync(0),
▲ Show 20 LinesShow All 2,004 Lines▼ Show 20 Lines while (true) {
if (event_sp) if (event_sp)
HandlePrivateEvent(event_sp); HandlePrivateEvent(event_sp);
} }
return state; return state;
} }
void Process::LoadOperatingSystemPlugin(bool flush) { void Process::LoadOperatingSystemPlugin(bool flush) {
std::lock_guard<std::recursive_mutex> guard(m_thread_mutex); std::lock_guard<std::recursive_mutex> guard(GetThreadList().GetMutex());
if (flush) if (flush)
m_thread_list.Clear(); m_thread_list.Clear();
m_os_up.reset(OperatingSystem::FindPlugin(this, nullptr)); m_os_up.reset(OperatingSystem::FindPlugin(this, nullptr));
if (flush) if (flush)
Flush(); Flush();
} }
Status Process::Launch(ProcessLaunchInfo &launch_info) { Status Process::Launch(ProcessLaunchInfo &launch_info) {
▲ Show 20 LinesShow All 3,772 LinesShow Last 20 Lines

lldb/source/Target/ThreadList.cpp

Show First 20 LinesShow All 730 Lines▼ Show 20 Lines selected_thread_sp->BroadcastEvent(
Thread::eBroadcastBitThreadSelected, Thread::eBroadcastBitThreadSelected,
new Thread::ThreadEventData(selected_thread_sp)); new Thread::ThreadEventData(selected_thread_sp));
} }
void ThreadList::Update(ThreadList &rhs) { void ThreadList::Update(ThreadList &rhs) {
if (this != &rhs) { if (this != &rhs) {
// Lock both mutexes to make sure neither side changes anyone on us while // Lock both mutexes to make sure neither side changes anyone on us while
// the assignment occurs // the assignment occurs
std::scoped_lock<std::recursive_mutex, std::recursive_mutex> guard(GetMutex(), rhs.GetMutex()); std::scoped_lock<std::recursive_mutex, std::recursive_mutex> guard(
GetMutex(), rhs.GetMutex());
m_process = rhs.m_process; m_process = rhs.m_process;
m_stop_id = rhs.m_stop_id; m_stop_id = rhs.m_stop_id;
m_threads.swap(rhs.m_threads); m_threads.swap(rhs.m_threads);
m_selected_tid = rhs.m_selected_tid; m_selected_tid = rhs.m_selected_tid;
// Now we look for threads that we are done with and make sure to clear // Now we look for threads that we are done with and make sure to clear
// them up as much as possible so anyone with a shared pointer will still // them up as much as possible so anyone with a shared pointer will still
Show All 28 Lines
void ThreadList::Flush() { void ThreadList::Flush() {
std::lock_guard<std::recursive_mutex> guard(GetMutex()); std::lock_guard<std::recursive_mutex> guard(GetMutex());
collection::iterator pos, end = m_threads.end(); collection::iterator pos, end = m_threads.end();
for (pos = m_threads.begin(); pos != end; ++pos) for (pos = m_threads.begin(); pos != end; ++pos)
(*pos)->Flush(); (*pos)->Flush();
} }
std::recursive_mutex &ThreadList::GetMutex() const {
return m_process->m_thread_mutex;
}
ThreadList::ExpressionExecutionThreadPusher::ExpressionExecutionThreadPusher( ThreadList::ExpressionExecutionThreadPusher::ExpressionExecutionThreadPusher(
lldb::ThreadSP thread_sp) lldb::ThreadSP thread_sp)
: m_thread_list(nullptr), m_tid(LLDB_INVALID_THREAD_ID) { : m_thread_list(nullptr), m_tid(LLDB_INVALID_THREAD_ID) {
if (thread_sp) { if (thread_sp) {
m_tid = thread_sp->GetID(); m_tid = thread_sp->GetID();
m_thread_list = &thread_sp->GetProcess()->GetThreadList(); m_thread_list = &thread_sp->GetProcess()->GetThreadList();
m_thread_list->PushExpressionExecutionThread(m_tid); m_thread_list->PushExpressionExecutionThread(m_tid);
} }
} }