This is an archive of the discontinued LLVM Phabricator instance.

Differential D46978

[builtins] Delay emutls deallocation for one round
ClosedPublic

Authored by rprichard on May 16 2018, 2:54 PM.

Details

Reviewers
cmtice
srhines
jyknight
chh
echristo
Commits
rG1e216a59f62c: [builtins] Delay emutls deallocation for one round
rCRT334463: [builtins] Delay emutls deallocation for one round
rL334463: [builtins] Delay emutls deallocation for one round
Summary

With Android/Bionic, delay deallocation to round 2 of 4. It must run after
C++ thread_local destructors have been called, but before the final 2
rounds, because emutls calls free, and jemalloc then needs another 2
rounds to free its thread-specific data.

Fixes https://github.com/android-ndk/ndk/issues/687

Diff Detail

Repository
rL LLVM

Event Timeline

rprichard created this revision.May 16 2018, 2:54 PM
Herald added subscribers: Restricted Project, llvm-commits, delcypher. · View Herald TranscriptMay 16 2018, 2:54 PM
Harbormaster completed remote builds in B18213: Diff 147186.May 16 2018, 2:54 PM
rprichard added a comment.May 16 2018, 2:56 PM

I uploaded this change earlier to https://android-review.googlesource.com/c/toolchain/compiler-rt/+/683602.

srhines accepted this revision.May 17 2018, 12:19 AM

Thanks, Ryan, for chasing this down (literally), and restoring some sanity to teardown.

This revision is now accepted and ready to land.May 17 2018, 12:19 AM
chh added a reviewer: chh.May 18 2018, 3:44 PM
chh added inline comments.May 18 2018, 3:47 PM
lib/builtins/emutls.c
33 ↗(On Diff #147186)

s/int/uintptr_t/

350 ↗(On Diff #147186)

s/int/uintptr_t/

rprichard added a comment.May 21 2018, 11:00 PM

My emutls.c comment:

We can't wait until the final two rounds, because jemalloc needs two rounds
after the final malloc/free call to free its thread-specific data.

It might be helpful to explain on this review why jemalloc needs 2 rounds. Here's my comment from Google's bug tracker, http://b/78022094#comment13. I'll link to it from the code.

jemalloc's TSD (thread-specific data) code has four compile-time modes:

  • JEMALLOC_MALLOC_THREAD_CLEANUP: uses __thread variables, and the code using jemalloc must call a _malloc_thread_cleanup function at thread-exit. Apparently FreeBSD uses this.
  • JEMALLOC_TLS: uses __thread variables and a pthread key destructor
  • _WIN32: self-explanatory
  • default: uses pthread_getspecific / pthread_setspecific and a key destructor

Bionic must use the final mode (emutls uses malloc, so malloc can't use emutls).

A jemalloc TSD has four explicit states:

  • uninitialized
  • nominal
  • purgatory
  • reincarnated

Summary of jemalloc cleanup states:

  • The typical state is nominal
  • On nominal cleanup: free everything but the outer TSD struct, move to purgatory state, and schedule another dtor call
  • On purgatory cleanup: free the TSD struct
  • On reincarnated cleanup: move to purgatory state and schedule another dtor call
  • Calling malloc/free moves the state from purgatory to reincarnated.

jemalloc needs 2 pthread destructor rounds to free its TSD (nominal -> purgatory, purgatory -> deallocated).

If emutls cleanup happens on round 2 instead of 3, then jemalloc can be completely deallocated at the start of round 2, then reinitialized when emutls calls free. In round 3, jemalloc would enter purgatory, and in round 4, it would be deallocated again. I *could* try to avoid this with an otherwise pointless realloc call in emutls round 1, but it doesn't seem to make thread exit that much slower. I measured a slowdown on the order of ~10-20us per thread exit.

rprichard updated this revision to Diff 147953.May 21 2018, 11:58 PM

Address chh's comments from
https://android-review.googlesource.com/c/toolchain/compiler-rt/+/683602
(change int -> uintptr_t) and add a link to my Phabricator jemalloc comment.

Harbormaster completed remote builds in B18438: Diff 147953.May 21 2018, 11:58 PM
rprichard marked 2 inline comments as done.May 21 2018, 11:59 PM
chh accepted this revision.May 22 2018, 10:01 AM

Only two minor suggestions. Everything looks fine. Thanks.

lib/builtins/emutls.c
96 ↗(On Diff #147953)

line 96 could be just emutls_setspecific(array).

373 ↗(On Diff #147953)

nit, line 373 sets array field; it's better to be nested inside the if-statement of line 371.

rprichard updated this revision to Diff 148110.May 22 2018, 2:56 PM

Avoid a NULL dereference on out-of-memory. Reuse emutls_setspecific.

rprichard marked 2 inline comments as done.May 22 2018, 3:01 PM
rprichard added inline comments.
lib/builtins/emutls.c
373 ↗(On Diff #147953)

Good catch. I think that line could have dereferenced NULL on out-of-memory.

srhines accepted this revision.May 23 2018, 2:38 AM

Everything looks great now. Thanks again, Ryan!

echristo accepted this revision.Jun 6 2018, 3:21 PM
echristo added a subscriber: echristo.

One inline comment, but otherwise looks ok. You could also split out all of the non-bionic/skip_destructor_rounds into cleanup and other patches as well.

lib/builtins/emutls.c
27 ↗(On Diff #148110)

No links to internal bug reporting infrastructure please.

rprichard updated this revision to Diff 150222.Jun 6 2018, 4:37 PM

Remove links to bug trackers. (I think the links to the internal Google
tracker need to be removed because other members of the LLVM community can't
access them. I think I *could* keep the GitHub link, but I don't think
there's anything especially useful there.) The Phabricator link is useful,
because it explains why jemalloc needs 2 rounds.

Split out part of the change into an earlier cleanup commit.

Harbormaster completed remote builds in B19017: Diff 150222.Jun 6 2018, 4:37 PM
rprichard updated this revision to Diff 150238.Jun 6 2018, 5:57 PM

I think(?) each git commit should be a separate Phabricator review?

Harbormaster completed remote builds in B19021: Diff 150238.Jun 6 2018, 5:57 PM
rprichard added a parent revision: D47861: [builtins] emutls cleanup: determine header size using sizeof.Jun 6 2018, 5:58 PM
echristo accepted this revision.Jun 6 2018, 6:10 PM

LGTM.

rprichard retitled this revision from Delay emutls deallocation for one round to [builtins] Delay emutls deallocation for one round.Jun 7 2018, 3:46 PM
Closed by commit rL334463: [builtins] Delay emutls deallocation for one round (authored by rprichard). · Explain WhyJun 11 2018, 6:37 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
builtins/
52 lines

Diff 150877

compiler-rt/trunk/lib/builtins/emutls.c

/* ===---------- emutls.c - Implements __emutls_get_address ---------------=== /* ===---------- emutls.c - Implements __emutls_get_address ---------------===
* *
* The LLVM Compiler Infrastructure * The LLVM Compiler Infrastructure
* *
* This file is dual licensed under the MIT and the University of Illinois Open * This file is dual licensed under the MIT and the University of Illinois Open
* Source Licenses. See LICENSE.TXT for details. * Source Licenses. See LICENSE.TXT for details.
* *
* ===----------------------------------------------------------------------=== * ===----------------------------------------------------------------------===
*/ */
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "int_lib.h" #include "int_lib.h"
#include "int_util.h" #include "int_util.h"
#ifdef __BIONIC__
/* There are 4 pthread key cleanup rounds on Bionic. Delay emutls deallocation
to round 2. We need to delay deallocation because:
- Android versions older than M lack __cxa_thread_atexit_impl, so apps
use a pthread key destructor to call C++ destructors.
- Apps might use __thread/thread_local variables in pthread destructors.
We can't wait until the final two rounds, because jemalloc needs two rounds
after the final malloc/free call to free its thread-specific data (see
https://reviews.llvm.org/D46978#1107507). */
#define EMUTLS_SKIP_DESTRUCTOR_ROUNDS 1
#else
#define EMUTLS_SKIP_DESTRUCTOR_ROUNDS 0
#endif
typedef struct emutls_address_array { typedef struct emutls_address_array {
uintptr_t skip_destructor_rounds;
uintptr_t size; /* number of elements in the 'data' array */ uintptr_t size; /* number of elements in the 'data' array */
void* data[]; void* data[];
} emutls_address_array; } emutls_address_array;
static void emutls_shutdown(emutls_address_array *array); static void emutls_shutdown(emutls_address_array *array);
#ifndef _WIN32 #ifndef _WIN32
Show All 34 Lines
#if EMUTLS_USE_POSIX_MEMALIGN #if EMUTLS_USE_POSIX_MEMALIGN
free(base); free(base);
#else #else
/* The mallocated address is in ((void**)base)[-1] */ /* The mallocated address is in ((void**)base)[-1] */
free(((void**)base)[-1]); free(((void**)base)[-1]);
#endif #endif
} }
static __inline void emutls_setspecific(emutls_address_array *value) {
pthread_setspecific(emutls_pthread_key, (void*) value);
}
static __inline emutls_address_array* emutls_getspecific() {
return (emutls_address_array*) pthread_getspecific(emutls_pthread_key);
}
static void emutls_key_destructor(void* ptr) { static void emutls_key_destructor(void* ptr) {
emutls_shutdown((emutls_address_array*)ptr); emutls_address_array *array = (emutls_address_array*)ptr;
if (array->skip_destructor_rounds > 0) {
/* emutls is deallocated using a pthread key destructor. These
* destructors are called in several rounds to accommodate destructor
* functions that (re)initialize key values with pthread_setspecific.
* Delay the emutls deallocation to accommodate other end-of-thread
* cleanup tasks like calling thread_local destructors (e.g. the
* __cxa_thread_atexit fallback in libc++abi).
*/
array->skip_destructor_rounds--;
emutls_setspecific(array);
} else {
emutls_shutdown(array);
free(ptr); free(ptr);
} }
}
static __inline void emutls_init(void) { static __inline void emutls_init(void) {
if (pthread_key_create(&emutls_pthread_key, emutls_key_destructor) != 0) if (pthread_key_create(&emutls_pthread_key, emutls_key_destructor) != 0)
abort(); abort();
} }
static __inline void emutls_init_once(void) { static __inline void emutls_init_once(void) {
static pthread_once_t once = PTHREAD_ONCE_INIT; static pthread_once_t once = PTHREAD_ONCE_INIT;
pthread_once(&once, emutls_init); pthread_once(&once, emutls_init);
} }
static __inline void emutls_lock() { static __inline void emutls_lock() {
pthread_mutex_lock(&emutls_mutex); pthread_mutex_lock(&emutls_mutex);
} }
static __inline void emutls_unlock() { static __inline void emutls_unlock() {
pthread_mutex_unlock(&emutls_mutex); pthread_mutex_unlock(&emutls_mutex);
} }
static __inline void emutls_setspecific(emutls_address_array *value) {
pthread_setspecific(emutls_pthread_key, (void*) value);
}
static __inline emutls_address_array* emutls_getspecific() {
return (emutls_address_array*) pthread_getspecific(emutls_pthread_key);
}
#else /* _WIN32 */ #else /* _WIN32 */
#include <windows.h> #include <windows.h>
#include <malloc.h> #include <malloc.h>
#include <stdio.h> #include <stdio.h>
#include <assert.h> #include <assert.h>
static LPCRITICAL_SECTION emutls_mutex; static LPCRITICAL_SECTION emutls_mutex;
▲ Show 20 LinesShow All 226 Lines▼ Show 20 Lines
* Extends its size if necessary to hold address at index. * Extends its size if necessary to hold address at index.
*/ */
static __inline emutls_address_array * static __inline emutls_address_array *
emutls_get_address_array(uintptr_t index) { emutls_get_address_array(uintptr_t index) {
emutls_address_array* array = emutls_getspecific(); emutls_address_array* array = emutls_getspecific();
if (array == NULL) { if (array == NULL) {
uintptr_t new_size = emutls_new_data_array_size(index); uintptr_t new_size = emutls_new_data_array_size(index);
array = (emutls_address_array*) malloc(emutls_asize(new_size)); array = (emutls_address_array*) malloc(emutls_asize(new_size));
if (array) if (array) {
memset(array->data, 0, new_size * sizeof(void*)); memset(array->data, 0, new_size * sizeof(void*));
array->skip_destructor_rounds = EMUTLS_SKIP_DESTRUCTOR_ROUNDS;
}
emutls_check_array_set_size(array, new_size); emutls_check_array_set_size(array, new_size);
} else if (index > array->size) { } else if (index > array->size) {
uintptr_t orig_size = array->size; uintptr_t orig_size = array->size;
uintptr_t new_size = emutls_new_data_array_size(index); uintptr_t new_size = emutls_new_data_array_size(index);
array = (emutls_address_array*) realloc(array, emutls_asize(new_size)); array = (emutls_address_array*) realloc(array, emutls_asize(new_size));
if (array) if (array)
memset(array->data + orig_size, 0, memset(array->data + orig_size, 0,
(new_size - orig_size) * sizeof(void*)); (new_size - orig_size) * sizeof(void*));
Show All 12 Lines