This is an archive of the discontinued LLVM Phabricator instance.

Differential D72549

[TSan] Register threads created via pthread_create_from_mach_thread()
AcceptedPublic

Authored by yln on Jan 10 2020, 6:04 PM.

Details

Reviewers
MadCoder
kubamracek
samsonov
dvyukov
delcypher
dcoughlin
aralisza
Summary

On Darwin, TSan was crashing on the first call into the runtime from
any thread created via pthread_create_from_mach_thread() SPI. These
threads were uninitialized, because TSan could not observe their
creation. This meant that TSan crashed for Xcode's SwiftUI preview
(which uses remote code injection).

Threads created via pthread_create_from_mach_thread() bypass the
pthread_create() interceptor / __tsan_thread_start_func() thread
function wrapper that usually ensures that threads are properly
registered. In addition, we don't receive THREAD_CREATE/DESTROY events
in our pthread introspection hooks. The reason for this is that those
would run in the context of the parent mach thread which makes them not
very useful.

Adding an interceptor for this SPI is not sufficient; it is typically
looked up in the parent process and then marshalled into the
instrumented process.

This change uses the following strategy to register these threads. When
observing the THREAD_CREATE event, we attach enough information to the
thread that is being created (using the new
pthread_introspection_setspecific_np() API) so that in THREAD_START
we can identify how the thread that we are on was actually created. For
regular threads and GCD workers there will be identifying information,
for "special" threads (threads for which we are unable to observe
creation, e.g., threads created via pthread_create_from_mach_thread()
from a Mach thread) the absence of this information lets us infer that
they are special.

If pthread_introspection_setspecific_np() is not available (running on
older OS), we fallback to the previous behavior: registering GCD threads
during THREAD_CREATE and doing nothing for THREAD_START.

rdar://58425782

Diff Detail

Event Timeline

yln created this revision.Jan 10 2020, 6:04 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptJan 10 2020, 6:04 PM
Herald added subscribers: llvm-commits, Restricted Project, jfb. · View Herald Transcript
yln mentioned this in D72305: [TSan] The "thread_terminate" event is delivered on the terminating thread.Jan 10 2020, 6:08 PM
Harbormaster completed remote builds in B43747: Diff 237468.Jan 10 2020, 6:09 PM
yln added reviewers: MadCoder, kubamracek, samsonov, dvyukov, delcypher, dcoughlin.Jan 10 2020, 6:10 PM
yln mentioned this in D72108: [TSan] Initialize injected mach threads.Jan 10 2020, 6:16 PM
MadCoder accepted this revision.Jan 11 2020, 10:48 AM
MadCoder added inline comments.
compiler-rt/lib/tsan/rtl/tsan_platform_mac.cpp
208

nit: it should be void * not const void * ;) but it really doesn't matter for you

This revision is now accepted and ready to land.Jan 11 2020, 10:48 AM
yln marked 2 inline comments as done.Jan 13 2020, 9:55 AM
yln added inline comments.
compiler-rt/lib/tsan/rtl/tsan_platform_mac.cpp
208

Thanks! Fixed.

yln updated this revision to Diff 237719.Jan 13 2020, 10:03 AM
yln marked an inline comment as done.

Fixed signature of pthread_setspecific_introspection_np and added
CHECK_EQ(res, 0); to ensure the call to it succeeds.

Harbormaster completed remote builds in B43846: Diff 237719.Jan 13 2020, 10:07 AM
yln updated this revision to Diff 336990.Apr 12 2021, 4:35 PM

Replace usage of magic constants with actual API.

Herald added a subscriber: Charusso. · View Herald TranscriptApr 12 2021, 4:35 PM
yln retitled this revision from [TSan] Register threads created via pthread_create_from_mach_thread to [TSan] Register threads created via pthread_create_from_mach_thread().Apr 12 2021, 4:36 PM
yln edited the summary of this revision. (Show Details)
yln added a reviewer: aralisza.
yln updated this revision to Diff 336992.Apr 12 2021, 4:56 PM

Skipping test when running on old OS.

Harbormaster completed remote builds in B98380: Diff 336990.Apr 12 2021, 5:17 PM
Harbormaster completed remote builds in B98382: Diff 336992.Apr 12 2021, 5:24 PM
dvyukov accepted this revision.Apr 13 2021, 11:42 PM
yln updated this revision to Diff 339069.Apr 20 2021, 6:35 PM

Remove default: UNREACHABLE("unknown event"); switch case to avoid crashes in case enum gets extended in the future.

Harbormaster completed remote builds in B99865: Diff 339069.Apr 20 2021, 7:33 PM
kubamracek accepted this revision.Apr 20 2021, 8:31 PM

LGTM, thanks!

Revision Contents

PathSize
compiler-rt/
lib/
tsan/
rtl/
134 lines
1 line
3 lines
test/
tsan/
Darwin/
98 lines

Diff 237468

compiler-rt/lib/tsan/rtl/tsan_platform_mac.cpp

Show All 20 Lines
#include "sanitizer_common/sanitizer_procmaps.h" #include "sanitizer_common/sanitizer_procmaps.h"
#include "sanitizer_common/sanitizer_stackdepot.h" #include "sanitizer_common/sanitizer_stackdepot.h"
#include "tsan_platform.h" #include "tsan_platform.h"
#include "tsan_rtl.h" #include "tsan_rtl.h"
#include "tsan_flags.h" #include "tsan_flags.h"
#include <mach/mach.h> #include <mach/mach.h>
#include <pthread.h> #include <pthread.h>
#include <pthread/introspection.h>
#include <signal.h> #include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdarg.h> #include <stdarg.h>
#include <sys/mman.h> #include <sys/mman.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#include <sys/time.h> #include <sys/time.h>
▲ Show 20 LinesShow All 148 Lines▼ Show 20 Lines
#endif #endif
stacks->n_uniq_ids, stacks->allocated / 1024, stacks->n_uniq_ids, stacks->allocated / 1024,
nthread, nlive); nthread, nlive);
} }
#if !SANITIZER_GO #if !SANITIZER_GO
void InitializeShadowMemoryPlatform() { } void InitializeShadowMemoryPlatform() { }
// On OS X, GCD worker threads are created without a call to pthread_create. We static void InitializeThread(pthread_t thread, ThreadType type) {
// need to properly register these threads with ThreadCreate and ThreadStart.
// These threads don't have a parent thread, as they are created "spuriously".
// We're using a libpthread API that notifies us about a newly created thread.
// The `thread == pthread_self()` check indicates this is actually a worker
// thread. If it's just a regular thread, this hook is called on the parent
// thread.
typedef void (*pthread_introspection_hook_t)(unsigned int event,
pthread_t thread, void *addr,
size_t size);
extern "C" pthread_introspection_hook_t pthread_introspection_hook_install(
pthread_introspection_hook_t hook);
static const uptr PTHREAD_INTROSPECTION_THREAD_CREATE = 1;
static const uptr PTHREAD_INTROSPECTION_THREAD_TERMINATE = 3;
static pthread_introspection_hook_t prev_pthread_introspection_hook;
static void my_pthread_introspection_hook(unsigned int event, pthread_t thread,
void *addr, size_t size) {
if (event == PTHREAD_INTROSPECTION_THREAD_CREATE) {
if (thread == pthread_self()) {
// The current thread is a newly created GCD worker thread.
ThreadState *thr = cur_thread(); ThreadState *thr = cur_thread();
Processor *proc = ProcCreate(); Processor *proc = ProcCreate();
ProcWire(proc, thr); ProcWire(proc, thr);
ThreadState *parent_thread_state = nullptr; // No parent. ThreadState *parent = nullptr; // No parent
int tid = ThreadCreate(parent_thread_state, 0, (uptr)thread, true); int tid = ThreadCreate(parent, /*pc=*/0x0, (uptr)thread, /*detached=*/true);
CHECK_NE(tid, 0); CHECK_NE(tid, 0);
ThreadStart(thr, tid, GetTid(), ThreadType::Worker); ThreadStart(thr, tid, GetTid(), type);
} }
} else if (event == PTHREAD_INTROSPECTION_THREAD_TERMINATE) {
if (thread == pthread_self()) { // rdar://58497482: In the future, the OS will provide this function (or
ThreadState *thr = cur_thread(); // similar).
if (thr->tctx) { static int pthread_setspecific_introspection_np(pthread_t thread,
pthread_key_t key,
const void *value) {
MadCoderUnsubmitted
Done
ReplyInline Actions

nit: it should be void * not const void * ;) but it really doesn't matter for you

MadCoder: nit: it should be `void *` not `const void *` ;) but it really doesn't matter for you
ylnAuthorUnsubmitted
Done
ReplyInline Actions

Thanks! Fixed.

yln: Thanks! Fixed.
// These magic values are not part of the ABI. Do not depend on them!
#if __LP64__
const unsigned tsd_offset = 224;
#else
const unsigned tsd_offset = 176;
#endif
uintptr_t *tsd_data = (uintptr_t *)((char *)thread + tsd_offset);
tsd_data[key] = (uintptr_t)value;
return 0;
}
// How was the THREAD_CREATE event delivered for this thread?
enum class CreateEvent : uptr {
Absent = 0, // Event was never delivered; indicates "special" thread.
Parent, // Delivery on parent; indicates regular thread.
Self // Delivery on the thread itself; indicates GCD worker.
};
static_assert(CreateEvent::Absent == (CreateEvent)0, "Absent must be zero");
static pthread_key_t create_type_key;
static void handle_thread_create(pthread_t thread) {
CreateEvent create =
(thread == pthread_self()) ? CreateEvent::Self : CreateEvent::Parent;
pthread_setspecific_introspection_np(thread, create_type_key,
(const void *)(uptr)create);
}
static void handle_thread_start(pthread_t thread) {
CHECK_EQ(thread, pthread_self());
CreateEvent create = (CreateEvent)(uptr)pthread_getspecific(create_type_key);
if (create == CreateEvent::Parent)
return;
CHECK(create == CreateEvent::Absent || create == CreateEvent::Self);
ThreadType type = (create == CreateEvent::Absent) ? ThreadType::Regular
: ThreadType::Worker;
InitializeThread(thread, type);
}
static void handle_thread_terminate(pthread_t thread) {
CHECK_EQ(thread, pthread_self());
if (cur_thread()->tctx)
DestroyThreadState(); DestroyThreadState();
} }
// We use the introspection API to handle threads that are not created via
// pthread_create. We also destroy *all* threads here.
// * GCD workers do not have a parent thread. For them THREAD_CREATE is
// delivered on the worker itself (for regular threads this event is delivered
// on the parent).
// * Special threads for which we are unable to observe their creation, e.g.,
// threads created from a Mach thread via pthread_create_from_mach_thread).
// For these threads, THREAD_START is the first time we see them.
static void handle_pthread_event(unsigned event, pthread_t thread) {
switch (event) {
case PTHREAD_INTROSPECTION_THREAD_CREATE:
handle_thread_create(thread);
break;
case PTHREAD_INTROSPECTION_THREAD_START:
handle_thread_start(thread);
break;
case PTHREAD_INTROSPECTION_THREAD_TERMINATE:
handle_thread_terminate(thread);
break;
case PTHREAD_INTROSPECTION_THREAD_DESTROY:
break;
default:
UNREACHABLE("unknown event");
break;
} }
} }
if (prev_pthread_introspection_hook != nullptr) static pthread_introspection_hook_t prev_pthread_introspection_hook;
static void pthread_introspection_hook(unsigned int event, pthread_t thread,
void *addr, size_t size) {
if (thread != ctx->background_thread && !ctx->currently_forking)
handle_pthread_event(event, thread);
if (prev_pthread_introspection_hook)
prev_pthread_introspection_hook(event, thread, addr, size); prev_pthread_introspection_hook(event, thread, addr, size);
} }
#endif #endif
void InitializePlatformEarly() { void InitializePlatformEarly() {
#if defined(__aarch64__) #if defined(__aarch64__)
uptr max_vm = GetMaxUserVirtualAddress() + 1; uptr max_vm = GetMaxUserVirtualAddress() + 1;
if (max_vm != Mapping::kHiAppMemEnd) { if (max_vm != Mapping::kHiAppMemEnd) {
Show All 9 Lines
void InitializePlatform() { void InitializePlatform() {
DisableCoreDumperIfNecessary(); DisableCoreDumperIfNecessary();
#if !SANITIZER_GO #if !SANITIZER_GO
CheckAndProtect(); CheckAndProtect();
CHECK_EQ(main_thread_identity, 0); CHECK_EQ(main_thread_identity, 0);
main_thread_identity = (uptr)pthread_self(); main_thread_identity = (uptr)pthread_self();
int res = pthread_key_create(&create_type_key, /*destructor=*/nullptr);
CHECK_EQ(res, 0);
prev_pthread_introspection_hook = prev_pthread_introspection_hook =
pthread_introspection_hook_install(&my_pthread_introspection_hook); pthread_introspection_hook_install(&pthread_introspection_hook);
#endif #endif
if (GetMacosVersion() >= MACOS_VERSION_MOJAVE) { if (GetMacosVersion() >= MACOS_VERSION_MOJAVE) {
// Libsystem currently uses a process-global key; this might change. // Libsystem currently uses a process-global key; this might change.
const unsigned kTLSLongjmpXorKeySlot = 0x7; const unsigned kTLSLongjmpXorKeySlot = 0x7;
longjmp_xor_key = (uptr)pthread_getspecific(kTLSLongjmpXorKeySlot); longjmp_xor_key = (uptr)pthread_getspecific(kTLSLongjmpXorKeySlot);
} }
} }
▲ Show 20 LinesShow All 56 LinesShow Last 20 Lines

compiler-rt/lib/tsan/rtl/tsan_rtl.h

Show First 20 LinesShow All 522 Lines▼ Show 20 Lines
}; };
struct Context { struct Context {
Context(); Context();
bool initialized; bool initialized;
#if !SANITIZER_GO #if !SANITIZER_GO
bool after_multithreaded_fork; bool after_multithreaded_fork;
bool currently_forking;
#endif #endif
MetaMap metamap; MetaMap metamap;
Mutex report_mtx; Mutex report_mtx;
int nreported; int nreported;
int nmissed_expected; int nmissed_expected;
atomic_uint64_t last_symbolize_time_ns; atomic_uint64_t last_symbolize_time_ns;
▲ Show 20 LinesShow All 353 LinesShow Last 20 Lines

compiler-rt/lib/tsan/rtl/tsan_rtl.cpp

Show First 20 LinesShow All 488 Lines▼ Show 20 Lines#endif
return failed ? common_flags()->exitcode : 0; return failed ? common_flags()->exitcode : 0;
} }
#if !SANITIZER_GO #if !SANITIZER_GO
void ForkBefore(ThreadState *thr, uptr pc) { void ForkBefore(ThreadState *thr, uptr pc) {
ctx->thread_registry->Lock(); ctx->thread_registry->Lock();
ctx->report_mtx.Lock(); ctx->report_mtx.Lock();
ctx->currently_forking = true;
} }
void ForkParentAfter(ThreadState *thr, uptr pc) { void ForkParentAfter(ThreadState *thr, uptr pc) {
ctx->currently_forking = false;
ctx->report_mtx.Unlock(); ctx->report_mtx.Unlock();
ctx->thread_registry->Unlock(); ctx->thread_registry->Unlock();
} }
void ForkChildAfter(ThreadState *thr, uptr pc) { void ForkChildAfter(ThreadState *thr, uptr pc) {
ctx->currently_forking = false;
ctx->report_mtx.Unlock(); ctx->report_mtx.Unlock();
ctx->thread_registry->Unlock(); ctx->thread_registry->Unlock();
uptr nthread = 0; uptr nthread = 0;
ctx->thread_registry->GetNumberOfThreads(0, 0, &nthread /* alive threads */); ctx->thread_registry->GetNumberOfThreads(0, 0, &nthread /* alive threads */);
VPrintf(1, "ThreadSanitizer: forked new process with pid %d," VPrintf(1, "ThreadSanitizer: forked new process with pid %d,"
" parent had %d threads\n", (int)internal_getpid(), (int)nthread); " parent had %d threads\n", (int)internal_getpid(), (int)nthread);
if (nthread == 1) { if (nthread == 1) {
▲ Show 20 LinesShow All 605 LinesShow Last 20 Lines

compiler-rt/test/tsan/Darwin/mach-thread.c

  • This file was added.
// Ensure we do not crash for threads created from a mach thread. This test is
// adapted from `libpthread/tests/pthread_create_from_mach_thread.c`.
//
// We compile two parts:
// *) Code instrumented with TSan (tsan_instrumented)
// *) Setup code
//
// The setup code first creates a mach thread (thread_create_running) and from
// this mach thread we then create a pthread (pthread_create_from_mach_thread)
// which executes TSan-instrumented code.
//
// Note: we must use two separate object files to accomplish this, because TSan
// still instruments functions (i.e, __tsan_func_entry) that contain calls to
// other functions even if we use the no_sanitize("thread") attribute or
// sanitizer blacklists. In addition, it more closely resembles the SwiftUI
// preview container and application code scenario.
// RUN: %clang_tsan %s -c -DINSTRUMENTED -o %t.instrumented
// RUN: %clang_tsan %s -c -fno-sanitize=thread -o %t.setup
// RUN: %clang_tsan %t.instrumented %t.setup -o %t
// RUN: %run %t 2>&1 | FileCheck %s --implicit-check-not='ThreadSanitizer'
//
// CHECK: Mach thread started.
// CHECK: Created pthread from mach thread.
#include <assert.h>
#include <mach/mach.h>
#include <pthread.h>
#include <pthread_spis.h>
#include <stdio.h>
#include <stdlib.h>
#if defined(INSTRUMENTED)
void *tsan_instrumented(void *arg) {
printf("Created pthread from mach thread.\n");
exit(0);
}
#else
void *tsan_instrumented(void *arg);
static const uint32_t stack_size = 1024;
static uint64_t stack[stack_size] __attribute__((aligned(16)));
// Ideally, we would want to printf+CHECK here, but we can't do anything useful
// from the context of the mach thread. It has no TSDs, and we can't malloc
// or syscall. So just call the SPI under test.
static void *mach_bootstrap(void *arg) {
pthread_t thread;
int res =
pthread_create_from_mach_thread(&thread, NULL, tsan_instrumented, NULL);
assert(res == 0);
while (1) {
swtch_pri(0); // mach_yield
}
}
int main(int argc, const char *argv[]) {
// Setup thread state
thread_state_flavor_t flavor;
mach_msg_type_number_t sate_count;
uintptr_t stack_top = (uintptr_t)&stack[stack_size];
assert((stack_top & 0xF) == 0); // Ensure 16-byte alignment
#if defined(__x86_64__)
flavor = x86_THREAD_STATE64;
sate_count = x86_THREAD_STATE64_COUNT;
x86_thread_state64_t state = {
.__rip = (uint64_t)&mach_bootstrap,
// Must be 16-byte-off-by-8 aligned <rdar://problem/15886599>
.__rsp = stack_top - 8,
};
#elif defined(__arm64__)
flavor = ARM_THREAD_STATE64;
sate_count = ARM_THREAD_STATE64_COUNT;
arm_thread_state64_t state = { };
arm_thread_state64_set_pc_fptr(state, &mach_bootstrap);
arm_thread_state64_set_sp(state, stack_top);
#else
# error Unsupported architecture
#endif
task_t parent = mach_task_self();
thread_state_t state_ptr = (thread_state_t)&state;
thread_act_t thread;
kern_return_t ret = thread_create_running(
parent, flavor, state_ptr, sate_count, &thread);
assert(ret == KERN_SUCCESS);
printf("Mach thread started. Waiting..\n");
while (1) {
sched_yield();
}
return 1;
}
#endif // defined(INSTRUMENTED)