This is an archive of the discontinued LLVM Phabricator instance.

Differential D76099

[Clang][Driver] In -fintegrated-cc1 mode, avoid crashing on exit after a compiler crash
ClosedPublic

Authored by aganea on Mar 12 2020, 2:16 PM.

Details

Reviewers
rnk
hans
hubert.reinterpretcast
daltenty
Commits
rG92f7aebe2d7e: [Clang][Driver] In -fintegrated-cc1 mode, avoid crashing on exit after a…
rG28ad9fc20823: [Clang][Driver] In -fintegrated-cc1 mode, avoid crashing on exit after a…
Summary

As reported here: https://reviews.llvm.org/D69825#1916865 and in PR45164, in case of a compiler crash, Clang now reports a second crash related to TimerGroups. The crash is caused by the TimerGroup's internal linked list which still points to already freed stack frames, which were unwind by longjmp() (or SEH on Windows) after the first compiler crash.

There's a second crash, not seen in PR45164, which happens when llvm_shutdown is called: the static DefaultTimerGroup object is destroyed which causes more iterating through the TimerGroups.

With this patch, we now 'steal' the TimeGroup instance from DefaultTimerGroup and prevent any further iteration of the timers after the initial crash.

Diff Detail

Event Timeline

aganea created this revision.Mar 12 2020, 2:16 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptMar 12 2020, 2:16 PM
Herald added subscribers: llvm-commits, cfe-commits, hiraditya. · View Herald Transcript
rnk accepted this revision.Mar 12 2020, 5:47 PM

lgtm

The timer linked list is an interesting complication.

This revision is now accepted and ready to land.Mar 12 2020, 5:47 PM
hans accepted this revision.Mar 13 2020, 3:13 AM
Closed by commit rG28ad9fc20823: [Clang][Driver] In -fintegrated-cc1 mode, avoid crashing on exit after a… (authored by aganea). · Explain WhyMar 13 2020, 5:46 AM
This revision was automatically updated to reflect the committed changes.
aganea added a comment.Mar 13 2020, 7:23 AM

Looks like there's a memory corruption detected by ASAN, but I'm not sure it's related to my change. Maybe someone with a more expert eye could tell?

http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/26137/steps/check-asan%20in%20gcc%20build/logs/stdio

hans added a comment.Mar 13 2020, 8:31 AM
In D76099#1921571, @aganea wrote:

Looks like there's a memory corruption detected by ASAN, but I'm not sure it's related to my change. Maybe someone with a more expert eye could tell?

http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/26137/steps/check-asan%20in%20gcc%20build/logs/stdio

The error seems to have scalar evolution (SCEV) on the stack, and there was a patch related to that in the same buildbot run (https://reviews.llvm.org/D70097), so I'm guessing that's the cause -- not your patch.

thakis added a subscriber: thakis.Mar 13 2020, 1:14 PM

Do you think this could cause errors like in https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8885934379148608192/+/steps/compile/0/stdout?format=raw ? (see also https://bugs.chromium.org/p/chromium/issues/detail?id=1061535)

aganea added a comment.Mar 13 2020, 1:35 PM

@thakis: Wasn't that issue fixed by rG18eae3312297cb197a3131f3ad9ca2bebb217415 ?

aganea added a comment.Mar 13 2020, 2:35 PM

Looks like the latest build passed: https://ci.chromium.org/p/chromium/builders/ci/ToTLinux%20%28dbg%29/11585

Revision Contents

PathSize
clang/
lib/
Lex/
3 lines
tools/
driver/
22 lines
llvm/
include/
llvm/
Support/
6 lines
5 lines
lib/
Support/
4 lines

Diff 250185

clang/lib/Lex/Pragma.cpp

Show All 36 Lines
#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/STLExtras.h" #include "llvm/ADT/STLExtras.h"
#include "llvm/ADT/SmallString.h" #include "llvm/ADT/SmallString.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/StringSwitch.h" #include "llvm/ADT/StringSwitch.h"
#include "llvm/ADT/StringRef.h" #include "llvm/ADT/StringRef.h"
#include "llvm/Support/Compiler.h" #include "llvm/Support/Compiler.h"
#include "llvm/Support/ErrorHandling.h" #include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/Timer.h"
#include <algorithm> #include <algorithm>
#include <cassert> #include <cassert>
#include <cstddef> #include <cstddef>
#include <cstdint> #include <cstdint>
#include <limits> #include <limits>
#include <string> #include <string>
#include <utility> #include <utility>
#include <vector> #include <vector>
▲ Show 20 LinesShow All 980 Lines▼ Show 20 Lines if (Tok.isNot(tok::identifier)) {
return; return;
} }
IdentifierInfo *II = Tok.getIdentifierInfo(); IdentifierInfo *II = Tok.getIdentifierInfo();
if (II->isStr("assert")) { if (II->isStr("assert")) {
if (!PP.getPreprocessorOpts().DisablePragmaDebugCrash) if (!PP.getPreprocessorOpts().DisablePragmaDebugCrash)
llvm_unreachable("This is an assertion!"); llvm_unreachable("This is an assertion!");
} else if (II->isStr("crash")) { } else if (II->isStr("crash")) {
llvm::Timer T("crash", "pragma crash");
llvm::TimeRegion R(&T);
if (!PP.getPreprocessorOpts().DisablePragmaDebugCrash) if (!PP.getPreprocessorOpts().DisablePragmaDebugCrash)
LLVM_BUILTIN_TRAP; LLVM_BUILTIN_TRAP;
} else if (II->isStr("parser_crash")) { } else if (II->isStr("parser_crash")) {
if (!PP.getPreprocessorOpts().DisablePragmaDebugCrash) { if (!PP.getPreprocessorOpts().DisablePragmaDebugCrash) {
Token Crasher; Token Crasher;
Crasher.startToken(); Crasher.startToken();
Crasher.setKind(tok::annot_pragma_parser_crash); Crasher.setKind(tok::annot_pragma_parser_crash);
Crasher.setAnnotationRange(SourceRange(Tok.getLocation())); Crasher.setAnnotationRange(SourceRange(Tok.getLocation()));
▲ Show 20 LinesShow All 869 LinesShow Last 20 Lines

clang/tools/driver/driver.cpp

Show All 24 Lines
#include "clang/Frontend/TextDiagnosticPrinter.h" #include "clang/Frontend/TextDiagnosticPrinter.h"
#include "clang/Frontend/Utils.h" #include "clang/Frontend/Utils.h"
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallString.h" #include "llvm/ADT/SmallString.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/Option/ArgList.h" #include "llvm/Option/ArgList.h"
#include "llvm/Option/OptTable.h" #include "llvm/Option/OptTable.h"
#include "llvm/Option/Option.h" #include "llvm/Option/Option.h"
#include "llvm/Support/BuryPointer.h"
#include "llvm/Support/CommandLine.h" #include "llvm/Support/CommandLine.h"
#include "llvm/Support/CrashRecoveryContext.h" #include "llvm/Support/CrashRecoveryContext.h"
#include "llvm/Support/ErrorHandling.h" #include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/FileSystem.h" #include "llvm/Support/FileSystem.h"
#include "llvm/Support/Host.h" #include "llvm/Support/Host.h"
#include "llvm/Support/InitLLVM.h" #include "llvm/Support/InitLLVM.h"
#include "llvm/Support/Path.h" #include "llvm/Support/Path.h"
#include "llvm/Support/Process.h" #include "llvm/Support/Process.h"
▲ Show 20 LinesShow All 445 Lines▼ Show 20 Linesint main(int argc_, const char **argv_) {
if (!UseNewCC1Process) { if (!UseNewCC1Process) {
TheDriver.CC1Main = &ExecuteCC1Tool; TheDriver.CC1Main = &ExecuteCC1Tool;
// Ensure the CC1Command actually catches cc1 crashes // Ensure the CC1Command actually catches cc1 crashes
llvm::CrashRecoveryContext::Enable(); llvm::CrashRecoveryContext::Enable();
} }
std::unique_ptr<Compilation> C(TheDriver.BuildCompilation(argv)); std::unique_ptr<Compilation> C(TheDriver.BuildCompilation(argv));
int Res = 1; int Res = 1;
bool IsCrash = false;
if (C && !C->containsError()) { if (C && !C->containsError()) {
SmallVector<std::pair<int, const Command *>, 4> FailingCommands; SmallVector<std::pair<int, const Command *>, 4> FailingCommands;
Res = TheDriver.ExecuteCompilation(*C, FailingCommands); Res = TheDriver.ExecuteCompilation(*C, FailingCommands);
// Force a crash to test the diagnostics. // Force a crash to test the diagnostics.
if (TheDriver.GenReproducer) { if (TheDriver.GenReproducer) {
Diags.Report(diag::err_drv_force_crash) Diags.Report(diag::err_drv_force_crash)
<< !::getenv("FORCE_CLANG_DIAGNOSTICS_CRASH"); << !::getenv("FORCE_CLANG_DIAGNOSTICS_CRASH");
Show All 10 Lines for (const auto &P : FailingCommands) {
const Command *FailingCommand = P.second; const Command *FailingCommand = P.second;
if (!Res) if (!Res)
Res = CommandRes; Res = CommandRes;
// If result status is < 0, then the driver command signalled an error. // If result status is < 0, then the driver command signalled an error.
// If result status is 70, then the driver command reported a fatal error. // If result status is 70, then the driver command reported a fatal error.
// On Windows, abort will return an exit code of 3. In these cases, // On Windows, abort will return an exit code of 3. In these cases,
// generate additional diagnostic information if possible. // generate additional diagnostic information if possible.
bool DiagnoseCrash = CommandRes < 0 || CommandRes == 70; IsCrash = CommandRes < 0 || CommandRes == 70;
#ifdef _WIN32 #ifdef _WIN32
DiagnoseCrash |= CommandRes == 3; IsCrash |= CommandRes == 3;
#endif #endif
if (DiagnoseCrash) { if (IsCrash) {
TheDriver.generateCompilationDiagnostics(*C, *FailingCommand); TheDriver.generateCompilationDiagnostics(*C, *FailingCommand);
break; break;
} }
} }
} }
Diags.getClient()->finish(); Diags.getClient()->finish();
if (!UseNewCC1Process && IsCrash) {
// When crashing in -fintegrated-cc1 mode, bury the timer pointers, because
// the internal linked list might point to already released stack frames.
llvm::BuryPointer(llvm::TimerGroup::aquireDefaultGroup());
} else {
// If any timers were active but haven't been destroyed yet, print their // If any timers were active but haven't been destroyed yet, print their
// results now. This happens in -disable-free mode. // results now. This happens in -disable-free mode.
llvm::TimerGroup::printAll(llvm::errs()); llvm::TimerGroup::printAll(llvm::errs());
llvm::TimerGroup::clearAll(); llvm::TimerGroup::clearAll();
}
#ifdef _WIN32 #ifdef _WIN32
// Exit status should not be negative on Win32, unless abnormal termination. // Exit status should not be negative on Win32, unless abnormal termination.
// Once abnormal termination was caught, negative status should not be // Once abnormal termination was caught, negative status should not be
// propagated. // propagated.
if (Res < 0) if (Res < 0)
Res = 1; Res = 1;
#endif #endif
// If we have multiple failing commands, we return the result of the first // If we have multiple failing commands, we return the result of the first
// failing command. // failing command.
return Res; return Res;
} }

llvm/include/llvm/Support/ManagedStatic.h

Show First 20 LinesShow All 96 Lines▼ Show 20 Lines const C &operator*() const {
void *Tmp = Ptr.load(std::memory_order_acquire); void *Tmp = Ptr.load(std::memory_order_acquire);
if (!Tmp) if (!Tmp)
RegisterManagedStatic(Creator::call, Deleter::call); RegisterManagedStatic(Creator::call, Deleter::call);
return *static_cast<C *>(Ptr.load(std::memory_order_relaxed)); return *static_cast<C *>(Ptr.load(std::memory_order_relaxed));
} }
const C *operator->() const { return &**this; } const C *operator->() const { return &**this; }
// Extract the instance, leaving the ManagedStatic uninitialized. The
// user is then responsible for the lifetime of the returned instance.
C *claim() {
return static_cast<C *>(Ptr.exchange(nullptr));
}
}; };
/// llvm_shutdown - Deallocate and destroy all ManagedStatic variables. /// llvm_shutdown - Deallocate and destroy all ManagedStatic variables.
void llvm_shutdown(); void llvm_shutdown();
/// llvm_shutdown_obj - This is a simple helper class that calls /// llvm_shutdown_obj - This is a simple helper class that calls
/// llvm_shutdown() when it is destroyed. /// llvm_shutdown() when it is destroyed.
struct llvm_shutdown_obj { struct llvm_shutdown_obj {
llvm_shutdown_obj() = default; llvm_shutdown_obj() = default;
~llvm_shutdown_obj() { llvm_shutdown(); } ~llvm_shutdown_obj() { llvm_shutdown(); }
}; };
} // end namespace llvm } // end namespace llvm
#endif // LLVM_SUPPORT_MANAGEDSTATIC_H #endif // LLVM_SUPPORT_MANAGEDSTATIC_H

llvm/include/llvm/Support/Timer.h

Show First 20 LinesShow All 224 Lines▼ Show 20 Linespublic:
/// Prints all timers as JSON key/value pairs. /// Prints all timers as JSON key/value pairs.
static const char *printAllJSONValues(raw_ostream &OS, const char *delim); static const char *printAllJSONValues(raw_ostream &OS, const char *delim);
/// Ensure global timer group lists are initialized. This function is mostly /// Ensure global timer group lists are initialized. This function is mostly
/// used by the Statistic code to influence the construction and destruction /// used by the Statistic code to influence the construction and destruction
/// order of the global timer lists. /// order of the global timer lists.
static void ConstructTimerLists(); static void ConstructTimerLists();
/// This makes the default group unmanaged, and lets the user manage the
/// group's lifetime.
static std::unique_ptr<TimerGroup> aquireDefaultGroup();
private: private:
friend class Timer; friend class Timer;
friend void PrintStatisticsJSON(raw_ostream &OS); friend void PrintStatisticsJSON(raw_ostream &OS);
void addTimer(Timer &T); void addTimer(Timer &T);
void removeTimer(Timer &T); void removeTimer(Timer &T);
void prepareToPrintList(bool reset_time = false); void prepareToPrintList(bool reset_time = false);
void PrintQueuedTimers(raw_ostream &OS); void PrintQueuedTimers(raw_ostream &OS);
void printJSONValue(raw_ostream &OS, const PrintRecord &R, void printJSONValue(raw_ostream &OS, const PrintRecord &R,
const char *suffix, double Value); const char *suffix, double Value);
}; };
} // end namespace llvm } // end namespace llvm
#endif #endif

llvm/lib/Support/Timer.cpp

Show First 20 LinesShow All 436 Lines▼ Show 20 Linesconst char *TimerGroup::printAllJSONValues(raw_ostream &OS, const char *delim) {
for (TimerGroup *TG = TimerGroupList; TG; TG = TG->Next) for (TimerGroup *TG = TimerGroupList; TG; TG = TG->Next)
delim = TG->printJSONValues(OS, delim); delim = TG->printJSONValues(OS, delim);
return delim; return delim;
} }
void TimerGroup::ConstructTimerLists() { void TimerGroup::ConstructTimerLists() {
(void)*NamedGroupedTimers; (void)*NamedGroupedTimers;
} }
std::unique_ptr<TimerGroup> TimerGroup::aquireDefaultGroup() {
return std::unique_ptr<TimerGroup>(DefaultTimerGroup.claim());
}