Author: Dan Liew Date: 2021-01-22T23:34:43-08:00 New Revision: 596d534ac3524052df210be8d3c01a33b2260a42
URL: https://github.com/llvm/llvm-project/commit/596d534ac3524052df210be8d3c01a33b2260a42 DIFF: https://github.com/llvm/llvm-project/commit/596d534ac3524052df210be8d3c01a33b2260a42.diff LOG: [ASan] Stop blocking child thread progress from parent thread in `pthread_create` interceptor. Previously in ASan's `pthread_create` interceptor we would block in the `pthread_create` interceptor waiting for the child thread to start. Unfortunately this has bad performance characteristics because the OS scheduler doesn't know the relationship between the parent and child thread (i.e. the parent thread cannot make progress until the child thread makes progress) and may make the wrong scheduling decision which stalls progress. It turns out that ASan didn't use to block in this interceptor but was changed to do so to try to address http://llvm.org/bugs/show_bug.cgi?id=21621/. In that bug the problem being addressed was a LeakSanitizer false positive. That bug concerns a heap object being passed as `arg` to `pthread_create`. If: * The calling thread loses a live reference to the object (e.g. `pthread_create` finishes and the thread no longer has a live reference to the object). * Leak checking is triggered. * The child thread has not yet started (once it starts it will have a live reference). then the heap object will incorrectly appear to be leaked. This bug is covered by the `lsan/TestCases/leak_check_before_thread_started.cpp` test case. In b029c5101fb49b3577a1c322f42ef9fc616f25bf ASan was changed to block in `pthread_create()` until the child thread starts so that `arg` is kept alive for the purposes of leaking check. While this change "works" its problematic due to the performance problems it causes. The change is also completely unnecessary if leak checking is disabled (via detect_leaks runtime option or CAN_SANITIZE_LEAKS compile time config). This patch does two things: 1. Takes a different approach to solving the leak false positive by making LSan's leak checking mechanism treat the `arg` pointer of created but not started threads as reachable. This is done by implementing the `ForEachRegisteredThreadContextCb` callback for ASan. 2. Removes the blocking behaviour in the ASan `pthread_create` interceptor. rdar://problem/63537240 Differential Revision: https://reviews.llvm.org/D95184 Added: Modified: compiler-rt/lib/asan/asan_allocator.cpp compiler-rt/lib/asan/asan_interceptors.cpp compiler-rt/lib/asan/asan_thread.cpp compiler-rt/lib/asan/asan_thread.h Removed: ################################################################################ diff --git a/compiler-rt/lib/asan/asan_allocator.cpp b/compiler-rt/lib/asan/asan_allocator.cpp index 4da697835870..cd97b37652f8 100644 --- a/compiler-rt/lib/asan/asan_allocator.cpp +++ b/compiler-rt/lib/asan/asan_allocator.cpp @@ -1185,12 +1185,30 @@ IgnoreObjectResult IgnoreObjectLocked(const void *p) { } void GetAdditionalThreadContextPtrs(ThreadContextBase *tctx, void *ptrs) { - // This function can be used to treat memory reachable from `tctx` as live. - // This is useful for threads that have been created but not yet started. - - // This is currently a no-op because the ASan `pthread_create()` interceptor - // blocks until the child thread starts which keeps the thread's `arg` pointer - // live. + // Look for the arg pointer of threads that have been created or are running. + // This is necessary to prevent false positive leaks due to the AsanThread + // holding the only live reference to a heap object. This can happen because + // the `pthread_create()` interceptor doesn't wait for the child thread to + // start before returning and thus loosing the the only live reference to the + // heap object on the stack. + + __asan::AsanThreadContext *atctx = + reinterpret_cast<__asan::AsanThreadContext *>(tctx); + __asan::AsanThread *asan_thread = atctx->thread; + + // Note ThreadStatusRunning is required because there is a small window where + // the thread status switches to `ThreadStatusRunning` but the `arg` pointer + // still isn't on the stack yet. + if (atctx->status != ThreadStatusCreated && + atctx->status != ThreadStatusRunning) + return; + + uptr thread_arg = reinterpret_cast<uptr>(asan_thread->get_arg()); + if (!thread_arg) + return; + + auto ptrsVec = reinterpret_cast<InternalMmapVector<uptr> *>(ptrs); + ptrsVec->push_back(thread_arg); } } // namespace __lsan diff --git a/compiler-rt/lib/asan/asan_interceptors.cpp b/compiler-rt/lib/asan/asan_interceptors.cpp index b19cf25c7cd0..cd07d51878b1 100644 --- a/compiler-rt/lib/asan/asan_interceptors.cpp +++ b/compiler-rt/lib/asan/asan_interceptors.cpp @@ -189,20 +189,11 @@ DECLARE_REAL_AND_INTERCEPTOR(void, free, void *) #include "sanitizer_common/sanitizer_common_syscalls.inc" #include "sanitizer_common/sanitizer_syscalls_netbsd.inc" -struct ThreadStartParam { - atomic_uintptr_t t; - atomic_uintptr_t is_registered; -}; - #if ASAN_INTERCEPT_PTHREAD_CREATE static thread_return_t THREAD_CALLING_CONV asan_thread_start(void *arg) { - ThreadStartParam *param = reinterpret_cast<ThreadStartParam *>(arg); - AsanThread *t = nullptr; - while ((t = reinterpret_cast<AsanThread *>( - atomic_load(¶m->t, memory_order_acquire))) == nullptr) - internal_sched_yield(); + AsanThread *t = (AsanThread *)arg; SetCurrentThread(t); - return t->ThreadStart(GetTid(), ¶m->is_registered); + return t->ThreadStart(GetTid()); } INTERCEPTOR(int, pthread_create, void *thread, @@ -215,9 +206,11 @@ INTERCEPTOR(int, pthread_create, void *thread, int detached = 0; if (attr) REAL(pthread_attr_getdetachstate)(attr, &detached); - ThreadStartParam param; - atomic_store(¶m.t, 0, memory_order_relaxed); - atomic_store(¶m.is_registered, 0, memory_order_relaxed); + + u32 current_tid = GetCurrentTidOrInvalid(); + AsanThread *t = + AsanThread::Create(start_routine, arg, current_tid, &stack, detached); + int result; { // Ignore all allocations made by pthread_create: thread stack/TLS may be @@ -227,21 +220,13 @@ INTERCEPTOR(int, pthread_create, void *thread, #if CAN_SANITIZE_LEAKS __lsan::ScopedInterceptorDisabler disabler; #endif - result = REAL(pthread_create)(thread, attr, asan_thread_start, ¶m); + result = REAL(pthread_create)(thread, attr, asan_thread_start, t); } - if (result == 0) { - u32 current_tid = GetCurrentTidOrInvalid(); - AsanThread *t = - AsanThread::Create(start_routine, arg, current_tid, &stack, detached); - atomic_store(¶m.t, reinterpret_cast<uptr>(t), memory_order_release); - // Wait until the AsanThread object is initialized and the ThreadRegistry - // entry is in "started" state. One reason for this is that after this - // interceptor exits, the child thread's stack may be the only thing holding - // the |arg| pointer. This may cause LSan to report a leak if leak checking - // happens at a point when the interceptor has already exited, but the stack - // range for the child thread is not yet known. - while (atomic_load(¶m.is_registered, memory_order_acquire) == 0) - internal_sched_yield(); + if (result != 0) { + // If the thread didn't start delete the AsanThread to avoid leaking it. + // Note AsanThreadContexts never get destroyed so the AsanThreadContext + // that was just created for the AsanThread is wasted. + t->Destroy(); } return result; } diff --git a/compiler-rt/lib/asan/asan_thread.cpp b/compiler-rt/lib/asan/asan_thread.cpp index fb09af0eccab..19ac6c1627ca 100644 --- a/compiler-rt/lib/asan/asan_thread.cpp +++ b/compiler-rt/lib/asan/asan_thread.cpp @@ -253,12 +253,9 @@ void AsanThread::Init(const InitOptions *options) { // SetThreadStackAndTls. #if !SANITIZER_FUCHSIA && !SANITIZER_RTEMS -thread_return_t AsanThread::ThreadStart( - tid_t os_id, atomic_uintptr_t *signal_thread_is_registered) { +thread_return_t AsanThread::ThreadStart(tid_t os_id) { Init(); asanThreadRegistry().StartThread(tid(), os_id, ThreadType::Regular, nullptr); - if (signal_thread_is_registered) - atomic_store(signal_thread_is_registered, 1, memory_order_release); if (common_flags()->use_sigaltstack) SetAlternateSignalStack(); @@ -288,8 +285,7 @@ AsanThread *CreateMainThread() { /* start_routine */ nullptr, /* arg */ nullptr, /* parent_tid */ 0, /* stack */ nullptr, /* detached */ true); SetCurrentThread(main_thread); - main_thread->ThreadStart(internal_getpid(), - /* signal_thread_is_registered */ nullptr); + main_thread->ThreadStart(internal_getpid()); return main_thread; } diff --git a/compiler-rt/lib/asan/asan_thread.h b/compiler-rt/lib/asan/asan_thread.h index ea58de4216a4..c33955eee367 100644 --- a/compiler-rt/lib/asan/asan_thread.h +++ b/compiler-rt/lib/asan/asan_thread.h @@ -69,8 +69,7 @@ class AsanThread { struct InitOptions; void Init(const InitOptions *options = nullptr); - thread_return_t ThreadStart(tid_t os_id, - atomic_uintptr_t *signal_thread_is_registered); + thread_return_t ThreadStart(tid_t os_id); uptr stack_top(); uptr stack_bottom(); @@ -132,6 +131,8 @@ class AsanThread { void *extra_spill_area() { return &extra_spill_area_; } + void *get_arg() { return arg_; } + private: // NOTE: There is no AsanThread constructor. It is allocated // via mmap() and *must* be valid in zero-initialized state. _______________________________________________ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
