1 //===-- tsan_interceptors.cc ----------------------------------------------===//
2 //
3 // This file is distributed under the University of Illinois Open Source
4 // License. See LICENSE.TXT for details.
5 //
6 //===----------------------------------------------------------------------===//
7 //
8 // This file is a part of ThreadSanitizer (TSan), a race detector.
9 //
10 // FIXME: move as many interceptors as possible into
11 // sanitizer_common/sanitizer_common_interceptors.inc
12 //===----------------------------------------------------------------------===//
13
14 #include "sanitizer_common/sanitizer_atomic.h"
15 #include "sanitizer_common/sanitizer_libc.h"
16 #include "sanitizer_common/sanitizer_linux.h"
17 #include "sanitizer_common/sanitizer_platform_limits_posix.h"
18 #include "sanitizer_common/sanitizer_placement_new.h"
19 #include "sanitizer_common/sanitizer_stacktrace.h"
20 #include "interception/interception.h"
21 #include "tsan_interceptors.h"
22 #include "tsan_interface.h"
23 #include "tsan_platform.h"
24 #include "tsan_suppressions.h"
25 #include "tsan_rtl.h"
26 #include "tsan_mman.h"
27 #include "tsan_fd.h"
28
29 #if SANITIZER_POSIX
30 #include "sanitizer_common/sanitizer_posix.h"
31 #endif
32
33 using namespace __tsan; // NOLINT
34
35 #if SANITIZER_FREEBSD || SANITIZER_MAC
36 #define __errno_location __error
37 #define stdout __stdoutp
38 #define stderr __stderrp
39 #endif
40
41 #if SANITIZER_FREEBSD
42 #define __libc_realloc __realloc
43 #define __libc_calloc __calloc
44 #elif SANITIZER_MAC
45 #define __libc_malloc REAL(malloc)
46 #define __libc_realloc REAL(realloc)
47 #define __libc_calloc REAL(calloc)
48 #define __libc_free REAL(free)
49 #endif
50
51 #if SANITIZER_LINUX || SANITIZER_FREEBSD
52 #define PTHREAD_CREATE_DETACHED 1
53 #elif SANITIZER_MAC
54 #define PTHREAD_CREATE_DETACHED 2
55 #endif
56
57
58 #ifdef __mips__
59 const int kSigCount = 129;
60 #else
61 const int kSigCount = 65;
62 #endif
63
64 struct my_siginfo_t {
65 // The size is determined by looking at sizeof of real siginfo_t on linux.
66 u64 opaque[128 / sizeof(u64)];
67 };
68
69 #ifdef __mips__
70 struct ucontext_t {
71 u64 opaque[768 / sizeof(u64) + 1];
72 };
73 #else
74 struct ucontext_t {
75 // The size is determined by looking at sizeof of real ucontext_t on linux.
76 u64 opaque[936 / sizeof(u64) + 1];
77 };
78 #endif
79
80 #if defined(__x86_64__) || defined(__mips__)
81 #define PTHREAD_ABI_BASE "GLIBC_2.3.2"
82 #elif defined(__aarch64__)
83 #define PTHREAD_ABI_BASE "GLIBC_2.17"
84 #endif
85
86 extern "C" int pthread_attr_init(void *attr);
87 extern "C" int pthread_attr_destroy(void *attr);
88 DECLARE_REAL(int, pthread_attr_getdetachstate, void *, void *)
89 extern "C" int pthread_attr_setstacksize(void *attr, uptr stacksize);
90 extern "C" int pthread_key_create(unsigned *key, void (*destructor)(void* v));
91 extern "C" int pthread_setspecific(unsigned key, const void *v);
92 DECLARE_REAL(int, pthread_mutexattr_gettype, void *, void *)
93 extern "C" int pthread_sigmask(int how, const __sanitizer_sigset_t *set,
94 __sanitizer_sigset_t *oldset);
95 // REAL(sigfillset) defined in common interceptors.
96 DECLARE_REAL(int, sigfillset, __sanitizer_sigset_t *set)
97 DECLARE_REAL(int, fflush, __sanitizer_FILE *fp)
98 DECLARE_REAL_AND_INTERCEPTOR(void *, malloc, uptr size)
99 DECLARE_REAL_AND_INTERCEPTOR(void, free, void *ptr)
100 extern "C" void *pthread_self();
101 extern "C" void _exit(int status);
102 extern "C" int *__errno_location();
103 extern "C" int fileno_unlocked(void *stream);
104 extern "C" void *__libc_calloc(uptr size, uptr n);
105 extern "C" void *__libc_realloc(void *ptr, uptr size);
106 extern "C" int dirfd(void *dirp);
107 #if !SANITIZER_FREEBSD
108 extern "C" int mallopt(int param, int value);
109 #endif
110 extern __sanitizer_FILE *stdout, *stderr;
111 const int PTHREAD_MUTEX_RECURSIVE = 1;
112 const int PTHREAD_MUTEX_RECURSIVE_NP = 1;
113 const int EINVAL = 22;
114 const int EBUSY = 16;
115 const int EOWNERDEAD = 130;
116 #if !SANITIZER_MAC
117 const int EPOLL_CTL_ADD = 1;
118 #endif
119 const int SIGILL = 4;
120 const int SIGABRT = 6;
121 const int SIGFPE = 8;
122 const int SIGSEGV = 11;
123 const int SIGPIPE = 13;
124 const int SIGTERM = 15;
125 #ifdef __mips__
126 const int SIGBUS = 10;
127 const int SIGSYS = 12;
128 #else
129 const int SIGBUS = 7;
130 const int SIGSYS = 31;
131 #endif
132 void *const MAP_FAILED = (void*)-1;
133 #if !SANITIZER_MAC
134 const int PTHREAD_BARRIER_SERIAL_THREAD = -1;
135 #endif
136 const int MAP_FIXED = 0x10;
137 typedef long long_t; // NOLINT
138
139 // From /usr/include/unistd.h
140 # define F_ULOCK 0 /* Unlock a previously locked region. */
141 # define F_LOCK 1 /* Lock a region for exclusive use. */
142 # define F_TLOCK 2 /* Test and lock a region for exclusive use. */
143 # define F_TEST 3 /* Test a region for other processes locks. */
144
145 #define errno (*__errno_location())
146
147 typedef void (*sighandler_t)(int sig);
148 typedef void (*sigactionhandler_t)(int sig, my_siginfo_t *siginfo, void *uctx);
149
150 struct sigaction_t {
151 #ifdef __mips__
152 u32 sa_flags;
153 #endif
154 union {
155 sighandler_t sa_handler;
156 sigactionhandler_t sa_sigaction;
157 };
158 #if SANITIZER_FREEBSD
159 int sa_flags;
160 __sanitizer_sigset_t sa_mask;
161 #else
162 __sanitizer_sigset_t sa_mask;
163 #ifndef __mips__
164 int sa_flags;
165 #endif
166 void (*sa_restorer)();
167 #endif
168 };
169
170 const sighandler_t SIG_DFL = (sighandler_t)0;
171 const sighandler_t SIG_IGN = (sighandler_t)1;
172 const sighandler_t SIG_ERR = (sighandler_t)-1;
173 #if SANITIZER_FREEBSD
174 const int SA_SIGINFO = 0x40;
175 const int SIG_SETMASK = 3;
176 #elif defined(__mips__)
177 const int SA_SIGINFO = 8;
178 const int SIG_SETMASK = 3;
179 #else
180 const int SA_SIGINFO = 4;
181 const int SIG_SETMASK = 2;
182 #endif
183
184 #define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED \
185 (!cur_thread()->is_inited)
186
187 static sigaction_t sigactions[kSigCount];
188
189 namespace __tsan {
190 struct SignalDesc {
191 bool armed;
192 bool sigaction;
193 my_siginfo_t siginfo;
194 ucontext_t ctx;
195 };
196
197 struct ThreadSignalContext {
198 int int_signal_send;
199 atomic_uintptr_t in_blocking_func;
200 atomic_uintptr_t have_pending_signals;
201 SignalDesc pending_signals[kSigCount];
202 };
203
204 // The object is 64-byte aligned, because we want hot data to be located in
205 // a single cache line if possible (it's accessed in every interceptor).
206 static ALIGNED(64) char libignore_placeholder[sizeof(LibIgnore)];
libignore()207 static LibIgnore *libignore() {
208 return reinterpret_cast<LibIgnore*>(&libignore_placeholder[0]);
209 }
210
InitializeLibIgnore()211 void InitializeLibIgnore() {
212 const SuppressionContext &supp = *Suppressions();
213 const uptr n = supp.SuppressionCount();
214 for (uptr i = 0; i < n; i++) {
215 const Suppression *s = supp.SuppressionAt(i);
216 if (0 == internal_strcmp(s->type, kSuppressionLib))
217 libignore()->AddIgnoredLibrary(s->templ);
218 }
219 libignore()->OnLibraryLoaded(0);
220 }
221
222 } // namespace __tsan
223
SigCtx(ThreadState * thr)224 static ThreadSignalContext *SigCtx(ThreadState *thr) {
225 ThreadSignalContext *ctx = (ThreadSignalContext*)thr->signal_ctx;
226 if (ctx == 0 && !thr->is_dead) {
227 ctx = (ThreadSignalContext*)MmapOrDie(sizeof(*ctx), "ThreadSignalContext");
228 MemoryResetRange(thr, (uptr)&SigCtx, (uptr)ctx, sizeof(*ctx));
229 thr->signal_ctx = ctx;
230 }
231 return ctx;
232 }
233
234 static unsigned g_thread_finalize_key;
235
ScopedInterceptor(ThreadState * thr,const char * fname,uptr pc)236 ScopedInterceptor::ScopedInterceptor(ThreadState *thr, const char *fname,
237 uptr pc)
238 : thr_(thr)
239 , pc_(pc)
240 , in_ignored_lib_(false) {
241 if (!thr_->ignore_interceptors) {
242 Initialize(thr);
243 FuncEntry(thr, pc);
244 }
245 DPrintf("#%d: intercept %s()\n", thr_->tid, fname);
246 if (!thr_->in_ignored_lib && libignore()->IsIgnored(pc)) {
247 in_ignored_lib_ = true;
248 thr_->in_ignored_lib = true;
249 ThreadIgnoreBegin(thr_, pc_);
250 }
251 }
252
~ScopedInterceptor()253 ScopedInterceptor::~ScopedInterceptor() {
254 if (in_ignored_lib_) {
255 thr_->in_ignored_lib = false;
256 ThreadIgnoreEnd(thr_, pc_);
257 }
258 if (!thr_->ignore_interceptors) {
259 ProcessPendingSignals(thr_);
260 FuncExit(thr_);
261 CheckNoLocks(thr_);
262 }
263 }
264
265 #define TSAN_INTERCEPT(func) INTERCEPT_FUNCTION(func)
266 #if SANITIZER_FREEBSD
267 # define TSAN_INTERCEPT_VER(func, ver) INTERCEPT_FUNCTION(func)
268 #else
269 # define TSAN_INTERCEPT_VER(func, ver) INTERCEPT_FUNCTION_VER(func, ver)
270 #endif
271
272 #define READ_STRING_OF_LEN(thr, pc, s, len, n) \
273 MemoryAccessRange((thr), (pc), (uptr)(s), \
274 common_flags()->strict_string_checks ? (len) + 1 : (n), false)
275
276 #define READ_STRING(thr, pc, s, n) \
277 READ_STRING_OF_LEN((thr), (pc), (s), internal_strlen(s), (n))
278
279 #define BLOCK_REAL(name) (BlockingCall(thr), REAL(name))
280
281 struct BlockingCall {
BlockingCallBlockingCall282 explicit BlockingCall(ThreadState *thr)
283 : thr(thr)
284 , ctx(SigCtx(thr)) {
285 for (;;) {
286 atomic_store(&ctx->in_blocking_func, 1, memory_order_relaxed);
287 if (atomic_load(&ctx->have_pending_signals, memory_order_relaxed) == 0)
288 break;
289 atomic_store(&ctx->in_blocking_func, 0, memory_order_relaxed);
290 ProcessPendingSignals(thr);
291 }
292 // When we are in a "blocking call", we process signals asynchronously
293 // (right when they arrive). In this context we do not expect to be
294 // executing any user/runtime code. The known interceptor sequence when
295 // this is not true is: pthread_join -> munmap(stack). It's fine
296 // to ignore munmap in this case -- we handle stack shadow separately.
297 thr->ignore_interceptors++;
298 }
299
~BlockingCallBlockingCall300 ~BlockingCall() {
301 thr->ignore_interceptors--;
302 atomic_store(&ctx->in_blocking_func, 0, memory_order_relaxed);
303 }
304
305 ThreadState *thr;
306 ThreadSignalContext *ctx;
307 };
308
TSAN_INTERCEPTOR(unsigned,sleep,unsigned sec)309 TSAN_INTERCEPTOR(unsigned, sleep, unsigned sec) {
310 SCOPED_TSAN_INTERCEPTOR(sleep, sec);
311 unsigned res = BLOCK_REAL(sleep)(sec);
312 AfterSleep(thr, pc);
313 return res;
314 }
315
TSAN_INTERCEPTOR(int,usleep,long_t usec)316 TSAN_INTERCEPTOR(int, usleep, long_t usec) {
317 SCOPED_TSAN_INTERCEPTOR(usleep, usec);
318 int res = BLOCK_REAL(usleep)(usec);
319 AfterSleep(thr, pc);
320 return res;
321 }
322
TSAN_INTERCEPTOR(int,nanosleep,void * req,void * rem)323 TSAN_INTERCEPTOR(int, nanosleep, void *req, void *rem) {
324 SCOPED_TSAN_INTERCEPTOR(nanosleep, req, rem);
325 int res = BLOCK_REAL(nanosleep)(req, rem);
326 AfterSleep(thr, pc);
327 return res;
328 }
329
330 // The sole reason tsan wraps atexit callbacks is to establish synchronization
331 // between callback setup and callback execution.
332 struct AtExitCtx {
333 void (*f)();
334 void *arg;
335 };
336
at_exit_wrapper(void * arg)337 static void at_exit_wrapper(void *arg) {
338 ThreadState *thr = cur_thread();
339 uptr pc = 0;
340 Acquire(thr, pc, (uptr)arg);
341 AtExitCtx *ctx = (AtExitCtx*)arg;
342 ((void(*)(void *arg))ctx->f)(ctx->arg);
343 __libc_free(ctx);
344 }
345
346 static int setup_at_exit_wrapper(ThreadState *thr, uptr pc, void(*f)(),
347 void *arg, void *dso);
348
TSAN_INTERCEPTOR(int,atexit,void (* f)())349 TSAN_INTERCEPTOR(int, atexit, void (*f)()) {
350 if (cur_thread()->in_symbolizer)
351 return 0;
352 // We want to setup the atexit callback even if we are in ignored lib
353 // or after fork.
354 SCOPED_INTERCEPTOR_RAW(atexit, f);
355 return setup_at_exit_wrapper(thr, pc, (void(*)())f, 0, 0);
356 }
357
TSAN_INTERCEPTOR(int,__cxa_atexit,void (* f)(void * a),void * arg,void * dso)358 TSAN_INTERCEPTOR(int, __cxa_atexit, void (*f)(void *a), void *arg, void *dso) {
359 if (cur_thread()->in_symbolizer)
360 return 0;
361 SCOPED_TSAN_INTERCEPTOR(__cxa_atexit, f, arg, dso);
362 return setup_at_exit_wrapper(thr, pc, (void(*)())f, arg, dso);
363 }
364
setup_at_exit_wrapper(ThreadState * thr,uptr pc,void (* f)(),void * arg,void * dso)365 static int setup_at_exit_wrapper(ThreadState *thr, uptr pc, void(*f)(),
366 void *arg, void *dso) {
367 AtExitCtx *ctx = (AtExitCtx*)__libc_malloc(sizeof(AtExitCtx));
368 ctx->f = f;
369 ctx->arg = arg;
370 Release(thr, pc, (uptr)ctx);
371 // Memory allocation in __cxa_atexit will race with free during exit,
372 // because we do not see synchronization around atexit callback list.
373 ThreadIgnoreBegin(thr, pc);
374 int res = REAL(__cxa_atexit)(at_exit_wrapper, ctx, dso);
375 ThreadIgnoreEnd(thr, pc);
376 return res;
377 }
378
379 #if !SANITIZER_MAC
on_exit_wrapper(int status,void * arg)380 static void on_exit_wrapper(int status, void *arg) {
381 ThreadState *thr = cur_thread();
382 uptr pc = 0;
383 Acquire(thr, pc, (uptr)arg);
384 AtExitCtx *ctx = (AtExitCtx*)arg;
385 ((void(*)(int status, void *arg))ctx->f)(status, ctx->arg);
386 __libc_free(ctx);
387 }
388
TSAN_INTERCEPTOR(int,on_exit,void (* f)(int,void *),void * arg)389 TSAN_INTERCEPTOR(int, on_exit, void(*f)(int, void*), void *arg) {
390 if (cur_thread()->in_symbolizer)
391 return 0;
392 SCOPED_TSAN_INTERCEPTOR(on_exit, f, arg);
393 AtExitCtx *ctx = (AtExitCtx*)__libc_malloc(sizeof(AtExitCtx));
394 ctx->f = (void(*)())f;
395 ctx->arg = arg;
396 Release(thr, pc, (uptr)ctx);
397 // Memory allocation in __cxa_atexit will race with free during exit,
398 // because we do not see synchronization around atexit callback list.
399 ThreadIgnoreBegin(thr, pc);
400 int res = REAL(on_exit)(on_exit_wrapper, ctx);
401 ThreadIgnoreEnd(thr, pc);
402 return res;
403 }
404 #endif
405
406 // Cleanup old bufs.
JmpBufGarbageCollect(ThreadState * thr,uptr sp)407 static void JmpBufGarbageCollect(ThreadState *thr, uptr sp) {
408 for (uptr i = 0; i < thr->jmp_bufs.Size(); i++) {
409 JmpBuf *buf = &thr->jmp_bufs[i];
410 if (buf->sp <= sp) {
411 uptr sz = thr->jmp_bufs.Size();
412 thr->jmp_bufs[i] = thr->jmp_bufs[sz - 1];
413 thr->jmp_bufs.PopBack();
414 i--;
415 }
416 }
417 }
418
SetJmp(ThreadState * thr,uptr sp,uptr mangled_sp)419 static void SetJmp(ThreadState *thr, uptr sp, uptr mangled_sp) {
420 if (!thr->is_inited) // called from libc guts during bootstrap
421 return;
422 // Cleanup old bufs.
423 JmpBufGarbageCollect(thr, sp);
424 // Remember the buf.
425 JmpBuf *buf = thr->jmp_bufs.PushBack();
426 buf->sp = sp;
427 buf->mangled_sp = mangled_sp;
428 buf->shadow_stack_pos = thr->shadow_stack_pos;
429 ThreadSignalContext *sctx = SigCtx(thr);
430 buf->int_signal_send = sctx ? sctx->int_signal_send : 0;
431 buf->in_blocking_func = sctx ?
432 atomic_load(&sctx->in_blocking_func, memory_order_relaxed) :
433 false;
434 buf->in_signal_handler = atomic_load(&thr->in_signal_handler,
435 memory_order_relaxed);
436 }
437
LongJmp(ThreadState * thr,uptr * env)438 static void LongJmp(ThreadState *thr, uptr *env) {
439 #if SANITIZER_FREEBSD
440 uptr mangled_sp = env[2];
441 #elif defined(SANITIZER_LINUX)
442 # ifdef __aarch64__
443 uptr mangled_sp = env[13];
444 # else
445 uptr mangled_sp = env[6];
446 # endif
447 #endif // SANITIZER_FREEBSD
448 // Find the saved buf by mangled_sp.
449 for (uptr i = 0; i < thr->jmp_bufs.Size(); i++) {
450 JmpBuf *buf = &thr->jmp_bufs[i];
451 if (buf->mangled_sp == mangled_sp) {
452 CHECK_GE(thr->shadow_stack_pos, buf->shadow_stack_pos);
453 // Unwind the stack.
454 while (thr->shadow_stack_pos > buf->shadow_stack_pos)
455 FuncExit(thr);
456 ThreadSignalContext *sctx = SigCtx(thr);
457 if (sctx) {
458 sctx->int_signal_send = buf->int_signal_send;
459 atomic_store(&sctx->in_blocking_func, buf->in_blocking_func,
460 memory_order_relaxed);
461 }
462 atomic_store(&thr->in_signal_handler, buf->in_signal_handler,
463 memory_order_relaxed);
464 JmpBufGarbageCollect(thr, buf->sp - 1); // do not collect buf->sp
465 return;
466 }
467 }
468 Printf("ThreadSanitizer: can't find longjmp buf\n");
469 CHECK(0);
470 }
471
472 // FIXME: put everything below into a common extern "C" block?
__tsan_setjmp(uptr sp,uptr mangled_sp)473 extern "C" void __tsan_setjmp(uptr sp, uptr mangled_sp) {
474 SetJmp(cur_thread(), sp, mangled_sp);
475 }
476
477 // Not called. Merely to satisfy TSAN_INTERCEPT().
478 extern "C" SANITIZER_INTERFACE_ATTRIBUTE
479 int __interceptor_setjmp(void *env);
__interceptor_setjmp(void * env)480 extern "C" int __interceptor_setjmp(void *env) {
481 CHECK(0);
482 return 0;
483 }
484
485 // FIXME: any reason to have a separate declaration?
486 extern "C" SANITIZER_INTERFACE_ATTRIBUTE
487 int __interceptor__setjmp(void *env);
__interceptor__setjmp(void * env)488 extern "C" int __interceptor__setjmp(void *env) {
489 CHECK(0);
490 return 0;
491 }
492
493 extern "C" SANITIZER_INTERFACE_ATTRIBUTE
494 int __interceptor_sigsetjmp(void *env);
__interceptor_sigsetjmp(void * env)495 extern "C" int __interceptor_sigsetjmp(void *env) {
496 CHECK(0);
497 return 0;
498 }
499
500 extern "C" SANITIZER_INTERFACE_ATTRIBUTE
501 int __interceptor___sigsetjmp(void *env);
__interceptor___sigsetjmp(void * env)502 extern "C" int __interceptor___sigsetjmp(void *env) {
503 CHECK(0);
504 return 0;
505 }
506
507 extern "C" int setjmp(void *env);
508 extern "C" int _setjmp(void *env);
509 extern "C" int sigsetjmp(void *env);
510 extern "C" int __sigsetjmp(void *env);
DEFINE_REAL(int,setjmp,void * env)511 DEFINE_REAL(int, setjmp, void *env)
512 DEFINE_REAL(int, _setjmp, void *env)
513 DEFINE_REAL(int, sigsetjmp, void *env)
514 DEFINE_REAL(int, __sigsetjmp, void *env)
515
516 TSAN_INTERCEPTOR(void, longjmp, uptr *env, int val) {
517 {
518 SCOPED_TSAN_INTERCEPTOR(longjmp, env, val);
519 }
520 LongJmp(cur_thread(), env);
521 REAL(longjmp)(env, val);
522 }
523
TSAN_INTERCEPTOR(void,siglongjmp,uptr * env,int val)524 TSAN_INTERCEPTOR(void, siglongjmp, uptr *env, int val) {
525 {
526 SCOPED_TSAN_INTERCEPTOR(siglongjmp, env, val);
527 }
528 LongJmp(cur_thread(), env);
529 REAL(siglongjmp)(env, val);
530 }
531
532 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(void *,malloc,uptr size)533 TSAN_INTERCEPTOR(void*, malloc, uptr size) {
534 if (cur_thread()->in_symbolizer)
535 return __libc_malloc(size);
536 void *p = 0;
537 {
538 SCOPED_INTERCEPTOR_RAW(malloc, size);
539 p = user_alloc(thr, pc, size);
540 }
541 invoke_malloc_hook(p, size);
542 return p;
543 }
544
TSAN_INTERCEPTOR(void *,__libc_memalign,uptr align,uptr sz)545 TSAN_INTERCEPTOR(void*, __libc_memalign, uptr align, uptr sz) {
546 SCOPED_TSAN_INTERCEPTOR(__libc_memalign, align, sz);
547 return user_alloc(thr, pc, sz, align);
548 }
549
TSAN_INTERCEPTOR(void *,calloc,uptr size,uptr n)550 TSAN_INTERCEPTOR(void*, calloc, uptr size, uptr n) {
551 if (cur_thread()->in_symbolizer)
552 return __libc_calloc(size, n);
553 void *p = 0;
554 {
555 SCOPED_INTERCEPTOR_RAW(calloc, size, n);
556 p = user_calloc(thr, pc, size, n);
557 }
558 invoke_malloc_hook(p, n * size);
559 return p;
560 }
561
TSAN_INTERCEPTOR(void *,realloc,void * p,uptr size)562 TSAN_INTERCEPTOR(void*, realloc, void *p, uptr size) {
563 if (cur_thread()->in_symbolizer)
564 return __libc_realloc(p, size);
565 if (p)
566 invoke_free_hook(p);
567 {
568 SCOPED_INTERCEPTOR_RAW(realloc, p, size);
569 p = user_realloc(thr, pc, p, size);
570 }
571 invoke_malloc_hook(p, size);
572 return p;
573 }
574
TSAN_INTERCEPTOR(void,free,void * p)575 TSAN_INTERCEPTOR(void, free, void *p) {
576 if (p == 0)
577 return;
578 if (cur_thread()->in_symbolizer)
579 return __libc_free(p);
580 invoke_free_hook(p);
581 SCOPED_INTERCEPTOR_RAW(free, p);
582 user_free(thr, pc, p);
583 }
584
TSAN_INTERCEPTOR(void,cfree,void * p)585 TSAN_INTERCEPTOR(void, cfree, void *p) {
586 if (p == 0)
587 return;
588 if (cur_thread()->in_symbolizer)
589 return __libc_free(p);
590 invoke_free_hook(p);
591 SCOPED_INTERCEPTOR_RAW(cfree, p);
592 user_free(thr, pc, p);
593 }
594
TSAN_INTERCEPTOR(uptr,malloc_usable_size,void * p)595 TSAN_INTERCEPTOR(uptr, malloc_usable_size, void *p) {
596 SCOPED_INTERCEPTOR_RAW(malloc_usable_size, p);
597 return user_alloc_usable_size(p);
598 }
599 #endif
600
TSAN_INTERCEPTOR(uptr,strlen,const char * s)601 TSAN_INTERCEPTOR(uptr, strlen, const char *s) {
602 SCOPED_TSAN_INTERCEPTOR(strlen, s);
603 uptr len = internal_strlen(s);
604 MemoryAccessRange(thr, pc, (uptr)s, len + 1, false);
605 return len;
606 }
607
TSAN_INTERCEPTOR(void *,memset,void * dst,int v,uptr size)608 TSAN_INTERCEPTOR(void*, memset, void *dst, int v, uptr size) {
609 // On FreeBSD we get here from libthr internals on thread initialization.
610 if (!COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED) {
611 SCOPED_TSAN_INTERCEPTOR(memset, dst, v, size);
612 MemoryAccessRange(thr, pc, (uptr)dst, size, true);
613 }
614 return internal_memset(dst, v, size);
615 }
616
TSAN_INTERCEPTOR(void *,memcpy,void * dst,const void * src,uptr size)617 TSAN_INTERCEPTOR(void*, memcpy, void *dst, const void *src, uptr size) {
618 // On FreeBSD we get here from libthr internals on thread initialization.
619 if (!COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED) {
620 SCOPED_TSAN_INTERCEPTOR(memcpy, dst, src, size);
621 MemoryAccessRange(thr, pc, (uptr)dst, size, true);
622 MemoryAccessRange(thr, pc, (uptr)src, size, false);
623 }
624 // On OS X, calling internal_memcpy here will cause memory corruptions,
625 // because memcpy and memmove are actually aliases of the same implementation.
626 // We need to use internal_memmove here.
627 return internal_memmove(dst, src, size);
628 }
629
TSAN_INTERCEPTOR(void *,memmove,void * dst,void * src,uptr n)630 TSAN_INTERCEPTOR(void*, memmove, void *dst, void *src, uptr n) {
631 if (!COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED) {
632 SCOPED_TSAN_INTERCEPTOR(memmove, dst, src, n);
633 MemoryAccessRange(thr, pc, (uptr)dst, n, true);
634 MemoryAccessRange(thr, pc, (uptr)src, n, false);
635 }
636 return REAL(memmove)(dst, src, n);
637 }
638
TSAN_INTERCEPTOR(char *,strchr,char * s,int c)639 TSAN_INTERCEPTOR(char*, strchr, char *s, int c) {
640 SCOPED_TSAN_INTERCEPTOR(strchr, s, c);
641 char *res = REAL(strchr)(s, c);
642 uptr len = internal_strlen(s);
643 uptr n = res ? (char*)res - (char*)s + 1 : len + 1;
644 READ_STRING_OF_LEN(thr, pc, s, len, n);
645 return res;
646 }
647
648 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(char *,strchrnul,char * s,int c)649 TSAN_INTERCEPTOR(char*, strchrnul, char *s, int c) {
650 SCOPED_TSAN_INTERCEPTOR(strchrnul, s, c);
651 char *res = REAL(strchrnul)(s, c);
652 uptr len = (char*)res - (char*)s + 1;
653 READ_STRING(thr, pc, s, len);
654 return res;
655 }
656 #endif
657
TSAN_INTERCEPTOR(char *,strrchr,char * s,int c)658 TSAN_INTERCEPTOR(char*, strrchr, char *s, int c) {
659 SCOPED_TSAN_INTERCEPTOR(strrchr, s, c);
660 MemoryAccessRange(thr, pc, (uptr)s, internal_strlen(s) + 1, false);
661 return REAL(strrchr)(s, c);
662 }
663
TSAN_INTERCEPTOR(char *,strcpy,char * dst,const char * src)664 TSAN_INTERCEPTOR(char*, strcpy, char *dst, const char *src) { // NOLINT
665 SCOPED_TSAN_INTERCEPTOR(strcpy, dst, src); // NOLINT
666 uptr srclen = internal_strlen(src);
667 MemoryAccessRange(thr, pc, (uptr)dst, srclen + 1, true);
668 MemoryAccessRange(thr, pc, (uptr)src, srclen + 1, false);
669 return REAL(strcpy)(dst, src); // NOLINT
670 }
671
TSAN_INTERCEPTOR(char *,strncpy,char * dst,char * src,uptr n)672 TSAN_INTERCEPTOR(char*, strncpy, char *dst, char *src, uptr n) {
673 SCOPED_TSAN_INTERCEPTOR(strncpy, dst, src, n);
674 uptr srclen = internal_strnlen(src, n);
675 MemoryAccessRange(thr, pc, (uptr)dst, n, true);
676 MemoryAccessRange(thr, pc, (uptr)src, min(srclen + 1, n), false);
677 return REAL(strncpy)(dst, src, n);
678 }
679
TSAN_INTERCEPTOR(char *,strdup,const char * str)680 TSAN_INTERCEPTOR(char*, strdup, const char *str) {
681 SCOPED_TSAN_INTERCEPTOR(strdup, str);
682 // strdup will call malloc, so no instrumentation is required here.
683 return REAL(strdup)(str);
684 }
685
fix_mmap_addr(void ** addr,long_t sz,int flags)686 static bool fix_mmap_addr(void **addr, long_t sz, int flags) {
687 if (*addr) {
688 if (!IsAppMem((uptr)*addr) || !IsAppMem((uptr)*addr + sz - 1)) {
689 if (flags & MAP_FIXED) {
690 errno = EINVAL;
691 return false;
692 } else {
693 *addr = 0;
694 }
695 }
696 }
697 return true;
698 }
699
TSAN_INTERCEPTOR(void *,mmap,void * addr,SIZE_T sz,int prot,int flags,int fd,OFF_T off)700 TSAN_INTERCEPTOR(void *, mmap, void *addr, SIZE_T sz, int prot, int flags,
701 int fd, OFF_T off) {
702 SCOPED_TSAN_INTERCEPTOR(mmap, addr, sz, prot, flags, fd, off);
703 if (!fix_mmap_addr(&addr, sz, flags))
704 return MAP_FAILED;
705 void *res = REAL(mmap)(addr, sz, prot, flags, fd, off);
706 if (res != MAP_FAILED) {
707 if (fd > 0)
708 FdAccess(thr, pc, fd);
709 MemoryRangeImitateWrite(thr, pc, (uptr)res, sz);
710 }
711 return res;
712 }
713
714 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(void *,mmap64,void * addr,SIZE_T sz,int prot,int flags,int fd,OFF64_T off)715 TSAN_INTERCEPTOR(void *, mmap64, void *addr, SIZE_T sz, int prot, int flags,
716 int fd, OFF64_T off) {
717 SCOPED_TSAN_INTERCEPTOR(mmap64, addr, sz, prot, flags, fd, off);
718 if (!fix_mmap_addr(&addr, sz, flags))
719 return MAP_FAILED;
720 void *res = REAL(mmap64)(addr, sz, prot, flags, fd, off);
721 if (res != MAP_FAILED) {
722 if (fd > 0)
723 FdAccess(thr, pc, fd);
724 MemoryRangeImitateWrite(thr, pc, (uptr)res, sz);
725 }
726 return res;
727 }
728 #define TSAN_MAYBE_INTERCEPT_MMAP64 TSAN_INTERCEPT(mmap64)
729 #else
730 #define TSAN_MAYBE_INTERCEPT_MMAP64
731 #endif
732
TSAN_INTERCEPTOR(int,munmap,void * addr,long_t sz)733 TSAN_INTERCEPTOR(int, munmap, void *addr, long_t sz) {
734 SCOPED_TSAN_INTERCEPTOR(munmap, addr, sz);
735 if (sz != 0) {
736 // If sz == 0, munmap will return EINVAL and don't unmap any memory.
737 DontNeedShadowFor((uptr)addr, sz);
738 ctx->metamap.ResetRange(thr, pc, (uptr)addr, (uptr)sz);
739 }
740 int res = REAL(munmap)(addr, sz);
741 return res;
742 }
743
744 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(void *,memalign,uptr align,uptr sz)745 TSAN_INTERCEPTOR(void*, memalign, uptr align, uptr sz) {
746 SCOPED_INTERCEPTOR_RAW(memalign, align, sz);
747 return user_alloc(thr, pc, sz, align);
748 }
749 #define TSAN_MAYBE_INTERCEPT_MEMALIGN TSAN_INTERCEPT(memalign)
750 #else
751 #define TSAN_MAYBE_INTERCEPT_MEMALIGN
752 #endif
753
754 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(void *,aligned_alloc,uptr align,uptr sz)755 TSAN_INTERCEPTOR(void*, aligned_alloc, uptr align, uptr sz) {
756 SCOPED_INTERCEPTOR_RAW(memalign, align, sz);
757 return user_alloc(thr, pc, sz, align);
758 }
759
TSAN_INTERCEPTOR(void *,valloc,uptr sz)760 TSAN_INTERCEPTOR(void*, valloc, uptr sz) {
761 SCOPED_INTERCEPTOR_RAW(valloc, sz);
762 return user_alloc(thr, pc, sz, GetPageSizeCached());
763 }
764 #endif
765
766 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(void *,pvalloc,uptr sz)767 TSAN_INTERCEPTOR(void*, pvalloc, uptr sz) {
768 SCOPED_INTERCEPTOR_RAW(pvalloc, sz);
769 sz = RoundUp(sz, GetPageSizeCached());
770 return user_alloc(thr, pc, sz, GetPageSizeCached());
771 }
772 #define TSAN_MAYBE_INTERCEPT_PVALLOC TSAN_INTERCEPT(pvalloc)
773 #else
774 #define TSAN_MAYBE_INTERCEPT_PVALLOC
775 #endif
776
777 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int,posix_memalign,void ** memptr,uptr align,uptr sz)778 TSAN_INTERCEPTOR(int, posix_memalign, void **memptr, uptr align, uptr sz) {
779 SCOPED_INTERCEPTOR_RAW(posix_memalign, memptr, align, sz);
780 *memptr = user_alloc(thr, pc, sz, align);
781 return 0;
782 }
783 #endif
784
785 // Used in thread-safe function static initialization.
__cxa_guard_acquire(atomic_uint32_t * g)786 extern "C" int INTERFACE_ATTRIBUTE __cxa_guard_acquire(atomic_uint32_t *g) {
787 SCOPED_INTERCEPTOR_RAW(__cxa_guard_acquire, g);
788 for (;;) {
789 u32 cmp = atomic_load(g, memory_order_acquire);
790 if (cmp == 0) {
791 if (atomic_compare_exchange_strong(g, &cmp, 1<<16, memory_order_relaxed))
792 return 1;
793 } else if (cmp == 1) {
794 Acquire(thr, pc, (uptr)g);
795 return 0;
796 } else {
797 internal_sched_yield();
798 }
799 }
800 }
801
__cxa_guard_release(atomic_uint32_t * g)802 extern "C" void INTERFACE_ATTRIBUTE __cxa_guard_release(atomic_uint32_t *g) {
803 SCOPED_INTERCEPTOR_RAW(__cxa_guard_release, g);
804 Release(thr, pc, (uptr)g);
805 atomic_store(g, 1, memory_order_release);
806 }
807
__cxa_guard_abort(atomic_uint32_t * g)808 extern "C" void INTERFACE_ATTRIBUTE __cxa_guard_abort(atomic_uint32_t *g) {
809 SCOPED_INTERCEPTOR_RAW(__cxa_guard_abort, g);
810 atomic_store(g, 0, memory_order_relaxed);
811 }
812
813 namespace __tsan {
DestroyThreadState()814 void DestroyThreadState() {
815 ThreadState *thr = cur_thread();
816 ThreadFinish(thr);
817 ThreadSignalContext *sctx = thr->signal_ctx;
818 if (sctx) {
819 thr->signal_ctx = 0;
820 UnmapOrDie(sctx, sizeof(*sctx));
821 }
822 cur_thread_finalize();
823 }
824 } // namespace __tsan
825
thread_finalize(void * v)826 static void thread_finalize(void *v) {
827 uptr iter = (uptr)v;
828 if (iter > 1) {
829 if (pthread_setspecific(g_thread_finalize_key, (void*)(iter - 1))) {
830 Printf("ThreadSanitizer: failed to set thread key\n");
831 Die();
832 }
833 return;
834 }
835 DestroyThreadState();
836 }
837
838
839 struct ThreadParam {
840 void* (*callback)(void *arg);
841 void *param;
842 atomic_uintptr_t tid;
843 };
844
__tsan_thread_start_func(void * arg)845 extern "C" void *__tsan_thread_start_func(void *arg) {
846 ThreadParam *p = (ThreadParam*)arg;
847 void* (*callback)(void *arg) = p->callback;
848 void *param = p->param;
849 int tid = 0;
850 {
851 ThreadState *thr = cur_thread();
852 // Thread-local state is not initialized yet.
853 ScopedIgnoreInterceptors ignore;
854 ThreadIgnoreBegin(thr, 0);
855 if (pthread_setspecific(g_thread_finalize_key,
856 (void *)GetPthreadDestructorIterations())) {
857 Printf("ThreadSanitizer: failed to set thread key\n");
858 Die();
859 }
860 ThreadIgnoreEnd(thr, 0);
861 while ((tid = atomic_load(&p->tid, memory_order_acquire)) == 0)
862 internal_sched_yield();
863 ThreadStart(thr, tid, GetTid());
864 atomic_store(&p->tid, 0, memory_order_release);
865 }
866 void *res = callback(param);
867 // Prevent the callback from being tail called,
868 // it mixes up stack traces.
869 volatile int foo = 42;
870 foo++;
871 return res;
872 }
873
TSAN_INTERCEPTOR(int,pthread_create,void * th,void * attr,void * (* callback)(void *),void * param)874 TSAN_INTERCEPTOR(int, pthread_create,
875 void *th, void *attr, void *(*callback)(void*), void * param) {
876 SCOPED_INTERCEPTOR_RAW(pthread_create, th, attr, callback, param);
877 if (ctx->after_multithreaded_fork) {
878 if (flags()->die_after_fork) {
879 Report("ThreadSanitizer: starting new threads after multi-threaded "
880 "fork is not supported. Dying (set die_after_fork=0 to override)\n");
881 Die();
882 } else {
883 VPrintf(1, "ThreadSanitizer: starting new threads after multi-threaded "
884 "fork is not supported (pid %d). Continuing because of "
885 "die_after_fork=0, but you are on your own\n", internal_getpid());
886 }
887 }
888 __sanitizer_pthread_attr_t myattr;
889 if (attr == 0) {
890 pthread_attr_init(&myattr);
891 attr = &myattr;
892 }
893 int detached = 0;
894 REAL(pthread_attr_getdetachstate)(attr, &detached);
895 AdjustStackSize(attr);
896
897 ThreadParam p;
898 p.callback = callback;
899 p.param = param;
900 atomic_store(&p.tid, 0, memory_order_relaxed);
901 int res = -1;
902 {
903 // Otherwise we see false positives in pthread stack manipulation.
904 ScopedIgnoreInterceptors ignore;
905 ThreadIgnoreBegin(thr, pc);
906 res = REAL(pthread_create)(th, attr, __tsan_thread_start_func, &p);
907 ThreadIgnoreEnd(thr, pc);
908 }
909 if (res == 0) {
910 int tid = ThreadCreate(thr, pc, *(uptr*)th,
911 detached == PTHREAD_CREATE_DETACHED);
912 CHECK_NE(tid, 0);
913 // Synchronization on p.tid serves two purposes:
914 // 1. ThreadCreate must finish before the new thread starts.
915 // Otherwise the new thread can call pthread_detach, but the pthread_t
916 // identifier is not yet registered in ThreadRegistry by ThreadCreate.
917 // 2. ThreadStart must finish before this thread continues.
918 // Otherwise, this thread can call pthread_detach and reset thr->sync
919 // before the new thread got a chance to acquire from it in ThreadStart.
920 atomic_store(&p.tid, tid, memory_order_release);
921 while (atomic_load(&p.tid, memory_order_acquire) != 0)
922 internal_sched_yield();
923 }
924 if (attr == &myattr)
925 pthread_attr_destroy(&myattr);
926 return res;
927 }
928
TSAN_INTERCEPTOR(int,pthread_join,void * th,void ** ret)929 TSAN_INTERCEPTOR(int, pthread_join, void *th, void **ret) {
930 SCOPED_INTERCEPTOR_RAW(pthread_join, th, ret);
931 int tid = ThreadTid(thr, pc, (uptr)th);
932 ThreadIgnoreBegin(thr, pc);
933 int res = BLOCK_REAL(pthread_join)(th, ret);
934 ThreadIgnoreEnd(thr, pc);
935 if (res == 0) {
936 ThreadJoin(thr, pc, tid);
937 }
938 return res;
939 }
940
941 DEFINE_REAL_PTHREAD_FUNCTIONS
942
TSAN_INTERCEPTOR(int,pthread_detach,void * th)943 TSAN_INTERCEPTOR(int, pthread_detach, void *th) {
944 SCOPED_TSAN_INTERCEPTOR(pthread_detach, th);
945 int tid = ThreadTid(thr, pc, (uptr)th);
946 int res = REAL(pthread_detach)(th);
947 if (res == 0) {
948 ThreadDetach(thr, pc, tid);
949 }
950 return res;
951 }
952
953 // Problem:
954 // NPTL implementation of pthread_cond has 2 versions (2.2.5 and 2.3.2).
955 // pthread_cond_t has different size in the different versions.
956 // If call new REAL functions for old pthread_cond_t, they will corrupt memory
957 // after pthread_cond_t (old cond is smaller).
958 // If we call old REAL functions for new pthread_cond_t, we will lose some
959 // functionality (e.g. old functions do not support waiting against
960 // CLOCK_REALTIME).
961 // Proper handling would require to have 2 versions of interceptors as well.
962 // But this is messy, in particular requires linker scripts when sanitizer
963 // runtime is linked into a shared library.
964 // Instead we assume we don't have dynamic libraries built against old
965 // pthread (2.2.5 is dated by 2002). And provide legacy_pthread_cond flag
966 // that allows to work with old libraries (but this mode does not support
967 // some features, e.g. pthread_condattr_getpshared).
init_cond(void * c,bool force=false)968 static void *init_cond(void *c, bool force = false) {
969 // sizeof(pthread_cond_t) >= sizeof(uptr) in both versions.
970 // So we allocate additional memory on the side large enough to hold
971 // any pthread_cond_t object. Always call new REAL functions, but pass
972 // the aux object to them.
973 // Note: the code assumes that PTHREAD_COND_INITIALIZER initializes
974 // first word of pthread_cond_t to zero.
975 // It's all relevant only for linux.
976 if (!common_flags()->legacy_pthread_cond)
977 return c;
978 atomic_uintptr_t *p = (atomic_uintptr_t*)c;
979 uptr cond = atomic_load(p, memory_order_acquire);
980 if (!force && cond != 0)
981 return (void*)cond;
982 void *newcond = WRAP(malloc)(pthread_cond_t_sz);
983 internal_memset(newcond, 0, pthread_cond_t_sz);
984 if (atomic_compare_exchange_strong(p, &cond, (uptr)newcond,
985 memory_order_acq_rel))
986 return newcond;
987 WRAP(free)(newcond);
988 return (void*)cond;
989 }
990
991 struct CondMutexUnlockCtx {
992 ScopedInterceptor *si;
993 ThreadState *thr;
994 uptr pc;
995 void *m;
996 };
997
cond_mutex_unlock(CondMutexUnlockCtx * arg)998 static void cond_mutex_unlock(CondMutexUnlockCtx *arg) {
999 // pthread_cond_wait interceptor has enabled async signal delivery
1000 // (see BlockingCall below). Disable async signals since we are running
1001 // tsan code. Also ScopedInterceptor and BlockingCall destructors won't run
1002 // since the thread is cancelled, so we have to manually execute them
1003 // (the thread still can run some user code due to pthread_cleanup_push).
1004 ThreadSignalContext *ctx = SigCtx(arg->thr);
1005 CHECK_EQ(atomic_load(&ctx->in_blocking_func, memory_order_relaxed), 1);
1006 atomic_store(&ctx->in_blocking_func, 0, memory_order_relaxed);
1007 MutexLock(arg->thr, arg->pc, (uptr)arg->m);
1008 // Undo BlockingCall ctor effects.
1009 arg->thr->ignore_interceptors--;
1010 arg->si->~ScopedInterceptor();
1011 }
1012
INTERCEPTOR(int,pthread_cond_init,void * c,void * a)1013 INTERCEPTOR(int, pthread_cond_init, void *c, void *a) {
1014 void *cond = init_cond(c, true);
1015 SCOPED_TSAN_INTERCEPTOR(pthread_cond_init, cond, a);
1016 MemoryAccessRange(thr, pc, (uptr)c, sizeof(uptr), true);
1017 return REAL(pthread_cond_init)(cond, a);
1018 }
1019
INTERCEPTOR(int,pthread_cond_wait,void * c,void * m)1020 INTERCEPTOR(int, pthread_cond_wait, void *c, void *m) {
1021 void *cond = init_cond(c);
1022 SCOPED_TSAN_INTERCEPTOR(pthread_cond_wait, cond, m);
1023 MemoryAccessRange(thr, pc, (uptr)c, sizeof(uptr), false);
1024 MutexUnlock(thr, pc, (uptr)m);
1025 CondMutexUnlockCtx arg = {&si, thr, pc, m};
1026 int res = 0;
1027 // This ensures that we handle mutex lock even in case of pthread_cancel.
1028 // See test/tsan/cond_cancel.cc.
1029 {
1030 // Enable signal delivery while the thread is blocked.
1031 BlockingCall bc(thr);
1032 res = call_pthread_cancel_with_cleanup(
1033 (int(*)(void *c, void *m, void *abstime))REAL(pthread_cond_wait),
1034 cond, m, 0, (void(*)(void *arg))cond_mutex_unlock, &arg);
1035 }
1036 if (res == errno_EOWNERDEAD)
1037 MutexRepair(thr, pc, (uptr)m);
1038 MutexLock(thr, pc, (uptr)m);
1039 return res;
1040 }
1041
INTERCEPTOR(int,pthread_cond_timedwait,void * c,void * m,void * abstime)1042 INTERCEPTOR(int, pthread_cond_timedwait, void *c, void *m, void *abstime) {
1043 void *cond = init_cond(c);
1044 SCOPED_TSAN_INTERCEPTOR(pthread_cond_timedwait, cond, m, abstime);
1045 MemoryAccessRange(thr, pc, (uptr)c, sizeof(uptr), false);
1046 MutexUnlock(thr, pc, (uptr)m);
1047 CondMutexUnlockCtx arg = {&si, thr, pc, m};
1048 int res = 0;
1049 // This ensures that we handle mutex lock even in case of pthread_cancel.
1050 // See test/tsan/cond_cancel.cc.
1051 {
1052 BlockingCall bc(thr);
1053 res = call_pthread_cancel_with_cleanup(
1054 REAL(pthread_cond_timedwait), cond, m, abstime,
1055 (void(*)(void *arg))cond_mutex_unlock, &arg);
1056 }
1057 if (res == errno_EOWNERDEAD)
1058 MutexRepair(thr, pc, (uptr)m);
1059 MutexLock(thr, pc, (uptr)m);
1060 return res;
1061 }
1062
INTERCEPTOR(int,pthread_cond_signal,void * c)1063 INTERCEPTOR(int, pthread_cond_signal, void *c) {
1064 void *cond = init_cond(c);
1065 SCOPED_TSAN_INTERCEPTOR(pthread_cond_signal, cond);
1066 MemoryAccessRange(thr, pc, (uptr)c, sizeof(uptr), false);
1067 return REAL(pthread_cond_signal)(cond);
1068 }
1069
INTERCEPTOR(int,pthread_cond_broadcast,void * c)1070 INTERCEPTOR(int, pthread_cond_broadcast, void *c) {
1071 void *cond = init_cond(c);
1072 SCOPED_TSAN_INTERCEPTOR(pthread_cond_broadcast, cond);
1073 MemoryAccessRange(thr, pc, (uptr)c, sizeof(uptr), false);
1074 return REAL(pthread_cond_broadcast)(cond);
1075 }
1076
INTERCEPTOR(int,pthread_cond_destroy,void * c)1077 INTERCEPTOR(int, pthread_cond_destroy, void *c) {
1078 void *cond = init_cond(c);
1079 SCOPED_TSAN_INTERCEPTOR(pthread_cond_destroy, cond);
1080 MemoryAccessRange(thr, pc, (uptr)c, sizeof(uptr), true);
1081 int res = REAL(pthread_cond_destroy)(cond);
1082 if (common_flags()->legacy_pthread_cond) {
1083 // Free our aux cond and zero the pointer to not leave dangling pointers.
1084 WRAP(free)(cond);
1085 atomic_store((atomic_uintptr_t*)c, 0, memory_order_relaxed);
1086 }
1087 return res;
1088 }
1089
TSAN_INTERCEPTOR(int,pthread_mutex_init,void * m,void * a)1090 TSAN_INTERCEPTOR(int, pthread_mutex_init, void *m, void *a) {
1091 SCOPED_TSAN_INTERCEPTOR(pthread_mutex_init, m, a);
1092 int res = REAL(pthread_mutex_init)(m, a);
1093 if (res == 0) {
1094 bool recursive = false;
1095 if (a) {
1096 int type = 0;
1097 if (REAL(pthread_mutexattr_gettype)(a, &type) == 0)
1098 recursive = (type == PTHREAD_MUTEX_RECURSIVE
1099 || type == PTHREAD_MUTEX_RECURSIVE_NP);
1100 }
1101 MutexCreate(thr, pc, (uptr)m, false, recursive, false);
1102 }
1103 return res;
1104 }
1105
TSAN_INTERCEPTOR(int,pthread_mutex_destroy,void * m)1106 TSAN_INTERCEPTOR(int, pthread_mutex_destroy, void *m) {
1107 SCOPED_TSAN_INTERCEPTOR(pthread_mutex_destroy, m);
1108 int res = REAL(pthread_mutex_destroy)(m);
1109 if (res == 0 || res == EBUSY) {
1110 MutexDestroy(thr, pc, (uptr)m);
1111 }
1112 return res;
1113 }
1114
TSAN_INTERCEPTOR(int,pthread_mutex_trylock,void * m)1115 TSAN_INTERCEPTOR(int, pthread_mutex_trylock, void *m) {
1116 SCOPED_TSAN_INTERCEPTOR(pthread_mutex_trylock, m);
1117 int res = REAL(pthread_mutex_trylock)(m);
1118 if (res == EOWNERDEAD)
1119 MutexRepair(thr, pc, (uptr)m);
1120 if (res == 0 || res == EOWNERDEAD)
1121 MutexLock(thr, pc, (uptr)m, /*rec=*/1, /*try_lock=*/true);
1122 return res;
1123 }
1124
1125 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int,pthread_mutex_timedlock,void * m,void * abstime)1126 TSAN_INTERCEPTOR(int, pthread_mutex_timedlock, void *m, void *abstime) {
1127 SCOPED_TSAN_INTERCEPTOR(pthread_mutex_timedlock, m, abstime);
1128 int res = REAL(pthread_mutex_timedlock)(m, abstime);
1129 if (res == 0) {
1130 MutexLock(thr, pc, (uptr)m);
1131 }
1132 return res;
1133 }
1134 #endif
1135
1136 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int,pthread_spin_init,void * m,int pshared)1137 TSAN_INTERCEPTOR(int, pthread_spin_init, void *m, int pshared) {
1138 SCOPED_TSAN_INTERCEPTOR(pthread_spin_init, m, pshared);
1139 int res = REAL(pthread_spin_init)(m, pshared);
1140 if (res == 0) {
1141 MutexCreate(thr, pc, (uptr)m, false, false, false);
1142 }
1143 return res;
1144 }
1145
TSAN_INTERCEPTOR(int,pthread_spin_destroy,void * m)1146 TSAN_INTERCEPTOR(int, pthread_spin_destroy, void *m) {
1147 SCOPED_TSAN_INTERCEPTOR(pthread_spin_destroy, m);
1148 int res = REAL(pthread_spin_destroy)(m);
1149 if (res == 0) {
1150 MutexDestroy(thr, pc, (uptr)m);
1151 }
1152 return res;
1153 }
1154
TSAN_INTERCEPTOR(int,pthread_spin_lock,void * m)1155 TSAN_INTERCEPTOR(int, pthread_spin_lock, void *m) {
1156 SCOPED_TSAN_INTERCEPTOR(pthread_spin_lock, m);
1157 int res = REAL(pthread_spin_lock)(m);
1158 if (res == 0) {
1159 MutexLock(thr, pc, (uptr)m);
1160 }
1161 return res;
1162 }
1163
TSAN_INTERCEPTOR(int,pthread_spin_trylock,void * m)1164 TSAN_INTERCEPTOR(int, pthread_spin_trylock, void *m) {
1165 SCOPED_TSAN_INTERCEPTOR(pthread_spin_trylock, m);
1166 int res = REAL(pthread_spin_trylock)(m);
1167 if (res == 0) {
1168 MutexLock(thr, pc, (uptr)m, /*rec=*/1, /*try_lock=*/true);
1169 }
1170 return res;
1171 }
1172
TSAN_INTERCEPTOR(int,pthread_spin_unlock,void * m)1173 TSAN_INTERCEPTOR(int, pthread_spin_unlock, void *m) {
1174 SCOPED_TSAN_INTERCEPTOR(pthread_spin_unlock, m);
1175 MutexUnlock(thr, pc, (uptr)m);
1176 int res = REAL(pthread_spin_unlock)(m);
1177 return res;
1178 }
1179 #endif
1180
TSAN_INTERCEPTOR(int,pthread_rwlock_init,void * m,void * a)1181 TSAN_INTERCEPTOR(int, pthread_rwlock_init, void *m, void *a) {
1182 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_init, m, a);
1183 int res = REAL(pthread_rwlock_init)(m, a);
1184 if (res == 0) {
1185 MutexCreate(thr, pc, (uptr)m, true, false, false);
1186 }
1187 return res;
1188 }
1189
TSAN_INTERCEPTOR(int,pthread_rwlock_destroy,void * m)1190 TSAN_INTERCEPTOR(int, pthread_rwlock_destroy, void *m) {
1191 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_destroy, m);
1192 int res = REAL(pthread_rwlock_destroy)(m);
1193 if (res == 0) {
1194 MutexDestroy(thr, pc, (uptr)m);
1195 }
1196 return res;
1197 }
1198
TSAN_INTERCEPTOR(int,pthread_rwlock_rdlock,void * m)1199 TSAN_INTERCEPTOR(int, pthread_rwlock_rdlock, void *m) {
1200 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_rdlock, m);
1201 int res = REAL(pthread_rwlock_rdlock)(m);
1202 if (res == 0) {
1203 MutexReadLock(thr, pc, (uptr)m);
1204 }
1205 return res;
1206 }
1207
TSAN_INTERCEPTOR(int,pthread_rwlock_tryrdlock,void * m)1208 TSAN_INTERCEPTOR(int, pthread_rwlock_tryrdlock, void *m) {
1209 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_tryrdlock, m);
1210 int res = REAL(pthread_rwlock_tryrdlock)(m);
1211 if (res == 0) {
1212 MutexReadLock(thr, pc, (uptr)m, /*try_lock=*/true);
1213 }
1214 return res;
1215 }
1216
1217 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int,pthread_rwlock_timedrdlock,void * m,void * abstime)1218 TSAN_INTERCEPTOR(int, pthread_rwlock_timedrdlock, void *m, void *abstime) {
1219 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_timedrdlock, m, abstime);
1220 int res = REAL(pthread_rwlock_timedrdlock)(m, abstime);
1221 if (res == 0) {
1222 MutexReadLock(thr, pc, (uptr)m);
1223 }
1224 return res;
1225 }
1226 #endif
1227
TSAN_INTERCEPTOR(int,pthread_rwlock_wrlock,void * m)1228 TSAN_INTERCEPTOR(int, pthread_rwlock_wrlock, void *m) {
1229 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_wrlock, m);
1230 int res = REAL(pthread_rwlock_wrlock)(m);
1231 if (res == 0) {
1232 MutexLock(thr, pc, (uptr)m);
1233 }
1234 return res;
1235 }
1236
TSAN_INTERCEPTOR(int,pthread_rwlock_trywrlock,void * m)1237 TSAN_INTERCEPTOR(int, pthread_rwlock_trywrlock, void *m) {
1238 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_trywrlock, m);
1239 int res = REAL(pthread_rwlock_trywrlock)(m);
1240 if (res == 0) {
1241 MutexLock(thr, pc, (uptr)m, /*rec=*/1, /*try_lock=*/true);
1242 }
1243 return res;
1244 }
1245
1246 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int,pthread_rwlock_timedwrlock,void * m,void * abstime)1247 TSAN_INTERCEPTOR(int, pthread_rwlock_timedwrlock, void *m, void *abstime) {
1248 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_timedwrlock, m, abstime);
1249 int res = REAL(pthread_rwlock_timedwrlock)(m, abstime);
1250 if (res == 0) {
1251 MutexLock(thr, pc, (uptr)m);
1252 }
1253 return res;
1254 }
1255 #endif
1256
TSAN_INTERCEPTOR(int,pthread_rwlock_unlock,void * m)1257 TSAN_INTERCEPTOR(int, pthread_rwlock_unlock, void *m) {
1258 SCOPED_TSAN_INTERCEPTOR(pthread_rwlock_unlock, m);
1259 MutexReadOrWriteUnlock(thr, pc, (uptr)m);
1260 int res = REAL(pthread_rwlock_unlock)(m);
1261 return res;
1262 }
1263
1264 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int,pthread_barrier_init,void * b,void * a,unsigned count)1265 TSAN_INTERCEPTOR(int, pthread_barrier_init, void *b, void *a, unsigned count) {
1266 SCOPED_TSAN_INTERCEPTOR(pthread_barrier_init, b, a, count);
1267 MemoryWrite(thr, pc, (uptr)b, kSizeLog1);
1268 int res = REAL(pthread_barrier_init)(b, a, count);
1269 return res;
1270 }
1271
TSAN_INTERCEPTOR(int,pthread_barrier_destroy,void * b)1272 TSAN_INTERCEPTOR(int, pthread_barrier_destroy, void *b) {
1273 SCOPED_TSAN_INTERCEPTOR(pthread_barrier_destroy, b);
1274 MemoryWrite(thr, pc, (uptr)b, kSizeLog1);
1275 int res = REAL(pthread_barrier_destroy)(b);
1276 return res;
1277 }
1278
TSAN_INTERCEPTOR(int,pthread_barrier_wait,void * b)1279 TSAN_INTERCEPTOR(int, pthread_barrier_wait, void *b) {
1280 SCOPED_TSAN_INTERCEPTOR(pthread_barrier_wait, b);
1281 Release(thr, pc, (uptr)b);
1282 MemoryRead(thr, pc, (uptr)b, kSizeLog1);
1283 int res = REAL(pthread_barrier_wait)(b);
1284 MemoryRead(thr, pc, (uptr)b, kSizeLog1);
1285 if (res == 0 || res == PTHREAD_BARRIER_SERIAL_THREAD) {
1286 Acquire(thr, pc, (uptr)b);
1287 }
1288 return res;
1289 }
1290 #endif
1291
TSAN_INTERCEPTOR(int,pthread_once,void * o,void (* f)())1292 TSAN_INTERCEPTOR(int, pthread_once, void *o, void (*f)()) {
1293 SCOPED_INTERCEPTOR_RAW(pthread_once, o, f);
1294 if (o == 0 || f == 0)
1295 return EINVAL;
1296 atomic_uint32_t *a;
1297 if (!SANITIZER_MAC)
1298 a = static_cast<atomic_uint32_t*>(o);
1299 else // On OS X, pthread_once_t has a header with a long-sized signature.
1300 a = static_cast<atomic_uint32_t*>((void *)((char *)o + sizeof(long_t)));
1301 u32 v = atomic_load(a, memory_order_acquire);
1302 if (v == 0 && atomic_compare_exchange_strong(a, &v, 1,
1303 memory_order_relaxed)) {
1304 (*f)();
1305 if (!thr->in_ignored_lib)
1306 Release(thr, pc, (uptr)o);
1307 atomic_store(a, 2, memory_order_release);
1308 } else {
1309 while (v != 2) {
1310 internal_sched_yield();
1311 v = atomic_load(a, memory_order_acquire);
1312 }
1313 if (!thr->in_ignored_lib)
1314 Acquire(thr, pc, (uptr)o);
1315 }
1316 return 0;
1317 }
1318
1319 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,__xstat,int version,const char * path,void * buf)1320 TSAN_INTERCEPTOR(int, __xstat, int version, const char *path, void *buf) {
1321 SCOPED_TSAN_INTERCEPTOR(__xstat, version, path, buf);
1322 READ_STRING(thr, pc, path, 0);
1323 return REAL(__xstat)(version, path, buf);
1324 }
1325 #define TSAN_MAYBE_INTERCEPT___XSTAT TSAN_INTERCEPT(__xstat)
1326 #else
1327 #define TSAN_MAYBE_INTERCEPT___XSTAT
1328 #endif
1329
TSAN_INTERCEPTOR(int,stat,const char * path,void * buf)1330 TSAN_INTERCEPTOR(int, stat, const char *path, void *buf) {
1331 #if SANITIZER_FREEBSD || SANITIZER_MAC
1332 SCOPED_TSAN_INTERCEPTOR(stat, path, buf);
1333 READ_STRING(thr, pc, path, 0);
1334 return REAL(stat)(path, buf);
1335 #else
1336 SCOPED_TSAN_INTERCEPTOR(__xstat, 0, path, buf);
1337 READ_STRING(thr, pc, path, 0);
1338 return REAL(__xstat)(0, path, buf);
1339 #endif
1340 }
1341
1342 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,__xstat64,int version,const char * path,void * buf)1343 TSAN_INTERCEPTOR(int, __xstat64, int version, const char *path, void *buf) {
1344 SCOPED_TSAN_INTERCEPTOR(__xstat64, version, path, buf);
1345 READ_STRING(thr, pc, path, 0);
1346 return REAL(__xstat64)(version, path, buf);
1347 }
1348 #define TSAN_MAYBE_INTERCEPT___XSTAT64 TSAN_INTERCEPT(__xstat64)
1349 #else
1350 #define TSAN_MAYBE_INTERCEPT___XSTAT64
1351 #endif
1352
1353 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,stat64,const char * path,void * buf)1354 TSAN_INTERCEPTOR(int, stat64, const char *path, void *buf) {
1355 SCOPED_TSAN_INTERCEPTOR(__xstat64, 0, path, buf);
1356 READ_STRING(thr, pc, path, 0);
1357 return REAL(__xstat64)(0, path, buf);
1358 }
1359 #define TSAN_MAYBE_INTERCEPT_STAT64 TSAN_INTERCEPT(stat64)
1360 #else
1361 #define TSAN_MAYBE_INTERCEPT_STAT64
1362 #endif
1363
1364 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,__lxstat,int version,const char * path,void * buf)1365 TSAN_INTERCEPTOR(int, __lxstat, int version, const char *path, void *buf) {
1366 SCOPED_TSAN_INTERCEPTOR(__lxstat, version, path, buf);
1367 READ_STRING(thr, pc, path, 0);
1368 return REAL(__lxstat)(version, path, buf);
1369 }
1370 #define TSAN_MAYBE_INTERCEPT___LXSTAT TSAN_INTERCEPT(__lxstat)
1371 #else
1372 #define TSAN_MAYBE_INTERCEPT___LXSTAT
1373 #endif
1374
TSAN_INTERCEPTOR(int,lstat,const char * path,void * buf)1375 TSAN_INTERCEPTOR(int, lstat, const char *path, void *buf) {
1376 #if SANITIZER_FREEBSD || SANITIZER_MAC
1377 SCOPED_TSAN_INTERCEPTOR(lstat, path, buf);
1378 READ_STRING(thr, pc, path, 0);
1379 return REAL(lstat)(path, buf);
1380 #else
1381 SCOPED_TSAN_INTERCEPTOR(__lxstat, 0, path, buf);
1382 READ_STRING(thr, pc, path, 0);
1383 return REAL(__lxstat)(0, path, buf);
1384 #endif
1385 }
1386
1387 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,__lxstat64,int version,const char * path,void * buf)1388 TSAN_INTERCEPTOR(int, __lxstat64, int version, const char *path, void *buf) {
1389 SCOPED_TSAN_INTERCEPTOR(__lxstat64, version, path, buf);
1390 READ_STRING(thr, pc, path, 0);
1391 return REAL(__lxstat64)(version, path, buf);
1392 }
1393 #define TSAN_MAYBE_INTERCEPT___LXSTAT64 TSAN_INTERCEPT(__lxstat64)
1394 #else
1395 #define TSAN_MAYBE_INTERCEPT___LXSTAT64
1396 #endif
1397
1398 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,lstat64,const char * path,void * buf)1399 TSAN_INTERCEPTOR(int, lstat64, const char *path, void *buf) {
1400 SCOPED_TSAN_INTERCEPTOR(__lxstat64, 0, path, buf);
1401 READ_STRING(thr, pc, path, 0);
1402 return REAL(__lxstat64)(0, path, buf);
1403 }
1404 #define TSAN_MAYBE_INTERCEPT_LSTAT64 TSAN_INTERCEPT(lstat64)
1405 #else
1406 #define TSAN_MAYBE_INTERCEPT_LSTAT64
1407 #endif
1408
1409 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,__fxstat,int version,int fd,void * buf)1410 TSAN_INTERCEPTOR(int, __fxstat, int version, int fd, void *buf) {
1411 SCOPED_TSAN_INTERCEPTOR(__fxstat, version, fd, buf);
1412 if (fd > 0)
1413 FdAccess(thr, pc, fd);
1414 return REAL(__fxstat)(version, fd, buf);
1415 }
1416 #define TSAN_MAYBE_INTERCEPT___FXSTAT TSAN_INTERCEPT(__fxstat)
1417 #else
1418 #define TSAN_MAYBE_INTERCEPT___FXSTAT
1419 #endif
1420
TSAN_INTERCEPTOR(int,fstat,int fd,void * buf)1421 TSAN_INTERCEPTOR(int, fstat, int fd, void *buf) {
1422 #if SANITIZER_FREEBSD || SANITIZER_MAC
1423 SCOPED_TSAN_INTERCEPTOR(fstat, fd, buf);
1424 if (fd > 0)
1425 FdAccess(thr, pc, fd);
1426 return REAL(fstat)(fd, buf);
1427 #else
1428 SCOPED_TSAN_INTERCEPTOR(__fxstat, 0, fd, buf);
1429 if (fd > 0)
1430 FdAccess(thr, pc, fd);
1431 return REAL(__fxstat)(0, fd, buf);
1432 #endif
1433 }
1434
1435 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,__fxstat64,int version,int fd,void * buf)1436 TSAN_INTERCEPTOR(int, __fxstat64, int version, int fd, void *buf) {
1437 SCOPED_TSAN_INTERCEPTOR(__fxstat64, version, fd, buf);
1438 if (fd > 0)
1439 FdAccess(thr, pc, fd);
1440 return REAL(__fxstat64)(version, fd, buf);
1441 }
1442 #define TSAN_MAYBE_INTERCEPT___FXSTAT64 TSAN_INTERCEPT(__fxstat64)
1443 #else
1444 #define TSAN_MAYBE_INTERCEPT___FXSTAT64
1445 #endif
1446
1447 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,fstat64,int fd,void * buf)1448 TSAN_INTERCEPTOR(int, fstat64, int fd, void *buf) {
1449 SCOPED_TSAN_INTERCEPTOR(__fxstat64, 0, fd, buf);
1450 if (fd > 0)
1451 FdAccess(thr, pc, fd);
1452 return REAL(__fxstat64)(0, fd, buf);
1453 }
1454 #define TSAN_MAYBE_INTERCEPT_FSTAT64 TSAN_INTERCEPT(fstat64)
1455 #else
1456 #define TSAN_MAYBE_INTERCEPT_FSTAT64
1457 #endif
1458
TSAN_INTERCEPTOR(int,open,const char * name,int flags,int mode)1459 TSAN_INTERCEPTOR(int, open, const char *name, int flags, int mode) {
1460 SCOPED_TSAN_INTERCEPTOR(open, name, flags, mode);
1461 READ_STRING(thr, pc, name, 0);
1462 int fd = REAL(open)(name, flags, mode);
1463 if (fd >= 0)
1464 FdFileCreate(thr, pc, fd);
1465 return fd;
1466 }
1467
1468 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,open64,const char * name,int flags,int mode)1469 TSAN_INTERCEPTOR(int, open64, const char *name, int flags, int mode) {
1470 SCOPED_TSAN_INTERCEPTOR(open64, name, flags, mode);
1471 READ_STRING(thr, pc, name, 0);
1472 int fd = REAL(open64)(name, flags, mode);
1473 if (fd >= 0)
1474 FdFileCreate(thr, pc, fd);
1475 return fd;
1476 }
1477 #define TSAN_MAYBE_INTERCEPT_OPEN64 TSAN_INTERCEPT(open64)
1478 #else
1479 #define TSAN_MAYBE_INTERCEPT_OPEN64
1480 #endif
1481
TSAN_INTERCEPTOR(int,creat,const char * name,int mode)1482 TSAN_INTERCEPTOR(int, creat, const char *name, int mode) {
1483 SCOPED_TSAN_INTERCEPTOR(creat, name, mode);
1484 READ_STRING(thr, pc, name, 0);
1485 int fd = REAL(creat)(name, mode);
1486 if (fd >= 0)
1487 FdFileCreate(thr, pc, fd);
1488 return fd;
1489 }
1490
1491 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,creat64,const char * name,int mode)1492 TSAN_INTERCEPTOR(int, creat64, const char *name, int mode) {
1493 SCOPED_TSAN_INTERCEPTOR(creat64, name, mode);
1494 READ_STRING(thr, pc, name, 0);
1495 int fd = REAL(creat64)(name, mode);
1496 if (fd >= 0)
1497 FdFileCreate(thr, pc, fd);
1498 return fd;
1499 }
1500 #define TSAN_MAYBE_INTERCEPT_CREAT64 TSAN_INTERCEPT(creat64)
1501 #else
1502 #define TSAN_MAYBE_INTERCEPT_CREAT64
1503 #endif
1504
TSAN_INTERCEPTOR(int,dup,int oldfd)1505 TSAN_INTERCEPTOR(int, dup, int oldfd) {
1506 SCOPED_TSAN_INTERCEPTOR(dup, oldfd);
1507 int newfd = REAL(dup)(oldfd);
1508 if (oldfd >= 0 && newfd >= 0 && newfd != oldfd)
1509 FdDup(thr, pc, oldfd, newfd, true);
1510 return newfd;
1511 }
1512
TSAN_INTERCEPTOR(int,dup2,int oldfd,int newfd)1513 TSAN_INTERCEPTOR(int, dup2, int oldfd, int newfd) {
1514 SCOPED_TSAN_INTERCEPTOR(dup2, oldfd, newfd);
1515 int newfd2 = REAL(dup2)(oldfd, newfd);
1516 if (oldfd >= 0 && newfd2 >= 0 && newfd2 != oldfd)
1517 FdDup(thr, pc, oldfd, newfd2, false);
1518 return newfd2;
1519 }
1520
1521 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int,dup3,int oldfd,int newfd,int flags)1522 TSAN_INTERCEPTOR(int, dup3, int oldfd, int newfd, int flags) {
1523 SCOPED_TSAN_INTERCEPTOR(dup3, oldfd, newfd, flags);
1524 int newfd2 = REAL(dup3)(oldfd, newfd, flags);
1525 if (oldfd >= 0 && newfd2 >= 0 && newfd2 != oldfd)
1526 FdDup(thr, pc, oldfd, newfd2, false);
1527 return newfd2;
1528 }
1529 #endif
1530
1531 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,eventfd,unsigned initval,int flags)1532 TSAN_INTERCEPTOR(int, eventfd, unsigned initval, int flags) {
1533 SCOPED_TSAN_INTERCEPTOR(eventfd, initval, flags);
1534 int fd = REAL(eventfd)(initval, flags);
1535 if (fd >= 0)
1536 FdEventCreate(thr, pc, fd);
1537 return fd;
1538 }
1539 #define TSAN_MAYBE_INTERCEPT_EVENTFD TSAN_INTERCEPT(eventfd)
1540 #else
1541 #define TSAN_MAYBE_INTERCEPT_EVENTFD
1542 #endif
1543
1544 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,signalfd,int fd,void * mask,int flags)1545 TSAN_INTERCEPTOR(int, signalfd, int fd, void *mask, int flags) {
1546 SCOPED_TSAN_INTERCEPTOR(signalfd, fd, mask, flags);
1547 if (fd >= 0)
1548 FdClose(thr, pc, fd);
1549 fd = REAL(signalfd)(fd, mask, flags);
1550 if (fd >= 0)
1551 FdSignalCreate(thr, pc, fd);
1552 return fd;
1553 }
1554 #define TSAN_MAYBE_INTERCEPT_SIGNALFD TSAN_INTERCEPT(signalfd)
1555 #else
1556 #define TSAN_MAYBE_INTERCEPT_SIGNALFD
1557 #endif
1558
1559 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,inotify_init,int fake)1560 TSAN_INTERCEPTOR(int, inotify_init, int fake) {
1561 SCOPED_TSAN_INTERCEPTOR(inotify_init, fake);
1562 int fd = REAL(inotify_init)(fake);
1563 if (fd >= 0)
1564 FdInotifyCreate(thr, pc, fd);
1565 return fd;
1566 }
1567 #define TSAN_MAYBE_INTERCEPT_INOTIFY_INIT TSAN_INTERCEPT(inotify_init)
1568 #else
1569 #define TSAN_MAYBE_INTERCEPT_INOTIFY_INIT
1570 #endif
1571
1572 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,inotify_init1,int flags)1573 TSAN_INTERCEPTOR(int, inotify_init1, int flags) {
1574 SCOPED_TSAN_INTERCEPTOR(inotify_init1, flags);
1575 int fd = REAL(inotify_init1)(flags);
1576 if (fd >= 0)
1577 FdInotifyCreate(thr, pc, fd);
1578 return fd;
1579 }
1580 #define TSAN_MAYBE_INTERCEPT_INOTIFY_INIT1 TSAN_INTERCEPT(inotify_init1)
1581 #else
1582 #define TSAN_MAYBE_INTERCEPT_INOTIFY_INIT1
1583 #endif
1584
TSAN_INTERCEPTOR(int,socket,int domain,int type,int protocol)1585 TSAN_INTERCEPTOR(int, socket, int domain, int type, int protocol) {
1586 SCOPED_TSAN_INTERCEPTOR(socket, domain, type, protocol);
1587 int fd = REAL(socket)(domain, type, protocol);
1588 if (fd >= 0)
1589 FdSocketCreate(thr, pc, fd);
1590 return fd;
1591 }
1592
TSAN_INTERCEPTOR(int,socketpair,int domain,int type,int protocol,int * fd)1593 TSAN_INTERCEPTOR(int, socketpair, int domain, int type, int protocol, int *fd) {
1594 SCOPED_TSAN_INTERCEPTOR(socketpair, domain, type, protocol, fd);
1595 int res = REAL(socketpair)(domain, type, protocol, fd);
1596 if (res == 0 && fd[0] >= 0 && fd[1] >= 0)
1597 FdPipeCreate(thr, pc, fd[0], fd[1]);
1598 return res;
1599 }
1600
TSAN_INTERCEPTOR(int,connect,int fd,void * addr,unsigned addrlen)1601 TSAN_INTERCEPTOR(int, connect, int fd, void *addr, unsigned addrlen) {
1602 SCOPED_TSAN_INTERCEPTOR(connect, fd, addr, addrlen);
1603 FdSocketConnecting(thr, pc, fd);
1604 int res = REAL(connect)(fd, addr, addrlen);
1605 if (res == 0 && fd >= 0)
1606 FdSocketConnect(thr, pc, fd);
1607 return res;
1608 }
1609
TSAN_INTERCEPTOR(int,bind,int fd,void * addr,unsigned addrlen)1610 TSAN_INTERCEPTOR(int, bind, int fd, void *addr, unsigned addrlen) {
1611 SCOPED_TSAN_INTERCEPTOR(bind, fd, addr, addrlen);
1612 int res = REAL(bind)(fd, addr, addrlen);
1613 if (fd > 0 && res == 0)
1614 FdAccess(thr, pc, fd);
1615 return res;
1616 }
1617
TSAN_INTERCEPTOR(int,listen,int fd,int backlog)1618 TSAN_INTERCEPTOR(int, listen, int fd, int backlog) {
1619 SCOPED_TSAN_INTERCEPTOR(listen, fd, backlog);
1620 int res = REAL(listen)(fd, backlog);
1621 if (fd > 0 && res == 0)
1622 FdAccess(thr, pc, fd);
1623 return res;
1624 }
1625
1626 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,epoll_create,int size)1627 TSAN_INTERCEPTOR(int, epoll_create, int size) {
1628 SCOPED_TSAN_INTERCEPTOR(epoll_create, size);
1629 int fd = REAL(epoll_create)(size);
1630 if (fd >= 0)
1631 FdPollCreate(thr, pc, fd);
1632 return fd;
1633 }
1634 #define TSAN_MAYBE_INTERCEPT_EPOLL_CREATE TSAN_INTERCEPT(epoll_create)
1635 #else
1636 #define TSAN_MAYBE_INTERCEPT_EPOLL_CREATE
1637 #endif
1638
1639 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,epoll_create1,int flags)1640 TSAN_INTERCEPTOR(int, epoll_create1, int flags) {
1641 SCOPED_TSAN_INTERCEPTOR(epoll_create1, flags);
1642 int fd = REAL(epoll_create1)(flags);
1643 if (fd >= 0)
1644 FdPollCreate(thr, pc, fd);
1645 return fd;
1646 }
1647 #define TSAN_MAYBE_INTERCEPT_EPOLL_CREATE1 TSAN_INTERCEPT(epoll_create1)
1648 #else
1649 #define TSAN_MAYBE_INTERCEPT_EPOLL_CREATE1
1650 #endif
1651
TSAN_INTERCEPTOR(int,close,int fd)1652 TSAN_INTERCEPTOR(int, close, int fd) {
1653 SCOPED_TSAN_INTERCEPTOR(close, fd);
1654 if (fd >= 0)
1655 FdClose(thr, pc, fd);
1656 return REAL(close)(fd);
1657 }
1658
1659 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,__close,int fd)1660 TSAN_INTERCEPTOR(int, __close, int fd) {
1661 SCOPED_TSAN_INTERCEPTOR(__close, fd);
1662 if (fd >= 0)
1663 FdClose(thr, pc, fd);
1664 return REAL(__close)(fd);
1665 }
1666 #define TSAN_MAYBE_INTERCEPT___CLOSE TSAN_INTERCEPT(__close)
1667 #else
1668 #define TSAN_MAYBE_INTERCEPT___CLOSE
1669 #endif
1670
1671 // glibc guts
1672 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(void,__res_iclose,void * state,bool free_addr)1673 TSAN_INTERCEPTOR(void, __res_iclose, void *state, bool free_addr) {
1674 SCOPED_TSAN_INTERCEPTOR(__res_iclose, state, free_addr);
1675 int fds[64];
1676 int cnt = ExtractResolvFDs(state, fds, ARRAY_SIZE(fds));
1677 for (int i = 0; i < cnt; i++) {
1678 if (fds[i] > 0)
1679 FdClose(thr, pc, fds[i]);
1680 }
1681 REAL(__res_iclose)(state, free_addr);
1682 }
1683 #define TSAN_MAYBE_INTERCEPT___RES_ICLOSE TSAN_INTERCEPT(__res_iclose)
1684 #else
1685 #define TSAN_MAYBE_INTERCEPT___RES_ICLOSE
1686 #endif
1687
TSAN_INTERCEPTOR(int,pipe,int * pipefd)1688 TSAN_INTERCEPTOR(int, pipe, int *pipefd) {
1689 SCOPED_TSAN_INTERCEPTOR(pipe, pipefd);
1690 int res = REAL(pipe)(pipefd);
1691 if (res == 0 && pipefd[0] >= 0 && pipefd[1] >= 0)
1692 FdPipeCreate(thr, pc, pipefd[0], pipefd[1]);
1693 return res;
1694 }
1695
1696 #if !SANITIZER_MAC
TSAN_INTERCEPTOR(int,pipe2,int * pipefd,int flags)1697 TSAN_INTERCEPTOR(int, pipe2, int *pipefd, int flags) {
1698 SCOPED_TSAN_INTERCEPTOR(pipe2, pipefd, flags);
1699 int res = REAL(pipe2)(pipefd, flags);
1700 if (res == 0 && pipefd[0] >= 0 && pipefd[1] >= 0)
1701 FdPipeCreate(thr, pc, pipefd[0], pipefd[1]);
1702 return res;
1703 }
1704 #endif
1705
TSAN_INTERCEPTOR(long_t,send,int fd,void * buf,long_t len,int flags)1706 TSAN_INTERCEPTOR(long_t, send, int fd, void *buf, long_t len, int flags) {
1707 SCOPED_TSAN_INTERCEPTOR(send, fd, buf, len, flags);
1708 if (fd >= 0) {
1709 FdAccess(thr, pc, fd);
1710 FdRelease(thr, pc, fd);
1711 }
1712 int res = REAL(send)(fd, buf, len, flags);
1713 return res;
1714 }
1715
TSAN_INTERCEPTOR(long_t,sendmsg,int fd,void * msg,int flags)1716 TSAN_INTERCEPTOR(long_t, sendmsg, int fd, void *msg, int flags) {
1717 SCOPED_TSAN_INTERCEPTOR(sendmsg, fd, msg, flags);
1718 if (fd >= 0) {
1719 FdAccess(thr, pc, fd);
1720 FdRelease(thr, pc, fd);
1721 }
1722 int res = REAL(sendmsg)(fd, msg, flags);
1723 return res;
1724 }
1725
TSAN_INTERCEPTOR(long_t,recv,int fd,void * buf,long_t len,int flags)1726 TSAN_INTERCEPTOR(long_t, recv, int fd, void *buf, long_t len, int flags) {
1727 SCOPED_TSAN_INTERCEPTOR(recv, fd, buf, len, flags);
1728 if (fd >= 0)
1729 FdAccess(thr, pc, fd);
1730 int res = REAL(recv)(fd, buf, len, flags);
1731 if (res >= 0 && fd >= 0) {
1732 FdAcquire(thr, pc, fd);
1733 }
1734 return res;
1735 }
1736
TSAN_INTERCEPTOR(int,unlink,char * path)1737 TSAN_INTERCEPTOR(int, unlink, char *path) {
1738 SCOPED_TSAN_INTERCEPTOR(unlink, path);
1739 Release(thr, pc, File2addr(path));
1740 int res = REAL(unlink)(path);
1741 return res;
1742 }
1743
TSAN_INTERCEPTOR(void *,tmpfile,int fake)1744 TSAN_INTERCEPTOR(void*, tmpfile, int fake) {
1745 SCOPED_TSAN_INTERCEPTOR(tmpfile, fake);
1746 void *res = REAL(tmpfile)(fake);
1747 if (res) {
1748 int fd = fileno_unlocked(res);
1749 if (fd >= 0)
1750 FdFileCreate(thr, pc, fd);
1751 }
1752 return res;
1753 }
1754
1755 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(void *,tmpfile64,int fake)1756 TSAN_INTERCEPTOR(void*, tmpfile64, int fake) {
1757 SCOPED_TSAN_INTERCEPTOR(tmpfile64, fake);
1758 void *res = REAL(tmpfile64)(fake);
1759 if (res) {
1760 int fd = fileno_unlocked(res);
1761 if (fd >= 0)
1762 FdFileCreate(thr, pc, fd);
1763 }
1764 return res;
1765 }
1766 #define TSAN_MAYBE_INTERCEPT_TMPFILE64 TSAN_INTERCEPT(tmpfile64)
1767 #else
1768 #define TSAN_MAYBE_INTERCEPT_TMPFILE64
1769 #endif
1770
TSAN_INTERCEPTOR(uptr,fread,void * ptr,uptr size,uptr nmemb,void * f)1771 TSAN_INTERCEPTOR(uptr, fread, void *ptr, uptr size, uptr nmemb, void *f) {
1772 // libc file streams can call user-supplied functions, see fopencookie.
1773 {
1774 SCOPED_TSAN_INTERCEPTOR(fread, ptr, size, nmemb, f);
1775 MemoryAccessRange(thr, pc, (uptr)ptr, size * nmemb, true);
1776 }
1777 return REAL(fread)(ptr, size, nmemb, f);
1778 }
1779
TSAN_INTERCEPTOR(uptr,fwrite,const void * p,uptr size,uptr nmemb,void * f)1780 TSAN_INTERCEPTOR(uptr, fwrite, const void *p, uptr size, uptr nmemb, void *f) {
1781 // libc file streams can call user-supplied functions, see fopencookie.
1782 {
1783 SCOPED_TSAN_INTERCEPTOR(fwrite, p, size, nmemb, f);
1784 MemoryAccessRange(thr, pc, (uptr)p, size * nmemb, false);
1785 }
1786 return REAL(fwrite)(p, size, nmemb, f);
1787 }
1788
FlushStreams()1789 static void FlushStreams() {
1790 // Flushing all the streams here may freeze the process if a child thread is
1791 // performing file stream operations at the same time.
1792 REAL(fflush)(stdout);
1793 REAL(fflush)(stderr);
1794 }
1795
TSAN_INTERCEPTOR(void,abort,int fake)1796 TSAN_INTERCEPTOR(void, abort, int fake) {
1797 SCOPED_TSAN_INTERCEPTOR(abort, fake);
1798 FlushStreams();
1799 REAL(abort)(fake);
1800 }
1801
TSAN_INTERCEPTOR(int,puts,const char * s)1802 TSAN_INTERCEPTOR(int, puts, const char *s) {
1803 SCOPED_TSAN_INTERCEPTOR(puts, s);
1804 MemoryAccessRange(thr, pc, (uptr)s, internal_strlen(s), false);
1805 return REAL(puts)(s);
1806 }
1807
TSAN_INTERCEPTOR(int,rmdir,char * path)1808 TSAN_INTERCEPTOR(int, rmdir, char *path) {
1809 SCOPED_TSAN_INTERCEPTOR(rmdir, path);
1810 Release(thr, pc, Dir2addr(path));
1811 int res = REAL(rmdir)(path);
1812 return res;
1813 }
1814
TSAN_INTERCEPTOR(int,closedir,void * dirp)1815 TSAN_INTERCEPTOR(int, closedir, void *dirp) {
1816 SCOPED_TSAN_INTERCEPTOR(closedir, dirp);
1817 int fd = dirfd(dirp);
1818 FdClose(thr, pc, fd);
1819 return REAL(closedir)(dirp);
1820 }
1821
1822 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,epoll_ctl,int epfd,int op,int fd,void * ev)1823 TSAN_INTERCEPTOR(int, epoll_ctl, int epfd, int op, int fd, void *ev) {
1824 SCOPED_TSAN_INTERCEPTOR(epoll_ctl, epfd, op, fd, ev);
1825 if (epfd >= 0)
1826 FdAccess(thr, pc, epfd);
1827 if (epfd >= 0 && fd >= 0)
1828 FdAccess(thr, pc, fd);
1829 if (op == EPOLL_CTL_ADD && epfd >= 0)
1830 FdRelease(thr, pc, epfd);
1831 int res = REAL(epoll_ctl)(epfd, op, fd, ev);
1832 return res;
1833 }
1834 #define TSAN_MAYBE_INTERCEPT_EPOLL_CTL TSAN_INTERCEPT(epoll_ctl)
1835 #else
1836 #define TSAN_MAYBE_INTERCEPT_EPOLL_CTL
1837 #endif
1838
1839 #if SANITIZER_LINUX
TSAN_INTERCEPTOR(int,epoll_wait,int epfd,void * ev,int cnt,int timeout)1840 TSAN_INTERCEPTOR(int, epoll_wait, int epfd, void *ev, int cnt, int timeout) {
1841 SCOPED_TSAN_INTERCEPTOR(epoll_wait, epfd, ev, cnt, timeout);
1842 if (epfd >= 0)
1843 FdAccess(thr, pc, epfd);
1844 int res = BLOCK_REAL(epoll_wait)(epfd, ev, cnt, timeout);
1845 if (res > 0 && epfd >= 0)
1846 FdAcquire(thr, pc, epfd);
1847 return res;
1848 }
1849 #define TSAN_MAYBE_INTERCEPT_EPOLL_WAIT TSAN_INTERCEPT(epoll_wait)
1850 #else
1851 #define TSAN_MAYBE_INTERCEPT_EPOLL_WAIT
1852 #endif
1853
1854 namespace __tsan {
1855
CallUserSignalHandler(ThreadState * thr,bool sync,bool acquire,bool sigact,int sig,my_siginfo_t * info,void * uctx)1856 static void CallUserSignalHandler(ThreadState *thr, bool sync, bool acquire,
1857 bool sigact, int sig, my_siginfo_t *info, void *uctx) {
1858 if (acquire)
1859 Acquire(thr, 0, (uptr)&sigactions[sig]);
1860 // Ensure that the handler does not spoil errno.
1861 const int saved_errno = errno;
1862 errno = 99;
1863 // This code races with sigaction. Be careful to not read sa_sigaction twice.
1864 // Also need to remember pc for reporting before the call,
1865 // because the handler can reset it.
1866 volatile uptr pc = sigact ?
1867 (uptr)sigactions[sig].sa_sigaction :
1868 (uptr)sigactions[sig].sa_handler;
1869 if (pc != (uptr)SIG_DFL && pc != (uptr)SIG_IGN) {
1870 if (sigact)
1871 ((sigactionhandler_t)pc)(sig, info, uctx);
1872 else
1873 ((sighandler_t)pc)(sig);
1874 }
1875 // We do not detect errno spoiling for SIGTERM,
1876 // because some SIGTERM handlers do spoil errno but reraise SIGTERM,
1877 // tsan reports false positive in such case.
1878 // It's difficult to properly detect this situation (reraise),
1879 // because in async signal processing case (when handler is called directly
1880 // from rtl_generic_sighandler) we have not yet received the reraised
1881 // signal; and it looks too fragile to intercept all ways to reraise a signal.
1882 if (flags()->report_bugs && !sync && sig != SIGTERM && errno != 99) {
1883 VarSizeStackTrace stack;
1884 // StackTrace::GetNestInstructionPc(pc) is used because return address is
1885 // expected, OutputReport() will undo this.
1886 ObtainCurrentStack(thr, StackTrace::GetNextInstructionPc(pc), &stack);
1887 ThreadRegistryLock l(ctx->thread_registry);
1888 ScopedReport rep(ReportTypeErrnoInSignal);
1889 if (!IsFiredSuppression(ctx, ReportTypeErrnoInSignal, stack)) {
1890 rep.AddStack(stack, true);
1891 OutputReport(thr, rep);
1892 }
1893 }
1894 errno = saved_errno;
1895 }
1896
ProcessPendingSignals(ThreadState * thr)1897 void ProcessPendingSignals(ThreadState *thr) {
1898 ThreadSignalContext *sctx = SigCtx(thr);
1899 if (sctx == 0 ||
1900 atomic_load(&sctx->have_pending_signals, memory_order_relaxed) == 0)
1901 return;
1902 atomic_store(&sctx->have_pending_signals, 0, memory_order_relaxed);
1903 atomic_fetch_add(&thr->in_signal_handler, 1, memory_order_relaxed);
1904 // These are too big for stack.
1905 static THREADLOCAL __sanitizer_sigset_t emptyset, oldset;
1906 CHECK_EQ(0, REAL(sigfillset)(&emptyset));
1907 CHECK_EQ(0, pthread_sigmask(SIG_SETMASK, &emptyset, &oldset));
1908 for (int sig = 0; sig < kSigCount; sig++) {
1909 SignalDesc *signal = &sctx->pending_signals[sig];
1910 if (signal->armed) {
1911 signal->armed = false;
1912 CallUserSignalHandler(thr, false, true, signal->sigaction, sig,
1913 &signal->siginfo, &signal->ctx);
1914 }
1915 }
1916 CHECK_EQ(0, pthread_sigmask(SIG_SETMASK, &oldset, 0));
1917 atomic_fetch_add(&thr->in_signal_handler, -1, memory_order_relaxed);
1918 }
1919
1920 } // namespace __tsan
1921
is_sync_signal(ThreadSignalContext * sctx,int sig)1922 static bool is_sync_signal(ThreadSignalContext *sctx, int sig) {
1923 return sig == SIGSEGV || sig == SIGBUS || sig == SIGILL ||
1924 sig == SIGABRT || sig == SIGFPE || sig == SIGPIPE || sig == SIGSYS ||
1925 // If we are sending signal to ourselves, we must process it now.
1926 (sctx && sig == sctx->int_signal_send);
1927 }
1928
rtl_generic_sighandler(bool sigact,int sig,my_siginfo_t * info,void * ctx)1929 void ALWAYS_INLINE rtl_generic_sighandler(bool sigact, int sig,
1930 my_siginfo_t *info, void *ctx) {
1931 ThreadState *thr = cur_thread();
1932 ThreadSignalContext *sctx = SigCtx(thr);
1933 if (sig < 0 || sig >= kSigCount) {
1934 VPrintf(1, "ThreadSanitizer: ignoring signal %d\n", sig);
1935 return;
1936 }
1937 // Don't mess with synchronous signals.
1938 const bool sync = is_sync_signal(sctx, sig);
1939 if (sync ||
1940 // If we are in blocking function, we can safely process it now
1941 // (but check if we are in a recursive interceptor,
1942 // i.e. pthread_join()->munmap()).
1943 (sctx && atomic_load(&sctx->in_blocking_func, memory_order_relaxed))) {
1944 atomic_fetch_add(&thr->in_signal_handler, 1, memory_order_relaxed);
1945 if (sctx && atomic_load(&sctx->in_blocking_func, memory_order_relaxed)) {
1946 // We ignore interceptors in blocking functions,
1947 // temporary enbled them again while we are calling user function.
1948 int const i = thr->ignore_interceptors;
1949 thr->ignore_interceptors = 0;
1950 atomic_store(&sctx->in_blocking_func, 0, memory_order_relaxed);
1951 CallUserSignalHandler(thr, sync, true, sigact, sig, info, ctx);
1952 thr->ignore_interceptors = i;
1953 atomic_store(&sctx->in_blocking_func, 1, memory_order_relaxed);
1954 } else {
1955 // Be very conservative with when we do acquire in this case.
1956 // It's unsafe to do acquire in async handlers, because ThreadState
1957 // can be in inconsistent state.
1958 // SIGSYS looks relatively safe -- it's synchronous and can actually
1959 // need some global state.
1960 bool acq = (sig == SIGSYS);
1961 CallUserSignalHandler(thr, sync, acq, sigact, sig, info, ctx);
1962 }
1963 atomic_fetch_add(&thr->in_signal_handler, -1, memory_order_relaxed);
1964 return;
1965 }
1966
1967 if (sctx == 0)
1968 return;
1969 SignalDesc *signal = &sctx->pending_signals[sig];
1970 if (signal->armed == false) {
1971 signal->armed = true;
1972 signal->sigaction = sigact;
1973 if (info)
1974 internal_memcpy(&signal->siginfo, info, sizeof(*info));
1975 if (ctx)
1976 internal_memcpy(&signal->ctx, ctx, sizeof(signal->ctx));
1977 atomic_store(&sctx->have_pending_signals, 1, memory_order_relaxed);
1978 }
1979 }
1980
rtl_sighandler(int sig)1981 static void rtl_sighandler(int sig) {
1982 rtl_generic_sighandler(false, sig, 0, 0);
1983 }
1984
rtl_sigaction(int sig,my_siginfo_t * info,void * ctx)1985 static void rtl_sigaction(int sig, my_siginfo_t *info, void *ctx) {
1986 rtl_generic_sighandler(true, sig, info, ctx);
1987 }
1988
TSAN_INTERCEPTOR(int,sigaction,int sig,sigaction_t * act,sigaction_t * old)1989 TSAN_INTERCEPTOR(int, sigaction, int sig, sigaction_t *act, sigaction_t *old) {
1990 SCOPED_TSAN_INTERCEPTOR(sigaction, sig, act, old);
1991 if (old)
1992 internal_memcpy(old, &sigactions[sig], sizeof(*old));
1993 if (act == 0)
1994 return 0;
1995 // Copy act into sigactions[sig].
1996 // Can't use struct copy, because compiler can emit call to memcpy.
1997 // Can't use internal_memcpy, because it copies byte-by-byte,
1998 // and signal handler reads the sa_handler concurrently. It it can read
1999 // some bytes from old value and some bytes from new value.
2000 // Use volatile to prevent insertion of memcpy.
2001 sigactions[sig].sa_handler = *(volatile sighandler_t*)&act->sa_handler;
2002 sigactions[sig].sa_flags = *(volatile int*)&act->sa_flags;
2003 internal_memcpy(&sigactions[sig].sa_mask, &act->sa_mask,
2004 sizeof(sigactions[sig].sa_mask));
2005 #if !SANITIZER_FREEBSD
2006 sigactions[sig].sa_restorer = act->sa_restorer;
2007 #endif
2008 sigaction_t newact;
2009 internal_memcpy(&newact, act, sizeof(newact));
2010 REAL(sigfillset)(&newact.sa_mask);
2011 if (act->sa_handler != SIG_IGN && act->sa_handler != SIG_DFL) {
2012 if (newact.sa_flags & SA_SIGINFO)
2013 newact.sa_sigaction = rtl_sigaction;
2014 else
2015 newact.sa_handler = rtl_sighandler;
2016 }
2017 ReleaseStore(thr, pc, (uptr)&sigactions[sig]);
2018 int res = REAL(sigaction)(sig, &newact, 0);
2019 return res;
2020 }
2021
TSAN_INTERCEPTOR(sighandler_t,signal,int sig,sighandler_t h)2022 TSAN_INTERCEPTOR(sighandler_t, signal, int sig, sighandler_t h) {
2023 sigaction_t act;
2024 act.sa_handler = h;
2025 REAL(memset)(&act.sa_mask, -1, sizeof(act.sa_mask));
2026 act.sa_flags = 0;
2027 sigaction_t old;
2028 int res = sigaction(sig, &act, &old);
2029 if (res)
2030 return SIG_ERR;
2031 return old.sa_handler;
2032 }
2033
TSAN_INTERCEPTOR(int,sigsuspend,const __sanitizer_sigset_t * mask)2034 TSAN_INTERCEPTOR(int, sigsuspend, const __sanitizer_sigset_t *mask) {
2035 SCOPED_TSAN_INTERCEPTOR(sigsuspend, mask);
2036 return REAL(sigsuspend)(mask);
2037 }
2038
TSAN_INTERCEPTOR(int,raise,int sig)2039 TSAN_INTERCEPTOR(int, raise, int sig) {
2040 SCOPED_TSAN_INTERCEPTOR(raise, sig);
2041 ThreadSignalContext *sctx = SigCtx(thr);
2042 CHECK_NE(sctx, 0);
2043 int prev = sctx->int_signal_send;
2044 sctx->int_signal_send = sig;
2045 int res = REAL(raise)(sig);
2046 CHECK_EQ(sctx->int_signal_send, sig);
2047 sctx->int_signal_send = prev;
2048 return res;
2049 }
2050
TSAN_INTERCEPTOR(int,kill,int pid,int sig)2051 TSAN_INTERCEPTOR(int, kill, int pid, int sig) {
2052 SCOPED_TSAN_INTERCEPTOR(kill, pid, sig);
2053 ThreadSignalContext *sctx = SigCtx(thr);
2054 CHECK_NE(sctx, 0);
2055 int prev = sctx->int_signal_send;
2056 if (pid == (int)internal_getpid()) {
2057 sctx->int_signal_send = sig;
2058 }
2059 int res = REAL(kill)(pid, sig);
2060 if (pid == (int)internal_getpid()) {
2061 CHECK_EQ(sctx->int_signal_send, sig);
2062 sctx->int_signal_send = prev;
2063 }
2064 return res;
2065 }
2066
TSAN_INTERCEPTOR(int,pthread_kill,void * tid,int sig)2067 TSAN_INTERCEPTOR(int, pthread_kill, void *tid, int sig) {
2068 SCOPED_TSAN_INTERCEPTOR(pthread_kill, tid, sig);
2069 ThreadSignalContext *sctx = SigCtx(thr);
2070 CHECK_NE(sctx, 0);
2071 int prev = sctx->int_signal_send;
2072 if (tid == pthread_self()) {
2073 sctx->int_signal_send = sig;
2074 }
2075 int res = REAL(pthread_kill)(tid, sig);
2076 if (tid == pthread_self()) {
2077 CHECK_EQ(sctx->int_signal_send, sig);
2078 sctx->int_signal_send = prev;
2079 }
2080 return res;
2081 }
2082
TSAN_INTERCEPTOR(int,gettimeofday,void * tv,void * tz)2083 TSAN_INTERCEPTOR(int, gettimeofday, void *tv, void *tz) {
2084 SCOPED_TSAN_INTERCEPTOR(gettimeofday, tv, tz);
2085 // It's intercepted merely to process pending signals.
2086 return REAL(gettimeofday)(tv, tz);
2087 }
2088
TSAN_INTERCEPTOR(int,getaddrinfo,void * node,void * service,void * hints,void * rv)2089 TSAN_INTERCEPTOR(int, getaddrinfo, void *node, void *service,
2090 void *hints, void *rv) {
2091 SCOPED_TSAN_INTERCEPTOR(getaddrinfo, node, service, hints, rv);
2092 // We miss atomic synchronization in getaddrinfo,
2093 // and can report false race between malloc and free
2094 // inside of getaddrinfo. So ignore memory accesses.
2095 ThreadIgnoreBegin(thr, pc);
2096 int res = REAL(getaddrinfo)(node, service, hints, rv);
2097 ThreadIgnoreEnd(thr, pc);
2098 return res;
2099 }
2100
TSAN_INTERCEPTOR(int,fork,int fake)2101 TSAN_INTERCEPTOR(int, fork, int fake) {
2102 if (cur_thread()->in_symbolizer)
2103 return REAL(fork)(fake);
2104 SCOPED_INTERCEPTOR_RAW(fork, fake);
2105 ForkBefore(thr, pc);
2106 int pid = REAL(fork)(fake);
2107 if (pid == 0) {
2108 // child
2109 ForkChildAfter(thr, pc);
2110 FdOnFork(thr, pc);
2111 } else if (pid > 0) {
2112 // parent
2113 ForkParentAfter(thr, pc);
2114 } else {
2115 // error
2116 ForkParentAfter(thr, pc);
2117 }
2118 return pid;
2119 }
2120
TSAN_INTERCEPTOR(int,vfork,int fake)2121 TSAN_INTERCEPTOR(int, vfork, int fake) {
2122 // Some programs (e.g. openjdk) call close for all file descriptors
2123 // in the child process. Under tsan it leads to false positives, because
2124 // address space is shared, so the parent process also thinks that
2125 // the descriptors are closed (while they are actually not).
2126 // This leads to false positives due to missed synchronization.
2127 // Strictly saying this is undefined behavior, because vfork child is not
2128 // allowed to call any functions other than exec/exit. But this is what
2129 // openjdk does, so we want to handle it.
2130 // We could disable interceptors in the child process. But it's not possible
2131 // to simply intercept and wrap vfork, because vfork child is not allowed
2132 // to return from the function that calls vfork, and that's exactly what
2133 // we would do. So this would require some assembly trickery as well.
2134 // Instead we simply turn vfork into fork.
2135 return WRAP(fork)(fake);
2136 }
2137
2138 #if !SANITIZER_MAC
2139 typedef int (*dl_iterate_phdr_cb_t)(__sanitizer_dl_phdr_info *info, SIZE_T size,
2140 void *data);
2141 struct dl_iterate_phdr_data {
2142 ThreadState *thr;
2143 uptr pc;
2144 dl_iterate_phdr_cb_t cb;
2145 void *data;
2146 };
2147
IsAppNotRodata(uptr addr)2148 static bool IsAppNotRodata(uptr addr) {
2149 return IsAppMem(addr) && *(u64*)MemToShadow(addr) != kShadowRodata;
2150 }
2151
dl_iterate_phdr_cb(__sanitizer_dl_phdr_info * info,SIZE_T size,void * data)2152 static int dl_iterate_phdr_cb(__sanitizer_dl_phdr_info *info, SIZE_T size,
2153 void *data) {
2154 dl_iterate_phdr_data *cbdata = (dl_iterate_phdr_data *)data;
2155 // dlopen/dlclose allocate/free dynamic-linker-internal memory, which is later
2156 // accessible in dl_iterate_phdr callback. But we don't see synchronization
2157 // inside of dynamic linker, so we "unpoison" it here in order to not
2158 // produce false reports. Ignoring malloc/free in dlopen/dlclose is not enough
2159 // because some libc functions call __libc_dlopen.
2160 if (info && IsAppNotRodata((uptr)info->dlpi_name))
2161 MemoryResetRange(cbdata->thr, cbdata->pc, (uptr)info->dlpi_name,
2162 internal_strlen(info->dlpi_name));
2163 int res = cbdata->cb(info, size, cbdata->data);
2164 // Perform the check one more time in case info->dlpi_name was overwritten
2165 // by user callback.
2166 if (info && IsAppNotRodata((uptr)info->dlpi_name))
2167 MemoryResetRange(cbdata->thr, cbdata->pc, (uptr)info->dlpi_name,
2168 internal_strlen(info->dlpi_name));
2169 return res;
2170 }
2171
TSAN_INTERCEPTOR(int,dl_iterate_phdr,dl_iterate_phdr_cb_t cb,void * data)2172 TSAN_INTERCEPTOR(int, dl_iterate_phdr, dl_iterate_phdr_cb_t cb, void *data) {
2173 SCOPED_TSAN_INTERCEPTOR(dl_iterate_phdr, cb, data);
2174 dl_iterate_phdr_data cbdata;
2175 cbdata.thr = thr;
2176 cbdata.pc = pc;
2177 cbdata.cb = cb;
2178 cbdata.data = data;
2179 int res = REAL(dl_iterate_phdr)(dl_iterate_phdr_cb, &cbdata);
2180 return res;
2181 }
2182 #endif
2183
OnExit(ThreadState * thr)2184 static int OnExit(ThreadState *thr) {
2185 int status = Finalize(thr);
2186 FlushStreams();
2187 return status;
2188 }
2189
2190 struct TsanInterceptorContext {
2191 ThreadState *thr;
2192 const uptr caller_pc;
2193 const uptr pc;
2194 };
2195
2196 #if !SANITIZER_MAC
HandleRecvmsg(ThreadState * thr,uptr pc,__sanitizer_msghdr * msg)2197 static void HandleRecvmsg(ThreadState *thr, uptr pc,
2198 __sanitizer_msghdr *msg) {
2199 int fds[64];
2200 int cnt = ExtractRecvmsgFDs(msg, fds, ARRAY_SIZE(fds));
2201 for (int i = 0; i < cnt; i++)
2202 FdEventCreate(thr, pc, fds[i]);
2203 }
2204 #endif
2205
2206 #include "sanitizer_common/sanitizer_platform_interceptors.h"
2207 // Causes interceptor recursion (getaddrinfo() and fopen())
2208 #undef SANITIZER_INTERCEPT_GETADDRINFO
2209 // There interceptors do not seem to be strictly necessary for tsan.
2210 // But we see cases where the interceptors consume 70% of execution time.
2211 // Memory blocks passed to fgetgrent_r are "written to" by tsan several times.
2212 // First, there is some recursion (getgrnam_r calls fgetgrent_r), and each
2213 // function "writes to" the buffer. Then, the same memory is "written to"
2214 // twice, first as buf and then as pwbufp (both of them refer to the same
2215 // addresses).
2216 #undef SANITIZER_INTERCEPT_GETPWENT
2217 #undef SANITIZER_INTERCEPT_GETPWENT_R
2218 #undef SANITIZER_INTERCEPT_FGETPWENT
2219 #undef SANITIZER_INTERCEPT_GETPWNAM_AND_FRIENDS
2220 #undef SANITIZER_INTERCEPT_GETPWNAM_R_AND_FRIENDS
2221 // __tls_get_addr can be called with mis-aligned stack due to:
2222 // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58066
2223 // There are two potential issues:
2224 // 1. Sanitizer code contains a MOVDQA spill (it does not seem to be the case
2225 // right now). or 2. ProcessPendingSignal calls user handler which contains
2226 // MOVDQA spill (this happens right now).
2227 // Since the interceptor only initializes memory for msan, the simplest solution
2228 // is to disable the interceptor in tsan (other sanitizers do not call
2229 // signal handlers from COMMON_INTERCEPTOR_ENTER).
2230 // As __tls_get_addr has been intercepted in the past, to avoid breaking
2231 // libtsan ABI, keep it around, but just call the real function.
2232 #if SANITIZER_INTERCEPT_TLS_GET_ADDR
2233 #define NEED_TLS_GET_ADDR
2234 #endif
2235 #undef SANITIZER_INTERCEPT_TLS_GET_ADDR
2236
2237 #define COMMON_INTERCEPT_FUNCTION(name) INTERCEPT_FUNCTION(name)
2238
2239 #define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \
2240 MemoryAccessRange(((TsanInterceptorContext *)ctx)->thr, \
2241 ((TsanInterceptorContext *)ctx)->pc, (uptr)ptr, size, \
2242 true)
2243
2244 #define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
2245 MemoryAccessRange(((TsanInterceptorContext *) ctx)->thr, \
2246 ((TsanInterceptorContext *) ctx)->pc, (uptr) ptr, size, \
2247 false)
2248
2249 #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
2250 SCOPED_TSAN_INTERCEPTOR(func, __VA_ARGS__); \
2251 TsanInterceptorContext _ctx = {thr, caller_pc, pc}; \
2252 ctx = (void *)&_ctx; \
2253 (void) ctx;
2254
2255 #define COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, func, ...) \
2256 SCOPED_INTERCEPTOR_RAW(func, __VA_ARGS__); \
2257 TsanInterceptorContext _ctx = {thr, caller_pc, pc}; \
2258 ctx = (void *)&_ctx; \
2259 (void) ctx;
2260
2261 #define COMMON_INTERCEPTOR_FILE_OPEN(ctx, file, path) \
2262 Acquire(thr, pc, File2addr(path)); \
2263 if (file) { \
2264 int fd = fileno_unlocked(file); \
2265 if (fd >= 0) FdFileCreate(thr, pc, fd); \
2266 }
2267
2268 #define COMMON_INTERCEPTOR_FILE_CLOSE(ctx, file) \
2269 if (file) { \
2270 int fd = fileno_unlocked(file); \
2271 if (fd >= 0) FdClose(thr, pc, fd); \
2272 }
2273
2274 #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \
2275 libignore()->OnLibraryLoaded(filename)
2276
2277 #define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() \
2278 libignore()->OnLibraryUnloaded()
2279
2280 #define COMMON_INTERCEPTOR_ACQUIRE(ctx, u) \
2281 Acquire(((TsanInterceptorContext *) ctx)->thr, pc, u)
2282
2283 #define COMMON_INTERCEPTOR_RELEASE(ctx, u) \
2284 Release(((TsanInterceptorContext *) ctx)->thr, pc, u)
2285
2286 #define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
2287 Acquire(((TsanInterceptorContext *) ctx)->thr, pc, Dir2addr(path))
2288
2289 #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
2290 FdAcquire(((TsanInterceptorContext *) ctx)->thr, pc, fd)
2291
2292 #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
2293 FdRelease(((TsanInterceptorContext *) ctx)->thr, pc, fd)
2294
2295 #define COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd) \
2296 FdAccess(((TsanInterceptorContext *) ctx)->thr, pc, fd)
2297
2298 #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \
2299 FdSocketAccept(((TsanInterceptorContext *) ctx)->thr, pc, fd, newfd)
2300
2301 #define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) \
2302 ThreadSetName(((TsanInterceptorContext *) ctx)->thr, name)
2303
2304 #define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \
2305 __tsan::ctx->thread_registry->SetThreadNameByUserId(thread, name)
2306
2307 #define COMMON_INTERCEPTOR_BLOCK_REAL(name) BLOCK_REAL(name)
2308
2309 #define COMMON_INTERCEPTOR_ON_EXIT(ctx) \
2310 OnExit(((TsanInterceptorContext *) ctx)->thr)
2311
2312 #define COMMON_INTERCEPTOR_MUTEX_LOCK(ctx, m) \
2313 MutexLock(((TsanInterceptorContext *)ctx)->thr, \
2314 ((TsanInterceptorContext *)ctx)->pc, (uptr)m)
2315
2316 #define COMMON_INTERCEPTOR_MUTEX_UNLOCK(ctx, m) \
2317 MutexUnlock(((TsanInterceptorContext *)ctx)->thr, \
2318 ((TsanInterceptorContext *)ctx)->pc, (uptr)m)
2319
2320 #define COMMON_INTERCEPTOR_MUTEX_REPAIR(ctx, m) \
2321 MutexRepair(((TsanInterceptorContext *)ctx)->thr, \
2322 ((TsanInterceptorContext *)ctx)->pc, (uptr)m)
2323
2324 #if !SANITIZER_MAC
2325 #define COMMON_INTERCEPTOR_HANDLE_RECVMSG(ctx, msg) \
2326 HandleRecvmsg(((TsanInterceptorContext *)ctx)->thr, \
2327 ((TsanInterceptorContext *)ctx)->pc, msg)
2328 #endif
2329
2330 #define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \
2331 if (TsanThread *t = GetCurrentThread()) { \
2332 *begin = t->tls_begin(); \
2333 *end = t->tls_end(); \
2334 } else { \
2335 *begin = *end = 0; \
2336 }
2337
2338 #include "sanitizer_common/sanitizer_common_interceptors.inc"
2339
2340 #define TSAN_SYSCALL() \
2341 ThreadState *thr = cur_thread(); \
2342 if (thr->ignore_interceptors) \
2343 return; \
2344 ScopedSyscall scoped_syscall(thr) \
2345 /**/
2346
2347 struct ScopedSyscall {
2348 ThreadState *thr;
2349
ScopedSyscallScopedSyscall2350 explicit ScopedSyscall(ThreadState *thr)
2351 : thr(thr) {
2352 Initialize(thr);
2353 }
2354
~ScopedSyscallScopedSyscall2355 ~ScopedSyscall() {
2356 ProcessPendingSignals(thr);
2357 }
2358 };
2359
2360 #if !SANITIZER_MAC
syscall_access_range(uptr pc,uptr p,uptr s,bool write)2361 static void syscall_access_range(uptr pc, uptr p, uptr s, bool write) {
2362 TSAN_SYSCALL();
2363 MemoryAccessRange(thr, pc, p, s, write);
2364 }
2365
syscall_acquire(uptr pc,uptr addr)2366 static void syscall_acquire(uptr pc, uptr addr) {
2367 TSAN_SYSCALL();
2368 Acquire(thr, pc, addr);
2369 DPrintf("syscall_acquire(%p)\n", addr);
2370 }
2371
syscall_release(uptr pc,uptr addr)2372 static void syscall_release(uptr pc, uptr addr) {
2373 TSAN_SYSCALL();
2374 DPrintf("syscall_release(%p)\n", addr);
2375 Release(thr, pc, addr);
2376 }
2377
syscall_fd_close(uptr pc,int fd)2378 static void syscall_fd_close(uptr pc, int fd) {
2379 TSAN_SYSCALL();
2380 FdClose(thr, pc, fd);
2381 }
2382
syscall_fd_acquire(uptr pc,int fd)2383 static USED void syscall_fd_acquire(uptr pc, int fd) {
2384 TSAN_SYSCALL();
2385 FdAcquire(thr, pc, fd);
2386 DPrintf("syscall_fd_acquire(%p)\n", fd);
2387 }
2388
syscall_fd_release(uptr pc,int fd)2389 static USED void syscall_fd_release(uptr pc, int fd) {
2390 TSAN_SYSCALL();
2391 DPrintf("syscall_fd_release(%p)\n", fd);
2392 FdRelease(thr, pc, fd);
2393 }
2394
syscall_pre_fork(uptr pc)2395 static void syscall_pre_fork(uptr pc) {
2396 TSAN_SYSCALL();
2397 ForkBefore(thr, pc);
2398 }
2399
syscall_post_fork(uptr pc,int pid)2400 static void syscall_post_fork(uptr pc, int pid) {
2401 TSAN_SYSCALL();
2402 if (pid == 0) {
2403 // child
2404 ForkChildAfter(thr, pc);
2405 FdOnFork(thr, pc);
2406 } else if (pid > 0) {
2407 // parent
2408 ForkParentAfter(thr, pc);
2409 } else {
2410 // error
2411 ForkParentAfter(thr, pc);
2412 }
2413 }
2414 #endif
2415
2416 #define COMMON_SYSCALL_PRE_READ_RANGE(p, s) \
2417 syscall_access_range(GET_CALLER_PC(), (uptr)(p), (uptr)(s), false)
2418
2419 #define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \
2420 syscall_access_range(GET_CALLER_PC(), (uptr)(p), (uptr)(s), true)
2421
2422 #define COMMON_SYSCALL_POST_READ_RANGE(p, s) \
2423 do { \
2424 (void)(p); \
2425 (void)(s); \
2426 } while (false)
2427
2428 #define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) \
2429 do { \
2430 (void)(p); \
2431 (void)(s); \
2432 } while (false)
2433
2434 #define COMMON_SYSCALL_ACQUIRE(addr) \
2435 syscall_acquire(GET_CALLER_PC(), (uptr)(addr))
2436
2437 #define COMMON_SYSCALL_RELEASE(addr) \
2438 syscall_release(GET_CALLER_PC(), (uptr)(addr))
2439
2440 #define COMMON_SYSCALL_FD_CLOSE(fd) syscall_fd_close(GET_CALLER_PC(), fd)
2441
2442 #define COMMON_SYSCALL_FD_ACQUIRE(fd) syscall_fd_acquire(GET_CALLER_PC(), fd)
2443
2444 #define COMMON_SYSCALL_FD_RELEASE(fd) syscall_fd_release(GET_CALLER_PC(), fd)
2445
2446 #define COMMON_SYSCALL_PRE_FORK() \
2447 syscall_pre_fork(GET_CALLER_PC())
2448
2449 #define COMMON_SYSCALL_POST_FORK(res) \
2450 syscall_post_fork(GET_CALLER_PC(), res)
2451
2452 #include "sanitizer_common/sanitizer_common_syscalls.inc"
2453
2454 #ifdef NEED_TLS_GET_ADDR
TSAN_INTERCEPTOR(void *,__tls_get_addr,void * arg)2455 TSAN_INTERCEPTOR(void *, __tls_get_addr, void *arg) {
2456 return REAL(__tls_get_addr)(arg);
2457 }
2458 #endif
2459
2460 namespace __tsan {
2461
finalize(void * arg)2462 static void finalize(void *arg) {
2463 ThreadState *thr = cur_thread();
2464 int status = Finalize(thr);
2465 // Make sure the output is not lost.
2466 FlushStreams();
2467 if (status)
2468 Die();
2469 }
2470
2471 #if !SANITIZER_MAC
unreachable()2472 static void unreachable() {
2473 Report("FATAL: ThreadSanitizer: unreachable called\n");
2474 Die();
2475 }
2476 #endif
2477
InitializeInterceptors()2478 void InitializeInterceptors() {
2479 #if !SANITIZER_MAC
2480 // We need to setup it early, because functions like dlsym() can call it.
2481 REAL(memset) = internal_memset;
2482 REAL(memcpy) = internal_memcpy;
2483 #endif
2484
2485 // Instruct libc malloc to consume less memory.
2486 #if SANITIZER_LINUX
2487 mallopt(1, 0); // M_MXFAST
2488 mallopt(-3, 32*1024); // M_MMAP_THRESHOLD
2489 #endif
2490
2491 InitializeCommonInterceptors();
2492
2493 #if !SANITIZER_MAC
2494 // We can not use TSAN_INTERCEPT to get setjmp addr,
2495 // because it does &setjmp and setjmp is not present in some versions of libc.
2496 using __interception::GetRealFunctionAddress;
2497 GetRealFunctionAddress("setjmp", (uptr*)&REAL(setjmp), 0, 0);
2498 GetRealFunctionAddress("_setjmp", (uptr*)&REAL(_setjmp), 0, 0);
2499 GetRealFunctionAddress("sigsetjmp", (uptr*)&REAL(sigsetjmp), 0, 0);
2500 GetRealFunctionAddress("__sigsetjmp", (uptr*)&REAL(__sigsetjmp), 0, 0);
2501 #endif
2502
2503 TSAN_INTERCEPT(longjmp);
2504 TSAN_INTERCEPT(siglongjmp);
2505
2506 TSAN_INTERCEPT(malloc);
2507 TSAN_INTERCEPT(__libc_memalign);
2508 TSAN_INTERCEPT(calloc);
2509 TSAN_INTERCEPT(realloc);
2510 TSAN_INTERCEPT(free);
2511 TSAN_INTERCEPT(cfree);
2512 TSAN_INTERCEPT(mmap);
2513 TSAN_MAYBE_INTERCEPT_MMAP64;
2514 TSAN_INTERCEPT(munmap);
2515 TSAN_MAYBE_INTERCEPT_MEMALIGN;
2516 TSAN_INTERCEPT(valloc);
2517 TSAN_MAYBE_INTERCEPT_PVALLOC;
2518 TSAN_INTERCEPT(posix_memalign);
2519
2520 TSAN_INTERCEPT(strlen);
2521 TSAN_INTERCEPT(memset);
2522 TSAN_INTERCEPT(memcpy);
2523 TSAN_INTERCEPT(memmove);
2524 TSAN_INTERCEPT(strchr);
2525 TSAN_INTERCEPT(strchrnul);
2526 TSAN_INTERCEPT(strrchr);
2527 TSAN_INTERCEPT(strcpy); // NOLINT
2528 TSAN_INTERCEPT(strncpy);
2529 TSAN_INTERCEPT(strdup);
2530
2531 TSAN_INTERCEPT(pthread_create);
2532 TSAN_INTERCEPT(pthread_join);
2533 TSAN_INTERCEPT(pthread_detach);
2534
2535 TSAN_INTERCEPT_VER(pthread_cond_init, PTHREAD_ABI_BASE);
2536 TSAN_INTERCEPT_VER(pthread_cond_signal, PTHREAD_ABI_BASE);
2537 TSAN_INTERCEPT_VER(pthread_cond_broadcast, PTHREAD_ABI_BASE);
2538 TSAN_INTERCEPT_VER(pthread_cond_wait, PTHREAD_ABI_BASE);
2539 TSAN_INTERCEPT_VER(pthread_cond_timedwait, PTHREAD_ABI_BASE);
2540 TSAN_INTERCEPT_VER(pthread_cond_destroy, PTHREAD_ABI_BASE);
2541
2542 TSAN_INTERCEPT(pthread_mutex_init);
2543 TSAN_INTERCEPT(pthread_mutex_destroy);
2544 TSAN_INTERCEPT(pthread_mutex_trylock);
2545 TSAN_INTERCEPT(pthread_mutex_timedlock);
2546
2547 TSAN_INTERCEPT(pthread_spin_init);
2548 TSAN_INTERCEPT(pthread_spin_destroy);
2549 TSAN_INTERCEPT(pthread_spin_lock);
2550 TSAN_INTERCEPT(pthread_spin_trylock);
2551 TSAN_INTERCEPT(pthread_spin_unlock);
2552
2553 TSAN_INTERCEPT(pthread_rwlock_init);
2554 TSAN_INTERCEPT(pthread_rwlock_destroy);
2555 TSAN_INTERCEPT(pthread_rwlock_rdlock);
2556 TSAN_INTERCEPT(pthread_rwlock_tryrdlock);
2557 TSAN_INTERCEPT(pthread_rwlock_timedrdlock);
2558 TSAN_INTERCEPT(pthread_rwlock_wrlock);
2559 TSAN_INTERCEPT(pthread_rwlock_trywrlock);
2560 TSAN_INTERCEPT(pthread_rwlock_timedwrlock);
2561 TSAN_INTERCEPT(pthread_rwlock_unlock);
2562
2563 TSAN_INTERCEPT(pthread_barrier_init);
2564 TSAN_INTERCEPT(pthread_barrier_destroy);
2565 TSAN_INTERCEPT(pthread_barrier_wait);
2566
2567 TSAN_INTERCEPT(pthread_once);
2568
2569 TSAN_INTERCEPT(stat);
2570 TSAN_MAYBE_INTERCEPT___XSTAT;
2571 TSAN_MAYBE_INTERCEPT_STAT64;
2572 TSAN_MAYBE_INTERCEPT___XSTAT64;
2573 TSAN_INTERCEPT(lstat);
2574 TSAN_MAYBE_INTERCEPT___LXSTAT;
2575 TSAN_MAYBE_INTERCEPT_LSTAT64;
2576 TSAN_MAYBE_INTERCEPT___LXSTAT64;
2577 TSAN_INTERCEPT(fstat);
2578 TSAN_MAYBE_INTERCEPT___FXSTAT;
2579 TSAN_MAYBE_INTERCEPT_FSTAT64;
2580 TSAN_MAYBE_INTERCEPT___FXSTAT64;
2581 TSAN_INTERCEPT(open);
2582 TSAN_MAYBE_INTERCEPT_OPEN64;
2583 TSAN_INTERCEPT(creat);
2584 TSAN_MAYBE_INTERCEPT_CREAT64;
2585 TSAN_INTERCEPT(dup);
2586 TSAN_INTERCEPT(dup2);
2587 TSAN_INTERCEPT(dup3);
2588 TSAN_MAYBE_INTERCEPT_EVENTFD;
2589 TSAN_MAYBE_INTERCEPT_SIGNALFD;
2590 TSAN_MAYBE_INTERCEPT_INOTIFY_INIT;
2591 TSAN_MAYBE_INTERCEPT_INOTIFY_INIT1;
2592 TSAN_INTERCEPT(socket);
2593 TSAN_INTERCEPT(socketpair);
2594 TSAN_INTERCEPT(connect);
2595 TSAN_INTERCEPT(bind);
2596 TSAN_INTERCEPT(listen);
2597 TSAN_MAYBE_INTERCEPT_EPOLL_CREATE;
2598 TSAN_MAYBE_INTERCEPT_EPOLL_CREATE1;
2599 TSAN_INTERCEPT(close);
2600 TSAN_MAYBE_INTERCEPT___CLOSE;
2601 TSAN_MAYBE_INTERCEPT___RES_ICLOSE;
2602 TSAN_INTERCEPT(pipe);
2603 TSAN_INTERCEPT(pipe2);
2604
2605 TSAN_INTERCEPT(send);
2606 TSAN_INTERCEPT(sendmsg);
2607 TSAN_INTERCEPT(recv);
2608
2609 TSAN_INTERCEPT(unlink);
2610 TSAN_INTERCEPT(tmpfile);
2611 TSAN_MAYBE_INTERCEPT_TMPFILE64;
2612 TSAN_INTERCEPT(fread);
2613 TSAN_INTERCEPT(fwrite);
2614 TSAN_INTERCEPT(abort);
2615 TSAN_INTERCEPT(puts);
2616 TSAN_INTERCEPT(rmdir);
2617 TSAN_INTERCEPT(closedir);
2618
2619 TSAN_MAYBE_INTERCEPT_EPOLL_CTL;
2620 TSAN_MAYBE_INTERCEPT_EPOLL_WAIT;
2621
2622 TSAN_INTERCEPT(sigaction);
2623 TSAN_INTERCEPT(signal);
2624 TSAN_INTERCEPT(sigsuspend);
2625 TSAN_INTERCEPT(raise);
2626 TSAN_INTERCEPT(kill);
2627 TSAN_INTERCEPT(pthread_kill);
2628 TSAN_INTERCEPT(sleep);
2629 TSAN_INTERCEPT(usleep);
2630 TSAN_INTERCEPT(nanosleep);
2631 TSAN_INTERCEPT(gettimeofday);
2632 TSAN_INTERCEPT(getaddrinfo);
2633
2634 TSAN_INTERCEPT(fork);
2635 TSAN_INTERCEPT(vfork);
2636 TSAN_INTERCEPT(dl_iterate_phdr);
2637 TSAN_INTERCEPT(on_exit);
2638 TSAN_INTERCEPT(__cxa_atexit);
2639 TSAN_INTERCEPT(_exit);
2640
2641 #ifdef NEED_TLS_GET_ADDR
2642 TSAN_INTERCEPT(__tls_get_addr);
2643 #endif
2644
2645 #if !SANITIZER_MAC
2646 // Need to setup it, because interceptors check that the function is resolved.
2647 // But atexit is emitted directly into the module, so can't be resolved.
2648 REAL(atexit) = (int(*)(void(*)()))unreachable;
2649 #endif
2650
2651 if (REAL(__cxa_atexit)(&finalize, 0, 0)) {
2652 Printf("ThreadSanitizer: failed to setup atexit callback\n");
2653 Die();
2654 }
2655
2656 if (pthread_key_create(&g_thread_finalize_key, &thread_finalize)) {
2657 Printf("ThreadSanitizer: failed to create thread key\n");
2658 Die();
2659 }
2660
2661 FdInit();
2662 }
2663
2664 } // namespace __tsan
2665