1 //===-- tsan_platform_mac.cpp ---------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file is a part of ThreadSanitizer (TSan), a race detector. 10 // 11 // Mac-specific code. 12 //===----------------------------------------------------------------------===// 13 14 #include "sanitizer_common/sanitizer_platform.h" 15 #if SANITIZER_MAC 16 17 #include "sanitizer_common/sanitizer_atomic.h" 18 #include "sanitizer_common/sanitizer_common.h" 19 #include "sanitizer_common/sanitizer_libc.h" 20 #include "sanitizer_common/sanitizer_posix.h" 21 #include "sanitizer_common/sanitizer_procmaps.h" 22 #include "sanitizer_common/sanitizer_ptrauth.h" 23 #include "sanitizer_common/sanitizer_stackdepot.h" 24 #include "tsan_platform.h" 25 #include "tsan_rtl.h" 26 #include "tsan_flags.h" 27 28 #include <mach/mach.h> 29 #include <pthread.h> 30 #include <signal.h> 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <string.h> 34 #include <stdarg.h> 35 #include <sys/mman.h> 36 #include <sys/syscall.h> 37 #include <sys/time.h> 38 #include <sys/types.h> 39 #include <sys/resource.h> 40 #include <sys/stat.h> 41 #include <unistd.h> 42 #include <errno.h> 43 #include <sched.h> 44 45 namespace __tsan { 46 47 #if !SANITIZER_GO 48 static void *SignalSafeGetOrAllocate(uptr *dst, uptr size) { 49 atomic_uintptr_t *a = (atomic_uintptr_t *)dst; 50 void *val = (void *)atomic_load_relaxed(a); 51 atomic_signal_fence(memory_order_acquire); // Turns the previous load into 52 // acquire wrt signals. 53 if (UNLIKELY(val == nullptr)) { 54 val = (void *)internal_mmap(nullptr, size, PROT_READ | PROT_WRITE, 55 MAP_PRIVATE | MAP_ANON, -1, 0); 56 CHECK(val); 57 void *cmp = nullptr; 58 if (!atomic_compare_exchange_strong(a, (uintptr_t *)&cmp, (uintptr_t)val, 59 memory_order_acq_rel)) { 60 internal_munmap(val, size); 61 val = cmp; 62 } 63 } 64 return val; 65 } 66 67 // On OS X, accessing TLVs via __thread or manually by using pthread_key_* is 68 // problematic, because there are several places where interceptors are called 69 // when TLVs are not accessible (early process startup, thread cleanup, ...). 70 // The following provides a "poor man's TLV" implementation, where we use the 71 // shadow memory of the pointer returned by pthread_self() to store a pointer to 72 // the ThreadState object. The main thread's ThreadState is stored separately 73 // in a static variable, because we need to access it even before the 74 // shadow memory is set up. 75 static uptr main_thread_identity = 0; 76 ALIGNED(64) static char main_thread_state[sizeof(ThreadState)]; 77 static ThreadState *main_thread_state_loc = (ThreadState *)main_thread_state; 78 79 // We cannot use pthread_self() before libpthread has been initialized. Our 80 // current heuristic for guarding this is checking `main_thread_identity` which 81 // is only assigned in `__tsan::InitializePlatform`. 82 static ThreadState **cur_thread_location() { 83 if (main_thread_identity == 0) 84 return &main_thread_state_loc; 85 uptr thread_identity = (uptr)pthread_self(); 86 if (thread_identity == main_thread_identity) 87 return &main_thread_state_loc; 88 return (ThreadState **)MemToShadow(thread_identity); 89 } 90 91 ThreadState *cur_thread() { 92 return (ThreadState *)SignalSafeGetOrAllocate( 93 (uptr *)cur_thread_location(), sizeof(ThreadState)); 94 } 95 96 void set_cur_thread(ThreadState *thr) { 97 *cur_thread_location() = thr; 98 } 99 100 // TODO(kuba.brecka): This is not async-signal-safe. In particular, we call 101 // munmap first and then clear `fake_tls`; if we receive a signal in between, 102 // handler will try to access the unmapped ThreadState. 103 void cur_thread_finalize() { 104 ThreadState **thr_state_loc = cur_thread_location(); 105 if (thr_state_loc == &main_thread_state_loc) { 106 // Calling dispatch_main() or xpc_main() actually invokes pthread_exit to 107 // exit the main thread. Let's keep the main thread's ThreadState. 108 return; 109 } 110 internal_munmap(*thr_state_loc, sizeof(ThreadState)); 111 *thr_state_loc = nullptr; 112 } 113 #endif 114 115 void FlushShadowMemory() { 116 } 117 118 static void RegionMemUsage(uptr start, uptr end, uptr *res, uptr *dirty) { 119 vm_address_t address = start; 120 vm_address_t end_address = end; 121 uptr resident_pages = 0; 122 uptr dirty_pages = 0; 123 while (address < end_address) { 124 vm_size_t vm_region_size; 125 mach_msg_type_number_t count = VM_REGION_EXTENDED_INFO_COUNT; 126 vm_region_extended_info_data_t vm_region_info; 127 mach_port_t object_name; 128 kern_return_t ret = vm_region_64( 129 mach_task_self(), &address, &vm_region_size, VM_REGION_EXTENDED_INFO, 130 (vm_region_info_t)&vm_region_info, &count, &object_name); 131 if (ret != KERN_SUCCESS) break; 132 133 resident_pages += vm_region_info.pages_resident; 134 dirty_pages += vm_region_info.pages_dirtied; 135 136 address += vm_region_size; 137 } 138 *res = resident_pages * GetPageSizeCached(); 139 *dirty = dirty_pages * GetPageSizeCached(); 140 } 141 142 void WriteMemoryProfile(char *buf, uptr buf_size, uptr nthread, uptr nlive) { 143 uptr shadow_res, shadow_dirty; 144 uptr meta_res, meta_dirty; 145 uptr trace_res, trace_dirty; 146 RegionMemUsage(ShadowBeg(), ShadowEnd(), &shadow_res, &shadow_dirty); 147 RegionMemUsage(MetaShadowBeg(), MetaShadowEnd(), &meta_res, &meta_dirty); 148 RegionMemUsage(TraceMemBeg(), TraceMemEnd(), &trace_res, &trace_dirty); 149 150 #if !SANITIZER_GO 151 uptr low_res, low_dirty; 152 uptr high_res, high_dirty; 153 uptr heap_res, heap_dirty; 154 RegionMemUsage(LoAppMemBeg(), LoAppMemEnd(), &low_res, &low_dirty); 155 RegionMemUsage(HiAppMemBeg(), HiAppMemEnd(), &high_res, &high_dirty); 156 RegionMemUsage(HeapMemBeg(), HeapMemEnd(), &heap_res, &heap_dirty); 157 #else // !SANITIZER_GO 158 uptr app_res, app_dirty; 159 RegionMemUsage(AppMemBeg(), AppMemEnd(), &app_res, &app_dirty); 160 #endif 161 162 StackDepotStats *stacks = StackDepotGetStats(); 163 internal_snprintf(buf, buf_size, 164 "shadow (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 165 "meta (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 166 "traces (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 167 #if !SANITIZER_GO 168 "low app (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 169 "high app (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 170 "heap (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 171 #else // !SANITIZER_GO 172 "app (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 173 #endif 174 "stacks: %zd unique IDs, %zd kB allocated\n" 175 "threads: %zd total, %zd live\n" 176 "------------------------------\n", 177 ShadowBeg(), ShadowEnd(), shadow_res / 1024, shadow_dirty / 1024, 178 MetaShadowBeg(), MetaShadowEnd(), meta_res / 1024, meta_dirty / 1024, 179 TraceMemBeg(), TraceMemEnd(), trace_res / 1024, trace_dirty / 1024, 180 #if !SANITIZER_GO 181 LoAppMemBeg(), LoAppMemEnd(), low_res / 1024, low_dirty / 1024, 182 HiAppMemBeg(), HiAppMemEnd(), high_res / 1024, high_dirty / 1024, 183 HeapMemBeg(), HeapMemEnd(), heap_res / 1024, heap_dirty / 1024, 184 #else // !SANITIZER_GO 185 AppMemBeg(), AppMemEnd(), app_res / 1024, app_dirty / 1024, 186 #endif 187 stacks->n_uniq_ids, stacks->allocated / 1024, 188 nthread, nlive); 189 } 190 191 #if !SANITIZER_GO 192 void InitializeShadowMemoryPlatform() { } 193 194 // On OS X, GCD worker threads are created without a call to pthread_create. We 195 // need to properly register these threads with ThreadCreate and ThreadStart. 196 // These threads don't have a parent thread, as they are created "spuriously". 197 // We're using a libpthread API that notifies us about a newly created thread. 198 // The `thread == pthread_self()` check indicates this is actually a worker 199 // thread. If it's just a regular thread, this hook is called on the parent 200 // thread. 201 typedef void (*pthread_introspection_hook_t)(unsigned int event, 202 pthread_t thread, void *addr, 203 size_t size); 204 extern "C" pthread_introspection_hook_t pthread_introspection_hook_install( 205 pthread_introspection_hook_t hook); 206 static const uptr PTHREAD_INTROSPECTION_THREAD_CREATE = 1; 207 static const uptr PTHREAD_INTROSPECTION_THREAD_TERMINATE = 3; 208 static pthread_introspection_hook_t prev_pthread_introspection_hook; 209 static void my_pthread_introspection_hook(unsigned int event, pthread_t thread, 210 void *addr, size_t size) { 211 if (event == PTHREAD_INTROSPECTION_THREAD_CREATE) { 212 if (thread == pthread_self()) { 213 // The current thread is a newly created GCD worker thread. 214 ThreadState *thr = cur_thread(); 215 Processor *proc = ProcCreate(); 216 ProcWire(proc, thr); 217 ThreadState *parent_thread_state = nullptr; // No parent. 218 int tid = ThreadCreate(parent_thread_state, 0, (uptr)thread, true); 219 CHECK_NE(tid, 0); 220 ThreadStart(thr, tid, GetTid(), ThreadType::Worker); 221 } 222 } else if (event == PTHREAD_INTROSPECTION_THREAD_TERMINATE) { 223 if (thread == pthread_self()) { 224 ThreadState *thr = cur_thread(); 225 if (thr->tctx) { 226 DestroyThreadState(); 227 } 228 } 229 } 230 231 if (prev_pthread_introspection_hook != nullptr) 232 prev_pthread_introspection_hook(event, thread, addr, size); 233 } 234 #endif 235 236 void InitializePlatformEarly() { 237 #if !SANITIZER_GO && !HAS_48_BIT_ADDRESS_SPACE 238 uptr max_vm = GetMaxUserVirtualAddress() + 1; 239 if (max_vm != Mapping::kHiAppMemEnd) { 240 Printf("ThreadSanitizer: unsupported vm address limit %p, expected %p.\n", 241 max_vm, Mapping::kHiAppMemEnd); 242 Die(); 243 } 244 #endif 245 } 246 247 static uptr longjmp_xor_key = 0; 248 249 void InitializePlatform() { 250 DisableCoreDumperIfNecessary(); 251 #if !SANITIZER_GO 252 CheckAndProtect(); 253 254 CHECK_EQ(main_thread_identity, 0); 255 main_thread_identity = (uptr)pthread_self(); 256 257 prev_pthread_introspection_hook = 258 pthread_introspection_hook_install(&my_pthread_introspection_hook); 259 #endif 260 261 if (GetMacosAlignedVersion() >= MacosVersion(10, 14)) { 262 // Libsystem currently uses a process-global key; this might change. 263 const unsigned kTLSLongjmpXorKeySlot = 0x7; 264 longjmp_xor_key = (uptr)pthread_getspecific(kTLSLongjmpXorKeySlot); 265 } 266 } 267 268 #ifdef __aarch64__ 269 # define LONG_JMP_SP_ENV_SLOT \ 270 ((GetMacosAlignedVersion() >= MacosVersion(10, 14)) ? 12 : 13) 271 #else 272 # define LONG_JMP_SP_ENV_SLOT 2 273 #endif 274 275 uptr ExtractLongJmpSp(uptr *env) { 276 uptr mangled_sp = env[LONG_JMP_SP_ENV_SLOT]; 277 uptr sp = mangled_sp ^ longjmp_xor_key; 278 sp = (uptr)ptrauth_auth_data((void *)sp, ptrauth_key_asdb, 279 ptrauth_string_discriminator("sp")); 280 return sp; 281 } 282 283 #if !SANITIZER_GO 284 void ImitateTlsWrite(ThreadState *thr, uptr tls_addr, uptr tls_size) { 285 // The pointer to the ThreadState object is stored in the shadow memory 286 // of the tls. 287 uptr tls_end = tls_addr + tls_size; 288 uptr thread_identity = (uptr)pthread_self(); 289 if (thread_identity == main_thread_identity) { 290 MemoryRangeImitateWrite(thr, /*pc=*/2, tls_addr, tls_size); 291 } else { 292 uptr thr_state_start = thread_identity; 293 uptr thr_state_end = thr_state_start + sizeof(uptr); 294 CHECK_GE(thr_state_start, tls_addr); 295 CHECK_LE(thr_state_start, tls_addr + tls_size); 296 CHECK_GE(thr_state_end, tls_addr); 297 CHECK_LE(thr_state_end, tls_addr + tls_size); 298 MemoryRangeImitateWrite(thr, /*pc=*/2, tls_addr, 299 thr_state_start - tls_addr); 300 MemoryRangeImitateWrite(thr, /*pc=*/2, thr_state_end, 301 tls_end - thr_state_end); 302 } 303 } 304 #endif 305 306 #if !SANITIZER_GO 307 // Note: this function runs with async signals enabled, 308 // so it must not touch any tsan state. 309 int call_pthread_cancel_with_cleanup(int (*fn)(void *arg), 310 void (*cleanup)(void *arg), void *arg) { 311 // pthread_cleanup_push/pop are hardcore macros mess. 312 // We can't intercept nor call them w/o including pthread.h. 313 int res; 314 pthread_cleanup_push(cleanup, arg); 315 res = fn(arg); 316 pthread_cleanup_pop(0); 317 return res; 318 } 319 #endif 320 321 } // namespace __tsan 322 323 #endif // SANITIZER_MAC 324