1 //===-- tsan_platform_mac.cpp ---------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file is a part of ThreadSanitizer (TSan), a race detector. 10 // 11 // Mac-specific code. 12 //===----------------------------------------------------------------------===// 13 14 #include "sanitizer_common/sanitizer_platform.h" 15 #if SANITIZER_MAC 16 17 #include "sanitizer_common/sanitizer_atomic.h" 18 #include "sanitizer_common/sanitizer_common.h" 19 #include "sanitizer_common/sanitizer_libc.h" 20 #include "sanitizer_common/sanitizer_posix.h" 21 #include "sanitizer_common/sanitizer_procmaps.h" 22 #include "sanitizer_common/sanitizer_stackdepot.h" 23 #include "tsan_platform.h" 24 #include "tsan_rtl.h" 25 #include "tsan_flags.h" 26 27 #include <mach/mach.h> 28 #include <pthread.h> 29 #include <signal.h> 30 #include <stdio.h> 31 #include <stdlib.h> 32 #include <string.h> 33 #include <stdarg.h> 34 #include <sys/mman.h> 35 #include <sys/syscall.h> 36 #include <sys/time.h> 37 #include <sys/types.h> 38 #include <sys/resource.h> 39 #include <sys/stat.h> 40 #include <unistd.h> 41 #include <errno.h> 42 #include <sched.h> 43 44 namespace __tsan { 45 46 #if !SANITIZER_GO 47 static void *SignalSafeGetOrAllocate(uptr *dst, uptr size) { 48 atomic_uintptr_t *a = (atomic_uintptr_t *)dst; 49 void *val = (void *)atomic_load_relaxed(a); 50 atomic_signal_fence(memory_order_acquire); // Turns the previous load into 51 // acquire wrt signals. 52 if (UNLIKELY(val == nullptr)) { 53 val = (void *)internal_mmap(nullptr, size, PROT_READ | PROT_WRITE, 54 MAP_PRIVATE | MAP_ANON, -1, 0); 55 CHECK(val); 56 void *cmp = nullptr; 57 if (!atomic_compare_exchange_strong(a, (uintptr_t *)&cmp, (uintptr_t)val, 58 memory_order_acq_rel)) { 59 internal_munmap(val, size); 60 val = cmp; 61 } 62 } 63 return val; 64 } 65 66 // On OS X, accessing TLVs via __thread or manually by using pthread_key_* is 67 // problematic, because there are several places where interceptors are called 68 // when TLVs are not accessible (early process startup, thread cleanup, ...). 69 // The following provides a "poor man's TLV" implementation, where we use the 70 // shadow memory of the pointer returned by pthread_self() to store a pointer to 71 // the ThreadState object. The main thread's ThreadState is stored separately 72 // in a static variable, because we need to access it even before the 73 // shadow memory is set up. 74 static uptr main_thread_identity = 0; 75 ALIGNED(64) static char main_thread_state[sizeof(ThreadState)]; 76 static ThreadState *main_thread_state_loc = (ThreadState *)main_thread_state; 77 78 // We cannot use pthread_self() before libpthread has been initialized. Our 79 // current heuristic for guarding this is checking `main_thread_identity` which 80 // is only assigned in `__tsan::InitializePlatform`. 81 static ThreadState **cur_thread_location() { 82 if (main_thread_identity == 0) 83 return &main_thread_state_loc; 84 uptr thread_identity = (uptr)pthread_self(); 85 if (thread_identity == main_thread_identity) 86 return &main_thread_state_loc; 87 return (ThreadState **)MemToShadow(thread_identity); 88 } 89 90 ThreadState *cur_thread() { 91 return (ThreadState *)SignalSafeGetOrAllocate( 92 (uptr *)cur_thread_location(), sizeof(ThreadState)); 93 } 94 95 void set_cur_thread(ThreadState *thr) { 96 *cur_thread_location() = thr; 97 } 98 99 // TODO(kuba.brecka): This is not async-signal-safe. In particular, we call 100 // munmap first and then clear `fake_tls`; if we receive a signal in between, 101 // handler will try to access the unmapped ThreadState. 102 void cur_thread_finalize() { 103 ThreadState **thr_state_loc = cur_thread_location(); 104 if (thr_state_loc == &main_thread_state_loc) { 105 // Calling dispatch_main() or xpc_main() actually invokes pthread_exit to 106 // exit the main thread. Let's keep the main thread's ThreadState. 107 return; 108 } 109 internal_munmap(*thr_state_loc, sizeof(ThreadState)); 110 *thr_state_loc = nullptr; 111 } 112 #endif 113 114 void FlushShadowMemory() { 115 } 116 117 static void RegionMemUsage(uptr start, uptr end, uptr *res, uptr *dirty) { 118 vm_address_t address = start; 119 vm_address_t end_address = end; 120 uptr resident_pages = 0; 121 uptr dirty_pages = 0; 122 while (address < end_address) { 123 vm_size_t vm_region_size; 124 mach_msg_type_number_t count = VM_REGION_EXTENDED_INFO_COUNT; 125 vm_region_extended_info_data_t vm_region_info; 126 mach_port_t object_name; 127 kern_return_t ret = vm_region_64( 128 mach_task_self(), &address, &vm_region_size, VM_REGION_EXTENDED_INFO, 129 (vm_region_info_t)&vm_region_info, &count, &object_name); 130 if (ret != KERN_SUCCESS) break; 131 132 resident_pages += vm_region_info.pages_resident; 133 dirty_pages += vm_region_info.pages_dirtied; 134 135 address += vm_region_size; 136 } 137 *res = resident_pages * GetPageSizeCached(); 138 *dirty = dirty_pages * GetPageSizeCached(); 139 } 140 141 void WriteMemoryProfile(char *buf, uptr buf_size, uptr nthread, uptr nlive) { 142 uptr shadow_res, shadow_dirty; 143 uptr meta_res, meta_dirty; 144 uptr trace_res, trace_dirty; 145 RegionMemUsage(ShadowBeg(), ShadowEnd(), &shadow_res, &shadow_dirty); 146 RegionMemUsage(MetaShadowBeg(), MetaShadowEnd(), &meta_res, &meta_dirty); 147 RegionMemUsage(TraceMemBeg(), TraceMemEnd(), &trace_res, &trace_dirty); 148 149 #if !SANITIZER_GO 150 uptr low_res, low_dirty; 151 uptr high_res, high_dirty; 152 uptr heap_res, heap_dirty; 153 RegionMemUsage(LoAppMemBeg(), LoAppMemEnd(), &low_res, &low_dirty); 154 RegionMemUsage(HiAppMemBeg(), HiAppMemEnd(), &high_res, &high_dirty); 155 RegionMemUsage(HeapMemBeg(), HeapMemEnd(), &heap_res, &heap_dirty); 156 #else // !SANITIZER_GO 157 uptr app_res, app_dirty; 158 RegionMemUsage(AppMemBeg(), AppMemEnd(), &app_res, &app_dirty); 159 #endif 160 161 StackDepotStats *stacks = StackDepotGetStats(); 162 internal_snprintf(buf, buf_size, 163 "shadow (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 164 "meta (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 165 "traces (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 166 #if !SANITIZER_GO 167 "low app (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 168 "high app (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 169 "heap (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 170 #else // !SANITIZER_GO 171 "app (0x%016zx-0x%016zx): resident %zd kB, dirty %zd kB\n" 172 #endif 173 "stacks: %zd unique IDs, %zd kB allocated\n" 174 "threads: %zd total, %zd live\n" 175 "------------------------------\n", 176 ShadowBeg(), ShadowEnd(), shadow_res / 1024, shadow_dirty / 1024, 177 MetaShadowBeg(), MetaShadowEnd(), meta_res / 1024, meta_dirty / 1024, 178 TraceMemBeg(), TraceMemEnd(), trace_res / 1024, trace_dirty / 1024, 179 #if !SANITIZER_GO 180 LoAppMemBeg(), LoAppMemEnd(), low_res / 1024, low_dirty / 1024, 181 HiAppMemBeg(), HiAppMemEnd(), high_res / 1024, high_dirty / 1024, 182 HeapMemBeg(), HeapMemEnd(), heap_res / 1024, heap_dirty / 1024, 183 #else // !SANITIZER_GO 184 AppMemBeg(), AppMemEnd(), app_res / 1024, app_dirty / 1024, 185 #endif 186 stacks->n_uniq_ids, stacks->allocated / 1024, 187 nthread, nlive); 188 } 189 190 #if !SANITIZER_GO 191 void InitializeShadowMemoryPlatform() { } 192 193 // On OS X, GCD worker threads are created without a call to pthread_create. We 194 // need to properly register these threads with ThreadCreate and ThreadStart. 195 // These threads don't have a parent thread, as they are created "spuriously". 196 // We're using a libpthread API that notifies us about a newly created thread. 197 // The `thread == pthread_self()` check indicates this is actually a worker 198 // thread. If it's just a regular thread, this hook is called on the parent 199 // thread. 200 typedef void (*pthread_introspection_hook_t)(unsigned int event, 201 pthread_t thread, void *addr, 202 size_t size); 203 extern "C" pthread_introspection_hook_t pthread_introspection_hook_install( 204 pthread_introspection_hook_t hook); 205 static const uptr PTHREAD_INTROSPECTION_THREAD_CREATE = 1; 206 static const uptr PTHREAD_INTROSPECTION_THREAD_TERMINATE = 3; 207 static pthread_introspection_hook_t prev_pthread_introspection_hook; 208 static void my_pthread_introspection_hook(unsigned int event, pthread_t thread, 209 void *addr, size_t size) { 210 if (event == PTHREAD_INTROSPECTION_THREAD_CREATE) { 211 if (thread == pthread_self()) { 212 // The current thread is a newly created GCD worker thread. 213 ThreadState *thr = cur_thread(); 214 Processor *proc = ProcCreate(); 215 ProcWire(proc, thr); 216 ThreadState *parent_thread_state = nullptr; // No parent. 217 int tid = ThreadCreate(parent_thread_state, 0, (uptr)thread, true); 218 CHECK_NE(tid, 0); 219 ThreadStart(thr, tid, GetTid(), ThreadType::Worker); 220 } 221 } else if (event == PTHREAD_INTROSPECTION_THREAD_TERMINATE) { 222 if (thread == pthread_self()) { 223 ThreadState *thr = cur_thread(); 224 if (thr->tctx) { 225 DestroyThreadState(); 226 } 227 } 228 } 229 230 if (prev_pthread_introspection_hook != nullptr) 231 prev_pthread_introspection_hook(event, thread, addr, size); 232 } 233 #endif 234 235 void InitializePlatformEarly() { 236 #if defined(__aarch64__) 237 uptr max_vm = GetMaxUserVirtualAddress() + 1; 238 if (max_vm != Mapping::kHiAppMemEnd) { 239 Printf("ThreadSanitizer: unsupported vm address limit %p, expected %p.\n", 240 max_vm, Mapping::kHiAppMemEnd); 241 Die(); 242 } 243 #endif 244 } 245 246 static uptr longjmp_xor_key = 0; 247 248 void InitializePlatform() { 249 DisableCoreDumperIfNecessary(); 250 #if !SANITIZER_GO 251 CheckAndProtect(); 252 253 CHECK_EQ(main_thread_identity, 0); 254 main_thread_identity = (uptr)pthread_self(); 255 256 prev_pthread_introspection_hook = 257 pthread_introspection_hook_install(&my_pthread_introspection_hook); 258 #endif 259 260 if (GetMacosVersion() >= MACOS_VERSION_MOJAVE) { 261 // Libsystem currently uses a process-global key; this might change. 262 const unsigned kTLSLongjmpXorKeySlot = 0x7; 263 longjmp_xor_key = (uptr)pthread_getspecific(kTLSLongjmpXorKeySlot); 264 } 265 } 266 267 #ifdef __aarch64__ 268 # define LONG_JMP_SP_ENV_SLOT \ 269 ((GetMacosVersion() >= MACOS_VERSION_MOJAVE) ? 12 : 13) 270 #else 271 # define LONG_JMP_SP_ENV_SLOT 2 272 #endif 273 274 uptr ExtractLongJmpSp(uptr *env) { 275 uptr mangled_sp = env[LONG_JMP_SP_ENV_SLOT]; 276 uptr sp = mangled_sp ^ longjmp_xor_key; 277 return sp; 278 } 279 280 #if !SANITIZER_GO 281 void ImitateTlsWrite(ThreadState *thr, uptr tls_addr, uptr tls_size) { 282 // The pointer to the ThreadState object is stored in the shadow memory 283 // of the tls. 284 uptr tls_end = tls_addr + tls_size; 285 uptr thread_identity = (uptr)pthread_self(); 286 if (thread_identity == main_thread_identity) { 287 MemoryRangeImitateWrite(thr, /*pc=*/2, tls_addr, tls_size); 288 } else { 289 uptr thr_state_start = thread_identity; 290 uptr thr_state_end = thr_state_start + sizeof(uptr); 291 CHECK_GE(thr_state_start, tls_addr); 292 CHECK_LE(thr_state_start, tls_addr + tls_size); 293 CHECK_GE(thr_state_end, tls_addr); 294 CHECK_LE(thr_state_end, tls_addr + tls_size); 295 MemoryRangeImitateWrite(thr, /*pc=*/2, tls_addr, 296 thr_state_start - tls_addr); 297 MemoryRangeImitateWrite(thr, /*pc=*/2, thr_state_end, 298 tls_end - thr_state_end); 299 } 300 } 301 #endif 302 303 #if !SANITIZER_GO 304 // Note: this function runs with async signals enabled, 305 // so it must not touch any tsan state. 306 int call_pthread_cancel_with_cleanup(int(*fn)(void *c, void *m, 307 void *abstime), void *c, void *m, void *abstime, 308 void(*cleanup)(void *arg), void *arg) { 309 // pthread_cleanup_push/pop are hardcore macros mess. 310 // We can't intercept nor call them w/o including pthread.h. 311 int res; 312 pthread_cleanup_push(cleanup, arg); 313 res = fn(c, m, abstime); 314 pthread_cleanup_pop(0); 315 return res; 316 } 317 #endif 318 319 } // namespace __tsan 320 321 #endif // SANITIZER_MAC 322