Commit Graph

622 Commits

Author SHA1 Message Date
Kevin Athey b345952ad4 Revert "tsan: add a test for stack init race"
This reverts commit b72176b9bc.

Broke bot: https://lab.llvm.org/buildbot/#/builders/70/builds/12193
2021-09-27 15:31:23 -07:00
Dmitry Vyukov b72176b9bc tsan: add a test for stack init race
Depends on D110538.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D110539
2021-09-27 16:40:17 +02:00
Dmitry Vyukov b4c1e5cb73 tsan: fix and test detection of TLS races
Currently detection of races with TLS/stack initialization
is broken because we imitate the write before thread initialization,
so it's modelled with a wrong thread/epoch.
Fix that and add a test.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D110538
2021-09-27 16:40:08 +02:00
Dmitry Vyukov 34412cea5c tsan: don't use pipe2 in tests
MacOS buildbots failed:
stress.cpp:57:7: error: use of undeclared identifier 'pipe2'
https://green.lab.llvm.org/green//job/clang-stage1-RA/24209/consoleFull#-3468768778254eaf0-7326-4999-85b0-388101f2d404

Fix the test to not use pipe2.

Differential Revision: https://reviews.llvm.org/D110423
2021-09-24 17:52:16 +02:00
Dmitry Vyukov 124fcd7e9d tsan: add a stress test
The stress test does various assorted things
(memory accesses, function calls, atomic operations,
thread creation/join, intercepted libc calls)
in multiple threads just to stress various parts
of the runtime.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D110416
2021-09-24 16:46:13 +02:00
Dmitry Vyukov ad890aa232 tsan: add a test for flushing memory
Add a test for __tsan_flush_memory() and for background
flushing of the runtime memory.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D110409
2021-09-24 15:59:19 +02:00
Dmitry Vyukov dcc6db22d8 tsan: add another deep stack test
Add a test for a trace corner case that lead to a bug
in experimental runtime replacement.
Since it passes with the current runtime it makes sense
to submit it on its own.

Depends on D110264.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D110265
2021-09-23 10:45:17 +02:00
Dmitry Vyukov db2f870fe3 tsan: reset destination range in Java heap move
Switch Java heap move to the new scheme required for the new tsan runtime.
Instead of copying the shadow we reset the destination range.
The new v3 trace contains addresses of accesses, so we cannot simply copy the shadow.
This can lead to false negatives, but cannot lead to false positives.

Depends on D110159.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D110190
2021-09-22 07:23:21 +02:00
Dmitry Vyukov 20ee72d4cc tsan: don't call dlsym during exit
dlsym calls into dynamic linker which calls malloc and other things.
It's problematic to do it during the actual exit, because
it can happen from a singal handler or from within the runtime
after we reported the first bug, etc.
See https://github.com/google/sanitizers/issues/1440 for an example
(captured in the added test).
Initialize the callbacks during startup instead.

Depends on D110159.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D110166
2021-09-22 07:11:59 +02:00
Julian Lettner ee0ac45672 [TSan][Darwin] Add integration tests for dyld interposition
Add integration tests for dyld interposition: DYLD_LIBRARY_PATH and
DYLD_INSERT_LIBRARIES.

DYLD_INSERT_LIBRARIES is also relevant for TSan thread
finalization/destruction sequence in the presence of additional pthread
introspection hooks (libBacktraceRecording.dylib for Xcode 'Queue
Debugging' feature).

rdar://78739125

Differential Revision: https://reviews.llvm.org/D109332
2021-09-09 22:33:59 +02:00
Kazuaki Ishizaki a1e7e401d2 [compiler-rt] NFC: Fix trivial typo
Reviewed By: xgupta

Differential Revision: https://reviews.llvm.org/D77457
2021-09-04 14:12:58 +05:30
Azharuddin Mohammed 593275c93c Mark tsan cxa_guard_acquire test as unsupported on Darwin
This test started failing after recent commit `636428c727cd`. Marking it
as unsupported to get the bot back to green until we get it sorted out.
2021-08-18 01:44:20 -07:00
Dmitry Vyukov 7142eb17fb sanitizers: compile with -O1 under debug
Tsan's check_memcpy.c test was disabled under debug because it failed.
But it points to real issues and does not help to just disable it.
I tried to enable it and see what fail and the first hit was default ctor for:

  struct ChainedOriginDepotDesc {
    u32 here_id;
    u32 prev_id;
  };

initializing these fields to 0's help partially,
but compiler still emits memset before calling ctor.
I did not try to see what's the next failure, because if it fails
on such small structs, it won't be realistic to fix everything
and keep working.

Compile runtimes with -O1 under debug instead.
It seems to fix all current failures. At least I run check-tsan
under clang/gcc x debug/non-debug and all combinations passed.
-O1 does not usually use too aggressive optimizations
and sometimes even makes debugging easier because machine code
is not exceedingly verbose.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D107962
2021-08-16 10:01:50 +02:00
Dmitry Vyukov ce52e0339f tsan: fix another latent race size bug in test
The test contains a race in memset.
The size of reported race depends on how the accessed
memory range split into granules inside of tsan runtime.
The test used to report access of size 8, because presumably
the buffer ended up being aligned to 8 bytes. But after
some unrelated changes this test started to report accesses
of size 1 (presumably .data layout changed), which makes
the test fail.
Guarantee alignment of the buf object explicitly.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D107149
2021-07-30 12:55:13 +02:00
Dmitry Vyukov 97795be22f tsan: optimize test-only barrier
The updated lots_of_threads.c test with 300 threads
started running for too long on machines with low
hardware parallelism (e.g. taskset -c 0-1).
On lots of CPUs it finishes in ~2 secs. But with
taskset -c 0-1 it runs for hundreds of seconds
effectively spinning in the barrier in the sleep loop.

We now have the handy futex API in sanitizer_common.
Use it instead of the passive spin loop.
It makes the test run only faster with taskset -c 0-1,
it runs for ~1.5 secs, while with full parallelism
it still runs for ~2 secs (but consumes less CPU time).

Depends on D107131.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D107132
2021-07-30 11:39:38 +02:00
Dmitry Vyukov dbe36e4073 tsan: fix latent race size bug in test
The test contains a race in read/write syscalls.
The size of reported race depends on how the accessed
memory range split into granules inside of tsan runtime.
The test used to report access of size 8, because presumably
the buffer ended up being aligned to 8 bytes. But after
some unrelated changes this test started to report accesses
of size 1 (presumably .data layout changed), which makes
the test fail.
Guarantee alignment of the buf object explicitly.

Reviewed By: vitalybuka, melver

Differential Revision: https://reviews.llvm.org/D107131
2021-07-30 11:39:26 +02:00
Dmitry Vyukov 5697841f66 tsan: add another test for atomics
Add a test where atomic-release happens while
another thread spins calling load-acquire.
This can expose some interesting interleavings
of release and acquire.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D107055
2021-07-29 16:43:24 +02:00
Dmitry Vyukov 262cb5f5b4 tsan: fix java_symbolization test
We reliably remove bottom libc-guts frames only on linux/glibc.
Some bots failed on this test showing other bottom frames:

 .annobin_libc_start.c libc-start.c (libc.so.6+0x249f4)
 generic_start_main.isra.0 libc-start.c (libc.so.6+0x45b0c)

We can't reliably remove all of possible bottom frames.
So remove the assertion for that.

Differential Revision: https://reviews.llvm.org/D107037
2021-07-29 07:48:39 +02:00
Dmitry Vyukov da7a5c09c8 tsan: don't print __tsan_atomic* functions in report stacks
Currently __tsan_atomic* functions do FuncEntry/Exit using caller PC
and then use current PC (pointing to __tsan_atomic* itself) during
memory access handling. As the result the top function in reports
involving atomics is __tsan_atomic* and the next frame points to user code.

Remove FuncEntry/Exit in atomic functions and use caller PC
during memory access handling. This removes __tsan_atomic*
from the top of report stacks, so that they point right to user code.

The motivation for this is performance.
Some atomic operations are very hot (mostly loads),
so removing FuncEntry/Exit is beneficial.
This also reduces thread trace consumption (1 event instead of 3).

__tsan_atomic* at the top of the stack is not necessary
and does not add any new information. We already say
"atomic write of size 4", "__tsan_atomic32_store" does not add
anything new.

It also makes reports consistent between atomic and non-atomic
accesses. For normal accesses we say "previous write" and point
to user code; for atomics we say "previous atomic write" and now
also point to user code.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D106966
2021-07-28 20:34:46 +02:00
Dmitry Vyukov 9dad34423b tsan: strip __libc_start_main frame
We strip all frames below main but in some cases it may be not enough.
Namely, when main is instrumented but does not call any other instrumented code.
In this case __tsan_func_entry in main obtains PC pointing to __libc_start_main
(as we pass caller PC to __tsan_func_entry), but nothing obtains PC pointing
to main itself (as main does not call any instrumented code).
In such case we will not have main in the stack, and stripping everything
below main won't work.
So strip __libc_start_main explicitly as well.
But keep stripping of main because __libc_start_main is glibc/linux-specific,
so looking for main is more reliable (and usually main is present in stacks).

Depends on D106957.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D106958
2021-07-28 20:26:42 +02:00
Dmitry Vyukov 6563bb53b5 tsan: don't use caller/current PC in Java interfaces
Caller PC is plain harmful as native caller PC has nothing to do with Java code.
Current PC is not particularly useful and may be somewhat confusing for Java users
as it makes top frame to point to some magical __tsan function.
But obtaining and using these PCs adds runtime cost for every java event.
Remove these PCs. Rely only on official Java frames.
It makes execution faster, code simpler and reports better.

Depends on D106956.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D106957
2021-07-28 20:25:20 +02:00
Dmitry Vyukov 5237b14087 tsan: print alloc stack for Java objects
We maintain information about Java allocations,
but for some reason never printed it in reports.
Print it.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D106956
2021-07-28 20:25:11 +02:00
Dmitry Vyukov c4cb9b64dd tsan: add more micro benchmarks
1. Add a set of micro benchmarks for memory accesses,
   mem* functions and unaligned accesses.
2. Add support for multiple benchmarks in a single binary
   (or it would require 12 new benchmark binaries).
3. Remove the "clock growth" machinery,
   it affects the current tsan runtime by increasing size of
   all vector clocks, but this won't be relevant for the new
   tsan runtime.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D106961
2021-07-28 20:11:59 +02:00
Dmitry Vyukov bfb597b24c tsan: improve lots_of_threads test
The current 10 threads is not particularly "lots" and not stressful.
Create 10x300 threads and ensure they all are running at the same time.

Depends on D106953.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D106954
2021-07-28 17:36:06 +02:00
Dmitry Vyukov 9ef9d01a50 tsan: extend signal_malloc test
Test that we report the warning for free()
and ensure the test finishes as we usually do with "DONE".

Depends on D106951.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D106952
2021-07-28 17:35:13 +02:00
Dmitry Vyukov 89edd1e95f tsan: fix warnings in tests
Compilers don't like attributes in this position:

warning: GCC does not allow 'noinline' attribute in this position on a function definition
error: attributes are not allowed on a function-definition

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D106951
2021-07-28 17:35:02 +02:00
Dmitry Vyukov 35e76a939c Revert "sanitizer_common: split LibIgnore into fast/slow paths"
This reverts commit 1e1f752027.

It breaks ignore_noninstrumented_modules=1.
Somehow we did not have any portable tests for this mode before
(only Darwin tests). Add a portable test as well.

Moreover, I think I was too fast uninlining all LibIgnore checks.
For Java, Darwin and OpenMP LibIgnore is always enabled,
so it makes sense to leave it as it was before.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D106855
2021-07-27 11:43:43 +02:00
Ilya Leoshkevich 9bf2e7eeeb [TSan] Add SystemZ SANITIZER_GO support
Define the address ranges (similar to the C/C++ ones, but with the heap
range merged into the app range) and enable the sanity check.

Reviewed By: dvyukov

Differential Revision: https://reviews.llvm.org/D105629
2021-07-15 12:18:48 +02:00
Ilya Leoshkevich 937242cecc [TSan] Adjust tests for SystemZ
XFAIL map32bit, define the maximum possible allocation size in
mmap_large.cpp.

Reviewed By: dvyukov

Differential Revision: https://reviews.llvm.org/D105629
2021-07-15 12:18:48 +02:00
Ilya Leoshkevich d5c34ee5b6 [TSan] Build ignore_lib{0,1,5} tests with -fno-builtin
These tests depend on TSan seeing the intercepted memcpy(), so they
break when the compiler chooses the builtin version.

Reviewed By: dvyukov

Differential Revision: https://reviews.llvm.org/D105629
2021-07-15 12:18:47 +02:00
Dmitry Vyukov 2f6f24f010 tsan: re-enable mmap_stress.cpp test
The comment says it was flaky in 2016,
but it wasn't possible to debug it back then.
Re-enable the test at least on linux/x86_64.
It will either work, or at least we should
see failure output from lit today.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D104592
2021-06-24 09:48:34 +02:00
Dmitry Vyukov 1db68fcd8e tsan: fix mmap atomicity
Mmap interceptor is not atomic in the sense that it
exposes unmapped shadow for a brief period of time.
This breaks programs that mmap over another mmap
and access the region concurrently.
Don't unmap shadow in the mmap interceptor to fix this.
Just mapping new shadow on top should be enough to zero it.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D104593
2021-06-24 09:47:44 +02:00
Bruno Cardoso Lopes 6c35991ca0 [TSAN][CMake] Add support to run lit on individual tests
Handy when testing specific files, already supported in other components.

Example:
cd build; ./bin/llvm-lit ../compiler-rt/test/tsan/ignore_free.cpp

Differential Revision: https://reviews.llvm.org/D103054
2021-05-25 12:33:02 -07:00
Vitaly Buka 5faeefd4fa [tsan] Deflake pthread_atfork_deadlock3
sleep(1) does not guaranty afterfork order.
Also relative child/parent afterfork order is not important for this test so we
can just avoid checking that.

Reviewed By: dvyukov

Differential Revision: https://reviews.llvm.org/D102810
2021-05-19 22:59:37 -07:00
Vitaly Buka 09a8372726 [NFC][tsan] clang-format the test 2021-05-19 14:03:50 -07:00
Dmitry Vyukov c1eaa1168a tsan: mark sigwait as blocking
Add a test case reported in:
https://github.com/google/sanitizers/issues/1401
and fix it.
The code assumes sigwait will process other signals.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D102057
2021-05-19 13:03:20 +02:00
Dmitry Vyukov 00a1007545 sanitizer_common/symbolizer: fix crashes during exit
Override __cxa_atexit and ignore callbacks.
This prevents crashes in a configuration when the symbolizer
is built into sanitizer runtime and consequently into the test process.
LLVM libraries have some global objects destroyed during exit,
so if the test process triggers any bugs after that, the symbolizer crashes.
An example stack trace of such crash:

For the standalone llvm-symbolizer this does not hurt,
we just don't destroy few global objects on exit.

Reviewed By: kda

Differential Revision: https://reviews.llvm.org/D102470
2021-05-18 08:58:08 +02:00
Florian Hahn 086af17399
Revert "tsan: mark sigwait as blocking"
This reverts commit 5dad3d1ba9.

The added test (signal_block2.cpp) does not terminate on some Darwin
configurations and is causing Green Dragon bots to fail. First
failure of the test started in
    http://green.lab.llvm.org/green/job/clang-stage1-RA/20767/
2021-05-17 10:57:59 +01:00
Mitch Phillips 597ecf9fb7 [msan] [NFC] Add newline to EOF in test. 2021-05-14 15:00:00 -07:00
Bruno Cardoso Lopes fd184c062c [TSAN] Honor failure memory orders in AtomicCAS
LLVM has lifted strong requirements for CAS failure memory orders in 431e3138a and 819e0d105e.

Add support for honoring them in `AtomicCAS`.

https://github.com/google/sanitizers/issues/970

Differential Revision: https://reviews.llvm.org/D99434
2021-05-13 01:07:22 -07:00
Dmitry Vyukov 1dc838717a tsan: fix syscall test on aarch64
Add missing includes and use SYS_pipe2 instead of SYS_pipe
as it's not present on some arches.

Differential Revision: https://reviews.llvm.org/D102311
2021-05-12 09:00:51 +02:00
Dmitry Vyukov 8214764f35 tsan: declare annotations in test.h
We already declare subset of annotations in test.h.
But some are duplicated and declared in tests.
Move all annotation declarations to test.h.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D102152
2021-05-12 07:22:39 +02:00
Dmitry Vyukov 5dad3d1ba9 tsan: mark sigwait as blocking
Add a test case reported in:
https://github.com/google/sanitizers/issues/1401
and fix it.
The code assumes sigwait will process other signals.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D102057
2021-05-12 06:56:18 +02:00
Dmitry Vyukov 04b2ada51c tsan: add a simple syscall test
Add a simple test that uses syscall annotations.
Just to ensure at least basic functionality works.
Also factor out annotated syscall wrappers into a separate
header file as they may be useful for future tests.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D102223
2021-05-12 06:42:11 +02:00
Nico Weber d7ec48d71b [clang] accept -fsanitize-ignorelist= in addition to -fsanitize-blacklist=
Use that for internal names (including the default ignorelists of the
sanitizers).

Differential Revision: https://reviews.llvm.org/D101832
2021-05-04 10:24:00 -04:00
Dmitry Vyukov b6df852901 tsan: fix fork syscall test
Arm64 builders failed with:
error: use of undeclared identifier 'SYS_fork'
https://lab.llvm.org/buildbot/#/builders/7/builds/2575

Indeed, not all arches have fork syscall.
Implement fork via clone on these arches.

Differential Revision: https://reviews.llvm.org/D101603
2021-04-30 10:23:34 +02:00
Dmitry Vyukov ed7bf7d73f tsan: refactor fork handling
Commit efd254b636 ("tsan: fix deadlock in pthread_atfork callbacks")
fixed another deadlock related to atfork handling.
But builders with DCHECKs enabled reported failures of
pthread_atfork_deadlock2.c and pthread_atfork_deadlock3.c tests
related to the fact that we hold runtime locks on interceptor exit:
https://lab.llvm.org/buildbot/#/builders/70/builds/6727
This issue is somewhat inherent to the current approach,
we indeed execute user code (atfork callbacks) with runtime lock held.

Refactor fork handling to not run user code (atfork callbacks)
with runtime locks held. This change does this by installing
own atfork callbacks during runtime initialization.
Atfork callbacks run in LIFO order, so the expectation is that
our callbacks run last, right before the actual fork.
This way we lock runtime mutexes around fork, but not around
user callbacks.

Extend tests to also install after fork callbacks just to cover
more scenarios. Some tests also started reporting real races
that we previously suppressed.

Also extend tests to cover fork syscall support.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D101517
2021-04-30 08:48:20 +02:00
Dmitry Vyukov d78782f6a6 tsan: fix warnings in tests
Fix format specifier.
Fix warnings about non-standard attribute placement.
Make free_race2.c test a bit more interesting:
test access with/without an offset.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D101424
2021-04-29 07:42:18 +02:00
Tres Popp d1e08b124c Revert "tsan: refactor fork handling"
This reverts commit e1021dd1fd.
2021-04-28 14:08:33 +02:00
Dmitry Vyukov e1021dd1fd tsan: refactor fork handling
Commit efd254b636 ("tsan: fix deadlock in pthread_atfork callbacks")
fixed another deadlock related to atfork handling.
But builders with DCHECKs enabled reported failures of
pthread_atfork_deadlock2.c and pthread_atfork_deadlock3.c tests
related to the fact that we hold runtime locks on interceptor exit:
https://lab.llvm.org/buildbot/#/builders/70/builds/6727
This issue is somewhat inherent to the current approach,
we indeed execute user code (atfork callbacks) with runtime lock held.

Refactor fork handling to not run user code (atfork callbacks)
with runtime locks held. This change does this by installing
own atfork callbacks during runtime initialization.
Atfork callbacks run in LIFO order, so the expectation is that
our callbacks run last, right before the actual fork.
This way we lock runtime mutexes around fork, but not around
user callbacks.

Extend tests to also install after fork callbacks just to cover
more scenarios. Some tests also started reporting real races
that we previously suppressed.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D101385
2021-04-27 22:37:27 +02:00