1 //===-- tsan_interceptors_mac.cc ------------------------------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file is a part of ThreadSanitizer (TSan), a race detector.
12 // Mac-specific interceptors.
13 //===----------------------------------------------------------------------===//
15 #include "sanitizer_common/sanitizer_platform.h"
18 #include "interception/interception.h"
19 #include "tsan_interceptors.h"
20 #include "tsan_interface.h"
21 #include "tsan_interface_ann.h"
22 #include "sanitizer_common/sanitizer_addrhashmap.h"
24 #include <libkern/OSAtomic.h>
25 #include <objc/objc-sync.h>
27 #if defined(__has_include) && __has_include(<xpc/xpc.h>)
29 #endif // #if defined(__has_include) && __has_include(<xpc/xpc.h>)
31 typedef long long_t; // NOLINT
35 // The non-barrier versions of OSAtomic* functions are semantically mo_relaxed,
36 // but the two variants (e.g. OSAtomicAdd32 and OSAtomicAdd32Barrier) are
37 // actually aliases of each other, and we cannot have different interceptors for
38 // them, because they're actually the same function. Thus, we have to stay
39 // conservative and treat the non-barrier versions as mo_acq_rel.
40 static const morder kMacOrderBarrier = mo_acq_rel;
41 static const morder kMacOrderNonBarrier = mo_acq_rel;
43 #define OSATOMIC_INTERCEPTOR(return_t, t, tsan_t, f, tsan_atomic_f, mo) \
44 TSAN_INTERCEPTOR(return_t, f, t x, volatile t *ptr) { \
45 SCOPED_TSAN_INTERCEPTOR(f, x, ptr); \
46 return tsan_atomic_f((volatile tsan_t *)ptr, x, mo); \
49 #define OSATOMIC_INTERCEPTOR_PLUS_X(return_t, t, tsan_t, f, tsan_atomic_f, mo) \
50 TSAN_INTERCEPTOR(return_t, f, t x, volatile t *ptr) { \
51 SCOPED_TSAN_INTERCEPTOR(f, x, ptr); \
52 return tsan_atomic_f((volatile tsan_t *)ptr, x, mo) + x; \
55 #define OSATOMIC_INTERCEPTOR_PLUS_1(return_t, t, tsan_t, f, tsan_atomic_f, mo) \
56 TSAN_INTERCEPTOR(return_t, f, volatile t *ptr) { \
57 SCOPED_TSAN_INTERCEPTOR(f, ptr); \
58 return tsan_atomic_f((volatile tsan_t *)ptr, 1, mo) + 1; \
61 #define OSATOMIC_INTERCEPTOR_MINUS_1(return_t, t, tsan_t, f, tsan_atomic_f, \
63 TSAN_INTERCEPTOR(return_t, f, volatile t *ptr) { \
64 SCOPED_TSAN_INTERCEPTOR(f, ptr); \
65 return tsan_atomic_f((volatile tsan_t *)ptr, 1, mo) - 1; \
68 #define OSATOMIC_INTERCEPTORS_ARITHMETIC(f, tsan_atomic_f, m) \
69 m(int32_t, int32_t, a32, f##32, __tsan_atomic32_##tsan_atomic_f, \
70 kMacOrderNonBarrier) \
71 m(int32_t, int32_t, a32, f##32##Barrier, __tsan_atomic32_##tsan_atomic_f, \
73 m(int64_t, int64_t, a64, f##64, __tsan_atomic64_##tsan_atomic_f, \
74 kMacOrderNonBarrier) \
75 m(int64_t, int64_t, a64, f##64##Barrier, __tsan_atomic64_##tsan_atomic_f, \
78 #define OSATOMIC_INTERCEPTORS_BITWISE(f, tsan_atomic_f, m, m_orig) \
79 m(int32_t, uint32_t, a32, f##32, __tsan_atomic32_##tsan_atomic_f, \
80 kMacOrderNonBarrier) \
81 m(int32_t, uint32_t, a32, f##32##Barrier, __tsan_atomic32_##tsan_atomic_f, \
83 m_orig(int32_t, uint32_t, a32, f##32##Orig, __tsan_atomic32_##tsan_atomic_f, \
84 kMacOrderNonBarrier) \
85 m_orig(int32_t, uint32_t, a32, f##32##OrigBarrier, \
86 __tsan_atomic32_##tsan_atomic_f, kMacOrderBarrier)
88 OSATOMIC_INTERCEPTORS_ARITHMETIC(OSAtomicAdd, fetch_add,
89 OSATOMIC_INTERCEPTOR_PLUS_X)
90 OSATOMIC_INTERCEPTORS_ARITHMETIC(OSAtomicIncrement, fetch_add,
91 OSATOMIC_INTERCEPTOR_PLUS_1)
92 OSATOMIC_INTERCEPTORS_ARITHMETIC(OSAtomicDecrement, fetch_sub,
93 OSATOMIC_INTERCEPTOR_MINUS_1)
94 OSATOMIC_INTERCEPTORS_BITWISE(OSAtomicOr, fetch_or, OSATOMIC_INTERCEPTOR_PLUS_X,
96 OSATOMIC_INTERCEPTORS_BITWISE(OSAtomicAnd, fetch_and,
97 OSATOMIC_INTERCEPTOR_PLUS_X, OSATOMIC_INTERCEPTOR)
98 OSATOMIC_INTERCEPTORS_BITWISE(OSAtomicXor, fetch_xor,
99 OSATOMIC_INTERCEPTOR_PLUS_X, OSATOMIC_INTERCEPTOR)
101 #define OSATOMIC_INTERCEPTORS_CAS(f, tsan_atomic_f, tsan_t, t) \
102 TSAN_INTERCEPTOR(bool, f, t old_value, t new_value, t volatile *ptr) { \
103 SCOPED_TSAN_INTERCEPTOR(f, old_value, new_value, ptr); \
104 return tsan_atomic_f##_compare_exchange_strong( \
105 (volatile tsan_t *)ptr, (tsan_t *)&old_value, (tsan_t)new_value, \
106 kMacOrderNonBarrier, kMacOrderNonBarrier); \
109 TSAN_INTERCEPTOR(bool, f##Barrier, t old_value, t new_value, \
111 SCOPED_TSAN_INTERCEPTOR(f##Barrier, old_value, new_value, ptr); \
112 return tsan_atomic_f##_compare_exchange_strong( \
113 (volatile tsan_t *)ptr, (tsan_t *)&old_value, (tsan_t)new_value, \
114 kMacOrderBarrier, kMacOrderNonBarrier); \
117 OSATOMIC_INTERCEPTORS_CAS(OSAtomicCompareAndSwapInt, __tsan_atomic32, a32, int)
118 OSATOMIC_INTERCEPTORS_CAS(OSAtomicCompareAndSwapLong, __tsan_atomic64, a64,
120 OSATOMIC_INTERCEPTORS_CAS(OSAtomicCompareAndSwapPtr, __tsan_atomic64, a64,
122 OSATOMIC_INTERCEPTORS_CAS(OSAtomicCompareAndSwap32, __tsan_atomic32, a32,
124 OSATOMIC_INTERCEPTORS_CAS(OSAtomicCompareAndSwap64, __tsan_atomic64, a64,
127 #define OSATOMIC_INTERCEPTOR_BITOP(f, op, clear, mo) \
128 TSAN_INTERCEPTOR(bool, f, uint32_t n, volatile void *ptr) { \
129 SCOPED_TSAN_INTERCEPTOR(f, n, ptr); \
130 volatile char *byte_ptr = ((volatile char *)ptr) + (n >> 3); \
131 char bit = 0x80u >> (n & 7); \
132 char mask = clear ? ~bit : bit; \
133 char orig_byte = op((volatile a8 *)byte_ptr, mask, mo); \
134 return orig_byte & bit; \
137 #define OSATOMIC_INTERCEPTORS_BITOP(f, op, clear) \
138 OSATOMIC_INTERCEPTOR_BITOP(f, op, clear, kMacOrderNonBarrier) \
139 OSATOMIC_INTERCEPTOR_BITOP(f##Barrier, op, clear, kMacOrderBarrier)
141 OSATOMIC_INTERCEPTORS_BITOP(OSAtomicTestAndSet, __tsan_atomic8_fetch_or, false)
142 OSATOMIC_INTERCEPTORS_BITOP(OSAtomicTestAndClear, __tsan_atomic8_fetch_and,
145 TSAN_INTERCEPTOR(void, OSAtomicEnqueue, OSQueueHead *list, void *item,
147 SCOPED_TSAN_INTERCEPTOR(OSAtomicEnqueue, list, item, offset);
148 __tsan_release(item);
149 REAL(OSAtomicEnqueue)(list, item, offset);
152 TSAN_INTERCEPTOR(void *, OSAtomicDequeue, OSQueueHead *list, size_t offset) {
153 SCOPED_TSAN_INTERCEPTOR(OSAtomicDequeue, list, offset);
154 void *item = REAL(OSAtomicDequeue)(list, offset);
155 if (item) __tsan_acquire(item);
159 // OSAtomicFifoEnqueue and OSAtomicFifoDequeue are only on OS X.
162 TSAN_INTERCEPTOR(void, OSAtomicFifoEnqueue, OSFifoQueueHead *list, void *item,
164 SCOPED_TSAN_INTERCEPTOR(OSAtomicFifoEnqueue, list, item, offset);
165 __tsan_release(item);
166 REAL(OSAtomicFifoEnqueue)(list, item, offset);
169 TSAN_INTERCEPTOR(void *, OSAtomicFifoDequeue, OSFifoQueueHead *list,
171 SCOPED_TSAN_INTERCEPTOR(OSAtomicFifoDequeue, list, offset);
172 void *item = REAL(OSAtomicFifoDequeue)(list, offset);
173 if (item) __tsan_acquire(item);
179 TSAN_INTERCEPTOR(void, OSSpinLockLock, volatile OSSpinLock *lock) {
180 CHECK(!cur_thread()->is_dead);
181 if (!cur_thread()->is_inited) {
182 return REAL(OSSpinLockLock)(lock);
184 SCOPED_TSAN_INTERCEPTOR(OSSpinLockLock, lock);
185 REAL(OSSpinLockLock)(lock);
186 Acquire(thr, pc, (uptr)lock);
189 TSAN_INTERCEPTOR(bool, OSSpinLockTry, volatile OSSpinLock *lock) {
190 CHECK(!cur_thread()->is_dead);
191 if (!cur_thread()->is_inited) {
192 return REAL(OSSpinLockTry)(lock);
194 SCOPED_TSAN_INTERCEPTOR(OSSpinLockTry, lock);
195 bool result = REAL(OSSpinLockTry)(lock);
197 Acquire(thr, pc, (uptr)lock);
201 TSAN_INTERCEPTOR(void, OSSpinLockUnlock, volatile OSSpinLock *lock) {
202 CHECK(!cur_thread()->is_dead);
203 if (!cur_thread()->is_inited) {
204 return REAL(OSSpinLockUnlock)(lock);
206 SCOPED_TSAN_INTERCEPTOR(OSSpinLockUnlock, lock);
207 Release(thr, pc, (uptr)lock);
208 REAL(OSSpinLockUnlock)(lock);
211 TSAN_INTERCEPTOR(void, os_lock_lock, void *lock) {
212 CHECK(!cur_thread()->is_dead);
213 if (!cur_thread()->is_inited) {
214 return REAL(os_lock_lock)(lock);
216 SCOPED_TSAN_INTERCEPTOR(os_lock_lock, lock);
217 REAL(os_lock_lock)(lock);
218 Acquire(thr, pc, (uptr)lock);
221 TSAN_INTERCEPTOR(bool, os_lock_trylock, void *lock) {
222 CHECK(!cur_thread()->is_dead);
223 if (!cur_thread()->is_inited) {
224 return REAL(os_lock_trylock)(lock);
226 SCOPED_TSAN_INTERCEPTOR(os_lock_trylock, lock);
227 bool result = REAL(os_lock_trylock)(lock);
229 Acquire(thr, pc, (uptr)lock);
233 TSAN_INTERCEPTOR(void, os_lock_unlock, void *lock) {
234 CHECK(!cur_thread()->is_dead);
235 if (!cur_thread()->is_inited) {
236 return REAL(os_lock_unlock)(lock);
238 SCOPED_TSAN_INTERCEPTOR(os_lock_unlock, lock);
239 Release(thr, pc, (uptr)lock);
240 REAL(os_lock_unlock)(lock);
243 #if defined(__has_include) && __has_include(<xpc/xpc.h>)
245 TSAN_INTERCEPTOR(void, xpc_connection_set_event_handler,
246 xpc_connection_t connection, xpc_handler_t handler) {
247 SCOPED_TSAN_INTERCEPTOR(xpc_connection_set_event_handler, connection,
249 Release(thr, pc, (uptr)connection);
250 xpc_handler_t new_handler = ^(xpc_object_t object) {
252 SCOPED_INTERCEPTOR_RAW(xpc_connection_set_event_handler);
253 Acquire(thr, pc, (uptr)connection);
257 REAL(xpc_connection_set_event_handler)(connection, new_handler);
260 TSAN_INTERCEPTOR(void, xpc_connection_send_barrier, xpc_connection_t connection,
261 dispatch_block_t barrier) {
262 SCOPED_TSAN_INTERCEPTOR(xpc_connection_send_barrier, connection, barrier);
263 Release(thr, pc, (uptr)connection);
264 dispatch_block_t new_barrier = ^() {
266 SCOPED_INTERCEPTOR_RAW(xpc_connection_send_barrier);
267 Acquire(thr, pc, (uptr)connection);
271 REAL(xpc_connection_send_barrier)(connection, new_barrier);
274 TSAN_INTERCEPTOR(void, xpc_connection_send_message_with_reply,
275 xpc_connection_t connection, xpc_object_t message,
276 dispatch_queue_t replyq, xpc_handler_t handler) {
277 SCOPED_TSAN_INTERCEPTOR(xpc_connection_send_message_with_reply, connection,
278 message, replyq, handler);
279 Release(thr, pc, (uptr)connection);
280 xpc_handler_t new_handler = ^(xpc_object_t object) {
282 SCOPED_INTERCEPTOR_RAW(xpc_connection_send_message_with_reply);
283 Acquire(thr, pc, (uptr)connection);
287 REAL(xpc_connection_send_message_with_reply)
288 (connection, message, replyq, new_handler);
291 TSAN_INTERCEPTOR(void, xpc_connection_cancel, xpc_connection_t connection) {
292 SCOPED_TSAN_INTERCEPTOR(xpc_connection_cancel, connection);
293 Release(thr, pc, (uptr)connection);
294 REAL(xpc_connection_cancel)(connection);
297 #endif // #if defined(__has_include) && __has_include(<xpc/xpc.h>)
299 // Determines whether the Obj-C object pointer is a tagged pointer. Tagged
300 // pointers encode the object data directly in their pointer bits and do not
301 // have an associated memory allocation. The Obj-C runtime uses tagged pointers
302 // to transparently optimize small objects.
303 static bool IsTaggedObjCPointer(id obj) {
304 const uptr kPossibleTaggedBits = 0x8000000000000001ull;
305 return ((uptr)obj & kPossibleTaggedBits) != 0;
308 // Returns an address which can be used to inform TSan about synchronization
309 // points (MutexLock/Unlock). The TSan infrastructure expects this to be a valid
310 // address in the process space. We do a small allocation here to obtain a
311 // stable address (the array backing the hash map can change). The memory is
312 // never free'd (leaked) and allocation and locking are slow, but this code only
313 // runs for @synchronized with tagged pointers, which is very rare.
314 static uptr GetOrCreateSyncAddress(uptr addr, ThreadState *thr, uptr pc) {
315 typedef AddrHashMap<uptr, 5> Map;
316 static Map Addresses;
317 Map::Handle h(&Addresses, addr);
319 ThreadIgnoreBegin(thr, pc);
320 *h = (uptr) user_alloc(thr, pc, /*size=*/1);
321 ThreadIgnoreEnd(thr, pc);
326 // Returns an address on which we can synchronize given an Obj-C object pointer.
327 // For normal object pointers, this is just the address of the object in memory.
328 // Tagged pointers are not backed by an actual memory allocation, so we need to
329 // synthesize a valid address.
330 static uptr SyncAddressForObjCObject(id obj, ThreadState *thr, uptr pc) {
331 if (IsTaggedObjCPointer(obj))
332 return GetOrCreateSyncAddress((uptr)obj, thr, pc);
336 TSAN_INTERCEPTOR(int, objc_sync_enter, id obj) {
337 SCOPED_TSAN_INTERCEPTOR(objc_sync_enter, obj);
338 if (!obj) return REAL(objc_sync_enter)(obj);
339 uptr addr = SyncAddressForObjCObject(obj, thr, pc);
340 MutexPreLock(thr, pc, addr, MutexFlagWriteReentrant);
341 int result = REAL(objc_sync_enter)(obj);
342 CHECK_EQ(result, OBJC_SYNC_SUCCESS);
343 MutexPostLock(thr, pc, addr, MutexFlagWriteReentrant);
347 TSAN_INTERCEPTOR(int, objc_sync_exit, id obj) {
348 SCOPED_TSAN_INTERCEPTOR(objc_sync_exit, obj);
349 if (!obj) return REAL(objc_sync_exit)(obj);
350 uptr addr = SyncAddressForObjCObject(obj, thr, pc);
351 MutexUnlock(thr, pc, addr);
352 int result = REAL(objc_sync_exit)(obj);
353 if (result != OBJC_SYNC_SUCCESS) MutexInvalidAccess(thr, pc, addr);
357 // On macOS, libc++ is always linked dynamically, so intercepting works the
359 #define STDCXX_INTERCEPTOR TSAN_INTERCEPTOR
362 struct fake_shared_weak_count {
363 volatile a64 shared_owners;
364 volatile a64 shared_weak_owners;
365 virtual void _unused_0x0() = 0;
366 virtual void _unused_0x8() = 0;
367 virtual void on_zero_shared() = 0;
368 virtual void _unused_0x18() = 0;
369 virtual void on_zero_shared_weak() = 0;
373 // The following code adds libc++ interceptors for:
374 // void __shared_weak_count::__release_shared() _NOEXCEPT;
375 // bool __shared_count::__release_shared() _NOEXCEPT;
376 // Shared and weak pointers in C++ maintain reference counts via atomics in
377 // libc++.dylib, which are TSan-invisible, and this leads to false positives in
378 // destructor code. These interceptors re-implements the whole functions so that
379 // the mo_acq_rel semantics of the atomic decrement are visible.
381 // Unfortunately, the interceptors cannot simply Acquire/Release some sync
382 // object and call the original function, because it would have a race between
383 // the sync and the destruction of the object. Calling both under a lock will
384 // not work because the destructor can invoke this interceptor again (and even
385 // in a different thread, so recursive locks don't help).
387 STDCXX_INTERCEPTOR(void, _ZNSt3__119__shared_weak_count16__release_sharedEv,
388 fake_shared_weak_count *o) {
389 if (!flags()->shared_ptr_interceptor)
390 return REAL(_ZNSt3__119__shared_weak_count16__release_sharedEv)(o);
392 SCOPED_TSAN_INTERCEPTOR(_ZNSt3__119__shared_weak_count16__release_sharedEv,
394 if (__tsan_atomic64_fetch_add(&o->shared_owners, -1, mo_release) == 0) {
395 Acquire(thr, pc, (uptr)&o->shared_owners);
397 if (__tsan_atomic64_fetch_add(&o->shared_weak_owners, -1, mo_release) ==
399 Acquire(thr, pc, (uptr)&o->shared_weak_owners);
400 o->on_zero_shared_weak();
405 STDCXX_INTERCEPTOR(bool, _ZNSt3__114__shared_count16__release_sharedEv,
406 fake_shared_weak_count *o) {
407 if (!flags()->shared_ptr_interceptor)
408 return REAL(_ZNSt3__114__shared_count16__release_sharedEv)(o);
410 SCOPED_TSAN_INTERCEPTOR(_ZNSt3__114__shared_count16__release_sharedEv, o);
411 if (__tsan_atomic64_fetch_add(&o->shared_owners, -1, mo_release) == 0) {
412 Acquire(thr, pc, (uptr)&o->shared_owners);
420 struct call_once_callback_args {
421 void (*orig_func)(void *arg);
426 void call_once_callback_wrapper(void *arg) {
427 call_once_callback_args *new_args = (call_once_callback_args *)arg;
428 new_args->orig_func(new_args->orig_arg);
429 __tsan_release(new_args->flag);
433 // This adds a libc++ interceptor for:
434 // void __call_once(volatile unsigned long&, void*, void(*)(void*));
435 // C++11 call_once is implemented via an internal function __call_once which is
436 // inside libc++.dylib, and the atomic release store inside it is thus
437 // TSan-invisible. To avoid false positives, this interceptor wraps the callback
438 // function and performs an explicit Release after the user code has run.
439 STDCXX_INTERCEPTOR(void, _ZNSt3__111__call_onceERVmPvPFvS2_E, void *flag,
440 void *arg, void (*func)(void *arg)) {
441 call_once_callback_args new_args = {func, arg, flag};
442 REAL(_ZNSt3__111__call_onceERVmPvPFvS2_E)(flag, &new_args,
443 call_once_callback_wrapper);
446 } // namespace __tsan
448 #endif // SANITIZER_MAC
projects / FreeBSD / FreeBSD.git / blob