[PATCH] D31729: [tsan] Mark "responsible frames" in stack traces to show which frame contains the race

Kuba (Brecka) Mracek via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Wed Apr 5 15:16:38 PDT 2017 

kubamracek created this revision.
kubamracek added a project: Sanitizers.

For reports that involve interceptors (e.g. races against `free()` or `memcpy` races), TSan displays reports like this:

  ==================
  WARNING: ThreadSanitizer: data race (pid=67781)
    Write of size 1 at 0x7b0400000045 by thread T2:
      #0 memcpy (libclang_rt.tsan_osx_dynamic.dylib)
      #1 Thread2(void*) (testapp)
  
    Previous write of size 1 at 0x7b0400000045 by thread T1:
      #0 memcpy (libclang_rt.tsan_osx_dynamic.dylib)
      #1 Thread1(void*) (testapp)
  
    Location is heap block of size 10 at 0x7b0400000040 allocated by main thread:
      #0 operator new[] ...
    ...
  ==================

The idea of this patch is to signify which frame is responsible for the bug. Usually, we'd assume that the topmost frame contains the problem that TSan is complaining about, but that's not true in the example above, where memcpy is being called in a racy way.  This patch turns the report into:

  ==================
  WARNING: ThreadSanitizer: data race (pid=67781)
    Write of size 1 at 0x7b0400000045 by thread T2:
      #0 memcpy (libclang_rt.tsan_osx_dynamic.dylib)
    * #1 Thread2(void*) (testapp)
  
    Previous write of size 1 at 0x7b0400000045 by thread T1:
      #0 memcpy (libclang_rt.tsan_osx_dynamic.dylib)
    * #1 Thread1(void*) (testapp)
  
    Issue is caused by frames marked with "*".
  
    Location is heap block of size 10 at 0x7b0400000040 allocated by main thread:
      #0 operator new[] ...
    ...
  ==================

This applies to races on interceptors (memcpy, memcmp, strcpy, ...), races against free, external races (via `__tsan_external_read`/`__tsan_external_write` API), and mutex issues like double unlock (where the top frame is the pthread_mutex API and not the caller of it).


Repository:
  rL LLVM

https://reviews.llvm.org/D31729

Files:
  lib/sanitizer_common/sanitizer_stacktrace_libcdep.cc
  lib/sanitizer_common/sanitizer_stacktrace_printer.cc
  lib/tsan/rtl/tsan_flags.cc
  lib/tsan/rtl/tsan_report.cc
  lib/tsan/rtl/tsan_report.h
  test/tsan/Darwin/external.cc
  test/tsan/free_race.c
  test/tsan/memcmp_race.cc
  test/tsan/memcpy_race.cc
  test/tsan/mutex_destroy_locked.cc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D31729.94289.patch
Type: text/x-patch
Size: 12030 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170405/a8977f8e/attachment.bin>

More information about the llvm-commits mailing list