[llvm-bugs] [Bug 39001] New: [compiler-rt] safestacks 'pthread-cleanup.c' test is racy

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Sep 19 10:00:46 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=39001

            Bug ID: 39001
           Summary: [compiler-rt] safestacks 'pthread-cleanup.c' test is
                    racy
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: jeremy.morse.llvm at gmail.com
                CC: llvm-bugs at lists.llvm.org, vitalybuka at google.com,
                    vlad at tsyrklevich.net

Created attachment 20891
  --> https://bugs.llvm.org/attachment.cgi?id=20891&action=edit
Strace of pthread-cleanup.c successfully terminating (which is an error)

In rare circumstances, the safestacks test 'pthread-cleanup.c' can fail (i.e.,
it doesn't crash) when the system is heavily loaded. We've seen intermittent
failures on Sonys internal CI for a while, and I've managed to replicate it by
running:
 * The test binary under strace, concurrent with
 * `llvm-lit -j 200` applied to the LLVM test suite.

The failure mode is a (very rare it seems) race where, in the code at [0],
pthread_join has reported that the tests first thread has terminated, but the
underlying linux thread has not been cleared yet. This manifests as a
successful call to tgkill leading to the 'unsafe stack' not being unmapped &
freed, which then doesn't cause the later crash that the program expects.

An strace of this happening is attached, running from just before the start of
main(), to the programs successful exit.

In this circumstance, to my undeducated eye it looks like the thread_stack_ll
struct of the still-live thread is kept linked into the to-free list, so IMHO
the problem is that the test relies on forward progress in the operating system
that isn't guaranteed. (I've no good ideas for how to get around that and
improve the test, alas).

[0]
https://github.com/llvm-mirror/compiler-rt/blob/d5d5b22249814bb4a2193509ed7ab33687507f98/lib/safestack/safestack.cc#L184

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180919/318712e6/attachment.html>

More information about the llvm-bugs mailing list