[tsan] Fix an assertion failure in FindThreadByUidLocked with recycled threads

When a race on file descriptors is detected, `FindThreadByUidLocked()` is called to retrieve ThreadContext with a specific unique_id. However, this ThreadContext might not exist in the thread registry anymore (it may have been recycled), in which case `FindThreadByUidLocked` will cause an assertion failure in `GetThreadLocked`. Adding a test case that reproduces this, producing: FATAL: ThreadSanitizer CHECK failed: sanitizer_common/sanitizer_thread_registry.h:92 "((tid)) < ((n_contexts_))" (0x34, 0x34) This patch fixes this by replacing the loop with `FindThreadContextLocked`. Differential Revision: http://reviews.llvm.org/D14984 llvm-svn: 254223
2015-11-28 09:16:34 +00:00 · 2015-11-28 09:16:34 +00:00 · 11d8c1f8dd
parent e471cf32a0
commit 11d8c1f8dd
2 changed files with 62 additions and 8 deletions
--- a/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc
+++ b/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc
@ -200,16 +200,16 @@ void ScopedReport::AddThread(const ThreadContext *tctx, bool suppressable) {
 }

 #ifndef SANITIZER_GO
+static bool FindThreadByUidLockedCallback(ThreadContextBase *tctx, void *arg) {
+  int unique_id = *(int *)arg;
+  return tctx->unique_id == (u32)unique_id;
+}
+
 static ThreadContext *FindThreadByUidLocked(int unique_id) {
  ctx->thread_registry->CheckLocked();
-  for (unsigned i = 0; i < kMaxTid; i++) {
-    ThreadContext *tctx = static_cast<ThreadContext*>(
-        ctx->thread_registry->GetThreadLocked(i));
-    if (tctx && tctx->unique_id == (u32)unique_id) {
-      return tctx;
-    }
-  }
-  return 0;
+  return static_cast<ThreadContext *>(
+      ctx->thread_registry->FindThreadContextLocked(
+          FindThreadByUidLockedCallback, &unique_id));
 }

 static ThreadContext *FindThreadByTidLocked(int tid) {
--- a/compiler-rt/test/tsan/fd_tid_recycled.cc
+++ b/compiler-rt/test/tsan/fd_tid_recycled.cc
@ -0,0 +1,54 @@
+// RUN: %clangxx_tsan -O1 %s -o %t && %deflake %run %t | FileCheck %s
+#include "test.h"
+
+int fds[2];
+
+void *ThreadCreatePipe(void *x) {
+  pipe(fds);
+  return NULL;
+}
+
+void *ThreadDummy(void *x) {
+  return NULL;
+}
+
+void *ThreadWrite(void *x) {
+  write(fds[1], "a", 1);
+  barrier_wait(&barrier);
+  return NULL;
+}
+
+void *ThreadClose(void *x) {
+  barrier_wait(&barrier);
+  close(fds[0]);
+  close(fds[1]);
+  return NULL;
+}
+
+int main() {
+  barrier_init(&barrier, 2);
+  pthread_t t_create;
+  pthread_create(&t_create, NULL, ThreadCreatePipe, NULL);
+  pthread_join(t_create, NULL);
+
+  for (int i = 0; i < 100; i++) {
+    pthread_t t_dummy;
+    pthread_create(&t_dummy, NULL, ThreadDummy, NULL);
+    pthread_join(t_dummy, NULL);
+  }
+
+  pthread_t t[2];
+  pthread_create(&t[0], NULL, ThreadWrite, NULL);
+  pthread_create(&t[1], NULL, ThreadClose, NULL);
+  pthread_join(t[0], NULL);
+  pthread_join(t[1], NULL);
+}
+
+// CHECK-NOT: CHECK failed
+// CHECK: WARNING: ThreadSanitizer: data race
+// CHECK:   Write of size 8
+// CHECK:     #0 close
+// CHECK:     #1 ThreadClose
+// CHECK:   Previous read of size 8
+// CHECK:     #0 write
+// CHECK:     #1 ThreadWrite