SLIDE 1
Kuba Mracek, Apple
- ThreadSanitizer APIs
ThreadSanitizer APIs for External Libraries Kuba Mracek, Apple - - PowerPoint PPT Presentation
ThreadSanitizer APIs for External Libraries Kuba Mracek, Apple - - PowerPoint PPT Presentation
ThreadSanitizer APIs for External Libraries Kuba Mracek, Apple ThreadSanitizer ThreadSanitizer Data race detector ThreadSanitizer Data race detector LLVM IR instrumentation: ThreadSanitizer Data race detector LLVM
SLIDE 2
SLIDE 3
ThreadSanitizer
- Data race detector
SLIDE 4
ThreadSanitizer
- Data race detector
- LLVM IR instrumentation:
SLIDE 5
ThreadSanitizer
- Data race detector
- LLVM IR instrumentation:
- memory reads and writes
SLIDE 6
ThreadSanitizer
- Data race detector
- LLVM IR instrumentation:
- memory reads and writes
- atomic operations (load, store, RMW, CAS)
SLIDE 7
Thread 1 Thread 2 Thread 3
SLIDE 8
Thread 1 Thread 2 Thread 3 events events events
SLIDE 9
happens-before data race detector
Thread 1 Thread 2 Thread 3 events events events
SLIDE 10
happens-before data race detector
Thread 1 Thread 2 Thread 3 events events events Memory reads Memory writes Synchronization events
SLIDE 11
happens-before data race detector
Thread 1 Thread 2 Thread 3 events events events
SLIDE 12
happens-before data race detector
Thread 1 Thread 2 Thread 3 events events events
🐟
SLIDE 13
happens-before data race detector
Thread 1 Thread 2 Thread 3 events events events
🐟
$ ./racyapp WARNING: ThreadSanitizer: data race (pid=19219) Write of size 4 at 0x7fcf47b21bc0 by thread T1: #0 Thread1 race.c:4 (exe+0x00000000a360) Previous write of size 4 at 0x7fcf47b21bc0 by main thread: #0 main race.c:10 (exe+0x00000000a3b4) …
SLIDE 14
Libraries and Frameworks
SLIDE 15
Libraries and Frameworks
- Precompiled code is not instrumented
SLIDE 16
Libraries and Frameworks
- Precompiled code is not instrumented
instrumented
SLIDE 17
Libraries and Frameworks
- Precompiled code is not instrumented
call API instrumented
SLIDE 18
Libraries and Frameworks
- Precompiled code is not instrumented
call API .so instrumented non-instrumented
SLIDE 19
Libraries and Frameworks
- Precompiled code is not instrumented
call API .so🐟 instrumented non-instrumented
SLIDE 20
Libraries and Frameworks
- Precompiled code is not instrumented
call API .so🐟
🚬
instrumented non-instrumented
SLIDE 21
Libraries and Frameworks
- Precompiled code is not instrumented
call API .so instrumented instrumented
SLIDE 22
Libraries and Frameworks
- Precompiled code is not instrumented
call API .so🐟 instrumented instrumented
SLIDE 23
Libraries and Frameworks
- Precompiled code is not instrumented
- APIs expect users to ensure thread safety
call API .so🐟 instrumented instrumented
SLIDE 24
Libraries and Frameworks
- Precompiled code is not instrumented
- APIs expect users to ensure thread safety
call API .so
🐟
instrumented
SLIDE 25
Libraries and Frameworks
- Precompiled code is not instrumented
- APIs expect users to ensure thread safety
call API .so
🐟
instrumented
SLIDE 26
New: APIs for Libraries
SLIDE 27
New: APIs for Libraries
- ThreadSanitizer provides callbacks for libraries to inform about read/write-like
events of high-level objects:
SLIDE 28
New: APIs for Libraries
- ThreadSanitizer provides callbacks for libraries to inform about read/write-like
events of high-level objects:
__tsan_external_read(void *addr, void *caller_pc, void *tag); __tsan_external_write(void *addr, void *caller_pc, void *tag);
SLIDE 29
New: APIs for Libraries
- ThreadSanitizer provides callbacks for libraries to inform about read/write-like
events of high-level objects:
- High-level object = basically any object you work with
- array, map, graph node, data object, UI element, …
__tsan_external_read(void *addr, void *caller_pc, void *tag); __tsan_external_write(void *addr, void *caller_pc, void *tag);
SLIDE 30
Example: CoreFoundation
SLIDE 31
Example: CoreFoundation
- Provides APIs for basic collections:
CFMutableArrayRef CFArrayCreateMutable(/*…*/); void CFArrayAppendValue(CFArrayRef array, /*…*/); CFIndex CFArrayGetCount(CFArrayRef array);
SLIDE 32
Example: CoreFoundation
- Provides APIs for basic collections:
CFMutableArrayRef CFArrayCreateMutable(/*…*/); void CFArrayAppendValue(CFArrayRef array, /*…*/); CFIndex CFArrayGetCount(CFArrayRef array);
- User must ensure thread safety
SLIDE 33
// Modifies the array void CFArrayAppendValue(CFArrayRef array, /*…*/) { __tsan_external_write(array, CALLER_PC, tag); /*…*/ } // Reads the array CFIndex CFArrayGetCount(CFArrayRef array) { __tsan_external_read(array, CALLER_PC, tag); /*…*/ }
SLIDE 34
// Modifies the array void CFArrayAppendValue(CFArrayRef array, /*…*/) { if (is_tsan_present) __tsan_external_write(array, CALLER_PC, tag); /*…*/ } // Reads the array CFIndex CFArrayGetCount(CFArrayRef array) { if (is_tsan_present) __tsan_external_read(array, CALLER_PC, tag); /*…*/ }
SLIDE 35
================== WARNING: ThreadSanitizer: race on a library object Read-only access of CFMutableArray at 0x7b0c00046b30 by thread T2: #0 CFArrayGetCount (CoreFoundation:x86_64) #1 Thread1 main.m:16 (demoapp:x86_64) Previous modifying access of CFMutableArray at 0x7b0c00046b30 by thread T3: #0 CFArrayAppendValue (CoreFoundation:x86_64) #1 Thread2 main.m:21 (demoapp:x86_64) Location is heap block of size 40 at 0x7b0c00046b30 allocated by main thread: … SUMMARY: ThreadSanitizer: race on a library object main.m:16 in Thread1 ==================
SLIDE 36
================== WARNING: ThreadSanitizer: race on a library object Read-only access of CFMutableArray at 0x7b0c00046b30 by thread T2: #0 CFArrayGetCount (CoreFoundation:x86_64) #1 Thread1 main.m:16 (demoapp:x86_64) Previous modifying access of CFMutableArray at 0x7b0c00046b30 by thread T3: #0 CFArrayAppendValue (CoreFoundation:x86_64) #1 Thread2 main.m:21 (demoapp:x86_64) Location is heap block of size 40 at 0x7b0c00046b30 allocated by main thread: … SUMMARY: ThreadSanitizer: race on a library object main.m:16 in Thread1 ================== report description
SLIDE 37
================== WARNING: ThreadSanitizer: race on a library object Read-only access of CFMutableArray at 0x7b0c00046b30 by thread T2: #0 CFArrayGetCount (CoreFoundation:x86_64) #1 Thread1 main.m:16 (demoapp:x86_64) Previous modifying access of CFMutableArray at 0x7b0c00046b30 by thread T3: #0 CFArrayAppendValue (CoreFoundation:x86_64) #1 Thread2 main.m:21 (demoapp:x86_64) Location is heap block of size 40 at 0x7b0c00046b30 allocated by main thread: … SUMMARY: ThreadSanitizer: race on a library object main.m:16 in Thread1 ================== type of the object report description
SLIDE 38
================== WARNING: ThreadSanitizer: race on a library object Read-only access of CFMutableArray at 0x7b0c00046b30 by thread T2: #0 CFArrayGetCount (CoreFoundation:x86_64) #1 Thread1 main.m:16 (demoapp:x86_64) Previous modifying access of CFMutableArray at 0x7b0c00046b30 by thread T3: #0 CFArrayAppendValue (CoreFoundation:x86_64) #1 Thread2 main.m:21 (demoapp:x86_64) Location is heap block of size 40 at 0x7b0c00046b30 allocated by main thread: … SUMMARY: ThreadSanitizer: race on a library object main.m:16 in Thread1 ================== type of the object report description API call
SLIDE 39
More Details
SLIDE 40
More Details
- Tags to identify the type of the object
SLIDE 41
More Details
- Tags to identify the type of the object
- Provide caller PC
SLIDE 42
More Details
- Tags to identify the type of the object
- Provide caller PC
- Weak imports
SLIDE 43
More Details
- Tags to identify the type of the object
- Provide caller PC
- Weak imports
- Detect ThreadSanitizer at initialization time
SLIDE 44
More Details
- Tags to identify the type of the object
- Provide caller PC
- Weak imports
- Detect ThreadSanitizer at initialization time
- Contact me or thread-sanitizer@googlegroups.com mailing list
SLIDE 45
More Details
- Tags to identify the type of the object
- Provide caller PC
- Weak imports
- Detect ThreadSanitizer at initialization time
- Contact me or thread-sanitizer@googlegroups.com mailing list
- Already used by Foundation, CoreFoundation and Swift
SLIDE 46
If you’re developing a popular library used in multithreaded programs, consider adopting these APIs!
SLIDE 47