| blob | 2bc89f8a09b953fb437e07b5b83c1e28cb48fcd3 |
2 /*--------------------------------------------------------------------*/
3 /*--- pthread intercepts for thread checking. ---*/
4 /*--- hg_intercepts.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Helgrind, a Valgrind tool for detecting errors
9 in threaded programs.
11 Copyright (C) 2007-2017 OpenWorks LLP
12 info@open-works.co.uk
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, see <http://www.gnu.org/licenses/>.
27 The GNU General Public License is contained in the file COPYING.
29 Neither the names of the U.S. Department of Energy nor the
30 University of California nor the names of its contributors may be
31 used to endorse or promote products derived from this software
32 without prior written permission.
33 */
35 /* RUNS ON SIMULATED CPU
36 Interceptors for pthread_* functions, so that tc_main can see
37 significant thread events.
39 Important: when adding a function wrapper to this file, remember to
40 add a test case to tc20_verifywrap.c. A common cause of failure is
41 for wrappers to not engage on different distros, and
42 tc20_verifywrap essentially checks that each wrapper is really
43 doing something.
44 */
46 // DDD: for Darwin, need to have non-"@*"-suffixed versions for all pthread
47 // functions that currently have them.
48 // Note also, in the comments and code below, all Darwin symbols start
49 // with a leading underscore, which is not shown either in the comments
50 // nor in the redirect specs.
60 #if defined(VGO_solaris)
61 /* See porting comments in drd/drd_pthread_intercepts.c
62 However when a POSIX threads API function (for example pthread_cond_init)
63 is built upon the Solaris one (cond_init), intercept only the bottom one.
64 Helgrind does not contain generic synchronization nesting like DRD
65 and double intercept confuses it. */
66 #include <synch.h>
67 #include <thread.h>
71 #define TRACE_PTH_FNS 0
72 #define TRACE_QT4_FNS 0
73 #define TRACE_GNAT_FNS 0
76 /*----------------------------------------------------------------*/
77 /*--- ---*/
78 /*----------------------------------------------------------------*/
80 #if defined(VGO_solaris)
81 /* pthread_t is typedef'd to 'unsigned int' but in DO_CREQ_* macros
82 sizeof(Word) is expected. */
83 #define CREQ_PTHREAD_T Word
84 #define SEM_ERROR ret
85 #else
86 #define CREQ_PTHREAD_T pthread_t
87 #define SEM_ERROR errno
90 #define HG_EXPAND(tok) #tok
91 #define HG_STR(tok) HG_EXPAND(tok)
92 #define HG_WEAK_ALIAS(name, aliasname) \
93 extern __typeof (name) aliasname __attribute__ ((weak, alias(HG_STR(name))))
95 #if defined(VG_WRAP_THREAD_FUNCTION_LIBPTHREAD_ONLY)
96 #define PTH_FUNC(ret_ty, f, args...) \
97 ret_ty I_WRAP_SONAME_FNNAME_ZZ(VG_Z_LIBPTHREAD_SONAME,f)(args); \
98 ret_ty I_WRAP_SONAME_FNNAME_ZZ(VG_Z_LIBPTHREAD_SONAME,f)(args)
99 #elif defined(VG_WRAP_THREAD_FUNCTION_LIBC_AND_LIBPTHREAD)
100 #define PTH_FUNC(ret_ty, f, args...) \
101 ret_ty I_WRAP_SONAME_FNNAME_ZZ(VG_Z_LIBPTHREAD_SONAME,f)(args); \
102 HG_WEAK_ALIAS(I_WRAP_SONAME_FNNAME_ZZ(VG_Z_LIBPTHREAD_SONAME,f), I_WRAP_SONAME_FNNAME_ZZ(VG_Z_LIBC_SONAME,f)); \
103 ret_ty I_WRAP_SONAME_FNNAME_ZZ(VG_Z_LIBPTHREAD_SONAME,f)(args)
104 #elif defined(VG_WRAP_THREAD_FUNCTION_LIBC_ONLY)
105 #define PTH_FUNC(ret_ty, f, args...) \
106 ret_ty I_WRAP_SONAME_FNNAME_ZZ(VG_Z_LIBC_SONAME,f)(args); \
107 ret_ty I_WRAP_SONAME_FNNAME_ZZ(VG_Z_LIBC_SONAME,f)(args)
108 #else
110 #endif
112 // Do a client request. These are macros rather than a functions so
113 // as to avoid having an extra frame in stack traces.
115 // NB: these duplicate definitions in helgrind.h. But here, we
116 // can have better typing (Word etc) and assertions, whereas
117 // in helgrind.h we can't. Obviously it's important the two
118 // sets of definitions are kept in sync.
120 // nuke the previous definitions
121 #undef DO_CREQ_v_W
122 #undef DO_CREQ_v_WW
123 #undef DO_CREQ_W_WW
124 #undef DO_CREQ_v_WWW
126 #define DO_CREQ_v_W(_creqF, _ty1F,_arg1F) \
127 do { \
128 Word _arg1; \
129 assert(sizeof(_ty1F) == sizeof(Word)); \
130 _arg1 = (Word)(_arg1F); \
131 VALGRIND_DO_CLIENT_REQUEST_STMT((_creqF), \
132 _arg1, 0,0,0,0); \
133 } while (0)
135 #define DO_CREQ_v_WW(_creqF, _ty1F,_arg1F, _ty2F,_arg2F) \
136 do { \
137 Word _arg1, _arg2; \
138 assert(sizeof(_ty1F) == sizeof(Word)); \
139 assert(sizeof(_ty2F) == sizeof(Word)); \
140 _arg1 = (Word)(_arg1F); \
141 _arg2 = (Word)(_arg2F); \
142 VALGRIND_DO_CLIENT_REQUEST_STMT((_creqF), \
143 _arg1,_arg2,0,0,0); \
144 } while (0)
146 #define DO_CREQ_W_WW(_resF, _creqF, _ty1F,_arg1F, \
147 _ty2F,_arg2F) \
148 do { \
149 Word _res, _arg1, _arg2; \
150 assert(sizeof(_ty1F) == sizeof(Word)); \
151 assert(sizeof(_ty2F) == sizeof(Word)); \
152 _arg1 = (Word)(_arg1F); \
153 _arg2 = (Word)(_arg2F); \
154 _res = VALGRIND_DO_CLIENT_REQUEST_EXPR(2, \
155 (_creqF), \
156 _arg1,_arg2,0,0,0); \
157 _resF = _res; \
158 } while (0)
160 #define DO_CREQ_v_WWW(_creqF, _ty1F,_arg1F, \
161 _ty2F,_arg2F, _ty3F, _arg3F) \
162 do { \
163 Word _arg1, _arg2, _arg3; \
164 assert(sizeof(_ty1F) == sizeof(Word)); \
165 assert(sizeof(_ty2F) == sizeof(Word)); \
166 assert(sizeof(_ty3F) == sizeof(Word)); \
167 _arg1 = (Word)(_arg1F); \
168 _arg2 = (Word)(_arg2F); \
169 _arg3 = (Word)(_arg3F); \
170 VALGRIND_DO_CLIENT_REQUEST_STMT((_creqF), \
171 _arg1,_arg2,_arg3,0,0); \
172 } while (0)
174 #define DO_CREQ_v_WWWW(_creqF, _ty1F,_arg1F, \
175 _ty2F, _arg2F, _ty3F, _arg3F, \
176 _ty4F, _arg4F) \
177 do { \
178 Word _arg1, _arg2, _arg3, _arg4; \
179 assert(sizeof(_ty1F) == sizeof(Word)); \
180 assert(sizeof(_ty2F) == sizeof(Word)); \
181 assert(sizeof(_ty3F) == sizeof(Word)); \
182 assert(sizeof(_ty4F) == sizeof(Word)); \
183 _arg1 = (Word)(_arg1F); \
184 _arg2 = (Word)(_arg2F); \
185 _arg3 = (Word)(_arg3F); \
186 _arg4 = (Word)(_arg4F); \
187 VALGRIND_DO_CLIENT_REQUEST_STMT((_creqF), \
188 _arg1,_arg2,_arg3,_arg4,0); \
189 } while (0)
191 #define DO_PthAPIerror(_fnnameF, _errF) \
192 do { \
193 const char* _fnname = (_fnnameF); \
194 long _err = (long)(int)(_errF); \
195 const char* _errstr = lame_strerror(_err); \
196 DO_CREQ_v_WWW(_VG_USERREQ__HG_PTH_API_ERROR, \
197 char*,_fnname, \
198 long,_err, char*,_errstr); \
199 } while (0)
202 /* Needed for older glibcs (2.3 and older, at least) who don't
203 otherwise "know" about pthread_rwlock_anything or about
204 PTHREAD_MUTEX_RECURSIVE (amongst things). */
205 #define _GNU_SOURCE 1
207 #include <stdio.h>
208 #include <assert.h>
209 #include <errno.h>
210 #include <pthread.h>
212 /* A standalone memcmp. */
215 {
222 }
224 }
226 /* A lame version of strerror which doesn't use the real libc
227 strerror_r, since using the latter just generates endless more
228 threading errors (glibc goes off and does tons of crap w.r.t.
229 locales etc) */
231 {
256 }
257 }
259 #if defined(VGO_solaris)
260 /*
261 * Solaris provides higher throughput, parallelism and scalability than other
262 * operating systems, at the cost of more fine-grained locking activity.
263 * This means for example that when a thread is created under Linux, just one
264 * big lock in glibc is used for all thread setup. Solaris libc uses several
265 * fine-grained locks and the creator thread resumes its activities as soon
266 * as possible, leaving for example stack and TLS setup activities to the
267 * created thread.
268 *
269 * This situation confuses Helgrind as it assumes there is some false ordering
270 * in place between creator and created thread; and therefore many types of
271 * race conditions in the application would not be reported. To prevent such
272 * false ordering, command line option --ignore-thread-creation is set to
273 * 'yes' by default on Solaris. All activity (loads, stores, client requests)
274 * is therefore ignored during:
275 * - pthread_create() call in the creator thread [libc.so]
276 * - thread creation phase (stack and TLS setup) in the created thread [libc.so]
277 *
278 * As explained in the comments for _ti_bind_guard(), whenever the runtime
279 * linker has to perform any activity (such as resolving a symbol), it protects
280 * its data structures by calling into rt_bind_guard() which in turn invokes
281 * _ti_bind_guard() in libc. Pointers to _ti_bind_guard() and _ti_bind_clear()
282 * are passed from libc to runtime linker in _ld_libc() call during libc_init().
283 * All activity is also ignored during:
284 * - runtime dynamic linker work between rt_bind_guard() and rt_bind_clear()
285 * calls [ld.so]
286 *
287 * This also means that Helgrind does not report race conditions in libc (when
288 * --ignore-thread-creation=yes) and runtime linker itself (unconditionally)
289 * during these ignored sequences.
290 */
295 /*
296 * Original function pointers for _ti_bind_guard() and _ti_bind_clear()
297 * from libc. They are intercepted in function wrapper of _ld_libc().
298 */
305 {
312 }
313 }
315 /*
316 * Intercepts for _ti_bind_guard() and _ti_bind_clear() functions from libc.
317 * These are intercepted during _ld_libc() call by identifying CI_BIND_GUARD
318 * and CI_BIND_CLEAR, to provide resilience against function renaming.
319 */
321 {
325 }
328 {
333 }
335 /*
336 * Wrapped _ld_libc() from the runtime linker ld.so.1.
337 */
340 {
341 OrigFn fn;
353 }
359 }
361 }
362 }
365 }
369 /*----------------------------------------------------------------*/
370 /*--- pthread_create, pthread_join, pthread_exit ---*/
371 /*----------------------------------------------------------------*/
374 {
379 /* Tell the tool what my pthread_t is. */
381 /* allow the parent to proceed. We can't let it proceed until
382 we're ready because (1) we need to make sure it doesn't exit and
383 hence deallocate xargs[] while we still need it, and (2) we
384 don't want either parent nor child to proceed until the tool has
385 been notified of the child's pthread_t.
387 Note that parent and child access args[] without a lock,
388 effectively using args[2] as a spinlock in order to get the
389 parent to wait until the child passes this point. The parent
390 disables checking on xargs[] before creating the child and
391 re-enables it once the child goes past this point, so the user
392 never sees the race. The previous approach (suppressing the
393 resulting error) was flawed, because it could leave shadow
394 memory for args[] in a state in which subsequent use of it by
395 the parent would report further races. */
397 /* Now we can no longer safely use xargs[]. */
399 }
401 //-----------------------------------------------------------
402 // glibc: pthread_create@GLIBC_2.0
403 // glibc: pthread_create@@GLIBC_2.1
404 // glibc: pthread_create@@GLIBC_2.2.5
405 // darwin: pthread_create
406 // darwin: pthread_create_suspended_np (trapped)
407 //
408 /* ensure this has its own frame, so as to make it more distinguishable
409 in suppressions */
413 {
415 OrigFn fn;
421 }
425 /* Disable checking on the spinlock and the two words used to
426 convey args to the child. Basically we need to make it appear
427 as if the child never accessed this area, since merely
428 suppressing the resulting races does not address the issue that
429 that piece of the parent's stack winds up in the "wrong" state
430 and therefore may give rise to mysterious races when the parent
431 comes to re-use this piece of stack in some other frame. */
441 /* we have to wait for the child to notify the tool of its
442 pthread_t before continuing */
444 /* Do nothing. We need to spin until the child writes to
445 xargs[2]. However, that can lead to starvation in the
446 child and very long delays (eg, tc19_shadowmem on
447 ppc64-linux Fedora Core 6). So yield the cpu if we can,
448 to let the child run at the earliest available
449 opportunity. */
451 }
454 }
456 /* Reenable checking on the area previously used to communicate
457 with the child. */
462 }
464 }
465 #if defined(VGO_linux)
470 }
471 #elif defined(VGO_darwin)
476 }
480 // trap anything else
482 }
483 #elif defined(VGO_solaris)
488 }
489 #else
491 #endif
493 #if defined(VGO_solaris)
494 /* Solaris also provides thr_create() in addition to pthread_create().
495 * Both pthread_create(3C) and thr_create(3C) are based on private
496 * _thrp_create().
497 */
501 {
503 OrigFn fn;
509 }
513 /* See comments in pthread_create_WRK() */
519 new_thread);
525 /* See comments in pthread_create_WRK(). */
527 }
530 }
536 }
538 }
543 }
547 //-----------------------------------------------------------
548 // glibc: pthread_join
549 // darwin: pthread_join
550 // darwin: pthread_join$NOCANCEL$UNIX2003
551 // darwin pthread_join$UNIX2003
554 {
556 OrigFn fn;
560 }
564 /* At least with NPTL as the thread library, this is safe because
565 it is guaranteed (by NPTL) that the joiner will completely gone
566 before pthread_join (the original) returns. See email below.*/
571 }
575 }
577 }
578 #if defined(VGO_linux)
582 }
583 #elif defined(VGO_darwin)
587 }
588 #elif defined(VGO_solaris)
592 }
593 #else
595 #endif
598 /* Behaviour of pthread_join on NPTL:
600 Me:
601 I have a question re the NPTL pthread_join implementation.
603 Suppose I am the thread 'stayer'.
605 If I call pthread_join(quitter), is it guaranteed that the
606 thread 'quitter' has really exited before pthread_join returns?
608 IOW, is it guaranteed that 'quitter' will not execute any further
609 instructions after pthread_join returns?
611 I believe this is true based on the following analysis of
612 glibc-2.5 sources. However am not 100% sure and would appreciate
613 confirmation.
615 'quitter' will be running start_thread() in nptl/pthread_create.c
617 The last action of start_thread() is to exit via
618 __exit_thread_inline(0), which simply does sys_exit
619 (nptl/pthread_create.c:403)
621 'stayer' meanwhile is waiting for lll_wait_tid (pd->tid)
622 (call at nptl/pthread_join.c:89)
624 As per comment at nptl/sysdeps/unix/sysv/linux/i386/lowlevellock.h:536,
625 lll_wait_tid will not return until kernel notifies via futex
626 wakeup that 'quitter' has terminated.
628 Hence pthread_join cannot return until 'quitter' really has
629 completely disappeared.
631 Drepper:
632 > As per comment at nptl/sysdeps/unix/sysv/linux/i386/lowlevellock.h:536,
633 > lll_wait_tid will not return until kernel notifies via futex
634 > wakeup that 'quitter' has terminated.
635 That's the key. The kernel resets the TID field after the thread is
636 done. No way the joiner can return before the thread is gone.
637 */
639 #if defined(VGO_solaris)
640 /* Solaris also provides thr_join() in addition to pthread_join().
641 * Both pthread_join(3C) and thr_join(3C) are based on private _thrp_join().
642 *
643 * :TODO: No functionality is currently provided for joinee == 0 and departed.
644 * This would require another client request, of course.
645 */
648 {
650 OrigFn fn;
654 }
662 }
666 }
668 }
672 }
676 //-----------------------------------------------------------
677 // Ada gcc gnat runtime:
678 // The gnat gcc Ada runtime does not use pthread_join. Instead, it uses
679 // a combination of other pthread primitives to ensure a child thread
680 // is gone. This combination is somewhat functionally equivalent to a
681 // pthread_join.
682 // We wrap two hook procedures called by the gnat gcc Ada runtime
683 // that allows helgrind to understand the semantic of Ada task dependencies
684 // and termination.
685 // procedure Master_Hook
686 // (Dependent : Task_Id;
687 // Parent : Task_Id;
688 // Master_Level : Integer);
689 // where type Task_Id is access all Ada_Task_Control_Block;
690 // System.Tasking.Debug.Master_Hook is called by a task Dependent to
691 // indicate that its master is identified by master+master_level.
692 void I_WRAP_SONAME_FNNAME_ZU
694 system__tasking__debug__master_hook)
696 void I_WRAP_SONAME_FNNAME_ZU
698 system__tasking__debug__master_hook)
700 {
701 OrigFn fn;
707 }
709 // We call the wrapped function, even if it is a null body.
718 }
719 }
721 // System.Tasking.Debug.Master_Completed_Hook is called by a task to
722 // indicate that it has completed a master.
723 // procedure Master_Completed_Hook
724 // (Self_ID : Task_Id;
725 // Master_Level : Integer);
726 // where type Task_Id is access all Ada_Task_Control_Block;
727 // This indicates that all its Dependent tasks (that identified themselves
728 // with the Master_Hook call) are terminated. Helgrind can consider
729 // at this point that the equivalent of a 'pthread_join' has been done
730 // between self_id and all dependent tasks at master_level.
731 void I_WRAP_SONAME_FNNAME_ZU
733 system__tasking__debug__master_completed_hook)
735 void I_WRAP_SONAME_FNNAME_ZU
737 system__tasking__debug__master_completed_hook)
739 {
740 OrigFn fn;
746 }
748 // We call the wrapped function, even if it is a null body.
756 }
757 }
759 /*----------------------------------------------------------------*/
760 /*--- pthread_mutex_t functions ---*/
761 /*----------------------------------------------------------------*/
763 /* Handled: pthread_mutex_init pthread_mutex_destroy
764 pthread_mutex_lock
765 pthread_mutex_trylock pthread_mutex_timedlock
766 pthread_mutex_unlock
767 */
769 //-----------------------------------------------------------
770 #if !defined(VGO_solaris)
771 // glibc: pthread_mutex_init
772 // darwin: pthread_mutex_init
776 {
779 OrigFn fn;
783 }
791 }
800 }
804 }
806 }
810 // Solaris: mutex_init (pthread_mutex_init calls here)
813 {
816 OrigFn fn;
820 }
831 }
835 }
837 }
841 //-----------------------------------------------------------
842 // glibc: pthread_mutex_destroy
843 // darwin: pthread_mutex_destroy
844 // Solaris: mutex_destroy (pthread_mutex_destroy is a weak alias)
847 {
850 OrigFn fn;
855 }
862 }
871 }
875 }
877 }
879 #if defined(VGO_linux) || defined(VGO_darwin)
883 }
884 #elif defined(VGO_solaris)
888 }
889 #else
891 #endif
894 //-----------------------------------------------------------
895 // glibc: pthread_mutex_lock
896 // darwin: pthread_mutex_lock
897 // Solaris: mutex_lock (pthread_mutex_lock is a weak alias)
900 {
902 OrigFn fn;
906 }
913 /* There's a hole here: libpthread now knows the lock is locked,
914 but the tool doesn't, so some other thread could run and detect
915 that the lock has been acquired by someone (this thread). Does
916 this matter? Not sure, but I don't think so. */
923 }
927 }
929 }
931 #if defined(VGO_linux) || defined(VGO_darwin)
935 }
936 #elif defined(VGO_solaris)
940 }
941 #else
943 #endif
945 #if defined(VGO_solaris)
946 /* Internal to libc. Mutex is usually initialized only implicitly,
947 * by zeroing mutex_t structure.
948 */
952 {
953 OrigFn fn;
957 }
967 }
968 }
972 //-----------------------------------------------------------
973 // glibc: pthread_mutex_trylock
974 // darwin: pthread_mutex_trylock
975 // Solaris: mutex_trylock (pthread_mutex_trylock is a weak alias)
976 //
977 // pthread_mutex_trylock. The handling needed here is very similar
978 // to that for pthread_mutex_lock, except that we need to tell
979 // the pre-lock creq that this is a trylock-style operation, and
980 // therefore not to complain if the lock is nonrecursive and
981 // already locked by this thread -- because then it'll just fail
982 // immediately with EBUSY.
985 {
987 OrigFn fn;
991 }
998 /* There's a hole here: libpthread now knows the lock is locked,
999 but the tool doesn't, so some other thread could run and detect
1000 that the lock has been acquired by someone (this thread). Does
1001 this matter? Not sure, but I don't think so. */
1009 }
1013 }
1015 }
1017 #if defined(VGO_linux) || defined(VGO_darwin)
1021 }
1022 #elif defined(VGO_solaris)
1026 }
1027 #else
1029 #endif
1032 //-----------------------------------------------------------
1033 // glibc: pthread_mutex_timedlock
1034 // darwin: (doesn't appear to exist)
1035 // Solaris: pthread_mutex_timedlock
1036 //
1037 // pthread_mutex_timedlock. Identical logic to pthread_mutex_trylock.
1041 {
1043 OrigFn fn;
1048 }
1055 /* There's a hole here: libpthread now knows the lock is locked,
1056 but the tool doesn't, so some other thread could run and detect
1057 that the lock has been acquired by someone (this thread). Does
1058 this matter? Not sure, but I don't think so. */
1066 }
1070 }
1072 }
1078 }
1079 #if defined(VGO_solaris)
1084 }
1085 #endif
1088 //-----------------------------------------------------------
1089 // glibc: pthread_mutex_unlock
1090 // darwin: pthread_mutex_unlock
1091 // Solaris: mutex_unlock (pthread_mutex_unlock is a weak alias)
1094 {
1096 OrigFn fn;
1101 }
1113 }
1117 }
1119 }
1121 #if defined(VGO_linux) || defined(VGO_darwin)
1125 }
1126 #elif defined(VGO_solaris)
1130 }
1131 #else
1133 #endif
1136 #if defined(VGO_solaris)
1137 /* Internal to libc. */
1141 {
1142 OrigFn fn;
1147 }
1157 }
1158 }
1162 /*----------------------------------------------------------------*/
1163 /*--- pthread_cond_t functions ---*/
1164 /*----------------------------------------------------------------*/
1166 /* Handled: pthread_cond_wait pthread_cond_timedwait
1167 pthread_cond_signal pthread_cond_broadcast
1168 pthread_cond_init
1169 pthread_cond_destroy
1170 */
1172 //-----------------------------------------------------------
1173 // glibc: pthread_cond_wait@GLIBC_2.2.5
1174 // glibc: pthread_cond_wait@@GLIBC_2.3.2
1175 // darwin: pthread_cond_wait
1176 // darwin: pthread_cond_wait$NOCANCEL$UNIX2003
1177 // darwin: pthread_cond_wait$UNIX2003
1178 // Solaris: cond_wait (pthread_cond_wait is built atop of cond_wait)
1179 //
1183 {
1185 OrigFn fn;
1193 }
1195 /* Tell the tool a cond-wait is about to happen, so it can check
1196 for bogus argument values. In return it tells us whether it
1197 thinks the mutex is valid or not. */
1199 _VG_USERREQ__HG_PTHREAD_COND_WAIT_PRE,
1203 /* Tell the tool we're about to drop the mutex. This reflects the
1204 fact that in a cond_wait, we show up holding the mutex, and the
1205 call atomically drops the mutex and waits for the cv to be
1206 signalled. */
1210 }
1214 /* this conditional look stupid, but compare w/ same logic for
1215 pthread_cond_timedwait below */
1217 /* and now we have the mutex again if (ret == 0) */
1220 }
1228 }
1232 }
1235 }
1236 #if defined(VGO_linux)
1240 }
1241 #elif defined(VGO_darwin)
1245 }
1246 #elif defined(VGO_solaris)
1250 }
1251 #else
1253 #endif
1256 //-----------------------------------------------------------
1257 // glibc: pthread_cond_timedwait@@GLIBC_2.3.2
1258 // glibc: pthread_cond_timedwait@GLIBC_2.2.5
1259 // glibc: pthread_cond_timedwait@GLIBC_2.0
1260 // darwin: pthread_cond_timedwait
1261 // darwin: pthread_cond_timedwait$NOCANCEL$UNIX2003
1262 // darwin: pthread_cond_timedwait$UNIX2003
1263 // darwin: pthread_cond_timedwait_relative_np (trapped)
1264 // Solaris: cond_timedwait (pthread_cond_timedwait is built on cond_timedwait)
1265 // Solaris: cond_reltimedwait (pthread_cond_reltimedwait_np is built on this)
1266 //
1272 {
1274 OrigFn fn;
1276 Bool abstime_is_valid;
1283 }
1285 /* Tell the tool a cond-wait is about to happen, so it can check
1286 for bogus argument values. In return it tells us whether it
1287 thinks the mutex is valid or not. */
1289 _VG_USERREQ__HG_PTHREAD_COND_WAIT_PRE,
1295 /* Tell the tool we're about to drop the mutex. This reflects the
1296 fact that in a cond_wait, we show up holding the mutex, and the
1297 call atomically drops the mutex and waits for the cv to be
1298 signalled. */
1302 }
1308 "invalid abstime did not cause"
1310 }
1313 /* and now we have the mutex again if (ret == 0 || ret == timeout) */
1317 }
1327 }
1331 }
1334 }
1335 #if defined(VGO_linux)
1340 }
1341 #elif defined(VGO_darwin)
1346 }
1351 }
1356 }
1357 #elif defined(VGO_solaris)
1362 }
1367 }
1368 #else
1370 #endif
1373 //-----------------------------------------------------------
1374 // glibc: pthread_cond_signal@GLIBC_2.0
1375 // glibc: pthread_cond_signal@GLIBC_2.2.5
1376 // glibc: pthread_cond_signal@@GLIBC_2.3.2
1377 // darwin: pthread_cond_signal
1378 // darwin: pthread_cond_signal_thread_np (don't intercept this)
1379 // Solaris: cond_signal (pthread_cond_signal is a weak alias)
1380 //
1383 {
1385 OrigFn fn;
1391 }
1403 }
1407 }
1410 }
1411 #if defined(VGO_linux)
1415 }
1416 #elif defined(VGO_darwin)
1420 }
1421 #elif defined(VGO_solaris)
1425 }
1426 #else
1428 #endif
1431 //-----------------------------------------------------------
1432 // glibc: pthread_cond_broadcast@GLIBC_2.0
1433 // glibc: pthread_cond_broadcast@GLIBC_2.2.5
1434 // glibc: pthread_cond_broadcast@@GLIBC_2.3.2
1435 // darwin: pthread_cond_broadcast
1436 // Solaris: cond_broadcast (pthread_cond_broadcast is a weak alias)
1437 //
1438 // Note, this is pretty much identical, from a dependency-graph
1439 // point of view, with cond_signal, so the code is duplicated.
1440 // Maybe it should be commoned up.
1441 //
1444 {
1446 OrigFn fn;
1452 }
1464 }
1468 }
1471 }
1472 #if defined(VGO_linux)
1476 }
1477 #elif defined(VGO_darwin)
1481 }
1482 #elif defined(VGO_solaris)
1486 }
1487 #else
1489 #endif
1491 // glibc: pthread_cond_init@GLIBC_2.0
1492 // glibc: pthread_cond_init@GLIBC_2.2.5
1493 // glibc: pthread_cond_init@@GLIBC_2.3.2
1494 // darwin: pthread_cond_init
1495 // Solaris: cond_init (pthread_cond_init is built atop on this function)
1496 // Easy way out: Handling of attr could have been messier.
1497 // It turns out that pthread_cond_init under linux ignores
1498 // all information in cond_attr, so do we.
1499 // FIXME: MacOS X?
1500 #if !defined(VGO_solaris)
1503 {
1505 OrigFn fn;
1511 }
1520 }
1524 }
1527 }
1528 #if defined(VGO_linux)
1532 }
1533 #elif defined(VGO_darwin)
1537 }
1538 #else
1540 #endif
1546 {
1548 OrigFn fn;
1553 }
1558 /* Luckily evh__HG_PTHREAD_COND_INIT_POST() ignores cond_attr.
1559 See also comment for pthread_cond_init_WRK(). */
1564 }
1568 }
1571 }
1575 //-----------------------------------------------------------
1576 // glibc: pthread_cond_destroy@@GLIBC_2.3.2
1577 // glibc: pthread_cond_destroy@GLIBC_2.2.5
1578 // glibc: pthread_cond_destroy@GLIBC_2.0
1579 // darwin: pthread_cond_destroy
1580 // Solaris: cond_destroy (pthread_cond_destroy is a weak alias)
1581 //
1584 {
1587 OrigFn fn;
1594 }
1601 }
1610 }
1614 }
1617 }
1618 #if defined(VGO_linux)
1622 }
1623 #elif defined(VGO_darwin)
1627 }
1628 #elif defined(VGO_solaris)
1632 }
1633 #else
1635 #endif
1638 /*----------------------------------------------------------------*/
1639 /*--- pthread_barrier_t functions ---*/
1640 /*----------------------------------------------------------------*/
1642 #if defined(HAVE_PTHREAD_BARRIER_INIT)
1644 /* Handled: pthread_barrier_init
1645 pthread_barrier_wait
1646 pthread_barrier_destroy
1648 Unhandled: pthread_barrierattr_destroy
1649 pthread_barrierattr_getpshared
1650 pthread_barrierattr_init
1651 pthread_barrierattr_setpshared
1652 -- are these important?
1653 */
1655 //-----------------------------------------------------------
1656 // glibc: pthread_barrier_init
1657 // darwin: (doesn't appear to exist)
1658 // Solaris: pthread_barrier_init
1662 {
1664 OrigFn fn;
1671 }
1682 }
1686 }
1689 }
1692 //-----------------------------------------------------------
1693 // glibc: pthread_barrier_wait
1694 // darwin: (doesn't appear to exist)
1695 // Solaris: pthread_barrier_wait
1698 {
1700 OrigFn fn;
1706 }
1708 /* That this works correctly, and doesn't screw up when a thread
1709 leaving the barrier races round to the front and re-enters while
1710 other threads are still leaving it, is quite subtle. See
1711 comments in the handler for PTHREAD_BARRIER_WAIT_PRE in
1712 hg_main.c. */
1720 }
1724 }
1727 }
1730 //-----------------------------------------------------------
1731 // glibc: pthread_barrier_destroy
1732 // darwin: (doesn't appear to exist)
1733 // Solaris: pthread_barrier_destroy
1736 {
1738 OrigFn fn;
1744 }
1753 }
1757 }
1760 }
1765 /*----------------------------------------------------------------*/
1766 /*--- pthread_spinlock_t functions ---*/
1767 /*----------------------------------------------------------------*/
1769 #if defined(HAVE_PTHREAD_SPIN_LOCK) \
1770 && !defined(DISABLE_PTHREAD_SPINLOCK_INTERCEPT)
1772 /* Handled: pthread_spin_init pthread_spin_destroy
1773 pthread_spin_lock pthread_spin_trylock
1774 pthread_spin_unlock
1776 Unhandled:
1777 */
1779 /* This is a nasty kludge, in that glibc "knows" that initialising a
1780 spin lock unlocks it, and pthread_spin_{init,unlock} are names for
1781 the same function. Hence we have to have a wrapper which does both
1782 things, without knowing which the user intended to happen.
1783 Solaris has distinct functions for init/unlock but client requests
1784 are immutable in helgrind.h so follow the glibc lead. */
1786 //-----------------------------------------------------------
1787 // glibc: pthread_spin_init
1788 // glibc: pthread_spin_unlock
1789 // darwin: (doesn't appear to exist)
1790 // Solaris: pthread_spin_init
1791 // Solaris: pthread_spin_unlock
1796 OrigFn fn;
1800 }
1812 }
1816 }
1818 }
1819 #if defined(VGO_linux)
1823 }
1826 /* this is never actually called */
1828 }
1829 #elif defined(VGO_darwin)
1830 #elif defined(VGO_solaris)
1834 }
1838 }
1839 #else
1841 #endif
1844 //-----------------------------------------------------------
1845 // glibc: pthread_spin_destroy
1846 // darwin: (doesn't appear to exist)
1847 // Solaris: pthread_spin_destroy
1850 {
1852 OrigFn fn;
1857 }
1866 }
1870 }
1872 }
1873 #if defined(VGO_linux)
1877 }
1878 #elif defined(VGO_darwin)
1879 #elif defined(VGO_solaris)
1883 }
1884 #else
1886 #endif
1889 //-----------------------------------------------------------
1890 // glibc: pthread_spin_lock
1891 // darwin: (doesn't appear to exist)
1892 // Solaris: pthread_spin_lock
1895 {
1897 OrigFn fn;
1902 }
1909 /* There's a hole here: libpthread now knows the lock is locked,
1910 but the tool doesn't, so some other thread could run and detect
1911 that the lock has been acquired by someone (this thread). Does
1912 this matter? Not sure, but I don't think so. */
1919 }
1923 }
1925 }
1926 #if defined(VGO_linux)
1930 }
1931 #elif defined(VGO_darwin)
1932 #elif defined(VGO_solaris)
1936 }
1937 #else
1939 #endif
1942 //-----------------------------------------------------------
1943 // glibc: pthread_spin_trylock
1944 // darwin: (doesn't appear to exist)
1945 // Solaris: pthread_spin_trylock
1948 {
1950 OrigFn fn;
1955 }
1962 /* There's a hole here: libpthread now knows the lock is locked,
1963 but the tool doesn't, so some other thread could run and detect
1964 that the lock has been acquired by someone (this thread). Does
1965 this matter? Not sure, but I don't think so. */
1973 }
1977 }
1979 }
1980 #if defined(VGO_linux)
1984 }
1985 #elif defined(VGO_darwin)
1986 #elif defined(VGO_solaris)
1990 }
1991 #else
1993 #endif
1998 /*----------------------------------------------------------------*/
1999 /*--- pthread_rwlock_t functions ---*/
2000 /*----------------------------------------------------------------*/
2002 /* Android's pthread.h doesn't say anything about rwlocks, hence these
2003 functions have to be conditionally compiled. */
2004 #if defined(HAVE_PTHREAD_RWLOCK_T)
2006 /* Handled: pthread_rwlock_init pthread_rwlock_destroy
2007 pthread_rwlock_rdlock
2008 pthread_rwlock_wrlock
2009 pthread_rwlock_unlock
2010 pthread_rwlock_tryrdlock
2011 pthread_rwlock_trywrlock
2013 Unhandled: pthread_rwlock_timedrdlock
2014 pthread_rwlock_timedwrlock
2015 */
2017 //-----------------------------------------------------------
2018 // glibc: pthread_rwlock_init
2019 // darwin: pthread_rwlock_init
2020 // darwin: pthread_rwlock_init$UNIX2003
2021 // Solaris: rwlock_init (pthread_rwlock_init is built atop of rwlock_init)
2025 {
2027 OrigFn fn;
2031 }
2040 }
2044 }
2046 }
2047 #if defined(VGO_linux)
2052 }
2053 #elif defined(VGO_darwin)
2058 }
2059 #elif defined(VGO_solaris)
2063 #else
2065 #endif
2067 #if defined(VGO_solaris)
2072 {
2074 OrigFn fn;
2078 }
2087 }
2091 }
2093 }
2097 //-----------------------------------------------------------
2098 // glibc: pthread_rwlock_destroy
2099 // darwin: pthread_rwlock_destroy
2100 // darwin: pthread_rwlock_destroy$UNIX2003
2101 // Solaris: rwlock_destroy (pthread_rwlock_destroy is a weak alias)
2102 //
2105 {
2107 OrigFn fn;
2111 }
2120 }
2124 }
2126 }
2127 #if defined(VGO_linux)
2131 }
2132 #elif defined(VGO_darwin)
2136 }
2137 #elif defined(VGO_solaris)
2141 }
2142 #else
2144 #endif
2147 //-----------------------------------------------------------
2148 // glibc: pthread_rwlock_wrlock
2149 // darwin: pthread_rwlock_wrlock
2150 // darwin: pthread_rwlock_wrlock$UNIX2003
2151 // Solaris: rw_wrlock (pthread_rwlock_wrlock is a weak alias)
2152 //
2155 {
2157 OrigFn fn;
2161 }
2174 }
2178 }
2180 }
2181 #if defined(VGO_linux)
2185 }
2186 #elif defined(VGO_darwin)
2190 }
2191 #elif defined(VGO_solaris)
2195 }
2196 #else
2198 #endif
2200 #if defined(VGO_solaris)
2201 /* Internal to libc. */
2204 {
2205 OrigFn fn;
2209 }
2222 }
2223 }
2227 //-----------------------------------------------------------
2228 // glibc: pthread_rwlock_rdlock
2229 // darwin: pthread_rwlock_rdlock
2230 // darwin: pthread_rwlock_rdlock$UNIX2003
2231 // Solaris: rw_rdlock (pthread_rwlock_rdlock is a weak alias)
2232 //
2235 {
2237 OrigFn fn;
2241 }
2254 }
2258 }
2260 }
2261 #if defined(VGO_linux)
2265 }
2266 #elif defined(VGO_darwin)
2270 }
2271 #elif defined(VGO_solaris)
2275 }
2276 #else
2278 #endif
2280 #if defined(VGO_solaris)
2281 /* Internal to libc. */
2284 {
2285 OrigFn fn;
2289 }
2302 }
2303 }
2307 //-----------------------------------------------------------
2308 // glibc: pthread_rwlock_trywrlock
2309 // darwin: pthread_rwlock_trywrlock
2310 // darwin: pthread_rwlock_trywrlock$UNIX2003
2311 // Solaris: rw_trywrlock (pthread_rwlock_trywrlock is a weak alias)
2312 //
2315 {
2317 OrigFn fn;
2321 }
2329 /* There's a hole here: libpthread now knows the lock is locked,
2330 but the tool doesn't, so some other thread could run and detect
2331 that the lock has been acquired by someone (this thread). Does
2332 this matter? Not sure, but I don't think so. */
2340 }
2344 }
2346 }
2347 #if defined(VGO_linux)
2351 }
2352 #elif defined(VGO_darwin)
2356 }
2357 #elif defined(VGO_solaris)
2361 }
2362 #else
2364 #endif
2367 //-----------------------------------------------------------
2368 // glibc: pthread_rwlock_tryrdlock
2369 // darwin: pthread_rwlock_tryrdlock
2370 // darwin: pthread_rwlock_tryrdlock$UNIX2003
2371 // Solaris: rw_tryrdlock (pthread_rwlock_tryrdlock is a weak alias)
2372 //
2375 {
2377 OrigFn fn;
2381 }
2389 /* There's a hole here: libpthread now knows the lock is locked,
2390 but the tool doesn't, so some other thread could run and detect
2391 that the lock has been acquired by someone (this thread). Does
2392 this matter? Not sure, but I don't think so. */
2401 }
2405 }
2407 }
2408 #if defined(VGO_linux)
2412 }
2413 #elif defined(VGO_darwin)
2417 }
2418 #elif defined(VGO_solaris)
2422 }
2423 #else
2425 #endif
2428 //-----------------------------------------------------------
2429 // glibc: Unhandled
2430 // darwin: Unhandled
2431 // Solaris: pthread_rwlock_timedrdlock
2432 // Solaris: pthread_rwlock_reltimedrdlock_np
2433 //
2437 {
2439 OrigFn fn;
2443 }
2456 }
2460 }
2462 }
2463 #if defined(VGO_linux)
2464 #elif defined(VGO_darwin)
2465 #elif defined(VGO_solaris)
2470 }
2475 }
2476 #else
2478 #endif
2481 //-----------------------------------------------------------
2482 // glibc: Unhandled
2483 // darwin: Unhandled
2484 // Solaris: pthread_rwlock_timedwrlock
2485 // Solaris: pthread_rwlock_reltimedwrlock_np
2486 //
2490 {
2492 OrigFn fn;
2496 }
2509 }
2513 }
2515 }
2516 #if defined(VGO_linux)
2517 #elif defined(VGO_darwin)
2518 #elif defined(VGO_solaris)
2523 }
2528 }
2529 #else
2531 #endif
2534 //-----------------------------------------------------------
2535 // glibc: pthread_rwlock_unlock
2536 // darwin: pthread_rwlock_unlock
2537 // darwin: pthread_rwlock_unlock$UNIX2003
2538 // Solaris: rw_unlock (pthread_rwlock_unlock is a weak alias)
2541 {
2543 OrigFn fn;
2547 }
2558 }
2562 }
2564 }
2565 #if defined(VGO_linux)
2569 }
2570 #elif defined(VGO_darwin)
2574 }
2575 #elif defined(VGO_solaris)
2579 }
2580 #else
2582 #endif
2587 /*----------------------------------------------------------------*/
2588 /*--- POSIX semaphores ---*/
2589 /*----------------------------------------------------------------*/
2591 #include <semaphore.h>
2594 #define TRACE_SEM_FNS 0
2596 /* Handled:
2597 int sem_init(sem_t *sem, int pshared, unsigned value);
2598 int sem_destroy(sem_t *sem);
2599 int sem_wait(sem_t *sem);
2600 int sem_post(sem_t *sem);
2601 sem_t* sem_open(const char *name, int oflag,
2602 ... [mode_t mode, unsigned value]);
2603 [complete with its idiotic semantics]
2604 int sem_close(sem_t* sem);
2606 Unhandled:
2607 int sem_trywait(sem_t *sem);
2608 int sem_timedwait(sem_t *restrict sem,
2609 const struct timespec *restrict abs_timeout);
2610 */
2612 //-----------------------------------------------------------
2613 // glibc: sem_init@@GLIBC_2.2.5
2614 // glibc: sem_init@@GLIBC_2.1
2615 // glibc: sem_init@GLIBC_2.0
2616 // darwin: sem_init
2617 // Solaris: sema_init (sem_init is built on top of sem_init)
2618 //
2619 #if !defined(VGO_solaris)
2622 {
2623 OrigFn fn;
2630 }
2639 }
2644 }
2647 }
2648 #if defined(VGO_linux)
2652 }
2653 #elif defined(VGO_darwin)
2657 }
2658 #else
2660 #endif
2668 {
2669 OrigFn fn;
2676 }
2685 }
2690 }
2693 }
2697 //-----------------------------------------------------------
2698 // glibc: sem_destroy@GLIBC_2.0
2699 // glibc: sem_destroy@@GLIBC_2.1
2700 // glibc: sem_destroy@@GLIBC_2.2.5
2701 // darwin: sem_destroy
2702 // Solaris: sema_destroy (sem_destroy is built on top of sema_destroy)
2705 {
2706 OrigFn fn;
2713 }
2721 }
2726 }
2729 }
2730 #if defined(VGO_linux)
2734 }
2735 #elif defined(VGO_darwin)
2739 }
2740 #elif defined(VGO_solaris)
2744 }
2745 #else
2747 #endif
2750 //-----------------------------------------------------------
2751 // glibc: sem_wait
2752 // glibc: sem_wait@GLIBC_2.0
2753 // glibc: sem_wait@@GLIBC_2.1
2754 // darwin: sem_wait
2755 // darwin: sem_wait$NOCANCEL$UNIX2003
2756 // darwin: sem_wait$UNIX2003
2757 // Solaris: sema_wait (sem_wait is built on top of sema_wait)
2758 //
2759 /* wait: decrement semaphore - acquire lockage */
2762 {
2763 OrigFn fn;
2770 }
2781 }
2786 }
2789 }
2790 #if defined(VGO_linux)
2793 }
2796 }
2797 #elif defined(VGO_darwin)
2800 }
2803 }
2804 #elif defined(VGO_solaris)
2807 }
2808 #else
2810 #endif
2813 //-----------------------------------------------------------
2814 // glibc: sem_post
2815 // glibc: sem_post@GLIBC_2.0
2816 // glibc: sem_post@@GLIBC_2.1
2817 // darwin: sem_post
2818 // Solaris: sema_post (sem_post is built on top of sema_post)
2819 //
2820 /* post: increment semaphore - release lockage */
2823 {
2824 OrigFn fn;
2832 }
2842 }
2847 }
2850 }
2851 #if defined(VGO_linux)
2854 }
2857 }
2858 #elif defined(VGO_darwin)
2861 }
2862 #elif defined(VGO_solaris)
2865 }
2866 #else
2868 #endif
2871 //-----------------------------------------------------------
2872 // glibc: sem_open
2873 // darwin: sem_open
2874 // Solaris: sem_open
2875 //
2879 {
2880 /* A copy of sem_init_WRK (more or less). Is this correct? */
2881 OrigFn fn;
2889 }
2896 }
2899 }
2904 }
2907 }
2910 //-----------------------------------------------------------
2911 // glibc: sem_close
2912 // darwin: sem_close
2913 // Solaris: sem_close
2915 {
2916 OrigFn fn;
2923 }
2931 }
2936 }
2939 }
2942 /*----------------------------------------------------------------*/
2943 /*--- Qt 4 threading functions (w/ GNU name mangling) ---*/
2944 /*----------------------------------------------------------------*/
2946 /* Handled:
2947 QMutex::lock()
2948 QMutex::unlock()
2949 QMutex::tryLock()
2950 QMutex::tryLock(int)
2952 QMutex::QMutex(QMutex::RecursionMode) _ZN6QMutexC1ENS_13RecursionModeE
2953 QMutex::QMutex(QMutex::RecursionMode) _ZN6QMutexC2ENS_13RecursionModeE
2954 QMutex::~QMutex() _ZN6QMutexD1Ev
2955 QMutex::~QMutex() _ZN6QMutexD2Ev
2957 Unhandled:
2958 QReadWriteLock::lockForRead()
2959 QReadWriteLock::lockForWrite()
2960 QReadWriteLock::unlock()
2961 QReadWriteLock::tryLockForRead(int)
2962 QReadWriteLock::tryLockForRead()
2963 QReadWriteLock::tryLockForWrite(int)
2964 QReadWriteLock::tryLockForWrite()
2966 QWaitCondition::wait(QMutex*, unsigned long)
2967 QWaitCondition::wakeAll()
2968 QWaitCondition::wakeOne()
2970 QSemaphore::*
2971 */
2972 /* More comments, 19 Nov 08, based on assessment of qt-4.5.0TP1,
2973 at least on Unix:
2975 It's apparently only necessary to intercept QMutex, since that is
2976 not implemented using pthread_mutex_t; instead Qt4 has its own
2977 implementation based on atomics (to check the non-contended case)
2978 and pthread_cond_wait (to wait in the contended case).
2980 QReadWriteLock is built on top of QMutex, counters, and a wait
2981 queue. So we don't need to handle it specially once QMutex
2982 handling is correct -- presumably the dependencies through QMutex
2983 are sufficient to avoid any false race reports. On the other hand,
2984 it is an open question whether too many dependencies are observed
2985 -- in which case we may miss races (false negatives). I suspect
2986 this is likely to be the case, unfortunately.
2988 QWaitCondition is built on pthread_cond_t, pthread_mutex_t, QMutex
2989 and QReadWriteLock. Same compositional-correctness justificiation
2990 and limitations as fro QReadWriteLock.
2992 Ditto QSemaphore (from cursory examination).
2994 Does it matter that only QMutex is handled directly? Open
2995 question. From testing with drd/tests/qt4_* and with KDE4 apps, it
2996 appears that no false errors are reported; however it is not clear
2997 if this is causing false negatives.
2999 Another problem with Qt4 is thread exiting. Threads are created
3000 with pthread_create (fine); but they detach and simply exit when
3001 done. There is no use of pthread_join, and the provided
3002 wait-for-a-thread-to-exit mechanism (QThread::wait, I believe)
3003 relies on a system of mutexes and flags. I suspect this also
3004 causes too many dependencies to appear. Consequently H sometimes
3005 fails to detect races at exit in some very short-lived racy
3006 programs, because it appears that a thread can exit _and_ have an
3007 observed dependency edge back to the main thread (presumably)
3008 before the main thread reaps the child (that is, calls
3009 QThread::wait).
3011 This theory is supported by the observation that if all threads are
3012 made to wait at a pthread_barrier_t immediately before they exit,
3013 then H's detection of races in such programs becomes reliable;
3014 without the barrier, it is varies from run to run, depending
3015 (according to investigation) on whether aforementioned
3016 exit-before-reaping behaviour happens or not.
3018 Finally, why is it necessary to intercept the QMutex constructors
3019 and destructors? The constructors are intercepted only as a matter
3020 of convenience, so H can print accurate "first observed at"
3021 clauses. However, it is actually necessary to intercept the
3022 destructors (as it is with pthread_mutex_destroy) in order that
3023 locks get removed from LAOG when they are destroyed.
3024 */
3026 // soname is libQtCore.so.4 ; match against libQtCore.so*
3027 #define QT4_FUNC(ret_ty, f, args...) \
3028 ret_ty I_WRAP_SONAME_FNNAME_ZU(libQtCoreZdsoZa,f)(args); \
3029 ret_ty I_WRAP_SONAME_FNNAME_ZU(libQtCoreZdsoZa,f)(args)
3031 // soname is libQt5Core.so.4 ; match against libQt5Core.so*
3032 #define QT5_FUNC(ret_ty, f, args...) \
3033 ret_ty I_WRAP_SONAME_FNNAME_ZU(libQt5CoreZdsoZa,f)(args); \
3034 ret_ty I_WRAP_SONAME_FNNAME_ZU(libQt5CoreZdsoZa,f)(args)
3036 //-----------------------------------------------------------
3037 // QMutex::lock()
3040 {
3041 OrigFn fn;
3045 }
3057 }
3058 }
3062 }
3065 }
3067 //-----------------------------------------------------------
3068 // QMutex::unlock()
3071 {
3072 OrigFn fn;
3077 }
3089 }
3090 }
3094 }
3097 }
3099 //-----------------------------------------------------------
3100 // bool QMutex::tryLock()
3101 // using 'long' to mimic C++ 'bool'
3104 {
3105 OrigFn fn;
3110 }
3117 // assumes that only the low 8 bits of the 'bool' are significant
3123 }
3126 }
3130 }
3133 }
3135 //-----------------------------------------------------------
3136 // bool QMutex::tryLock(int)
3137 // using 'long' to mimic C++ 'bool'
3140 {
3141 OrigFn fn;
3147 }
3154 // assumes that only the low 8 bits of the 'bool' are significant
3160 }
3163 }
3167 }
3170 }
3172 //-----------------------------------------------------------
3173 // It's not really very clear what the args are here. But from
3174 // a bit of dataflow analysis of the generated machine code of
3175 // the original function, it appears this takes two args, and
3176 // returns nothing. Nevertheless preserve return value just in
3177 // case. A bit of debug printing indicates that the first arg
3178 // is that of the mutex and the second is either zero or one,
3179 // probably being the recursion mode, therefore.
3180 // QMutex::QMutex(QMutex::RecursionMode) ("C1ENS" variant)
3183 {
3184 OrigFn fn;
3188 // fprintf(stderr, "QMutex constructor 1: %p <- %p %p\n", ret, arg1, arg2);
3192 }
3196 }
3199 }
3201 //-----------------------------------------------------------
3202 // QMutex::~QMutex() ("D1Ev" variant)
3205 {
3206 OrigFn fn;
3213 }
3217 }
3220 }
3222 //-----------------------------------------------------------
3223 // QMutex::QMutex(QMutex::RecursionMode) ("C2ENS" variant)
3227 {
3229 /*NOTREACHED*/
3230 /* Android's gcc behaves like it doesn't know that assert(0)
3231 never returns. Hence: */
3233 }
3236 {
3238 /*NOTREACHED*/
3240 }
3242 //-----------------------------------------------------------
3243 // QMutex::~QMutex() ("D2Ev" variant)
3245 {
3247 /* Android's gcc behaves like it doesn't know that assert(0)
3248 never returns. Hence: */
3250 }
3253 {
3255 /*NOTREACHED*/
3257 }
3259 // QReadWriteLock is not intercepted directly. See comments
3260 // above.
3262 //// QReadWriteLock::lockForRead()
3263 //// _ZN14QReadWriteLock11lockForReadEv == QReadWriteLock::lockForRead()
3264 //QT4_FUNC(void, ZuZZN14QReadWriteLock11lockForReadEv,
3265 // // _ZN14QReadWriteLock11lockForReadEv
3266 // void* self)
3267 //{
3268 // OrigFn fn;
3269 // VALGRIND_GET_ORIG_FN(fn);
3270 // if (TRACE_QT4_FNS) {
3271 // fprintf(stderr, "<< QReadWriteLock::lockForRead %p", self);
3272 // fflush(stderr);
3273 // }
3274 //
3275 // DO_CREQ_v_WWW(_VG_USERREQ__HG_PTHREAD_RWLOCK_LOCK_PRE,
3276 // void*,self,
3277 // long,0/*!isW*/, long,0/*!isTryLock*/);
3278 //
3279 // CALL_FN_v_W(fn, self);
3280 //
3281 // DO_CREQ_v_WWW(_VG_USERREQ__HG_PTHREAD_RWLOCK_LOCK_POST,
3282 // void*,self, long,0/*!isW*/, long, True);
3283 //
3284 // if (TRACE_QT4_FNS) {
3285 // fprintf(stderr, " :: Q::lockForRead :: done >>\n");
3286 // }
3287 //}
3288 //
3289 //// QReadWriteLock::lockForWrite()
3290 //// _ZN14QReadWriteLock12lockForWriteEv == QReadWriteLock::lockForWrite()
3291 //QT4_FUNC(void, ZuZZN14QReadWriteLock12lockForWriteEv,
3292 // // _ZN14QReadWriteLock12lockForWriteEv
3293 // void* self)
3294 //{
3295 // OrigFn fn;
3296 // VALGRIND_GET_ORIG_FN(fn);
3297 // if (TRACE_QT4_FNS) {
3298 // fprintf(stderr, "<< QReadWriteLock::lockForWrite %p", self);
3299 // fflush(stderr);
3300 // }
3301 //
3302 // DO_CREQ_v_WWW(_VG_USERREQ__HG_PTHREAD_RWLOCK_LOCK_PRE,
3303 // void*,self,
3304 // long,1/*isW*/, long,0/*!isTryLock*/);
3305 //
3306 // CALL_FN_v_W(fn, self);
3307 //
3308 // DO_CREQ_v_WWW(_VG_USERREQ__HG_PTHREAD_RWLOCK_LOCK_POST,
3309 // void*,self, long,1/*isW*/, long, True);
3310 //
3311 // if (TRACE_QT4_FNS) {
3312 // fprintf(stderr, " :: Q::lockForWrite :: done >>\n");
3313 // }
3314 //}
3315 //
3316 //// QReadWriteLock::unlock()
3317 //// _ZN14QReadWriteLock6unlockEv == QReadWriteLock::unlock()
3318 //QT4_FUNC(void, ZuZZN14QReadWriteLock6unlockEv,
3319 // // _ZN14QReadWriteLock6unlockEv
3320 // void* self)
3321 //{
3322 // OrigFn fn;
3323 // VALGRIND_GET_ORIG_FN(fn);
3324 // if (TRACE_QT4_FNS) {
3325 // fprintf(stderr, "<< QReadWriteLock::unlock %p", self);
3326 // fflush(stderr);
3327 // }
3328 //
3329 // DO_CREQ_v_W(_VG_USERREQ__HG_PTHREAD_RWLOCK_UNLOCK_PRE,
3330 // void*,self);
3331 //
3332 // CALL_FN_v_W(fn, self);
3333 //
3334 // DO_CREQ_v_W(_VG_USERREQ__HG_PTHREAD_RWLOCK_UNLOCK_POST,
3335 // void*,self);
3336 //
3337 // if (TRACE_QT4_FNS) {
3338 // fprintf(stderr, " :: Q::unlock :: done >>\n");
3339 // }
3340 //}
3343 /*----------------------------------------------------------------*/
3344 /*--- Replacements for basic string functions, that don't ---*/
3345 /*--- overrun the input arrays. ---*/
3346 /*----------------------------------------------------------------*/
3350 /*--------------------------------------------------------------------*/
3351 /*--- end hg_intercepts.c ---*/
3352 /*--------------------------------------------------------------------*/