From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=iLum=DO=suse.de=tdevries@sourceware.org>
Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c])
	by sourceware.org (Postfix) with ESMTPS id 352873858D37
	for <gdb-patches@sourceware.org>; Fri, 28 Jul 2023 08:57:04 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 352873858D37
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id 619C7219E6
	for <gdb-patches@sourceware.org>; Fri, 28 Jul 2023 08:57:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1690534622; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=zL1ImtT8uchoOjrrf2QarkzuxM7LoXMI4sU/p20WxWI=;
	b=cwXH9CUFJnxGHMzyBz/Ga05tyMri1X07OAIUpSl8R2dJF+lzRPz/2q4bx0j1LlhrgZ6hET
	Rm63EDr1elY8II4o4ZLeIfVpbSG+VItD23TW9UDfUW4eXlnrT12CGe8Pg9lmUROuzwjhwG
	XM0epLXO/kL3Zh7IURAFIlGObW7tXdI=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1690534622;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=zL1ImtT8uchoOjrrf2QarkzuxM7LoXMI4sU/p20WxWI=;
	b=EnrsiNdEwJfOX9Z1bGst6/euAgqEcobLY6RnyCtJtREsO71H2dxC9mKiphrpCWbHny6Thh
	ZMsUgj/T3nayiZBQ==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 4F321139BD
	for <gdb-patches@sourceware.org>; Fri, 28 Jul 2023 08:57:02 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
	by imap2.suse-dmz.suse.de with ESMTPSA
	id uMIxEt6Cw2QreAAAMHmgww
	(envelope-from <tdevries@suse.de>)
	for <gdb-patches@sourceware.org>; Fri, 28 Jul 2023 08:57:02 +0000
From: Tom de Vries <tdevries@suse.de>
To: gdb-patches@sourceware.org
Subject: [RFC 3/3] [gdb/symtab] Fix race on per_cu->queued
Date: Fri, 28 Jul 2023 10:56:45 +0200
Message-Id: <20230728085645.3746-4-tdevries@suse.de>
X-Mailer: git-send-email 2.35.3
In-Reply-To: <20230728085645.3746-1-tdevries@suse.de>
References: <20230728085645.3746-1-tdevries@suse.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,WEIRD_PORT autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gdb-patches.sourceware.org>

With gdb build with -fsanitize=3Dthread and test-case gdb.base/index-cache.=
exp I
run into:
...
(gdb) file build/gdb/testsuite/outputs/gdb.base/index-cache/index-cache
Reading symbols from build/gdb/testsuite/outputs/gdb.base/index-cache/index=
-cache...
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
WARNING: ThreadSanitizer: data race (pid=3D24296)
  Write of size 1 at 0x7b200000420d by main thread:
    #0 queue_comp_unit gdb/dwarf2/read.c:5564 (gdb+0x8939ce)
    #1 dw2_do_instantiate_symtab gdb/dwarf2/read.c:1754 (gdb+0x885b96)
    #2 dw2_instantiate_symtab gdb/dwarf2/read.c:1792 (gdb+0x885d86)
    #3 dw2_expand_symtabs_matching_one(dwarf2_per_cu_data*, dwarf2_per_objf=
ile*, gdb::function_view<bool (char const*, bool)>, gdb::function_view<bool=
 (compunit_symtab*)>) gdb/dwarf2/read.c:3042 (gdb+0x88ac77)
    #4 cooked_index_functions::expand_symtabs_matching(objfile*, gdb::funct=
ion_view<bool (char const*, bool)>, lookup_name_info const*, gdb::function_=
view<bool (char const*)>, gdb::function_view<bool (compunit_symtab*)>, enum=
_flags<block_search_flag_values>, domain_enum, search_domain) gdb/dwarf2/re=
ad.c:16915 (gdb+0x8c1c8a)
    #5 objfile::lookup_symbol(block_enum, char const*, domain_enum) gdb/sym=
file-debug.c:288 (gdb+0xf389a1)
    #6 lookup_symbol_via_quick_fns gdb/symtab.c:2385 (gdb+0xf66403)
    #7 lookup_symbol_in_objfile gdb/symtab.c:2516 (gdb+0xf66a67)
    #8 operator() gdb/symtab.c:2562 (gdb+0xf66bbe)
    #9 operator() gdb/../gdbsupport/function-view.h:305 (gdb+0xf76ffd)
    #10 _FUN gdb/../gdbsupport/function-view.h:299 (gdb+0xf77054)
    #11 gdb::function_view<bool (objfile*)>::operator()(objfile*) const gdb=
/../gdbsupport/function-view.h:289 (gdb+0xc3f5e3)
    #12 svr4_iterate_over_objfiles_in_search_order gdb/solib-svr4.c:3455 (g=
db+0xeca793)
    #13 gdbarch_iterate_over_objfiles_in_search_order(gdbarch*, gdb::functi=
on_view<bool (objfile*)>, objfile*) gdb/gdbarch.c:5041 (gdb+0x537cad)
    #14 lookup_global_or_static_symbol gdb/symtab.c:2559 (gdb+0xf66e47)
    #15 lookup_global_symbol(char const*, block const*, domain_enum) gdb/sy=
mtab.c:2615 (gdb+0xf670cc)
    #16 language_defn::lookup_symbol_nonlocal(char const*, block const*, do=
main_enum) const gdb/symtab.c:2447 (gdb+0xf666ba)
    #17 lookup_symbol_aux gdb/symtab.c:2123 (gdb+0xf655ff)
    #18 lookup_symbol_in_language(char const*, block const*, domain_enum, l=
anguage, field_of_this_result*) gdb/symtab.c:1931 (gdb+0xf646f7)
    #19 set_initial_language() gdb/symfile.c:1708 (gdb+0xf429c0)
    #20 symbol_file_add_main_1 gdb/symfile.c:1212 (gdb+0xf40f54)
    #21 symbol_file_command(char const*, int) gdb/symfile.c:1681 (gdb+0xf42=
8fb)
    #22 file_command gdb/exec.c:554 (gdb+0x94f875)
    #23 do_simple_func gdb/cli/cli-decode.c:95 (gdb+0x6d9528)
    #24 cmd_func(cmd_list_element*, char const*, int) gdb/cli/cli-decode.c:=
2735 (gdb+0x6e0f69)
    #25 execute_command(char const*, int) gdb/top.c:575 (gdb+0xff3166)
    #26 command_handler(char const*) gdb/event-top.c:552 (gdb+0x94af08)
    #27 command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char>=
 >&&) gdb/event-top.c:788 (gdb+0x94b5c5)
    #28 tui_command_line_handler gdb/tui/tui-interp.c:104 (gdb+0x10348c6)
    #29 gdb_rl_callback_handler gdb/event-top.c:259 (gdb+0x94a4ad)
    #30 rl_callback_read_char readline/readline/callback.c:290 (gdb+0x11bdf=
87)
    #31 gdb_rl_callback_read_char_wrapper_noexcept gdb/event-top.c:195 (gdb=
+0x94a2ac)
    #32 gdb_rl_callback_read_char_wrapper gdb/event-top.c:234 (gdb+0x94a36d)
    #33 stdin_event_handler gdb/ui.c:155 (gdb+0x1074b6a)
    #34 handle_file_event gdbsupport/event-loop.cc:573 (gdb+0x1d9502c)
    #35 gdb_wait_for_event gdbsupport/event-loop.cc:694 (gdb+0x1d95764)
    #36 gdb_do_one_event(int) gdbsupport/event-loop.cc:264 (gdb+0x1d93b50)
    #37 start_event_loop gdb/main.c:412 (gdb+0xb5a49e)
    #38 captured_command_loop gdb/main.c:476 (gdb+0xb5a68d)
    #39 captured_main gdb/main.c:1320 (gdb+0xb5c80d)
    #40 gdb_main(captured_main_args*) gdb/main.c:1339 (gdb+0xb5c8bc)
    #41 main gdb/gdb.c:32 (gdb+0x416776)

  Previous read of size 1 at 0x7b200000420d by thread T12:
    #0 write_gdbindex gdb/dwarf2/index-write.c:1229 (gdb+0x8310c8)
    #1 write_dwarf_index(dwarf2_per_bfd*, char const*, char const*, char co=
nst*, dw_index_kind) gdb/dwarf2/index-write.c:1484 (gdb+0x83232f)
    #2 index_cache::store(dwarf2_per_bfd*, index_cache_store_context*) gdb/=
dwarf2/index-cache.c:177 (gdb+0x82d62b)
    #3 cooked_index::maybe_write_index(dwarf2_per_bfd*) gdb/dwarf2/cooked-i=
ndex.c:640 (gdb+0x7f1bf7)
    #4 operator() gdb/dwarf2/cooked-index.c:470 (gdb+0x7f0f40)
    #5 _M_invoke /usr/include/c++/7/bits/std_function.h:316 (gdb+0x7f2909)
    #6 std::function<void ()>::operator()() const /usr/include/c++/7/bits/s=
td_function.h:706 (gdb+0x700952)
    #7 void std::__invoke_impl<void, std::function<void ()>&>(std::__invoke=
_other, std::function<void ()>&) /usr/include/c++/7/bits/invoke.h:60 (gdb+0=
x7381a0)
    #8 std::__invoke_result<std::function<void ()>&>::type std::__invoke<st=
d::function<void ()>&>(std::function<void ()>&) /usr/include/c++/7/bits/inv=
oke.h:95 (gdb+0x737e91)
    #9 std::__future_base::_Task_state<std::function<void ()>, std::allocat=
or<int>, void ()>::_M_run()::{lambda()#1}::operator()() const /usr/include/=
c++/7/future:1421 (gdb+0x737b59)
    #10 std::__future_base::_Task_setter<std::unique_ptr<std::__future_base=
::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::__future=
_base::_Task_state<std::function<void ()>, std::allocator<int>, void ()>::_=
M_run()::{lambda()#1}, void>::operator()() const /usr/include/c++/7/future:=
1362 (gdb+0x738660)
    #11 std::_Function_handler<std::unique_ptr<std::__future_base::_Result_=
base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_=
Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__futur=
e_base::_Result_base::_Deleter>, std::__future_base::_Task_state<std::funct=
ion<void ()>, std::allocator<int>, void ()>::_M_run()::{lambda()#1}, void> =
>::_M_invoke(std::_Any_data const&) /usr/include/c++/7/bits/std_function.h:=
302 (gdb+0x73825c)
    #12 std::function<std::unique_ptr<std::__future_base::_Result_base, std=
::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/inclu=
de/c++/7/bits/std_function.h:706 (gdb+0x733623)
    #13 std::__future_base::_State_baseV2::_M_do_set(std::function<std::uni=
que_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base:=
:_Deleter> ()>*, bool*) /usr/include/c++/7/future:561 (gdb+0x732bdf)
    #14 void std::__invoke_impl<void, void (std::__future_base::_State_base=
V2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std:=
:__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_=
State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_ba=
se, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::__invoke_=
memfun_deref, void (std::__future_base::_State_baseV2::*&&)(std::function<s=
td::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Resul=
t_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::=
function<std::unique_ptr<std::__future_base::_Result_base, std::__future_ba=
se::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/7/bits/invoke=
.h:73 (gdb+0x734c4f)
    #15 std::__invoke_result<void (std::__future_base::_State_baseV2::*)(st=
d::function<std::unique_ptr<std::__future_base::_Result_base, std::__future=
_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_bas=
eV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::=
__future_base::_Result_base::_Deleter> ()>*, bool*>::type std::__invoke<voi=
d (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std:=
:__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (=
)>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_=
ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_De=
leter> ()>*, bool*>(void (std::__future_base::_State_baseV2::*&&)(std::func=
tion<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::=
_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&,=
 std::function<std::unique_ptr<std::__future_base::_Result_base, std::__fut=
ure_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/7/bits/=
invoke.h:95 (gdb+0x733bc5)
    #16 std::call_once<void (std::__future_base::_State_baseV2::*)(std::fun=
ction<std::unique_ptr<std::__future_base::_Result_base, std::__future_base:=
:_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, =
std::function<std::unique_ptr<std::__future_base::_Result_base, std::__futu=
re_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::_=
_future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__futu=
re_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bo=
ol*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<s=
td::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter=
> ()>*&&, bool*&&)::{lambda()#1}::operator()() const /usr/include/c++/7/mut=
ex:672 (gdb+0x73300d)
    #17 std::call_once<void (std::__future_base::_State_baseV2::*)(std::fun=
ction<std::unique_ptr<std::__future_base::_Result_base, std::__future_base:=
:_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, =
std::function<std::unique_ptr<std::__future_base::_Result_base, std::__futu=
re_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::_=
_future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__futu=
re_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bo=
ol*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<s=
td::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter=
> ()>*&&, bool*&&)::{lambda()#2}::operator()() const /usr/include/c++/7/mut=
ex:677 (gdb+0x7330b2)
    #18 std::call_once<void (std::__future_base::_State_baseV2::*)(std::fun=
ction<std::unique_ptr<std::__future_base::_Result_base, std::__future_base:=
:_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, =
std::function<std::unique_ptr<std::__future_base::_Result_base, std::__futu=
re_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::_=
_future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__futu=
re_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bo=
ol*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<s=
td::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter=
> ()>*&&, bool*&&)::{lambda()#2}::_FUN() /usr/include/c++/7/mutex:677 (gdb+=
0x7330f2)
    #19 pthread_once <null> (libtsan.so.0+0x4457c)
    #20 __gthread_once /usr/include/c++/7/x86_64-suse-linux/bits/gthr-defau=
lt.h:699 (gdb+0x72f5dd)
    #21 void std::call_once<void (std::__future_base::_State_baseV2::*)(std=
::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_=
base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_base=
V2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::_=
_future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (s=
td::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::_=
_future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>=
*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_=
ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_De=
leter> ()>*&&, bool*&&) /usr/include/c++/7/mutex:684 (gdb+0x733224)
    #22 std::__future_base::_State_baseV2::_M_set_result(std::function<std:=
:unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_b=
ase::_Deleter> ()>, bool) /usr/include/c++/7/future:401 (gdb+0x732852)
    #23 std::__future_base::_Task_state<std::function<void ()>, std::alloca=
tor<int>, void ()>::_M_run() /usr/include/c++/7/future:1423 (gdb+0x737bef)
    #24 std::packaged_task<void ()>::operator()() /usr/include/c++/7/future=
:1556 (gdb+0x1dac6da)
    #25 gdb::thread_pool::thread_function() gdbsupport/thread-pool.cc:242 (=
gdb+0x1dabffc)
    #26 void std::__invoke_impl<void, void (gdb::thread_pool::*)(), gdb::th=
read_pool*>(std::__invoke_memfun_deref, void (gdb::thread_pool::*&&)(), gdb=
::thread_pool*&&) /usr/include/c++/7/bits/invoke.h:73 (gdb+0x1dad0ab)
    #27 std::__invoke_result<void (gdb::thread_pool::*)(), gdb::thread_pool=
*>::type std::__invoke<void (gdb::thread_pool::*)(), gdb::thread_pool*>(voi=
d (gdb::thread_pool::*&&)(), gdb::thread_pool*&&) /usr/include/c++/7/bits/i=
nvoke.h:95 (gdb+0x1dac4dc)
    #28 decltype (__invoke((_S_declval<0ul>)(), (_S_declval<1ul>)())) std::=
thread::_Invoker<std::tuple<void (gdb::thread_pool::*)(), gdb::thread_pool*=
> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/7/th=
read:234 (gdb+0x1daf80e)
    #29 std::thread::_Invoker<std::tuple<void (gdb::thread_pool::*)(), gdb:=
:thread_pool*> >::operator()() /usr/include/c++/7/thread:243 (gdb+0x1daf799)
    #30 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (gdb=
::thread_pool::*)(), gdb::thread_pool*> > >::_M_run() /usr/include/c++/7/th=
read:186 (gdb+0x1daf74e)
    #31 <null> <null> (libstdc++.so.6+0xdcac2)
 ...
SUMMARY: ThreadSanitizer: data race gdb/dwarf2/read.c:5564 in queue_comp_un=
it
...

The race happens during the "file $exec" command.

The race is between:
- the main thread expanding the CU containing main, and in the process sett=
ing
  dwarf2_per_cu_data::queued, and
- a worker thread writing the index cache, and in the process reading
  dwarf2_per_cu_data::is_debug_type.

The two bitfields dwarf2_per_cu_data::queue and
dwarf2_per_cu_data::is_debug_type share the same bitfield container.

Fix this by making dwarf2_per_cu_data::queued std::atomic<bool>.

Tested on x86_64-linux.

PR symtab/30392
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=3D30392
---
 gdb/dwarf2/read.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdb/dwarf2/read.h b/gdb/dwarf2/read.h
index a99299cbc6d..28e4cb69a77 100644
--- a/gdb/dwarf2/read.h
+++ b/gdb/dwarf2/read.h
@@ -128,7 +128,7 @@ struct dwarf2_per_cu_data
 public:
   /* Flag indicating this compilation unit will be read in before
      any of the current compilation units are processed.  */
-  unsigned int queued : 1;
+  std::atomic<bool> queued;
=20
   /* Non-zero if this CU is from .debug_types.
      Struct dwarf2_per_cu_data is contained in struct signatured_type iff
--=20
2.35.3