implement support for multiple TLS destructors on macOS

Author: joboet

src/shims/tls.rs

@@ -36,9 +36,9 @@ pub struct TlsData<'tcx> {
  /// pthreads-style thread-local storage.
  keys: BTreeMap<TlsKey, TlsEntry<'tcx>>,
 
- /// A single per thread destructor of the thread local storage (that's how
- /// things work on macOS) with a data argument.
- macos_thread_dtors: BTreeMap<ThreadId, (ty::Instance<'tcx>, Scalar)>,
+ /// On macOS, each thread holds a list of destructor functions with their
+ /// respective data arguments.
+ macos_thread_dtors: BTreeMap<ThreadId, Vec<(ty::Instance<'tcx>, Scalar)>>,
 }
 
 impl<'tcx> Default for TlsData<'tcx> {
@@ -119,26 +119,18 @@ impl<'tcx> TlsData<'tcx> {
  }
  }
 
- /// Set the thread wide destructor of the thread local storage for the given
- /// thread. This function is used to implement `_tlv_atexit` shim on MacOS.
- ///
- /// Thread wide dtors are available only on MacOS. There is one destructor
- /// per thread as can be guessed from the following comment in the
- /// [`_tlv_atexit`
- /// implementation](https://github.com/opensource-apple/dyld/blob/195030646877261f0c8c7ad8b001f52d6a26f514/src/threadLocalVariables.c#L389):
- ///
- /// NOTE: this does not need locks because it only operates on current thread data
- pub fn set_macos_thread_dtor(
+ /// Add a thread local storage for the given thread. This function is used to
+ /// implement `_tlv_atexit` shim on MacOS.
+ /// FIXME: also implement `__cxa_thread_atexit_impl` for Linux using this, see
+ /// https://sourceware.org/glibc/wiki/Destructor%20support%20for%20thread_local%20variables
+ pub fn add_macos_thread_dtor(
  &mut self,
  thread: ThreadId,
  dtor: ty::Instance<'tcx>,
  data: Scalar,
  ) -> InterpResult<'tcx> {
- if self.macos_thread_dtors.insert(thread, (dtor, data)).is_some() {
- throw_unsup_format!(
- "setting more than one thread local storage destructor for the same thread is not supported"
- );
- }
+ let dtors = self.macos_thread_dtors.entry(thread).or_default();
+ dtors.push((dtor, data));
  Ok(())
  }
 
@@ -212,7 +204,7 @@ impl VisitProvenance for TlsData<'_> {
  for scalar in keys.values().flat_map(|v| v.data.values()) {
  scalar.visit_provenance(visit);
  }
- for (_, scalar) in macos_thread_dtors.values() {
+ for (_, scalar) in macos_thread_dtors.values().flatten() {
  scalar.visit_provenance(visit);
  }
  }
@@ -245,7 +237,7 @@ impl<'tcx> TlsDtorsState<'tcx> {
  "macos" => {
  // The macOS thread wide destructor runs "before any TLS slots get
  // freed", so do that first.
- this.schedule_macos_tls_dtor()?;
+ this.schedule_macos_tls_dtors()?;
  // When that destructor is done, go on with the pthread dtors.
  break 'new_state PthreadDtors(Default::default());
  }
@@ -328,21 +320,26 @@ trait EvalContextPrivExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
  Ok(())
  }
 
- /// Schedule the MacOS thread destructor of the thread local storage to be
- /// executed.
- fn schedule_macos_tls_dtor(&mut self) -> InterpResult<'tcx> {
+ /// Schedule the macOS thread local storage destructors to be executed.
+ fn schedule_macos_tls_dtors(&mut self) -> InterpResult<'tcx> {
  let this = self.eval_context_mut();
  let thread_id = this.active_thread();
- if let Some((instance, data)) = this.machine.tls.macos_thread_dtors.remove(&thread_id) {
- trace!("Running macos dtor {:?} on {:?} at {:?}", instance, data, thread_id);
-
- this.call_function(
- instance,
- Abi::C { unwind: false },
- &[data.into()],
- None,
- StackPopCleanup::Root { cleanup: true },
- )?;
+ if let Some(dtors) = this.machine.tls.macos_thread_dtors.remove(&thread_id) {
+ // macOS runs TLS destructors in the reverse order of their registration.
+ // See https://github.com/apple-oss-distributions/dyld/blob/d552c40cd1de105f0ec95008e0e0c0972de43456/dyld/DyldRuntimeState.cpp#L2277
+ // FIXME: Old macOS versions had a use-after-free bug that triggered when
+ // _tlv_atexit was run inside a destructor. Maybe miri should catch that?
+ for (instance, data) in dtors.into_iter().rev() {
+ trace!("Running macos dtor {:?} on {:?} at {:?}", instance, data, thread_id);
+
+ this.call_function(
+ instance,
+ Abi::C { unwind: false },
+ &[data.into()],
+ None,
+ StackPopCleanup::Root { cleanup: true },
+ )?;
+ }
  }
  Ok(())
  }

src/shims/unix/macos/foreign_items.rs

@@ -132,7 +132,7 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
  let dtor = this.get_ptr_fn(dtor)?.as_instance()?;
  let data = this.read_scalar(data)?;
  let active_thread = this.active_thread();
- this.machine.tls.set_macos_thread_dtor(active_thread, dtor, data)?;
+ this.machine.tls.add_macos_thread_dtor(active_thread, dtor, data)?;
  }
 
  // Querying system information