TsanOptions.cpp (16066B)
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* This Source Code Form is subject to the terms of the Mozilla Public 3 * License, v. 2.0. If a copy of the MPL was not distributed with this file, 4 * You can obtain one at http://mozilla.org/MPL/2.0/. */ 5 6 #include "mozilla/Types.h" 7 8 // 9 // When running with ThreadSanitizer, we need to explicitly set some 10 // options specific to our codebase to prevent errors during runtime. 11 // To override these, set the TSAN_OPTIONS environment variable. 12 // 13 // Currently, these are: 14 // 15 // abort_on_error=1 - Causes TSan to abort instead of using exit(). 16 // halt_on_error=1 - Causes TSan to stop on the first race detected. 17 // 18 // report_signal_unsafe=0 - Required to avoid TSan deadlocks when 19 // receiving external signals (e.g. SIGINT manually on console). 20 // 21 // allocator_may_return_null=1 - Tell TSan to return NULL when an allocation 22 // fails instead of aborting the program. This allows us to handle failing 23 // allocations the same way we would handle them with a regular allocator and 24 // also uncovers potential bugs that might occur in these situations. 25 // 26 extern "C" MOZ_EXPORT const char* __tsan_default_options() { 27 return "halt_on_error=1:abort_on_error=1:report_signal_unsafe=0" 28 ":allocator_may_return_null=1"; 29 } 30 31 // 32 // When running with ThreadSanitizer, we sometimes need to suppress existing 33 // races. However, in any case, it should be either because 34 // 35 // 1) a bug is on file. In this case, the bug number should always be 36 // included with the suppression. 37 // 38 // or 2) this is an intentional race. Please be very careful with judging 39 // races as intentional and benign. Races in C++ are undefined behavior 40 // and compilers increasingly rely on exploiting this for optimizations. 41 // Hence, many seemingly benign races cause harmful or unexpected 42 // side-effects. 43 // 44 // See also: 45 // https://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong 46 // 47 // 48 // Also, when adding any race suppressions here, make sure to always add 49 // a signature for each of the two race stacks. Sometimes, TSan fails to 50 // symbolize one of the two traces and this can cause suppressed races to 51 // show up intermittently. 52 // 53 // clang-format off 54 extern "C" MOZ_EXPORT const char* __tsan_default_suppressions() { 55 return "# Add your suppressions below\n" 56 57 // External uninstrumented libraries 58 // These are default suppressions for external libraries that probably 59 // every application would want to include if it potentially loads external 60 // libraries like GTK/X and hence their dependencies. 61 "called_from_lib:libappmenu-gtk3-parser\n" 62 "called_from_lib:libatk-1\n" 63 "called_from_lib:libcairo.so\n" 64 "called_from_lib:libcairo-gobject\n" 65 "called_from_lib:libdconfsettings\n" 66 "called_from_lib:libEGL_nvidia\n" 67 "called_from_lib:libfontconfig.so\n" 68 "called_from_lib:libfontconfig1\n" 69 "called_from_lib:libgdk-3\n" 70 "called_from_lib:libgdk_pixbuf\n" 71 "called_from_lib:libgdk-x11\n" 72 "called_from_lib:libgio-2\n" 73 "called_from_lib:libglib-1\n" 74 "called_from_lib:libglib-2\n" 75 "called_from_lib:libgobject\n" 76 "called_from_lib:libgtk-3\n" 77 "called_from_lib:libgtk-x11\n" 78 "called_from_lib:libgvfscommon\n" 79 "called_from_lib:libgvfsdbus\n" 80 "called_from_lib:libibus-1\n" 81 "called_from_lib:libnvidia-egl-wayland\n" 82 "called_from_lib:libnvidia-eglcore\n" 83 "called_from_lib:libnvidia-glsi\n" 84 "called_from_lib:libogg.so\n" 85 "called_from_lib:libpango-1\n" 86 "called_from_lib:libpangocairo\n" 87 "called_from_lib:libpangoft2\n" 88 "called_from_lib:pango-basic-fc\n" 89 "called_from_lib:libpixman-1\n" 90 "called_from_lib:libpulse.so\n" 91 "called_from_lib:libpulsecommon\n" 92 "called_from_lib:libsecret-1\n" 93 "called_from_lib:libunity-gtk3-parser\n" 94 "called_from_lib:libvorbis.so\n" 95 "called_from_lib:libvorbisfile\n" 96 "called_from_lib:libwayland-client\n" 97 "called_from_lib:libX11.so\n" 98 "called_from_lib:libX11-xcb\n" 99 "called_from_lib:libXau\n" 100 "called_from_lib:libxcb.so\n" 101 "called_from_lib:libXcomposite\n" 102 "called_from_lib:libXcursor\n" 103 "called_from_lib:libXdamage\n" 104 "called_from_lib:libXdmcp\n" 105 "called_from_lib:libXext\n" 106 "called_from_lib:libXfixes\n" 107 "called_from_lib:libXi.so\n" 108 "called_from_lib:libXrandr\n" 109 "called_from_lib:libXrender\n" 110 "called_from_lib:libXss\n" 111 112 113 // TSan internals 114 "race:__tsan::ProcessPendingSignals\n" 115 "race:__tsan::CallUserSignalHandler\n" 116 117 118 119 120 121 // Uninstrumented code causing false positives 122 123 // These libraries are uninstrumented and cause mutex false positives. 124 // However, they can be unloaded by GTK early which we cannot avoid. 125 "mutex:libGL.so\n" 126 "mutex:libGLdispatch\n" 127 "mutex:libGLX\n" 128 // Bug 1637707 - permanent 129 "mutex:libEGL_mesa.so\n" 130 // ~GLContextGLX unlocks a libGL mutex. 131 "mutex:GLContextGLX::~GLContextGLX\n" 132 // Bug 1825171 133 "mutex:libffi.so\n" 134 "mutex:wl_registry_destroy\n" 135 // Bug 1824768 136 "mutex:libdbus-1\n" 137 "mutex:swrast_dri.so\n" 138 "mutex:libgallium-*.so\n" 139 // Bug 1651446 - permanent (ffmpeg) 140 "race:libavcodec.so*\n" 141 "race:libavutil.so*\n" 142 // For some reason, the suppressions on libpulse.so 143 // through `called_from_lib` only work partially. 144 "race:libpulse.so\n" 145 "race:pa_context_suspend_source_by_index\n" 146 "race:pa_context_unref\n" 147 "race:pa_format_info_set_prop_string_array\n" 148 "race:pa_stream_get_index\n" 149 "race:pa_stream_update_timing_info\n" 150 "race:vorbis_synthesis_init\n" 151 // This is a callback from libglib-2 that is apparently 152 // not fully suppressed through `called_from_lib`. 153 "race:g_main_context_dispatch\n" 154 // This is likely a false positive involving a mutex from GTK. 155 // See also bug 1642653 - permanent. 156 "mutex:GetMaiAtkType\n" 157 // Bug 1688716 - Failure due to fire_glxtest_process 158 // calling into uninstrumented external graphics driver code. 159 // For example: iris_dri.so and swrast_dri.so. 160 "race:fire_glxtest_process\n" 161 "race:iris_dri\n" 162 // Bug 1824768 163 "race:libLLVM-12\n" 164 "race:radeonsi_dri\n" 165 // Bug 1722721 - WebRender using uninstrumented Mesa drivers 166 "race:swrast_dri.so\n" 167 "race:libgallium-*.so\n" 168 // Bug 1825171 169 "race:libffi.so\n" 170 "race:mozilla::widget::WaylandBuffer::BufferReleaseCallbackHandler\n" 171 // Bug 1953677 172 "race:i965_dri.so\n" 173 174 175 176 177 // Deadlock reports on single-threaded runtime. 178 // 179 // This is a known false positive from TSan where it reports 180 // a potential deadlock even though all mutexes are only 181 // taken by a single thread. For applications/tasks where we 182 // are absolutely sure that no second thread will be involved 183 // we should suppress these issues. 184 // 185 // See also https://github.com/google/sanitizers/issues/488 186 187 // Bug 1614605 - permanent 188 "deadlock:SanctionsTestServer\n" 189 "deadlock:OCSPStaplingServer\n" 190 // Bug 1643087 - permanent 191 "deadlock:BadCertAndPinningServer\n" 192 // Bug 1606804 - permanent 193 "deadlock:cert_storage::SecurityState::open_db\n" 194 "deadlock:cert_storage::SecurityState::add_certs\n" 195 // Bug 1651770 - permanent 196 "deadlock:mozilla::camera::LockAndDispatch\n" 197 // Bug 1606804 - permanent 198 "deadlock:third_party/rust/rkv/src/env.rs\n" 199 // Bug 1680655 - permanent 200 "deadlock:EncryptedClientHelloServer\n" 201 // Bug 1682861 - permanent 202 "deadlock:nsDOMWindowUtils::CompareCanvases\n" 203 // Bug 1984952 - not technically necessarily a deadlock, but a weird case of 204 // recursive locking that tsan normally doesn't allow, that is not clear yet 205 // how it happens and whether it's actually problematic, but it's originating 206 // from a system library so we can't do much about fixing it (except if it's 207 // actually a tsan bug). 208 "deadlock:libgallium-*.so\n" 209 210 211 212 213 214 // Benign races in third-party code (should be fixed upstream) 215 216 // No Bug - permanent 217 // No Upstream Bug Filed! 218 // 219 // SIMD Initialization in libjpeg, potentially runs 220 // initialization twice, but otherwise benign. Init 221 // routine itself is in native assembler. 222 "race:init_simd\n" 223 "race:simd_support\n" 224 "race:jsimd_can_ycc_rgb\n" 225 // Bug 1615228 - permanent 226 // No Upstream Bug Filed! 227 // 228 // Likely benign race in ipc/chromium/ where we set 229 // `message_loop_` to `NULL` on two threads when stopping 230 // a thread at the same time it is already finishing. 231 "race:base::Thread::Stop\n" 232 // Bug 1615569 - permanent 233 // No Upstream Bug Filed! 234 // 235 // NSS is using freebl from two different threads but freebl isn't 236 // that threadsafe. 237 "race:mp_exptmod.max_window_bits\n" 238 // Bug 1652499 - permanent 239 // No Upstream Bug Filed! 240 // 241 // Likely benign race in webrtc.org code - race while updating the 242 // minimum log severity. 243 "race:Loggable\n" 244 "race:UpdateMinLogSeverity\n" 245 // Bug 1652174 - permanent 246 // Upstream Bug: https://github.com/libevent/libevent/issues/777 247 // 248 // Likely benign write-write race in libevent to set a sticky boolean 249 // flag to true. 250 "race:event_debug_mode_too_late\n" 251 252 // Bug 1653618 - permanent 253 // Upstream Bug: https://github.com/sctplab/usrsctp/issues/507 254 // 255 // Might lead to scheduled timers in libusrsctp getting dropped? 256 "race:sctp_handle_tick\n" 257 "race:sctp_handle_sack\n" 258 // Bug 1648604 - permanent 259 // Upstream Bug: https://github.com/sctplab/usrsctp/issues/482 260 // 261 // Likely benign race in libusrsctp allocator during a free. 262 "race:system_base_info\n" 263 // Benign lock-order-inversion in libusrsctp 264 // No upstream bug filed! 265 "deadlock:sctp_add_to_readq\n" 266 267 // Bug 1153409 - permanent 268 // No Upstream Bug Filed! 269 // 270 // Probably benign - sqlite has a few optimizations where it does 271 // racy reads and then does properly synchronized integrity checks 272 // afterwards. Some concern of compiler optimizations messing this 273 // up due to "volatile" being too weak for this. 274 "race:third_party/sqlite3/*\n" 275 "deadlock:third_party/sqlite3/*\n" 276 // Bug 1674770 - permanent 277 // Upstream Bug: https://github.com/Amanieu/parking_lot/issues/257 278 // 279 // parking_lot using incorrect atomic orderings in RwLock, upstream 280 // fix already up for review. 281 "race:StrongRuleNode::ensure_child\n" 282 // No Bug - permanent 283 // Upstream Bugs: 284 // 285 // * https://github.com/rayon-rs/rayon/issues/812 286 // * https://github.com/crossbeam-rs/crossbeam/issues/589 287 // 288 // Probably a false-positive from crossbeam's deque not being 289 // understood by tsan. 290 "race:crossbeam_deque*::resize\n" 291 "race:crossbeam_deque*::push\n" 292 "race:crossbeam_deque*::write\n" 293 "race:crossbeam_deque*::read\n" 294 "race:crossbeam_deque*::steal\n" 295 // Bug 1805819 - permanent 296 // No Upstream Bug Filed! 297 // 298 // False positive in libc's tzset_internal 299 // See https://crbug.com/379738 also 300 "race:tzset_internal\n" 301 302 303 304 305 306 // The rest of these suppressions are miscellaneous issues in gecko 307 // that should be investigated and ideally fixed. 308 309 // Bug 1671574 - Permanent 310 // The StartupCache thread intentionally races with the main thread to 311 // trigger OS-level paging. It is never joined with the main thread. 312 "thread:StartupCache\n" 313 314 // Bug 1734262 - Permanent 315 // When spawning async processes, we create a helper thread to wait for 316 // the process to terminate in order to asynchronously report the exit 317 // code to Gecko. This thread waits on a syscall for the process to end, 318 // which means there's no easy way to cancel and join it during Gecko 319 // shutdown. Suppress thread leak reports for this thread. 320 "thread:CreateMonitorThread\n" 321 322 // Bug 1601600 323 "race:SkARGB32_Blitter\n" 324 "race:SkARGB32_Shader_Blitter\n" 325 "race:SkARGB32_Opaque_Blitter\n" 326 "race:SkRasterPipelineBlitter\n" 327 "race:Clamp_S32_D32_nofilter_trans_shaderproc\n" 328 "race:SkSpriteBlitter_Memcpy\n" 329 330 // Bug 1606800 331 "race:CallInitFunc\n" 332 333 // Bug 1606803 334 "race:ipv6_is_present\n" 335 336 // Bug 1615123 337 "race:_dl_deallocate_tls\n" 338 "race:__libc_memalign\n" 339 340 // Bug 1664803 341 "race:Sampler::sSigHandlerCoordinator\n" 342 343 // Bug 1656068 344 "race:WebRtcAec_Create\n" 345 346 // No Bug - Logging bug in Mochitests 347 "race:mochitest/ssltunnel/ssltunnel.cpp\n" 348 349 // This thread does not seem to be stopped/joined. 350 // ImageBridgeChild should be turned back into a background 351 // task queue in bug 1647628, in which case these suppressions 352 // can be removed. 353 "race:mozilla::layers::ImageBridgeChild::ShutDown\n" 354 355 // Bug 1652530 356 "mutex:XErrorTrap\n" 357 358 // Bug 1671601 359 "race:CamerasParent::ActorDestroy\n" 360 "race:CamerasParent::DispatchToVideoCaptureThread\n" 361 362 // Bug 1623541 363 "race:VRShMem::PullSystemState\n" 364 "race:VRShMem::PushSystemState\n" 365 "race:VRShMem::PullBrowserState\n" 366 "race:VRShMem::PushBrowserState\n" 367 368 // Bug 1682951 369 "race:storage::Connection::Release\n" 370 371 // Bug 1683357 372 "race:image::ImageSurfaceCache::SuggestedSizeInternal\n" 373 "race:image::RasterImage::SetMetadata\n" 374 "race:image::RasterImage::GetWidth\n" 375 376 // Bug 1722721 - This is a benign race creating worker/SW compositor threads. 377 "race:webrender::profiler::register_thread\n" 378 379 // Bug 1722721 - This is a false positive during SW-WR rendering. 380 "race:scale_blit\n" 381 382 "race:mozilla::gl::MesaMemoryLeakWorkaround\n" 383 384 // Bug 1733908 385 "race:js::wasm::Code::bestTier\n" 386 "race:js::wasm::Code::commitTier2\n" 387 "race:js::wasm::Code::setTier2\n" 388 "race:js::wasm::Code::setAndBorrowTier2\n" 389 390 // Bug 1755449 391 // The Glean init thread is used to perform I/O and other blocking operations. 392 // It is never joined with the main thread, but this is being re-evaluated. 393 "thread:glean::initialize\n" 394 395 // Bug 1822605 - permanent 396 // A race exists in libvulkan_lvp.so. This was previously addressed in bug 397 // 1816713. However, libvulkan_lvp.so is unloaded so a called_from_lib 398 // suppression cannot be used. 399 "race:libvulkan_lvp.so\n" 400 401 // Bug 1894073 - false positive 402 // TSan isn't aware of IPC; see bug for detailed explanation. 403 "race:LaunchAppWithForkServer\n" 404 405 // End of suppressions. 406 ; // Please keep this semicolon. 407 } 408 // clang-format on