Re: [Qemu-devel] [PATCH v3 00/15] A number of fixes for ThreadSanitizer

From: "Alex Bennée" <alex.bennee@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, mttcg@listserver.greensocs.com,
	peter.maydell@linaro.org, claudio.fontana@huawei.com,
	nikunj@linux.vnet.ibm.com, jan.kiszka@siemens.com,
	mark.burton@greensocs.com, a.rigo@virtualopensystems.com,
	cota@braap.org, serge.fdrv@gmail.com, bobby.prani@gmail.com,
	rth@twiddle.net, fred.konrad@greensocs.com
Subject: Re: [Qemu-devel] [PATCH v3 00/15] A number of fixes for ThreadSanitizer
Date: Mon, 03 Oct 2016 10:43:58 +0100	[thread overview]
Message-ID: <87eg3xu5r5.fsf@linaro.org> (raw)
In-Reply-To: <c59f9d15-43a0-f265-b33a-f9c500eb2922@redhat.com>

Paolo Bonzini <pbonzini@redhat.com> writes:

> On 30/09/2016 23:30, Alex Bennée wrote:
>> Hi,
>>
>> This is v3 of the ThreadSanitizer fixes. Changes from the last
>> version:
>>
>>   - added some more review tags
>>   - made clear C11 undefined behaviour is the main issue
>>   - added two minor fixes to atomic.h
>>   - change type of tb_page_addr_t back to target_ulong
>>   - dropped ui/vnc-enc-tight patch (already picked up an merged)
>>   - dropped the blacklist patch (not needed with gcc)
>>   - fixed a number of remaining issues with:
>>     - TranslationBuffer access
>>     - PageDesc access
>>
>> A number of the patches fix fairly rare race conditions. In fact I had
>> to repeat my test case a number of times to trigger some of them:
>>
>>   retry.py -n 100 -c -- ./arm-linux-user/qemu-arm ./pigz.armhf \
>>     -c -9 linux-4.6.3.tar > /dev/null 2> tsan-user-async.log
>>
>> On a build with a light patch to reduce the size of the translation
>> buffer so we trigger lots of flushes.
>>
>> With this series applied you can enable ThreadSanitizer with the
>> following command line:
>>
>>   ./configure --extra-cflags="-g3 -O0 -fsanitize=thread -D__SANITIZE_THREAD__" \
>>     --with-coroutine=gthread --disable-pie --enable-debug --enable-debug-info
>>
>> breakdown:
>>   -fsanitize=thread - enables sanitizer
>>   --with-coroutine=gthread - tsan chokes on other forms of coroutine
>>   --disable-pie - tsan no longer works with PIE
>>   --enable-debug --enable-debug-info - better backtraces
>>
>> Remaining work:
>>
>> Running make check with the sanitzer enabled flags up a number of
>> warnings. I'm going to leave those for others to investigate as I need
>> to press on with the next MTTCG re-base ;-)
>>
>> Alex Bennée (14):
>>   atomic.h: fix __SANITIZE_THREAD__ build
>>   atomic.h: comment on use of atomic_read/set
>>   exec-all.h: revert tb_page_addr_t to target_ulong
>>   tcg/optimize: move default return out of if statement
>>   qom/object: update class cache atomically
>>   qom/cpu: atomically clear the tb_jmp_cache
>>   cpu: atomically modify cpu->exit_request
>>   util/qht: atomically set b->hashes
>>   linux-user/syscall: extend lock around cpu-list
>>   qga/command: use QEMU atomic primitives
>>   .travis.yml: add gcc sanitizer build
>>   tcg: ensure cpu_tb_exec/tb_gen_code use atomic_read/write
>>   tcg: update remaining TranslationBuffer fields atomically
>>   translate-all: mark updates to PageDesc as atomic
>>
>> Paolo Bonzini (1):
>>   seqlock: use atomic writes for the sequence
>>
>>  .travis.yml             | 45 ++++++++++++++++++++++++++
>>  cpu-exec.c              | 30 ++++++++---------
>>  include/exec/exec-all.h | 13 +++++++-
>>  include/qemu/atomic.h   |  8 ++++-
>>  include/qemu/seqlock.h  |  4 +--
>>  linux-user/syscall.c    |  7 +++-
>>  qga/commands.c          | 17 +++++-----
>>  qom/cpu.c               | 10 ++++--
>>  qom/object.c            | 15 +++++----
>>  tcg/optimize.c          |  3 +-
>>  translate-all.c         | 86 +++++++++++++++++++++++++------------------------
>>  util/qht.c              | 10 +++---
>>  12 files changed, 161 insertions(+), 87 deletions(-)
>>
>
> Queueing patches 1, 2 and 4-12.

OK. We can revisit the rest when we decide what the best plan of action
is for 64-on-32 atomic accesses should be.

--
Alex Bennée