Bug 25238 - add support for clang's thread safety analysis
Summary: add support for clang's thread safety analysis
Alias: None
Product: glibc
Classification: Unclassified
Component: nptl (show other bugs)
Version: 2.30
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2019-12-01 07:28 UTC by Bruno Haible
Modified: 2020-02-19 15:18 UTC (History)
1 user (show)

See Also:
Last reconfirmed:
fweimer: security-

test case (645 bytes, text/x-csrc)
2019-12-01 07:28 UTC, Bruno Haible
proposed patch (1.38 KB, patch)
2019-12-01 07:35 UTC, Bruno Haible
Details | Diff
proposed patch v2 (1.41 KB, patch)
2019-12-02 17:52 UTC, Bruno Haible
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bruno Haible 2019-12-01 07:28:36 UTC
Created attachment 12096 [details]
test case

Clang has a facility for warning about access to variables or functions without the appropriate locking. This is very useful for multithreaded applications.

But it needs annotations on the type pthread_mutex_t and the functions pthread_mutex_lock and pthread_mutex_unlock. The user cannot provide the annotation on the type pthread_mutex_t, because that would require redefining the type pthread_mutex_t. So it must be done in the libc header files.

Find attached:
1) A test case that shows the warning in a demo program.
2) A patch to current glibc that implements the required annotations.

Later, the same thing could be done for pthread_rwlock_t.
Comment 1 Bruno Haible 2019-12-01 07:35:56 UTC
Created attachment 12097 [details]
proposed patch
Comment 2 joseph@codesourcery.com 2019-12-02 16:31:22 UTC
In general this sort of macro definition goes in sys/cdefs.h if possible 
rather than scattering such compiler feature tests around other installed 
headers.  Any kind of attributes used in installed headers need to be 
namespace-clean, so e.g. __acquire_capability__ not acquire_capability and 
likewise for other names used.
Comment 3 Bruno Haible 2019-12-02 17:52:39 UTC
Created attachment 12098 [details]
proposed patch v2

Find the issues addressed in the attached proposed patch.

The minimum clang version is increased from 4 to 5, because __acquire_capability__ with surrounding underscores was not supported from the beginning.

I'm not in a position to rebuild the full glibc and do regression testing on it; if someone could do it for me, please?