Fix -Wthread-safety-analysis warnings. Compile with -Wthread-safety-analysis if available. #10866
Conversation
|
Do we actually enforce that on Travis? Its nice to have the auto-checker stuff, but AFAIR its (barely) hooked up anywhere? |
|
@TheBlueMatt Travis is currently not compiling with Clang Thread Safety Analysis warnings ( Personally I build daily using In the general case we want to fix all warnings emitted when compiling with Click to expand: Current thread safety warningsnet_processing.cpp:587:10: warning: reading variable 'vExtraTxnForCompact' requires holding mutex 'cs_main' [-Wthread-safety-analysis]
if (!vExtraTxnForCompact.size())
^
net_processing.cpp:60:57: note: Guarded_by declared here.
static std::vector> vExtraTxnForCompact GUARDED_BY(cs_main);
^
net_processing.cpp:583:1: note: Thread warning in function 'AddToCompactExtraTransactions'
{
^
net_processing.cpp:588:9: warning: reading variable 'vExtraTxnForCompact' requires holding mutex 'cs_main' [-Wthread-safety-analysis]
vExtraTxnForCompact.resize(max_extra_txn);
^
net_processing.cpp:60:57: note: Guarded_by declared here.
static std::vector> vExtraTxnForCompact GUARDED_BY(cs_main);
^
net_processing.cpp:583:1: note: Thread warning in function 'AddToCompactExtraTransactions'
{
^
net_processing.cpp:589:5: warning: reading variable 'vExtraTxnForCompact' requires holding mutex 'cs_main' [-Wthread-safety-analysis]
vExtraTxnForCompact[vExtraTxnForCompactIt] = std::make_pair(tx->GetWitnessHash(), tx);
^
net_processing.cpp:60:57: note: Guarded_by declared here.
static std::vector> vExtraTxnForCompact GUARDED_BY(cs_main);
^
net_processing.cpp:583:1: note: Thread warning in function 'AddToCompactExtraTransactions'
{
^
|
|
If we're going to revive this safety checking infrastructure (it was introduced in #2003, and I don't think updated much since), there are probably many other places to add annotations. |
|
Agree with @sipa. |
|
The reason I'm starting with The reason for the warning is that static std::vector<std::pair<uint256, CTransactionRef>> vExtraTxnForCompact
GUARDED_BY(cs_main);
This PR fixes that and after applying this PR the code base is free from I'd be glad to extend the usage of I guess one reason not to fix the current warning is if we for some reason instead would want to remove this thread-safety infrastructure. Let me know if that is the case :-) |
|
Additional reading: The "C/C++ Thread Safety Analysis" paper (Hutchins, Ballman & Sutherland, 2014) paper describing
|
|
Ah! Didn't realize its to fix a warning, yea, lets a) do this and b) can you add a -Werror=thread-safety-analysis here, too? I was informed travis already does a clang build for OSX, so it should be able to catch errors here :). |
|
@TheBlueMatt Sure! I've updated the PR title to make things more clear :-) |
|
I think we really should make travis enforce this. It shouldnt be hard cause we already have --enable-werror by default, just need to hook up -Werror=thread-safety-analysis if the compiler supports it (which our clang-osx build should). |
|
@TheBlueMatt Would something along the lines of the following do the trick for Travis? diff --git a/.travis.yml b/.travis.yml
index a79428f..423b04e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -34,7 +34,7 @@ env:
# No wallet
- HOST=x86_64-unknown-linux-gnu PACKAGES="python3" DEP_OPTS="NO_WALLET=1" RUN_TESTS=true GOAL="install" BITCOIN_CONFIG="--enable-glibc-back-compat --enable-reduce-exports"
# Cross-Mac
- - HOST=x86_64-apple-darwin11 PACKAGES="cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev" BITCOIN_CONFIG="--enable-gui --enable-reduce-exports" OSX_SDK=10.11 GOAL="deploy"
+ - HOST=x86_64-apple-darwin11 PACKAGES="cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev" BITCOIN_CONFIG="--enable-gui --enable-reduce-exports" OSX_SDK=10.11 GOAL="deploy" CPPFLAGS="-Werror=thread-safety-analysis"
before_install:
- export PATH=$(echo $PATH | tr ':' "\n" | sed '/\/opt\/python/d' | tr "\n" ":" | sed "s|::|:|g")Or did you mean always enabling that warning if the compiler supports it? |
|
@practicalswift I was referring to the -Werror support we already have in configure.ac. Best to use that, I'd think. |
|
@TheBlueMatt Got it! What about this: diff --git a/configure.ac b/configure.ac
index aea5d71..ec3877d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -241,6 +241,7 @@ if test "x$enable_werror" = "xyes"; then
AC_MSG_ERROR("enable-werror set but -Werror is not usable")
fi
AX_CHECK_COMPILE_FLAG([-Werror=vla],[ERROR_CXXFLAGS="$ERROR_CXXFLAGS -Werror=vla"],,[[$CXXFLAG_WERROR]])
+ AX_CHECK_COMPILE_FLAG([-Werror=thread-safety-analysis],[ERROR_CXXFLAGS="$ERROR_CXXFLAGS -Werror=thread-safety-analysis"],,[[$CXXFLAG_WERROR]])
fi
if test "x$CXXFLAGS_overridden" = "xno"; then
@@ -249,6 +250,7 @@ if test "x$CXXFLAGS_overridden" = "xno"; then
AX_CHECK_COMPILE_FLAG([-Wformat],[CXXFLAGS="$CXXFLAGS -Wformat"],,[[$CXXFLAG_WERROR]])
AX_CHECK_COMPILE_FLAG([-Wvla],[CXXFLAGS="$CXXFLAGS -Wvla"],,[[$CXXFLAG_WERROR]])
AX_CHECK_COMPILE_FLAG([-Wformat-security],[CXXFLAGS="$CXXFLAGS -Wformat-security"],,[[$CXXFLAG_WERROR]])
+ AX_CHECK_COMPILE_FLAG([-Wthread-safety-analysis],[CXXFLAGS="$CXXFLAGS -Wthread-safety-analysis"],,[[$CXXFLAG_WERROR]])
## Some compilers (gcc) ignore unknown -Wno-* options, but warn about all
## unknown options if any other warning is produced. Test the -Wfoo case, andLooks good? :-) |
|
Heh, I figured you'd incldue it in this PR. Anyway, utACK this pr by itself. |
|
utACK ef2aca6c12efc48ce557a87c90ecf2d96ad4885e |
ef2aca6 to
c6d9b1a
Compare
|
Cherry-picked 9df8538 into this PR as suggested by @TheBlueMatt in #10923! @TheBlueMatt, looks good? :-) |
|
@ptracticalswift maybe rebase on #10923 and take the patches from https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 (squashed, of course)? |
fe63a42 to
473e056
Compare
a165b4b to
eeee7c1
Compare
|
@TheBlueMatt Does this PR look good now? Please check my attempt to summarize your changes in the commit message for 695fe31. Let me know if anything should be changed or if you'd rather squash your commits in your branch and have me cherry pick the resulting commit as-is :-) |
a65e028 Build with --enable-werror under OS X (practicalswift) Pull request description: Build with `--enable-werror` under OS X. As suggested by @TheBlueMatt in #10866. This will allow catching violations using Travis CI which does a `clang` build for OS X. Tree-SHA512: 326248897e0776106983e0824e7e80eee3c6e584a1d360f429c30f3375dad83ab4c360c86ab0729bd9ede747ea0caa13cd6a7c35072ed9b845362423c9c37a64
.travis.yml
Outdated
| @@ -34,7 +34,7 @@ env: | |||
| # x86_64 Linux, No wallet | |||
| - HOST=x86_64-unknown-linux-gnu PACKAGES="python3" DEP_OPTS="NO_WALLET=1" RUN_TESTS=true GOAL="install" BITCOIN_CONFIG="--enable-glibc-back-compat --enable-reduce-exports" | |||
| # Cross-Mac | |||
| - HOST=x86_64-apple-darwin11 PACKAGES="cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev" BITCOIN_CONFIG="--enable-gui --enable-reduce-exports" OSX_SDK=10.11 GOAL="deploy" | |||
| - HOST=x86_64-apple-darwin11 PACKAGES="cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev" BITCOIN_CONFIG="--enable-gui --enable-reduce-exports --enable-werror" OSX_SDK=10.11 GOAL="deploy" | |||
There was a problem hiding this comment.
This change is already in master
|
@ryanofsky Looks good now? :-) |
2fcb082 to
1864bea
Compare
src/sync.h
Outdated
| typedef std::condition_variable CConditionVariable; | ||
|
|
||
| /** Just a typedef for std::unique_lock, can be wrapped later if desired */ | ||
| typedef std::unique_lock<std::mutex> Lock; |
There was a problem hiding this comment.
I'd really rather we not call this a "Lock" - its not intended to be the thing used across the codebase as any lock (though we could maybe do so if we add DEBUG_LOCKORDER support here).
There was a problem hiding this comment.
You always say what you don't want instead of saying what you do want ;). What would you like instead? If you've seen #11599, the name should make more sense in this context. I think Lock and Mutex are the right names because they match the standard. As you mentioned, you can implement DEBUG_LOCKORDER with them and also do other things useful for debugging, like printing differences in a data structure between time a particular mutex is locked & unlocked.
There was a problem hiding this comment.
The original name (CWaitableCriticalSection) was nice and specific - I'm happy to make it more in-line with the more-accepted "lock" terminology, but pointing out that it has only a narrow use-case in our codebase is important.
There was a problem hiding this comment.
Ok, but I don't think non-recursive locks should have a narrow usecase in our codebase. I thought everybody agreed non-recursivelocks should be preferred to recursive locks.
There was a problem hiding this comment.
Also CWaitableCriticalSection was not the original name for this. There was no original name for this. Previously code just used boost::unique_lock directly.
There was a problem hiding this comment.
I was fine with the WaitableCriticalSection (or WaitableLock or whatever) version that was there originally.
There was a problem hiding this comment.
@TheBlueMatt @ryanofsky The following diff would work?
diff --git a/src/init.cpp b/src/init.cpp
index dd64602..9e3eb6b 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -551,7 +551,7 @@ static void BlockNotifyGenesisWait(bool, const CBlockIndex *pBlockIndex)
{
if (pBlockIndex != nullptr) {
{
- Lock lock_GenesisWait(cs_GenesisWait);
+ WaitableLock lock_GenesisWait(cs_GenesisWait);
fHaveGenesis = true;
}
condvar_GenesisWait.notify_all();
@@ -1634,7 +1634,7 @@ bool AppInitMain(boost::thread_group& threadGroup, CScheduler& scheduler)
// Wait for genesis block to be processed
{
- Lock lock(cs_GenesisWait);
+ WaitableLock lock(cs_GenesisWait);
while (!fHaveGenesis) {
condvar_GenesisWait.wait(lock);
}
diff --git a/src/rpc/mining.cpp b/src/rpc/mining.cpp
index 8fae01b..0ba0e96 100644
--- a/src/rpc/mining.cpp
+++ b/src/rpc/mining.cpp
@@ -478,7 +478,7 @@ UniValue getblocktemplate(const JSONRPCRequest& request)
{
checktxtime = std::chrono::steady_clock::now() + std::chrono::minutes(1);
- Lock lock(csBestBlock);
+ WaitableLock lock(csBestBlock);
while (chainActive.Tip()->GetBlockHash() == hashWatchedChain && IsRPCRunning())
{
if (cvBlockChange.wait_until(lock, checktxtime) == std::cv_status::timeout)
diff --git a/src/sync.h b/src/sync.h
index 66b6d96..20556af 100644
--- a/src/sync.h
+++ b/src/sync.h
@@ -105,7 +105,7 @@ typedef AnnotatedMixin<std::mutex> CWaitableCriticalSection;
typedef std::condition_variable CConditionVariable;
/** Just a typedef for std::unique_lock, can be wrapped later if desired */
-typedef std::unique_lock<std::mutex> Lock;
+typedef std::unique_lock<std::mutex> WaitableLock;
#ifdef DEBUG_LOCKCONTENTION
void PrintLockContention(const char* pszName, const char* pszFile, int nLine);There was a problem hiding this comment.
@TheBlueMatt @ryanofsky The following diff would work?
Yes for me. (As I mentioned in my last comment I am happy with any naming in this pr since #11599 can clean up any inconsistencies.)
There was a problem hiding this comment.
@ryanofsky Excellent! OK with you @TheBlueMatt? :-)
There was a problem hiding this comment.
Yea, looks good, thanks!
…o std from boost. Commit 1. This code was written by @TheBlueMatt in the following branch: * https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 This commit message was written by me (@practicalswift) who also squashed @TheBlueMatt's commits into one and tried to summarize the changes made. Commit 2. Remove boost include. Remove boost mentions in comments.
…alysis if --enable-werror)
The vector `vExtraTxnForCompact`, which is guarded by the mutex `cs_main`, is accessed in `AddToCompactExtraTransactions(…)`.
1864bea to
76ea17c
Compare
|
@ryanofsky @TheBlueMatt Name change patch applied. Squashed and pushed. Could you please re-review? :-) |
|
utACK 76ea17c |
|
utACK 76ea17c. Nice to see some further unboostification. |
…hread-safety-analysis if available. 76ea17c Add mutex requirement for AddToCompactExtraTransactions(…) (practicalswift) 4616c82 Use -Wthread-safety-analysis if available (+ -Werror=thread-safety-analysis if --enable-werror) (practicalswift) 7e319d6 Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. (Matt Corallo) Pull request description: * Add mutex requirement for `AddToCompactExtraTransactions(…)`. * Use `-Wthread-safety-analysis` if available. * Rebased on top of https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 - now includes: Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. Tree-SHA512: fb7365f85daa2741c276a1c899228181a8d46af51db7fbbdffceeaff121a3eb2ab74d7c8bf5e7de879bcc5042d00d24cb4649c312d51caba45a3f6135fd8b38f
…ith -Wthread-safety-analysis if available. 76ea17c Add mutex requirement for AddToCompactExtraTransactions(…) (practicalswift) 4616c82 Use -Wthread-safety-analysis if available (+ -Werror=thread-safety-analysis if --enable-werror) (practicalswift) 7e319d6 Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. (Matt Corallo) Pull request description: * Add mutex requirement for `AddToCompactExtraTransactions(…)`. * Use `-Wthread-safety-analysis` if available. * Rebased on top of https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 - now includes: Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. Tree-SHA512: fb7365f85daa2741c276a1c899228181a8d46af51db7fbbdffceeaff121a3eb2ab74d7c8bf5e7de879bcc5042d00d24cb4649c312d51caba45a3f6135fd8b38f
…ith -Wthread-safety-analysis if available. 76ea17c Add mutex requirement for AddToCompactExtraTransactions(…) (practicalswift) 4616c82 Use -Wthread-safety-analysis if available (+ -Werror=thread-safety-analysis if --enable-werror) (practicalswift) 7e319d6 Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. (Matt Corallo) Pull request description: * Add mutex requirement for `AddToCompactExtraTransactions(…)`. * Use `-Wthread-safety-analysis` if available. * Rebased on top of https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 - now includes: Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. Tree-SHA512: fb7365f85daa2741c276a1c899228181a8d46af51db7fbbdffceeaff121a3eb2ab74d7c8bf5e7de879bcc5042d00d24cb4649c312d51caba45a3f6135fd8b38f
…ith -Wthread-safety-analysis if available. 76ea17c Add mutex requirement for AddToCompactExtraTransactions(…) (practicalswift) 4616c82 Use -Wthread-safety-analysis if available (+ -Werror=thread-safety-analysis if --enable-werror) (practicalswift) 7e319d6 Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. (Matt Corallo) Pull request description: * Add mutex requirement for `AddToCompactExtraTransactions(…)`. * Use `-Wthread-safety-analysis` if available. * Rebased on top of https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 - now includes: Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. Tree-SHA512: fb7365f85daa2741c276a1c899228181a8d46af51db7fbbdffceeaff121a3eb2ab74d7c8bf5e7de879bcc5042d00d24cb4649c312d51caba45a3f6135fd8b38f
…ith -Wthread-safety-analysis if available. 76ea17c Add mutex requirement for AddToCompactExtraTransactions(…) (practicalswift) 4616c82 Use -Wthread-safety-analysis if available (+ -Werror=thread-safety-analysis if --enable-werror) (practicalswift) 7e319d6 Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. (Matt Corallo) Pull request description: * Add mutex requirement for `AddToCompactExtraTransactions(…)`. * Use `-Wthread-safety-analysis` if available. * Rebased on top of https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 - now includes: Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. Tree-SHA512: fb7365f85daa2741c276a1c899228181a8d46af51db7fbbdffceeaff121a3eb2ab74d7c8bf5e7de879bcc5042d00d24cb4649c312d51caba45a3f6135fd8b38f
…se of uninitialized memory 870f0cd build: Add MemorySanitizer (MSan) in Travis to detect use of uninitialized memory (practicalswift) Pull request description: Add MemorySanitizer (MSan) in Travis to detect use of uninitialized memory. First UBSan, then ASan followed by TSan... and now: yes, the wait is over -- **MSan is finally here!** :) Some historical context: * 2017: Continuous compilation with Clang Thread Safety analysis enabled (#10866, #10923) * 2018: Continuous testing with trapping on signed integer overflows (`-ftrapv`) (#12686) * 2018: Continuous testing of use of locale dependent functions (#13041) * 2018: Continuous testing of format strings (#13705) * 2018: Continuous compilation with MSVC `TreatWarningAsError` (#14151) * 2018: Continuous testing under UndefinedBehaviorSanitizer – UBSan (#14252, #14673, #17006) * 2018: Continuous testing under AddressSanitizer – ASan (#14794, #17205, #17674) * 2018: Continuous testing under ThreadSanitizer – TSan (#14829) * 2019: Continuous testing in an unsigned char environment (`-funsigned-char`) (#15134) * 2019: Continuous compile-time testing of assumptions we're making (#15391) * 2019: Continuous testing of fuzz test cases under Valgrind (#17633, #18159, #18166) * 2020: Finally... MemorySanitizer – MSAN! :) What is the next step? What tools should we add to CI to keep bugs from entering `master`? :) ACKs for top commit: MarcoFalke: ACK 870f0cd Tree-SHA512: 38327c8b75679d97d469fe42e704cacd1217447a5a603701dd8a58ee50b3be2c10248f8d68a479ed081c0c4b254589d3081c9183f991640b06ef689061f75578
…ith -Wthread-safety-analysis if available. 76ea17c Add mutex requirement for AddToCompactExtraTransactions(…) (practicalswift) 4616c82 Use -Wthread-safety-analysis if available (+ -Werror=thread-safety-analysis if --enable-werror) (practicalswift) 7e319d6 Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. (Matt Corallo) Pull request description: * Add mutex requirement for `AddToCompactExtraTransactions(…)`. * Use `-Wthread-safety-analysis` if available. * Rebased on top of https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 - now includes: Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. Tree-SHA512: fb7365f85daa2741c276a1c899228181a8d46af51db7fbbdffceeaff121a3eb2ab74d7c8bf5e7de879bcc5042d00d24cb4649c312d51caba45a3f6135fd8b38f
…etect use of uninitialized memory 870f0cd build: Add MemorySanitizer (MSan) in Travis to detect use of uninitialized memory (practicalswift) Pull request description: Add MemorySanitizer (MSan) in Travis to detect use of uninitialized memory. First UBSan, then ASan followed by TSan... and now: yes, the wait is over -- **MSan is finally here!** :) Some historical context: * 2017: Continuous compilation with Clang Thread Safety analysis enabled (bitcoin#10866, bitcoin#10923) * 2018: Continuous testing with trapping on signed integer overflows (`-ftrapv`) (bitcoin#12686) * 2018: Continuous testing of use of locale dependent functions (bitcoin#13041) * 2018: Continuous testing of format strings (bitcoin#13705) * 2018: Continuous compilation with MSVC `TreatWarningAsError` (bitcoin#14151) * 2018: Continuous testing under UndefinedBehaviorSanitizer – UBSan (bitcoin#14252, bitcoin#14673, bitcoin#17006) * 2018: Continuous testing under AddressSanitizer – ASan (bitcoin#14794, bitcoin#17205, bitcoin#17674) * 2018: Continuous testing under ThreadSanitizer – TSan (bitcoin#14829) * 2019: Continuous testing in an unsigned char environment (`-funsigned-char`) (bitcoin#15134) * 2019: Continuous compile-time testing of assumptions we're making (bitcoin#15391) * 2019: Continuous testing of fuzz test cases under Valgrind (bitcoin#17633, bitcoin#18159, bitcoin#18166) * 2020: Finally... MemorySanitizer – MSAN! :) What is the next step? What tools should we add to CI to keep bugs from entering `master`? :) ACKs for top commit: MarcoFalke: ACK 870f0cd Tree-SHA512: 38327c8b75679d97d469fe42e704cacd1217447a5a603701dd8a58ee50b3be2c10248f8d68a479ed081c0c4b254589d3081c9183f991640b06ef689061f75578
…ith -Wthread-safety-analysis if available. 76ea17c Add mutex requirement for AddToCompactExtraTransactions(…) (practicalswift) 4616c82 Use -Wthread-safety-analysis if available (+ -Werror=thread-safety-analysis if --enable-werror) (practicalswift) 7e319d6 Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. (Matt Corallo) Pull request description: * Add mutex requirement for `AddToCompactExtraTransactions(…)`. * Use `-Wthread-safety-analysis` if available. * Rebased on top of https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 - now includes: Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. Tree-SHA512: fb7365f85daa2741c276a1c899228181a8d46af51db7fbbdffceeaff121a3eb2ab74d7c8bf5e7de879bcc5042d00d24cb4649c312d51caba45a3f6135fd8b38f
AddToCompactExtraTransactions(…).-Wthread-safety-analysisif available.