[vm/shared] Enforce trivially-shareable values for shared field initial values.

aam · Commit Queue · commit 31005f38349f · 2025-08-11T13:41:12.000-07:00
Fix validation rules so typed-data is allowed to be stored in the shared fields. Adjust tsan tests so they can still put user-defined class and list into a shared field. Fixes #61260 TEST=ci Change-Id: If69189c56146d605fc119c8c07f3b42a394912fc Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/444203 Reviewed-by: Ryan Macnak <rmacnak@google.com> Commit-Queue: Alexander Aprelev <aam@google.com>
diff --git a/runtime/bin/ffi_test/ffi_test_functions_vmspecific.cc b/runtime/bin/ffi_test/ffi_test_functions_vmspecific.cc
@@ -1234,6 +1234,20 @@ intptr_t ReturnIntPtrMethod(Dart_Handle self, intptr_t value) {
   return value;
 }
 
+void UnsafeSetSharedTo(Dart_Handle library_name,
+                       Dart_Handle field_name,
+                       Dart_Handle value_handle) {
+  struct {
+    void* library_name_handle;
+    void* field_name_handle;
+    void* value_handle;
+  } args = {.library_name_handle = reinterpret_cast<void*>(library_name),
+            .field_name_handle = reinterpret_cast<void*>(field_name),
+            .value_handle = reinterpret_cast<void*>(value_handle)};
+
+  Dart_ExecuteInternalCommand("unsafe-set-shared-to", &args);
+}
+
 static void* FfiNativeResolver(const char* name, uintptr_t args_n) {
   if (strcmp(name, "Dart_SetNativeInstanceField") == 0 && args_n == 3) {
     return reinterpret_cast<void*>(Dart_SetNativeInstanceField);
@@ -1289,6 +1303,9 @@ static void* FfiNativeResolver(const char* name, uintptr_t args_n) {
   if (strcmp(name, "ReturnIntPtrMethod") == 0 && args_n == 2) {
     return reinterpret_cast<void*>(ReturnIntPtrMethod);
   }
+  if (strcmp(name, "UnsafeSetSharedTo") == 0 && args_n == 3) {
+    return reinterpret_cast<void*>(UnsafeSetSharedTo);
+  }
   // This should be unreachable in tests.
   ENSURE(false);
 }
diff --git a/runtime/tests/vm/dart/tsan/array_data_race_test.dart b/runtime/tests/vm/dart/tsan/array_data_race_test.dart
@@ -4,19 +4,23 @@
 
 // VMOptions=--experimental-shared-data
 
+import "dart:ffi";
 import "dart:io";
 import "dart:isolate";
 import "package:expect/expect.dart";
 
+import '../dylib_utils.dart';
+
+@pragma("vm:entry-point")
 @pragma("vm:shared")
-List<dynamic> box = List<dynamic>.filled(1, 0);
+List<dynamic>? box;
 
 @pragma("vm:never-inline")
 noopt() {}
 
 @pragma("vm:never-inline")
 dataRaceFromMain() {
-  final localBox = box;
+  final localBox = box!;
   for (var i = 0; i < 1000000; i++) {
     localBox[0] += 1;
     noopt();
@@ -25,7 +29,7 @@ dataRaceFromMain() {
 
 @pragma("vm:never-inline")
 dataRaceFromChild() {
-  final localBox = box;
+  final localBox = box!;
   for (var i = 0; i < 1000000; i++) {
     localBox[0] += 1;
     noopt();
@@ -36,8 +40,26 @@ child(_) {
   dataRaceFromChild();
 }
 
+final nativeLib = dlopenPlatformSpecific('ffi_test_functions');
+
+final getRootLibraryUrl = nativeLib
+    .lookupFunction<Handle Function(), Object Function()>('GetRootLibraryUrl');
+
+final setFfiNativeResolverForTest = nativeLib
+    .lookupFunction<Void Function(Handle), void Function(Object)>(
+      'SetFfiNativeResolverForTest',
+    );
+
+@Native<IntPtr Function(Handle, Handle, Handle)>(symbol: 'UnsafeSetSharedTo')
+external int unsafeSetSharedTo(Object library_name, String name, Object value);
+
 main(List<String> arguments) {
   if (arguments.contains("--testee")) {
+    setFfiNativeResolverForTest(getRootLibraryUrl());
+    // At this point List is not allowed to be stored in shaded fields.
+    // Still we want to use it here to test data race detection.
+    unsafeSetSharedTo(getRootLibraryUrl(), "box", List<dynamic>.filled(1, 0));
+
     print(box); // side effect initialization
     Isolate.spawn(child, null);
     dataRaceFromMain();
@@ -61,6 +83,6 @@ main(List<String> arguments) {
   Expect.notEquals(0, result.exitCode);
   Expect.contains("ThreadSanitizer: data race", result.stderr);
   Expect.contains("of size 8", result.stderr);
-  Expect.contains("dataRaceFromMain", result.stderr);
-  Expect.contains("dataRaceFromChild", result.stderr);
+  Expect.contains("List.[]=", result.stderr);
+  Expect.contains("_Array.[]", result.stderr);
 }
diff --git a/runtime/tests/vm/dart/tsan/field_data_race_no_sanitize_test.dart b/runtime/tests/vm/dart/tsan/field_data_race_no_sanitize_test.dart
@@ -4,24 +4,28 @@
 
 // VMOptions=--experimental-shared-data
 
+import "dart:ffi";
 import "dart:io";
 import "dart:isolate";
 import "package:expect/expect.dart";
 
+import '../dylib_utils.dart';
+
 class Box {
   @pragma("vm:no-sanitize-thread") // __attribute__((no_sanitize("thread")))
   int foo = 0;
 }
 
+@pragma("vm:entry-point")
 @pragma("vm:shared")
-Box box = Box();
+Box? box;
 
 @pragma("vm:never-inline")
 noopt() {}
 
 @pragma("vm:never-inline")
 dataRaceFromMain() {
-  final localBox = box;
+  final localBox = box!;
   for (var i = 0; i < 1000000; i++) {
     localBox.foo += 1;
     noopt();
@@ -30,7 +34,7 @@ dataRaceFromMain() {
 
 @pragma("vm:never-inline")
 dataRaceFromChild() {
-  final localBox = box;
+  final localBox = box!;
   for (var i = 0; i < 1000000; i++) {
     localBox.foo += 1;
     noopt();
@@ -41,8 +45,23 @@ child(_) {
   dataRaceFromChild();
 }
 
+final nativeLib = dlopenPlatformSpecific('ffi_test_functions');
+
+final getRootLibraryUrl = nativeLib
+    .lookupFunction<Handle Function(), Object Function()>('GetRootLibraryUrl');
+
+final setFfiNativeResolverForTest = nativeLib
+    .lookupFunction<Void Function(Handle), void Function(Object)>(
+      'SetFfiNativeResolverForTest',
+    );
+
+@Native<IntPtr Function(Handle, Handle, Handle)>(symbol: 'UnsafeSetSharedTo')
+external int unsafeSetSharedTo(Object library_name, String name, Object value);
+
 main(List<String> arguments) {
   if (arguments.contains("--testee")) {
+    setFfiNativeResolverForTest(getRootLibraryUrl());
+    unsafeSetSharedTo(getRootLibraryUrl(), "box", Box());
     print(box); // side effect initialization
     Isolate.spawn(child, null);
     dataRaceFromMain();
diff --git a/runtime/tests/vm/dart/tsan/field_data_race_test.dart b/runtime/tests/vm/dart/tsan/field_data_race_test.dart
@@ -4,23 +4,27 @@
 
 // VMOptions=--experimental-shared-data
 
+import "dart:ffi";
 import "dart:io";
 import "dart:isolate";
 import "package:expect/expect.dart";
 
+import '../dylib_utils.dart';
+
 class Box {
   int foo = 0;
 }
 
+@pragma("vm:entry-point")
 @pragma("vm:shared")
-Box box = Box();
+Box? box;
 
 @pragma("vm:never-inline")
 noopt() {}
 
 @pragma("vm:never-inline")
 dataRaceFromMain() {
-  final localBox = box;
+  final localBox = box!;
   for (var i = 0; i < 1000000; i++) {
     localBox.foo += 1;
     noopt();
@@ -29,7 +33,7 @@ dataRaceFromMain() {
 
 @pragma("vm:never-inline")
 dataRaceFromChild() {
-  final localBox = box;
+  final localBox = box!;
   for (var i = 0; i < 1000000; i++) {
     localBox.foo += 1;
     noopt();
@@ -40,8 +44,25 @@ child(_) {
   dataRaceFromChild();
 }
 
+final nativeLib = dlopenPlatformSpecific('ffi_test_functions');
+
+final getRootLibraryUrl = nativeLib
+    .lookupFunction<Handle Function(), Object Function()>('GetRootLibraryUrl');
+
+final setFfiNativeResolverForTest = nativeLib
+    .lookupFunction<Void Function(Handle), void Function(Object)>(
+      'SetFfiNativeResolverForTest',
+    );
+
+@Native<IntPtr Function(Handle, Handle, Handle)>(symbol: 'UnsafeSetSharedTo')
+external int unsafeSetSharedTo(Object library_name, String name, Object value);
+
 main(List<String> arguments) {
   if (arguments.contains("--testee")) {
+    setFfiNativeResolverForTest(getRootLibraryUrl());
+    // At this point List is not allowed to be stored in shaded fields.
+    // Still we want to use it here to test data race detection.
+    unsafeSetSharedTo(getRootLibraryUrl(), "box", Box());
     print(box); // side effect initialization
     Isolate.spawn(child, null);
     dataRaceFromMain();
diff --git a/runtime/vm/ffi_callback_metadata.cc b/runtime/vm/ffi_callback_metadata.cc
@@ -363,14 +363,18 @@ static void ValidateTriviallyImmutabilityOfAnObject(Zone* zone,
         zone, Closure::RawCast(p_obj->ptr()));
     return;
   }
-  if (!p_obj->IsImmutable()) {
-    const String& error = String::Handle(
-        zone,
-        String::NewFormatted("Only trivially-immutable values are allowed: %s.",
-                             p_obj->ToCString()));
-    Exceptions::ThrowArgumentError(error);
-    UNREACHABLE();
+  if (p_obj->IsImmutable()) {
+    return;
   }
+  if (IsTypedDataBaseClassId(p_obj->GetClassId())) {
+    return;
+  }
+  const String& error = String::Handle(
+      zone,
+      String::NewFormatted("Only trivially-immutable values are allowed: %s.",
+                           p_obj->ToCString()));
+  Exceptions::ThrowArgumentError(error);
+  UNREACHABLE();
 }
 
 void FfiCallbackMetadata::EnsureOnlyTriviallyImmutableValuesInClosure(
diff --git a/runtime/vm/native_api_impl.cc b/runtime/vm/native_api_impl.cc
@@ -284,6 +284,12 @@ struct RunInSafepointAndRWCodeArgs {
   std::function<void()>* callback;
 };
 
+struct UnsafeSetSharedToArgs {
+  void* library_name_handle;
+  void* field_name_handle;
+  void* value_handle;
+};
+
 DART_EXPORT void* Dart_ExecuteInternalCommand(const char* command, void* arg) {
   if (strcmp(command, "gc-on-nth-allocation") == 0) {
     Thread* const thread = Thread::Current();
@@ -340,6 +346,30 @@ DART_EXPORT void* Dart_ExecuteInternalCommand(const char* command, void* arg) {
     Thread::ExitIsolateGroupAsHelper(kBypassSafepoint);
     return nullptr;
 
+  } else if (strcmp(command, "unsafe-set-shared-to") == 0) {
+    const UnsafeSetSharedToArgs* const args =
+        reinterpret_cast<UnsafeSetSharedToArgs*>(arg);
+    DARTSCOPE(Thread::Current());
+    const String& library_name = Api::UnwrapStringHandle(
+        T->zone(), reinterpret_cast<Dart_Handle>(args->library_name_handle));
+    const String& field_name = Api::UnwrapStringHandle(
+        T->zone(), reinterpret_cast<Dart_Handle>(args->field_name_handle));
+    const Instance& value = Api::UnwrapInstanceHandle(
+        T->zone(), reinterpret_cast<Dart_Handle>(args->value_handle));
+    const Library& library =
+        Library::Handle(T->zone(), Library::LookupLibrary(T, library_name));
+    ASSERT(!library.IsNull());
+    Field& field =
+        Field::Handle(T->zone(), library.LookupFieldAllowPrivate(field_name));
+    ASSERT(!field.IsNull());
+    if (field.is_shared()) {
+      SafepointReadRwLocker ml(T, T->isolate_group()->program_lock());
+      T->isolate_group()->shared_field_table()->SetAt(field.field_id(),
+                                                      value.ptr());
+    } else {
+      field.SetStaticValue(value);
+    }
+    return nullptr;
   } else {
     UNREACHABLE();
   }
diff --git a/runtime/vm/object.cc b/runtime/vm/object.cc
@@ -13400,6 +13400,15 @@ void Field::SetStaticValue(const Object& value) const {
   const intptr_t id = field_id();
   ASSERT(id >= 0);
 
+  if (is_shared() && !value.IsImmutable() &&
+      !IsTypedDataBaseClassId(value.GetClassId())) {
+    const String& error = String::Handle(
+        thread->zone(),
+        String::NewFormatted("Only trivially-immutable values are allowed: %s.",
+                             value.ToCString()));
+    Exceptions::ThrowArgumentError(error);
+    UNREACHABLE();
+  }
   SafepointReadRwLocker ml(thread, thread->isolate_group()->program_lock());
   if (is_shared()) {
     thread->isolate_group()->shared_field_table()->SetAt(
