- 
                Notifications
    You must be signed in to change notification settings 
- Fork 119
Enable ThreadSanitizer across the entire multi-threaded JIT pipeline #618
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Conversation
ThreadSanitizer (TSAN) can now detect race conditions across the entire multi-threaded JIT pipeline with full 4GB address space emulation. This enables testing of the tier-2 LLVM compilation thread while maintaining production memory layout. Memory Layout (TSAN-compatible): - Main memory: MAP_FIXED at 0x7d0000000000 (4GB) - JIT buffer: MAP_FIXED at 0x7d1000000000 - Both allocations within TSAN app range (0x7cf-0x7ff trillion) - Prevents conflicts with TSAN shadow memory (0x02a-0x7ce trillion) ASLR Mitigation: - Added setarch -R wrapper for TSAN test execution - Disables ASLR to prevent random allocations in shadow memory - Only affects test runs, not production builds SDL Conflict Resolution: - SDL (uninstrumented system library) creates threads TSAN cannot track - Disabled SDL when TSAN enabled to focus on built-in race detection - Production builds still fully support SDL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Benchmarks
| Benchmark suite | Current: 2497867 | Previous: 2149996 | Ratio | 
|---|---|---|---|
| Dhrystone | 1328Average DMIPS over 10 runs | 1344Average DMIPS over 10 runs | 1.01 | 
| Coremark | 961.712Average iterations/sec over 10 runs | 962.342Average iterations/sec over 10 runs | 1.00 | 
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1 issue found across 8 files
Prompt for AI agents (all 1 issues)
Understand the root cause of the following 1 issues and fix them.
<file name="src/jit.c">
<violation number="1" location="src/jit.c:2350">
When TSAN is enabled on macOS x86_64, this mmap call loses the MAP_JIT flag that the standard path uses, so hardened macOS failures return MAP_FAILED and the JIT never initializes. Please keep MAP_JIT on macOS even in the TSAN path.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| * 0x7ffffffff000) and prevents overlap with main memory or TSAN shadow. | ||
| */ | ||
| void *jit_addr = (void *) 0x7d1000000000UL; | ||
| state->buf = mmap(jit_addr, size, PROT_READ | PROT_WRITE | PROT_EXEC, | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When TSAN is enabled on macOS x86_64, this mmap call loses the MAP_JIT flag that the standard path uses, so hardened macOS failures return MAP_FAILED and the JIT never initializes. Please keep MAP_JIT on macOS even in the TSAN path.
Prompt for AI agents
Address the following comment on src/jit.c at line 2350:
<comment>When TSAN is enabled on macOS x86_64, this mmap call loses the MAP_JIT flag that the standard path uses, so hardened macOS failures return MAP_FAILED and the JIT never initializes. Please keep MAP_JIT on macOS even in the TSAN path.</comment>
<file context>
@@ -2336,6 +2336,25 @@ struct jit_state *jit_state_init(size_t size)
+     * 0x7ffffffff000) and prevents overlap with main memory or TSAN shadow.
+     */
+    void *jit_addr = (void *) 0x7d1000000000UL;
+    state->buf = mmap(jit_addr, size, PROT_READ | PROT_WRITE | PROT_EXEC,
+                      MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
+    if (state->buf == MAP_FAILED) {
</file context>
✅ Addressed in f915bc2
558e438    to
    132db90      
    Compare
  
    This commit adds ThreadSanitizer (TSAN) support for ARM64/Apple Silicon and fixes critical JIT instruction cache coherency issues. ARM64 TSAN Support: - Extended TSAN-compatible memory allocation to ARM64 architecture - Main memory allocated at fixed address 0x150000000000 (21TB) - JIT buffer allocated at 0x151000000000 with MAP_JIT for Apple Silicon - Both allocations avoid TSAN shadow memory and enable race detection - Note: Requires ASLR disabled on macOS (SIP restrictions may apply) JIT Cache Coherency Fixes: 1. Fixed pthread_jit_write_protect_np() ordering in update_branch_imm 2. Added sys_icache_invalidate() in update_branch_imm 3. Added cache invalidation in resolve_jumps() for x86_64 Fix JIT regalloc conflicts in memory load After reset_reg() clears the register allocator state, load instructions (lb/lh/lw/lbu/lhu) could reallocate the same host register for both the address and destination, causing data corruption. This commit uses map_vm_reg_reserved() to prevent reusing the address register.
This commit introduces a comprehensive JIT debugging infrastructure to catch register allocation conflicts and cache coherency issues before they cause subtle runtime failures in production.
User-space emulation tests were failing because ENABLE_ELF_LOADER defaulted to 0, preventing ELF file loading. The fix automatically enables ELF_LOADER when SYSTEM=0, as user-space mode always requires it to load test ELF files.
User-space emulation tests were failing because ENABLE_ELF_LOADER defaulted to 0, preventing ELF file loading. The fix automatically enables ELF_LOADER when SYSTEM=0, except for architecture tests which have their own binary loading mechanism.
ThreadSanitizer (TSAN) can now detect race conditions across the entire multi-threaded JIT pipeline with full 4GB address space emulation. This enables testing of the tier-2 LLVM compilation thread while maintaining production memory layout.
Memory Layout (TSAN-compatible):
ASLR Mitigation:
SDL Conflict Resolution:
Summary by cubic
Enables ThreadSanitizer across the multi-threaded JIT pipeline with FULL4G memory emulation, including tier-2 compilation thread support. Uses fixed mappings and ASLR-disabled test runs to avoid TSAN shadow conflicts while keeping the production layout.
New Features
Bug Fixes