1 //===--- CrashRecoveryContext.cpp - Crash Recovery ------------------------===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 
10 #include "llvm/Support/CrashRecoveryContext.h"
11 #include "llvm/Config/config.h"
12 #include "llvm/Support/ErrorHandling.h"
13 #include "llvm/Support/ManagedStatic.h"
14 #include "llvm/Support/Mutex.h"
15 #include "llvm/Support/ThreadLocal.h"
16 #include <setjmp.h>
17 using namespace llvm;
18 
19 namespace {
20 
21 struct CrashRecoveryContextImpl;
22 
23 static ManagedStatic<
24     sys::ThreadLocal<const CrashRecoveryContextImpl> > CurrentContext;
25 
26 struct CrashRecoveryContextImpl {
27   CrashRecoveryContext *CRC;
28   std::string Backtrace;
29   ::jmp_buf JumpBuffer;
30   volatile unsigned Failed : 1;
31   unsigned SwitchedThread : 1;
32 
33 public:
CrashRecoveryContextImpl__anon9a96d2030111::CrashRecoveryContextImpl34   CrashRecoveryContextImpl(CrashRecoveryContext *CRC) : CRC(CRC),
35                                                         Failed(false),
36                                                         SwitchedThread(false) {
37     CurrentContext->set(this);
38   }
~CrashRecoveryContextImpl__anon9a96d2030111::CrashRecoveryContextImpl39   ~CrashRecoveryContextImpl() {
40     if (!SwitchedThread)
41       CurrentContext->erase();
42   }
43 
44   /// \brief Called when the separate crash-recovery thread was finished, to
45   /// indicate that we don't need to clear the thread-local CurrentContext.
setSwitchedThread__anon9a96d2030111::CrashRecoveryContextImpl46   void setSwitchedThread() { SwitchedThread = true; }
47 
HandleCrash__anon9a96d2030111::CrashRecoveryContextImpl48   void HandleCrash() {
49     // Eliminate the current context entry, to avoid re-entering in case the
50     // cleanup code crashes.
51     CurrentContext->erase();
52 
53     assert(!Failed && "Crash recovery context already failed!");
54     Failed = true;
55 
56     // FIXME: Stash the backtrace.
57 
58     // Jump back to the RunSafely we were called under.
59     longjmp(JumpBuffer, 1);
60   }
61 };
62 
63 }
64 
65 static ManagedStatic<sys::Mutex> gCrashRecoveryContextMutex;
66 static bool gCrashRecoveryEnabled = false;
67 
68 static ManagedStatic<sys::ThreadLocal<const CrashRecoveryContextCleanup> >
69        tlIsRecoveringFromCrash;
70 
~CrashRecoveryContextCleanup()71 CrashRecoveryContextCleanup::~CrashRecoveryContextCleanup() {}
72 
~CrashRecoveryContext()73 CrashRecoveryContext::~CrashRecoveryContext() {
74   // Reclaim registered resources.
75   CrashRecoveryContextCleanup *i = head;
76   tlIsRecoveringFromCrash->set(head);
77   while (i) {
78     CrashRecoveryContextCleanup *tmp = i;
79     i = tmp->next;
80     tmp->cleanupFired = true;
81     tmp->recoverResources();
82     delete tmp;
83   }
84   tlIsRecoveringFromCrash->erase();
85 
86   CrashRecoveryContextImpl *CRCI = (CrashRecoveryContextImpl *) Impl;
87   delete CRCI;
88 }
89 
isRecoveringFromCrash()90 bool CrashRecoveryContext::isRecoveringFromCrash() {
91   return tlIsRecoveringFromCrash->get() != nullptr;
92 }
93 
GetCurrent()94 CrashRecoveryContext *CrashRecoveryContext::GetCurrent() {
95   if (!gCrashRecoveryEnabled)
96     return nullptr;
97 
98   const CrashRecoveryContextImpl *CRCI = CurrentContext->get();
99   if (!CRCI)
100     return nullptr;
101 
102   return CRCI->CRC;
103 }
104 
registerCleanup(CrashRecoveryContextCleanup * cleanup)105 void CrashRecoveryContext::registerCleanup(CrashRecoveryContextCleanup *cleanup)
106 {
107   if (!cleanup)
108     return;
109   if (head)
110     head->prev = cleanup;
111   cleanup->next = head;
112   head = cleanup;
113 }
114 
115 void
unregisterCleanup(CrashRecoveryContextCleanup * cleanup)116 CrashRecoveryContext::unregisterCleanup(CrashRecoveryContextCleanup *cleanup) {
117   if (!cleanup)
118     return;
119   if (cleanup == head) {
120     head = cleanup->next;
121     if (head)
122       head->prev = nullptr;
123   }
124   else {
125     cleanup->prev->next = cleanup->next;
126     if (cleanup->next)
127       cleanup->next->prev = cleanup->prev;
128   }
129   delete cleanup;
130 }
131 
132 #ifdef LLVM_ON_WIN32
133 
134 #include "Windows/WindowsSupport.h"
135 
136 // On Windows, we can make use of vectored exception handling to
137 // catch most crashing situations.  Note that this does mean
138 // we will be alerted of exceptions *before* structured exception
139 // handling has the opportunity to catch it.  But that isn't likely
140 // to cause problems because nowhere in the project is SEH being
141 // used.
142 //
143 // Vectored exception handling is built on top of SEH, and so it
144 // works on a per-thread basis.
145 //
146 // The vectored exception handler functionality was added in Windows
147 // XP, so if support for older versions of Windows is required,
148 // it will have to be added.
149 //
150 // If we want to support as far back as Win2k, we could use the
151 // SetUnhandledExceptionFilter API, but there's a risk of that
152 // being entirely overwritten (it's not a chain).
153 
ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo)154 static LONG CALLBACK ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo)
155 {
156   // Lookup the current thread local recovery object.
157   const CrashRecoveryContextImpl *CRCI = CurrentContext->get();
158 
159   if (!CRCI) {
160     // Something has gone horribly wrong, so let's just tell everyone
161     // to keep searching
162     CrashRecoveryContext::Disable();
163     return EXCEPTION_CONTINUE_SEARCH;
164   }
165 
166   // TODO: We can capture the stack backtrace here and store it on the
167   // implementation if we so choose.
168 
169   // Handle the crash
170   const_cast<CrashRecoveryContextImpl*>(CRCI)->HandleCrash();
171 
172   // Note that we don't actually get here because HandleCrash calls
173   // longjmp, which means the HandleCrash function never returns.
174   llvm_unreachable("Handled the crash, should have longjmp'ed out of here");
175 }
176 
177 // Because the Enable and Disable calls are static, it means that
178 // there may not actually be an Impl available, or even a current
179 // CrashRecoveryContext at all.  So we make use of a thread-local
180 // exception table.  The handles contained in here will either be
181 // non-NULL, valid VEH handles, or NULL.
182 static sys::ThreadLocal<const void> sCurrentExceptionHandle;
183 
Enable()184 void CrashRecoveryContext::Enable() {
185   sys::ScopedLock L(*gCrashRecoveryContextMutex);
186 
187   if (gCrashRecoveryEnabled)
188     return;
189 
190   gCrashRecoveryEnabled = true;
191 
192   // We can set up vectored exception handling now.  We will install our
193   // handler as the front of the list, though there's no assurances that
194   // it will remain at the front (another call could install itself before
195   // our handler).  This 1) isn't likely, and 2) shouldn't cause problems.
196   PVOID handle = ::AddVectoredExceptionHandler(1, ExceptionHandler);
197   sCurrentExceptionHandle.set(handle);
198 }
199 
Disable()200 void CrashRecoveryContext::Disable() {
201   sys::ScopedLock L(*gCrashRecoveryContextMutex);
202 
203   if (!gCrashRecoveryEnabled)
204     return;
205 
206   gCrashRecoveryEnabled = false;
207 
208   PVOID currentHandle = const_cast<PVOID>(sCurrentExceptionHandle.get());
209   if (currentHandle) {
210     // Now we can remove the vectored exception handler from the chain
211     ::RemoveVectoredExceptionHandler(currentHandle);
212 
213     // Reset the handle in our thread-local set.
214     sCurrentExceptionHandle.set(NULL);
215   }
216 }
217 
218 #else
219 
220 // Generic POSIX implementation.
221 //
222 // This implementation relies on synchronous signals being delivered to the
223 // current thread. We use a thread local object to keep track of the active
224 // crash recovery context, and install signal handlers to invoke HandleCrash on
225 // the active object.
226 //
227 // This implementation does not to attempt to chain signal handlers in any
228 // reliable fashion -- if we get a signal outside of a crash recovery context we
229 // simply disable crash recovery and raise the signal again.
230 
231 #include <signal.h>
232 
233 static const int Signals[] =
234     { SIGABRT, SIGBUS, SIGFPE, SIGILL, SIGSEGV, SIGTRAP };
235 static const unsigned NumSignals = sizeof(Signals) / sizeof(Signals[0]);
236 static struct sigaction PrevActions[NumSignals];
237 
CrashRecoverySignalHandler(int Signal)238 static void CrashRecoverySignalHandler(int Signal) {
239   // Lookup the current thread local recovery object.
240   const CrashRecoveryContextImpl *CRCI = CurrentContext->get();
241 
242   if (!CRCI) {
243     // We didn't find a crash recovery context -- this means either we got a
244     // signal on a thread we didn't expect it on, the application got a signal
245     // outside of a crash recovery context, or something else went horribly
246     // wrong.
247     //
248     // Disable crash recovery and raise the signal again. The assumption here is
249     // that the enclosing application will terminate soon, and we won't want to
250     // attempt crash recovery again.
251     //
252     // This call of Disable isn't thread safe, but it doesn't actually matter.
253     CrashRecoveryContext::Disable();
254     raise(Signal);
255 
256     // The signal will be thrown once the signal mask is restored.
257     return;
258   }
259 
260   // Unblock the signal we received.
261   sigset_t SigMask;
262   sigemptyset(&SigMask);
263   sigaddset(&SigMask, Signal);
264   sigprocmask(SIG_UNBLOCK, &SigMask, nullptr);
265 
266   if (CRCI)
267     const_cast<CrashRecoveryContextImpl*>(CRCI)->HandleCrash();
268 }
269 
Enable()270 void CrashRecoveryContext::Enable() {
271   sys::ScopedLock L(*gCrashRecoveryContextMutex);
272 
273   if (gCrashRecoveryEnabled)
274     return;
275 
276   gCrashRecoveryEnabled = true;
277 
278   // Setup the signal handler.
279   struct sigaction Handler;
280   Handler.sa_handler = CrashRecoverySignalHandler;
281   Handler.sa_flags = 0;
282   sigemptyset(&Handler.sa_mask);
283 
284   for (unsigned i = 0; i != NumSignals; ++i) {
285     sigaction(Signals[i], &Handler, &PrevActions[i]);
286   }
287 }
288 
Disable()289 void CrashRecoveryContext::Disable() {
290   sys::ScopedLock L(*gCrashRecoveryContextMutex);
291 
292   if (!gCrashRecoveryEnabled)
293     return;
294 
295   gCrashRecoveryEnabled = false;
296 
297   // Restore the previous signal handlers.
298   for (unsigned i = 0; i != NumSignals; ++i)
299     sigaction(Signals[i], &PrevActions[i], nullptr);
300 }
301 
302 #endif
303 
RunSafely(function_ref<void ()> Fn)304 bool CrashRecoveryContext::RunSafely(function_ref<void()> Fn) {
305   // If crash recovery is disabled, do nothing.
306   if (gCrashRecoveryEnabled) {
307     assert(!Impl && "Crash recovery context already initialized!");
308     CrashRecoveryContextImpl *CRCI = new CrashRecoveryContextImpl(this);
309     Impl = CRCI;
310 
311     if (setjmp(CRCI->JumpBuffer) != 0) {
312       return false;
313     }
314   }
315 
316   Fn();
317   return true;
318 }
319 
HandleCrash()320 void CrashRecoveryContext::HandleCrash() {
321   CrashRecoveryContextImpl *CRCI = (CrashRecoveryContextImpl *) Impl;
322   assert(CRCI && "Crash recovery context never initialized!");
323   CRCI->HandleCrash();
324 }
325 
getBacktrace() const326 const std::string &CrashRecoveryContext::getBacktrace() const {
327   CrashRecoveryContextImpl *CRC = (CrashRecoveryContextImpl *) Impl;
328   assert(CRC && "Crash recovery context never initialized!");
329   assert(CRC->Failed && "No crash was detected!");
330   return CRC->Backtrace;
331 }
332 
333 // FIXME: Portability.
setThreadBackgroundPriority()334 static void setThreadBackgroundPriority() {
335 #ifdef __APPLE__
336   setpriority(PRIO_DARWIN_THREAD, 0, PRIO_DARWIN_BG);
337 #endif
338 }
339 
hasThreadBackgroundPriority()340 static bool hasThreadBackgroundPriority() {
341 #ifdef __APPLE__
342   return getpriority(PRIO_DARWIN_THREAD, 0) == 1;
343 #else
344   return false;
345 #endif
346 }
347 
348 namespace {
349 struct RunSafelyOnThreadInfo {
350   function_ref<void()> Fn;
351   CrashRecoveryContext *CRC;
352   bool UseBackgroundPriority;
353   bool Result;
354 };
355 }
356 
RunSafelyOnThread_Dispatch(void * UserData)357 static void RunSafelyOnThread_Dispatch(void *UserData) {
358   RunSafelyOnThreadInfo *Info =
359     reinterpret_cast<RunSafelyOnThreadInfo*>(UserData);
360 
361   if (Info->UseBackgroundPriority)
362     setThreadBackgroundPriority();
363 
364   Info->Result = Info->CRC->RunSafely(Info->Fn);
365 }
RunSafelyOnThread(function_ref<void ()> Fn,unsigned RequestedStackSize)366 bool CrashRecoveryContext::RunSafelyOnThread(function_ref<void()> Fn,
367                                              unsigned RequestedStackSize) {
368   bool UseBackgroundPriority = hasThreadBackgroundPriority();
369   RunSafelyOnThreadInfo Info = { Fn, this, UseBackgroundPriority, false };
370   llvm_execute_on_thread(RunSafelyOnThread_Dispatch, &Info, RequestedStackSize);
371   if (CrashRecoveryContextImpl *CRC = (CrashRecoveryContextImpl *)Impl)
372     CRC->setSwitchedThread();
373   return Info.Result;
374 }
375