Skip to content

Commit

Permalink
Remove macOS 10.10 dynamic linker bug workaround
Browse files Browse the repository at this point in the history
  • Loading branch information
beetrees committed Jul 25, 2024
1 parent aa877bc commit 81b0b96
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 59 deletions.
52 changes: 0 additions & 52 deletions compiler/rustc_codegen_llvm/src/consts.rs
Original file line number Diff line number Diff line change
Expand Up @@ -440,58 +440,6 @@ impl<'ll> CodegenCx<'ll, '_> {

if attrs.flags.contains(CodegenFnAttrFlags::THREAD_LOCAL) {
llvm::set_thread_local_mode(g, self.tls_model);

// Do not allow LLVM to change the alignment of a TLS on macOS.
//
// By default a global's alignment can be freely increased.
// This allows LLVM to generate more performant instructions
// e.g., using load-aligned into a SIMD register.
//
// However, on macOS 10.10 or below, the dynamic linker does not
// respect any alignment given on the TLS (radar 24221680).
// This will violate the alignment assumption, and causing segfault at runtime.
//
// This bug is very easy to trigger. In `println!` and `panic!`,
// the `LOCAL_STDOUT`/`LOCAL_STDERR` handles are stored in a TLS,
// which the values would be `mem::replace`d on initialization.
// The implementation of `mem::replace` will use SIMD
// whenever the size is 32 bytes or higher. LLVM notices SIMD is used
// and tries to align `LOCAL_STDOUT`/`LOCAL_STDERR` to a 32-byte boundary,
// which macOS's dyld disregarded and causing crashes
// (see issues #51794, #51758, #50867, #48866 and #44056).
//
// To workaround the bug, we trick LLVM into not increasing
// the global's alignment by explicitly assigning a section to it
// (equivalent to automatically generating a `#[link_section]` attribute).
// See the comment in the `GlobalValue::canIncreaseAlignment()` function
// of `lib/IR/Globals.cpp` for why this works.
//
// When the alignment is not increased, the optimized `mem::replace`
// will use load-unaligned instructions instead, and thus avoiding the crash.
//
// We could remove this hack whenever we decide to drop macOS 10.10 support.
if self.tcx.sess.target.is_like_osx {
// The `inspect` method is okay here because we checked for provenance, and
// because we are doing this access to inspect the final interpreter state
// (not as part of the interpreter execution).
//
// FIXME: This check requires that the (arbitrary) value of undefined bytes
// happens to be zero. Instead, we should only check the value of defined bytes
// and set all undefined bytes to zero if this allocation is headed for the
// BSS.
let all_bytes_are_zero = alloc.provenance().ptrs().is_empty()
&& alloc
.inspect_with_uninit_and_ptr_outside_interpreter(0..alloc.len())
.iter()
.all(|&byte| byte == 0);

let sect_name = if all_bytes_are_zero {
c"__DATA,__thread_bss"
} else {
c"__DATA,__thread_data"
};
llvm::LLVMSetSection(g, sect_name.as_ptr());
}
}

// Wasm statics with custom link sections get special treatment as they
Expand Down
13 changes: 6 additions & 7 deletions library/std/src/fs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2471,16 +2471,15 @@ pub fn remove_dir<P: AsRef<Path>>(path: P) -> io::Result<()> {
/// # Platform-specific behavior
///
/// This function currently corresponds to `openat`, `fdopendir`, `unlinkat` and `lstat` functions
/// on Unix (except for macOS before version 10.10 and REDOX) and the `CreateFileW`,
/// `GetFileInformationByHandleEx`, `SetFileInformationByHandle`, and `NtCreateFile` functions on
/// Windows. Note that, this [may change in the future][changes].
/// on Unix (except for REDOX) and the `CreateFileW`, `GetFileInformationByHandleEx`,
/// `SetFileInformationByHandle`, and `NtCreateFile` functions on Windows. Note that, this
/// [may change in the future][changes].
///
/// [changes]: io#platform-specific-behavior
///
/// On macOS before version 10.10 and REDOX, as well as when running in Miri for any target, this
/// function is not protected against time-of-check to time-of-use (TOCTOU) race conditions, and
/// should not be used in security-sensitive code on those platforms. All other platforms are
/// protected.
/// On REDOX, as well as when running in Miri for any target, this function is not protected against
/// time-of-check to time-of-use (TOCTOU) race conditions, and should not be used in
/// security-sensitive code on those platforms. All other platforms are protected.
///
/// # Errors
///
Expand Down

0 comments on commit 81b0b96

Please sign in to comment.