Skip to content

[Runtime] Fix race condition in protocol conformance lookups that caused false negatives. #35836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 9, 2021
Merged

[Runtime] Fix race condition in protocol conformance lookups that caused false negatives. #35836

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion include/swift/Demangling/TypeLookupError.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ class TypeLookupError {

Fn(Context, Command::DestroyContext, nullptr);
Fn = other.Fn;
Context = Fn(Context, Command::CopyContext, nullptr);
Context = Fn(other.Context, Command::CopyContext, nullptr);

return *this;
}
Expand Down Expand Up @@ -169,6 +169,8 @@ template <typename T> class TypeLookupErrorOr {
TaggedUnion<T, TypeLookupError> Value;

public:
TypeLookupErrorOr() : Value(TypeLookupError("freshly constructed error")) {}

TypeLookupErrorOr(const T &t) : Value(t) {
if (!t)
Value = TypeLookupError("unknown error");
Expand Down
2 changes: 1 addition & 1 deletion stdlib/public/runtime/Metadata.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5006,7 +5006,7 @@ swift_getAssociatedTypeWitnessSlowImpl(
Demangle::makeSymbolicMangledNameStringRef(mangledNameBase);

// Demangle the associated type.
TypeLookupErrorOr<TypeInfo> result = TypeInfo();
TypeLookupErrorOr<TypeInfo> result;
if (inProtocolContext) {
// The protocol's Self is the only generic parameter that can occur in the
// type.
Expand Down
24 changes: 18 additions & 6 deletions stdlib/public/runtime/ProtocolConformance.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
#include "swift/Runtime/HeapObject.h"
#include "swift/Runtime/Metadata.h"
#include "swift/Basic/Unreachable.h"
#include "llvm/ADT/DenseMap.h"
#include "CompatibilityOverride.h"
#include "ImageInspection.h"
#include "Private.h"
Expand Down Expand Up @@ -470,6 +471,7 @@ swift_conformsToProtocolImpl(const Metadata *const type,
return found.second;

// Scan conformance records.
llvm::SmallDenseMap<const Metadata *, const WitnessTable *> foundWitnesses;
auto processSection = [&](const ConformanceSection &section) {
// Eagerly pull records for nondependent witnesses into our cache.
auto processDescriptor = [&](const ProtocolConformanceDescriptor &descriptor) {
Expand All @@ -484,6 +486,7 @@ swift_conformsToProtocolImpl(const Metadata *const type,
if (auto *matchingType = candidate.getMatchingType(type)) {
auto witness = descriptor.getWitnessTable(matchingType);
C.cacheResult(matchingType, protocol, witness, /*always cache*/ 0);
foundWitnesses.insert({matchingType, witness});
}
};

Expand All @@ -505,14 +508,23 @@ swift_conformsToProtocolImpl(const Metadata *const type,
processSection(section);
}

// Try the search again to look for the most specific cached conformance.
found = searchInConformanceCache(type, protocol);
// Find the most specific conformance that was scanned.
const WitnessTable *foundWitness = nullptr;
const Metadata *searchType = type;
while (!foundWitness && searchType) {
foundWitness = foundWitnesses.lookup(searchType);

// If it's not authoritative, then add an authoritative entry for this type.
if (!found.first)
C.cacheResult(type, protocol, found.second, snapshot.count());
// If there's no entry here, move up to the superclass (if any).
if (!foundWitness)
searchType = _swift_class_getSuperclass(searchType);
}

// If it's for a superclass or if we didn't find anything, then add an
// authoritative entry for this type.
if (searchType != type)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we call cacheResult regardless of whether the types match here? Isn't that the point of snapshot.count()?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the types match, then we'll have already cached this result up above during the conformance scan. Caching here would be slightly wasteful, although otherwise harmless.

This whole thing is a little weird. searchInConformanceCache checks superclasses, and we don't add cache entries for subclasses when we find a superclass conformance in the cache. Whether a subclass gets its own cache entry depends on whether you looked up a conformance on a superclass first. We should probably figure out the right way to do this (always add cache entries for subclasses, or never) and fix it up, but another time.... For now, this matches the previous behavior.

C.cacheResult(type, protocol, foundWitness, snapshot.count());

return found.second;
return foundWitness;
}

const ContextDescriptor *
Expand Down