Eliminate ThreadSanitizer warnings in JIT T2C mode

jserv · jserv · commit c69de51348f9 · 2025-09-22T01:48:15.000+08:00
This fixes data races detected by ThreadSanitizer when running with JIT
compilation enabled:

1. Fix quit flag data race:
   - Change 'volatile bool quit' to '_Atomic bool quit'
   - Use atomic_store() for writes and atomic_load() for reads
   - Initialize with atomic_init()

2. Fix TOCTOU race in wait_queue access:
   - Move list_empty() check inside mutex-protected critical section
   - Hold mutex during entire queue manipulation

These changes ensure thread-safe communication between the main thread
and T2C compilation thread, eliminating all TSAN warning while improving
CPU efficiency by avoiding busy-waiting.
diff --git a/src/emulate.c b/src/emulate.c
@@ -1132,6 +1132,7 @@ void rv_step(void *arg)
             entry->block = block;
             pthread_mutex_lock(&rv->wait_queue_lock);
             list_add(&entry->list, &rv->wait_queue);
+            pthread_cond_signal(&rv->wait_queue_cond);
             pthread_mutex_unlock(&rv->wait_queue_lock);
         }
 #endif
diff --git a/src/riscv.c b/src/riscv.c
@@ -206,19 +206,32 @@ static pthread_t t2c_thread;
 static void *t2c_runloop(void *arg)
 {
     riscv_t *rv = (riscv_t *) arg;
-    while (!rv->quit) {
-        if (!list_empty(&rv->wait_queue)) {
-            queue_entry_t *entry =
-                list_last_entry(&rv->wait_queue, queue_entry_t, list);
-            pthread_mutex_lock(&rv->wait_queue_lock);
-            list_del_init(&entry->list);
-            pthread_mutex_unlock(&rv->wait_queue_lock);
-            pthread_mutex_lock(&rv->cache_lock);
-            t2c_compile(rv, entry->block);
-            pthread_mutex_unlock(&rv->cache_lock);
-            free(entry);
+    pthread_mutex_lock(&rv->wait_queue_lock);
+    while (!atomic_load(&rv->quit)) {
+        /* Wait for work or quit signal */
+        while (list_empty(&rv->wait_queue) && !atomic_load(&rv->quit)) {
+            pthread_cond_wait(&rv->wait_queue_cond, &rv->wait_queue_lock);
         }
+        
+        /* Check if we should quit */
+        if (atomic_load(&rv->quit)) {
+            break;
+        }
+        
+        /* Process the queue entry */
+        queue_entry_t *entry =
+            list_last_entry(&rv->wait_queue, queue_entry_t, list);
+        list_del_init(&entry->list);
+        pthread_mutex_unlock(&rv->wait_queue_lock);
+        
+        pthread_mutex_lock(&rv->cache_lock);
+        t2c_compile(rv, entry->block);
+        pthread_mutex_unlock(&rv->cache_lock);
+        free(entry);
+        
+        pthread_mutex_lock(&rv->wait_queue_lock);
     }
+    pthread_mutex_unlock(&rv->wait_queue_lock);
     return NULL;
 }
 #endif
@@ -727,11 +740,12 @@ riscv_t *rv_create(riscv_user_t rv_attr)
     rv->block_cache = cache_create(BLOCK_MAP_CAPACITY_BITS);
     assert(rv->block_cache);
 #if RV32_HAS(T2C)
-    rv->quit = false;
+    atomic_init(&rv->quit, false);
     rv->jit_cache = jit_cache_init();
     /* prepare wait queue. */
     pthread_mutex_init(&rv->wait_queue_lock, NULL);
     pthread_mutex_init(&rv->cache_lock, NULL);
+    pthread_cond_init(&rv->wait_queue_cond, NULL);
     INIT_LIST_HEAD(&rv->wait_queue);
     /* activate the background compilation thread. */
     pthread_create(&t2c_thread, NULL, t2c_runloop, rv);
@@ -836,10 +850,14 @@ void rv_delete(riscv_t *rv)
     block_map_destroy(rv);
 #else
 #if RV32_HAS(T2C)
-    rv->quit = true;
+    pthread_mutex_lock(&rv->wait_queue_lock);
+    atomic_store(&rv->quit, true);
+    pthread_cond_signal(&rv->wait_queue_cond);
+    pthread_mutex_unlock(&rv->wait_queue_lock);
     pthread_join(t2c_thread, NULL);
     pthread_mutex_destroy(&rv->wait_queue_lock);
     pthread_mutex_destroy(&rv->cache_lock);
+    pthread_cond_destroy(&rv->wait_queue_cond);
     jit_cache_exit(rv->jit_cache);
 #endif
     jit_state_exit(rv->jit_state);
diff --git a/src/riscv_private.h b/src/riscv_private.h
@@ -4,6 +4,7 @@
  */
 
 #pragma once
+#include <stdatomic.h>
 #include <stdbool.h>
 
 #if RV32_HAS(GDBSTUB)
@@ -197,7 +198,9 @@ struct riscv_internal {
 #if RV32_HAS(T2C)
     struct list_head wait_queue;
     pthread_mutex_t wait_queue_lock, cache_lock;
-    volatile bool quit; /**< Determine the main thread is terminated or not */
+    pthread_cond_t
+        wait_queue_cond; /**< Condition variable to signal new work */
+    _Atomic bool quit;   /**< Determine the main thread is terminated or not */
 #endif
     void *jit_state;
     void *jit_cache;

Original file line number	Diff line number	Diff line change
`@@ -1132,6 +1132,7 @@ void rv_step(void *arg)`
`1132`	`1132`	`entry->block = block;`
`1133`	`1133`	`pthread_mutex_lock(&rv->wait_queue_lock);`
`1134`	`1134`	`list_add(&entry->list, &rv->wait_queue);`
	`1135`	`+ pthread_cond_signal(&rv->wait_queue_cond);`
`1135`	`1136`	`pthread_mutex_unlock(&rv->wait_queue_lock);`
`1136`	`1137`	`}`
`1137`	`1138`	`#endif`