yugr · yugr · Jan 24, 2025 · Jan 18, 2025 · Jan 18, 2025 · Jan 18, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,10 +7,12 @@ on:
     paths-ignore:
     - 'LICENSE.txt'
     - '**.md'
+    - 'specs/**'
   pull_request:
     paths-ignore:
     - 'LICENSE.txt'
     - '**.md'
+    - 'specs/**'
 jobs:
   Baseline:
     strategy:

diff --git a/LICENSE.txt b/LICENSE.txt
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2017-2024 Yury Gribov
+Copyright (c) 2017-2025 Yury Gribov
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -52,10 +52,10 @@ where `TARGET` can be any of
 Script generates two files: `libxyz.so.tramp.S` and `libxyz.so.init.c` which need to be linked to your application (instead of `-lxyz`):
 
 ```
-$ gcc myfile1.c myfile2.c ... libxyz.so.tramp.S libxyz.so.init.c ... -ldl
+$ gcc myfile1.c myfile2.c ... libxyz.so.tramp.S libxyz.so.init.c ... -ldl -pthread
 ```
 
-Note that you need to link against libdl.so. On ARM in case your app is compiled to Thumb code (which e.g. Ubuntu's `arm-linux-gnueabihf-gcc` does by default) you'll also need to add `-mthumb-interwork`.
+Note that you need to link against libdl.so and libpthread.so (unless you disable thread safety via `--no-thread-safe`). On ARM in case your app is compiled to Thumb code (which e.g. Ubuntu's `arm-linux-gnueabihf-gcc` does by default) you'll also need to add `-mthumb-interwork`.
 
 Application can then freely call functions from `libxyz.so` _without linking to it_. Library will be loaded (via `dlopen`) on first call to any of its functions. If you want to forcedly resolve all symbols (e.g. if you want to avoid delays further on) you can call `void libxyz_init_all()`.
 
@@ -142,7 +142,6 @@ The tool does not transparently support all features of POSIX shared libraries.
 * it may change semantics because shared library constructors are delayed until when library is loaded
 
 The tool also lacks the following important features:
-* proper support for multi-threading
 * symbol versions are not handled at all
 * keep fast paths of shims together to reduce I$ pressure
 * support for macOS and BSDs (actually BSDs mostly work)

diff --git a/arch/aarch64/table.S.tpl b/arch/aarch64/table.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 Yury Gribov
+ * Copyright 2018-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -60,6 +60,7 @@ _${lib_suffix}_save_regs_and_resolve:
   // Stack is aligned at 16 bytes
 
   bl _${lib_suffix}_tramp_resolve
+  mov ip0, x0
 
   // TODO: pop pc?
 

diff --git a/arch/aarch64/trampoline.S.tpl b/arch/aarch64/trampoline.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 Yury Gribov
+ * Copyright 2018-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -33,9 +33,9 @@ $sym:
 #if $number > 0xffff
   movk ip0, $number >> 16, lsl #16
 #endif
-  stp ip0, lr, [sp, #-16]!; .cfi_adjust_cfa_offset 16; .cfi_rel_offset ip0, 0; .cfi_rel_offset lr, 8;
+  stp ip0, lr, [sp, #-16]!; .cfi_adjust_cfa_offset 16; .cfi_rel_offset lr, 8
   bl _${lib_suffix}_save_regs_and_resolve
-  ldp ip0, lr, [sp], #16; .cfi_adjust_cfa_offset -16; .cfi_restore lr; .cfi_restore ip0
-  b 1b
+  ldp xzr, lr, [sp], #16; .cfi_adjust_cfa_offset -16; .cfi_restore lr
+  br ip0
   .cfi_endproc
 
diff --git a/arch/arm/table.S.tpl b/arch/arm/table.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 Yury Gribov
+ * Copyright 2018-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -66,6 +66,7 @@ _${lib_suffix}_save_regs_and_resolve:
 #endif
 
   bl _${lib_suffix}_tramp_resolve(PLT)
+  mov ip, r0
 
 #ifdef __ARM_PCS_VFP
   POP_DREG_PAIR(d14, d15)

diff --git a/arch/arm/trampoline.S.tpl b/arch/arm/trampoline.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 Yury Gribov
+ * Copyright 2018-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -38,7 +38,7 @@ $sym:
   POP_REG(lr)
   add sp, #4
   .cfi_adjust_cfa_offset -4
-  b 1b
+  bx ip
 
   // Force constant pool for ldr above
   .ltorg

diff --git a/arch/common/init.c.tpl b/arch/common/init.c.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2022 Yury Gribov
+ * Copyright 2018-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -11,12 +11,22 @@
 #define _GNU_SOURCE // For RTLD_DEFAULT
 #endif
 
+#define HAS_DLOPEN_CALLBACK $has_dlopen_callback
+#define HAS_DLSYM_CALLBACK $has_dlsym_callback
+#define NO_DLOPEN $no_dlopen
+#define LAZY_LOAD $lazy_load
+#define THREAD_SAFE $thread_safe
+
 #include <dlfcn.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
 #include <assert.h>
 
+#if THREAD_SAFE
+#include <pthread.h>
+#endif
+
 // Sanity check for ARM to avoid puzzling runtime crashes
 #ifdef __arm__
 # if defined __thumb__ && ! defined __THUMB_INTERWORK__
@@ -36,21 +46,66 @@ extern "C" {
     } \
   } while(0)
 
-#define HAS_DLOPEN_CALLBACK $has_dlopen_callback
-#define HAS_DLSYM_CALLBACK $has_dlsym_callback
-#define NO_DLOPEN $no_dlopen
-#define LAZY_LOAD $lazy_load
-
 static void *lib_handle;
 static int do_dlclose;
-static int is_lib_loading;
 
 #if ! NO_DLOPEN
-static void *load_library() {
-  if(lib_handle)
-    return lib_handle;
 
-  is_lib_loading = 1;
+#if THREAD_SAFE
+
+// We need to consider two cases:
+// - different threads calling intercepted APIs in parallel
+// - same thread calling 2 intercepted APIs recursively
+//   due to dlopen calling library constructors
+//   (usually happens only under IMPLIB_EXPORT_SHIMS)
+
+static pthread_mutex_t mtx;
+static int rec_count;
+
+static void init_lock(void) {
+  // We need recursive lock because dlopen will call library constructors
+  // which may call other intercepted APIs that will call load_library again.
+  // PTHREAD_RECURSIVE_MUTEX_INITIALIZER is not portable
+  // so we do it hard way.
+
+  pthread_mutexattr_t attr;
+  CHECK(0 == pthread_mutexattr_init(&attr), "failed to init mutex");
+  CHECK(0 == pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE), "failed to init mutex");
+
+  CHECK(0 == pthread_mutex_init(&mtx, &attr), "failed to init mutex");
+}
+
+static int lock(void) {
+  static pthread_once_t once = PTHREAD_ONCE_INIT;
+  CHECK(0 == pthread_once(&once, init_lock), "failed to init lock");
+
+  CHECK(0 == pthread_mutex_lock(&mtx), "failed to lock mutex");
+
+  return 0 == __sync_fetch_and_add(&rec_count, 1);
+}
+
+static void unlock(void) {
+  __sync_fetch_and_add(&rec_count, -1);
+  CHECK(0 == pthread_mutex_unlock(&mtx), "failed to unlock mutex");
+}
+#else
+static int lock(void) {
+  return 1;
+}
+static void unlock(void) {}
+#endif
+
+static int load_library(void) {
+  int publish = lock();
+
+  if (lib_handle) {
+    unlock();
+    return publish;
+  }
+
+  // With (non-default) IMPLIB_EXPORT_SHIMS we may call dlopen more than once,
+  // not sure if this is a problem. We could fix this by dlclosing if !publish
+  // or if we are not the first one to set lib_handle (via __sync_val_compare_and_swap).
 
 #if HAS_DLOPEN_CALLBACK
   extern void *$dlopen_callback(const char *lib_name);
@@ -62,19 +117,20 @@ static void *load_library() {
 #endif
 
   do_dlclose = 1;
-  is_lib_loading = 0;
 
-  return lib_handle;
+  unlock();
+
+  return publish;
 }
 
-static void __attribute__((destructor)) unload_lib() {
+static void __attribute__((destructor)) unload_lib(void) {
   if(do_dlclose && lib_handle)
     dlclose(lib_handle);
 }
 #endif
 
 #if ! NO_DLOPEN && ! LAZY_LOAD
-static void __attribute__((constructor)) load_lib() {
+static void __attribute__((constructor)) load_lib(void) {
   load_library();
 }
 #endif
@@ -90,10 +146,10 @@ static const char *const sym_names[] = {
 extern void *_${lib_suffix}_tramp_table[];
 
 // Can be sped up by manually parsing library symtab...
-void _${lib_suffix}_tramp_resolve(int i) {
+void *_${lib_suffix}_tramp_resolve(int i) {
   assert((unsigned)i < SYM_COUNT);
 
-  CHECK(!is_lib_loading, "library function '%s' called during library load", sym_names[i]);
+  int publish = 1;
 
   void *h = 0;
 #if NO_DLOPEN
@@ -113,19 +169,29 @@ void _${lib_suffix}_tramp_resolve(int i) {
 #   endif
   }
 #else
-  h = load_library();
+  publish = load_library();
+  h = lib_handle;
   CHECK(h, "failed to resolve symbol '%s', library failed to load", sym_names[i]);
 #endif
 
+  void *addr;
 #if HAS_DLSYM_CALLBACK
   extern void *$dlsym_callback(void *handle, const char *sym_name);
-  _${lib_suffix}_tramp_table[i] = $dlsym_callback(h, sym_names[i]);
-  CHECK(_${lib_suffix}_tramp_table[i], "failed to resolve symbol '%s' via callback $dlsym_callback", sym_names[i]);
+  addr = $dlsym_callback(h, sym_names[i]);
+  CHECK(addr, "failed to resolve symbol '%s' via callback $dlsym_callback", sym_names[i]);
 #else
   // Dlsym is thread-safe so don't need to protect it.
-  _${lib_suffix}_tramp_table[i] = dlsym(h, sym_names[i]);
-  CHECK(_${lib_suffix}_tramp_table[i], "failed to resolve symbol '%s' via dlsym: %s", sym_names[i], dlerror());
+  addr = dlsym(h, sym_names[i]);
+  CHECK(addr, "failed to resolve symbol '%s' via dlsym: %s", sym_names[i], dlerror());
 #endif
+
+  if (publish) {
+    // Use atomic to please Tsan and ensure that preceeding writes
+    // in library ctors have been delivered before publishing address
+    (void)__sync_val_compare_and_swap(&_${lib_suffix}_tramp_table[i], 0, addr);
+  }
+
+  return addr;
 }
 
 // Helper for user to resolve all symbols

diff --git a/arch/e2k/table.S.tpl b/arch/e2k/table.S.tpl
@@ -34,6 +34,8 @@ _${lib_suffix}_save_regs_and_resolve:
   disp  %ctpr1, _${lib_suffix}_tramp_resolve
   call %ctpr1, wbs = 0
 
+  movtd %r0, %ctpr1
+
   return %ctpr3
   ct %ctpr3
 

diff --git a/arch/e2k/trampoline.S.tpl b/arch/e2k/trampoline.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022 Yury Gribov
+ * Copyright 2022-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -50,8 +50,7 @@ $sym:
   disp  %ctpr1, _${lib_suffix}_save_regs_and_resolve
   call %ctpr1, wbs = 0x8
 
-  // Return to fast path
-  ibranch 1b
+  ct %ctpr1
 
   .cfi_endproc
 
diff --git a/arch/i386/table.S.tpl b/arch/i386/table.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 Yury Gribov
+ * Copyright 2019-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -32,13 +32,13 @@ _${lib_suffix}_save_regs_and_resolve:
 #define POP_REG(reg) popl %reg ; .cfi_adjust_cfa_offset -4; .cfi_restore reg
 
   // Slow path which calls dlsym, taken only on first call.
-  // All registers are stored to handle arbitrary calling conventions
+  // All registers except EAX are stored to handle arbitrary calling conventions
   // (except XMM/x87 regs in hope they are not used in resolving code).
   // For Dwarf directives, read https://www.imperialviolet.org/2017/01/18/cfi.html.
 
   .cfi_def_cfa_offset 4  // Return address
 
-  PUSH_REG(eax)
+  PUSH_REG(ebx)
   PUSH_REG(ebx)
   PUSH_REG(ecx)
   PUSH_REG(edx)  // 16
@@ -67,7 +67,7 @@ _${lib_suffix}_save_regs_and_resolve:
   POP_REG(edx)
   POP_REG(ecx)
   POP_REG(ebx)
-  POP_REG(eax)
+  POP_REG(ebx)
 
   ret
 

diff --git a/arch/i386/trampoline.S.tpl b/arch/i386/trampoline.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 Yury Gribov
+ * Copyright 2019-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -29,5 +29,5 @@ $sym:
 2:
   mov $$$number, %eax
   call _${lib_suffix}_save_regs_and_resolve
-  jmp $sym
+  jmp *%eax
   .cfi_endproc
diff --git a/arch/mips/trampoline.S.tpl b/arch/mips/trampoline.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 Yury Gribov
+ * Copyright 2022-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -66,8 +66,8 @@ $sym:
   POP_REG($$ra)
   POP_REG($$25)
 
-  j 1b
-  nop
+  j $$v0
+  move $$25, $$v0
 
   .set macro
   .set reorder

diff --git a/arch/mips64/trampoline.S.tpl b/arch/mips64/trampoline.S.tpl
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 Yury Gribov
+ * Copyright 2022-2025 Yury Gribov
  *
  * The MIT License (MIT)
  *
@@ -71,8 +71,8 @@ $sym:
   POP_REG($$ra)
   POP_REG($$25)
 
-  j 1b
-  nop
+  j $$v0
+  move $$25, $$v0
 
   .set macro
   .set reorder