update comments and revert mitigation for active ICF + g_TrapReturningThreads

VSadov · VSadov · commit ff1d146eccb7 · 2024-10-15T11:17:58.000-07:00
diff --git a/src/coreclr/vm/gccover.cpp b/src/coreclr/vm/gccover.cpp
@@ -1293,6 +1293,16 @@ void RemoveGcCoverageInterrupt(TADDR instrPtr, BYTE * savedInstrPtr, GCCoverageI
     FlushInstructionCache(GetCurrentProcess(), (LPCVOID)instrPtr, 4);
 }
 
+// A managed thread (T) can race with the GC as follows:
+// 1) Current thread T is in preemptive mode, GC happens, starts scanning T's stack.
+// 2) The Jitted code puts thread T to cooperative mode, as part of PInvoke epilog.
+// 3) Jitted code checks g_TrapReturningThreads, calls CORINFO_HELP_STOP_FOR_GC()
+// 4) If any of the code that does #3 is interruptible, we may hit GCStress trap and start
+//    another round of GCStress while in Cooperative mode.
+// 5) Now, thread T can modify the stack (ex: RedirectionFrame setup) while the GC thread is scanning it.
+//
+// This race is now mitigated below. Where we won't initiate a stress mode GC
+// for a thread in cooperative mode with an active ICF, if g_TrapReturningThreads is true.
 BOOL OnGcCoverageInterrupt(PCONTEXT regs)
 {
     PCODE controlPc = GetIP(regs);
@@ -1324,12 +1334,22 @@ BOOL OnGcCoverageInterrupt(PCONTEXT regs)
     }
     
     // The thread is in preemptive mode. Normally, it should not be able to trigger GC.
+    // Besides the GC may be already happening and scanning our stack.
     if (!pThread->PreemptiveGCDisabled())
     {
         RemoveGcCoverageInterrupt(instrPtr, savedInstrPtr, gcCover, offset);
         return TRUE;
     }
 
+    // If we're supposed to stop for GC,
+    // and there's an active ICF, don't initiate a stress GC.
+    Frame* pFrame = pThread->GetFrame();
+    if (g_TrapReturningThreads && InlinedCallFrame::FrameHasActiveCall(pFrame))
+    {
+        RemoveGcCoverageInterrupt(instrPtr, savedInstrPtr, gcCover, offset);
+        return TRUE;
+    }
+
 #ifdef _DEBUG
     if (g_pConfig->SkipGCCoverage(pMD->GetModule()->GetSimpleName()))
     {
@@ -1338,7 +1358,7 @@ BOOL OnGcCoverageInterrupt(PCONTEXT regs)
     }
 #endif
 
-#if defined(USE_REDIRECT_FOR_GCSTRESS) && !defined(TARGET_UNIX)
+#ifdef USE_REDIRECT_FOR_GCSTRESS
     // If we're unable to redirect, then we simply won't test GC at this location.
     if (Thread::UseRedirectForGcStress())
     {

Original file line number	Diff line number	Diff line change
`@@ -1293,6 +1293,16 @@ void RemoveGcCoverageInterrupt(TADDR instrPtr, BYTE * savedInstrPtr, GCCoverageI`
`1293`	`1293`	`FlushInstructionCache(GetCurrentProcess(), (LPCVOID)instrPtr, 4);`
`1294`	`1294`	`}`
`1295`	`1295`
	`1296`	`+// A managed thread (T) can race with the GC as follows:`
	`1297`	`+// 1) Current thread T is in preemptive mode, GC happens, starts scanning T's stack.`
	`1298`	`+// 2) The Jitted code puts thread T to cooperative mode, as part of PInvoke epilog.`
	`1299`	`+// 3) Jitted code checks g_TrapReturningThreads, calls CORINFO_HELP_STOP_FOR_GC()`
	`1300`	`+// 4) If any of the code that does #3 is interruptible, we may hit GCStress trap and start`
	`1301`	`+// another round of GCStress while in Cooperative mode.`
	`1302`	`+// 5) Now, thread T can modify the stack (ex: RedirectionFrame setup) while the GC thread is scanning it.`
	`1303`	`+//`
	`1304`	`+// This race is now mitigated below. Where we won't initiate a stress mode GC`
	`1305`	`+// for a thread in cooperative mode with an active ICF, if g_TrapReturningThreads is true.`
`1296`	`1306`	`BOOL OnGcCoverageInterrupt(PCONTEXT regs)`
`1297`	`1307`	`{`
`1298`	`1308`	`PCODE controlPc = GetIP(regs);`
`@@ -1324,12 +1334,22 @@ BOOL OnGcCoverageInterrupt(PCONTEXT regs)`
`1324`	`1334`	`}`
`1325`	`1335`
`1326`	`1336`	`// The thread is in preemptive mode. Normally, it should not be able to trigger GC.`
	`1337`	`+ // Besides the GC may be already happening and scanning our stack.`
`1327`	`1338`	`if (!pThread->PreemptiveGCDisabled())`
`1328`	`1339`	`{`
`1329`	`1340`	`RemoveGcCoverageInterrupt(instrPtr, savedInstrPtr, gcCover, offset);`
`1330`	`1341`	`return TRUE;`
`1331`	`1342`	`}`
`1332`	`1343`
	`1344`	`+ // If we're supposed to stop for GC,`
	`1345`	`+ // and there's an active ICF, don't initiate a stress GC.`
	`1346`	`+ Frame* pFrame = pThread->GetFrame();`
	`1347`	`+ if (g_TrapReturningThreads && InlinedCallFrame::FrameHasActiveCall(pFrame))`
	`1348`	`+ {`
	`1349`	`+ RemoveGcCoverageInterrupt(instrPtr, savedInstrPtr, gcCover, offset);`
	`1350`	`+ return TRUE;`
	`1351`	`+ }`
	`1352`	`+`
`1333`	`1353`	`#ifdef _DEBUG`
`1334`	`1354`	`if (g_pConfig->SkipGCCoverage(pMD->GetModule()->GetSimpleName()))`
`1335`	`1355`	`{`
`@@ -1338,7 +1358,7 @@ BOOL OnGcCoverageInterrupt(PCONTEXT regs)`
`1338`	`1358`	`}`
`1339`	`1359`	`#endif`
`1340`	`1360`
`1341`		`-#if defined(USE_REDIRECT_FOR_GCSTRESS) && !defined(TARGET_UNIX)`
	`1361`	`+#ifdef USE_REDIRECT_FOR_GCSTRESS`
`1342`	`1362`	`// If we're unable to redirect, then we simply won't test GC at this location.`
`1343`	`1363`	`if (Thread::UseRedirectForGcStress())`
`1344`	`1364`	`{`