i#5383: macOS a64 client threads and private TLS

[ndrewh]

Adds macOS ARM64 support for client threads and private TLS (under -private_loader -- though we don't implement a full private loader yet).

• Separates macOS x86 and A64 private TLS into separate files. The new A64 private TLS uses TLS_TYPE_SLOT in a similar manner to the linux riscv TLS implementation.
• A64 handler for new_bsdthread_intercept
• Fix wrong exit syscall in client_thread_run (it currently exits the entire process rather than thread)

The end result is that client threads can start and terminate properly, and multithreaded applications can also terminate without crashing. I did not test attach/detach, but I'm guessing it's still broken (there is no injector implementation anyway iiuc)

[ndrewh]

Had to change since x26 is used on line 365

[derekbruening]

OK, works out I think b/c it's in the 1st arg slot already, but it can be fragile to use the calling conv params in the args of CALL* b/c they can be clobbered by other args in arg setup.

[ndrewh]

I don't really understand this code but you'll get heap oob/uaf asserts if this condition is !=.

[derekbruening]

This is freeing the clone record.
See the comment in clone_record_t:

#ifdef MACOS
    /* XXX i#1403: once we have lower-level, earlier thread interception we can
     * likely switch to something closer to what we do on Linux.
     * This is used for bsdthread_create, where app_thread_xsp is NULL;
     * for vfork, app_thread_xsp is non-NULL and this is unused.
     */

This change != to == looks suspect. Please double check vs this pasted comment: if bsdthread_create ends up different on aarch64 please update that comment; does it need separate handling a64 vs x86.

[ndrewh]

Some messy stuff I'm not sure if there's a better way to do:

• In dynamo_thread_init we allocate temporary TLS until os_tls_init because we will SEGV in mig_get_reply_port sometimes when acquiring locks if thread register is NULL (this occurs in client threads, which do not inherit TLS).
• In dynamo_thread_exit_common we cannot use app TLS for a similar reason, because the app TLS is free'd by pthread_terminate before we intercept the call to bsdthread_terminate.

You'll get a backtrace like this if we do not maintain a valid thread register during entry and exit.

* thread #12, stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
  * frame #0: 0x00000001983c24e4 libsystem_kernel.dylib`mig_get_reply_port + 24
    frame #1: 0x00000001983c5144 libsystem_kernel.dylib`semaphore_create + 52
    frame #2: 0x000000010121b59c libdynamorio.dylib`mutex_get_contended_event [inlined] ksynch_init_var(synch=0x0000000300e73ad8) at ksynch_macos.c:87:9 [opt]
    frame #3: 0x000000010121b580 libdynamorio.dylib`mutex_get_contended_event(lock=0x00000001012481c0) at ksynch_macos.c:162:14 [opt]
    frame #4: 0x000000010120cf6c libdynamorio.dylib`mutex_wait_contended_lock(lock=0x00000001012481c0, mc=0x0000000000000000) at os.c:10477:30 [opt]
    frame #5: 0x000000010109ff14 libdynamorio.dylib`d_r_mutex_lock [inlined] d_r_mutex_lock_app(lock=<unavailable>, mc=0x0000000000000000) at utils.c:884:9 [opt]
    frame #6: 0x000000010109fe88 libdynamorio.dylib`d_r_mutex_lock(lock=<unavailable>) at utils.c:897:5 [opt]
    frame #7: 0x0000000101082530 libdynamorio.dylib`dynamo_thread_init(dstack_in="", mc=0x0000000000000000, os_data=0x0000000300e73c00, client_thread=true) at dynamo.c:2290:5 [opt]
    frame #8: 0x000000010120795c libdynamorio.dylib`client_thread_run at os.c:4110:5 [opt]

[derekbruening]

under -private_loader -- though we don't implement a full private loader yet

Probably orthogonal to this PR: but do you think it is possible to load private copies of library on OSX? #1285 has some discussion about whether it will ever work well. Xref #7312 has some discussion of alternatives.

[derekbruening]

Thank you for contributing. I have mostly style comments but also some points need clarifying.

[derekbruening]

OK, works out I think b/c it's in the 1st arg slot already, but it can be fragile to use the calling conv params in the args of CALL* b/c they can be clobbered by other args in arg setup.

[derekbruening]

Despite the legacy name, this file "x86_code.c" is used with asm code on all arches and not just x86. I don't think this should be moved if the only reason was the file name. If you want to rename it to asm_aux.c or something like that, that seems reasonable.

[derekbruening]

Generally we avoid including private headers: os_public.h and os_exports.h are what are supposed to be public.

[derekbruening]

Please move this inside a unix/ file and export a function to call here.

[derekbruening]

Same here: let's isolate TLS details like this inside unix/

[derekbruening]

Add ASSERT_NOT_IMPLEMENTED and up put a XXX comment with an issue number.

[derekbruening]

style: explicit bools

[derekbruening]

Use ASSERT_MESSAGE

[derekbruening]

I don't think we should ever assert on an app-supplied value: we want to be able to run any app. If the parameter is null, just skip this code gracefully. Use ASSERT_CURIOSITY if you want a non-fatal notification, or SYSLOG_INTERNAL_WARNING for a less visible one.

[derekbruening]

This is freeing the clone record.
See the comment in clone_record_t:

#ifdef MACOS
    /* XXX i#1403: once we have lower-level, earlier thread interception we can
     * likely switch to something closer to what we do on Linux.
     * This is used for bsdthread_create, where app_thread_xsp is NULL;
     * for vfork, app_thread_xsp is non-NULL and this is unused.
     */

This change != to == looks suspect. Please double check vs this pasted comment: if bsdthread_create ends up different on aarch64 please update that comment; does it need separate handling a64 vs x86.