feat: macOS feasibility incorporation

[saleha-muzammil]

Description:

Making PROBE feasible for macOS systems.

Changes:

• Worked out how to interpose in macOS, added a test program (test_program.c), which interposes the fopen call and calls the underlying call. The mentioned changes are in files interpose.h , interpose.c , test_program.c . Steps to run test_program.c with interposition:

  • clang -dynamiclib -o libinterpose.dylib interpose.c
  • clang -o test_program test_program.c
  • export DYLD_INSERT_LIBRARIES=$(pwd)/libinterpose.dylib
  • ./test_program

• Added macOS architecture in flake.nix

• Edited Makefile to be adjustable for both linux and macOS.

• The rest of the changes have been made either to add replacement libraries for macOS, added ifndef with code blocks which are linux or macOS specific. Added dummy definitions like typedef thrd_t int for macros which are not available on macOS. Guarded dummy definitions with ifndef

Questions and next steps:

• Which operations to interpose, what to do in cases where corresponding functions or alternatives are not available in macOS

[charmoniumQ]

Don't we not need this ifdef since x & CLONE_VFORK will always be 0?

[saleha-muzammil]

incorporated ( removed CLONE_VFORKdefinition from prov_buffer.c )

[charmoniumQ]

Normally, pre-processor macros would be the right way to eliminate duplicated code.

In this particular case, the C code is generated from Python in generator/gen_libc_hooks.py, and there isn't a good way to emit code that calls the C preprocessor macros. It would be better to implement the logic directly in Python.

Therefore, for the above file, can you write out what it should be after expanding the pre-processor macros?

[charmoniumQ]

My concern is that in Linux, the shared library needs to define a function with the name we want to interpose (e.g., open), and load the real/underlying function with a new name (e.g., unwrapped_open) using dlsym.

In Mac, it seems that we define a function with the new name (e.g., my_open), and call the real/underlying function with the original name (open)

__attribute__ ((section ("__DATA,__interpose"))) = {
    (const void*)(unsigned long)&my_open,
    (const void*)(unsigned long)&open
};

The meaning of the name open is reversed: in Linux its the wrapper; in Mac it's the underlying function.

[charmoniumQ]

This is of course salvageable. We should always call unwrapped_open and wrapped_open to eliminate confusion, but alias one of them to the "original name" based on platform.

#ifdef linux
#define wrapped_open open
#else if apple
#define unwrapped_open open
#endif

We hardly ever call the wrapped versions, always the unwrapped, which are already called as unwrapped_ in our code.

But I wanted to confirm that this is the only way to interpose functions in Mac before doing that. So please let me know.

[charmoniumQ]

I think there may be a race if multiple threads try to init at the same. I think I specified the algorihtm incorrectly (slightly the first time). Here's what it should be:

if (is process inited) {
  if (test_and_set(is first thread)) {
      ... do your process initialization you have here
      is process initted = true;
   } else {
     // process is not initted, but someone else is already handling it.
     while (!process is inited) { sched_yield(); }
   }
}
// process is inited here. Yay!

[charmoniumQ]

test_and_set should be replaced __sync_bool_compare_and_swap