What's happening in Shadow 2022-09

[sporksmith]

This is part of a series of periodic updates of development in Shadow. This work is sponsored by the NSF. Previous update: 2022-06.

We've merged 103 non-dependabot pull requests and closed 12 issues since our previous update.

Release status

We've released Shadow 2.2.0! Notable user-facing changes, from the release notes:

• We have removed ptrace-mode, and the associated experimental options use-o-n-waitpid-workaround and --interpose-method. ptrace-mode was an alternative to Shadow's current interposition mechanism that uses LD_PRELOAD and seccomp. This change should be transparent to most users, since it hasn't been the default for several releases, and was only accessible via experimental options. See Remove --interpose-method=ptrace #1945

• dup() and related syscalls are now supported for all file descriptors

• Fixed behavior when multiple threads are blocked in epoll_wait on the same epoll file description. epoll_wait never delivers events to multiple waiters #2260

• Fixed bugs causing timerfd_settime to not reset the internal timer's expiration count (Ensure timerfd_settime resets expiration count #2279), and not cancel previously scheduled timer-fire events (timerfd: ensure previously scheduled events are cancelled when re-arming #2282).

• Fixed a panic when patching the VDSO in newer kernels, such as those in Ubuntu 22.04. Size of __vdso_gettimeofday is too small for trampoline #2273

• Fixed the errno returned from calling connect() on a unix socket. This fixes a getaddrinfo() test failure on some systems. Cannot pass getaddrinfo-shadow test #2286

• Fixed minor memory leaks. Fixed misc memory leaks #2249

Other user-facing improvements since last update

We also continue to make compatibility improvements:

• Added support for escaping additional "busy loops" - ones that only use rdtsc without making any actual syscalls. This affected some versions of libopenblas. Handle busy-loops that only use rdtsc #2314

• Replaced custom cmake code for locating glib with pkg-config. This makes shadow easier to compile in environments with non-standard layouts such as guix or nix. cmake: improve dependency processing #2331

• Fixed a bug handling files opened with O_NOFOLLOW. Remove O_NOFOLLOW flag when mmap file in plugin #2353

• Fixed our documentation and CI to support mapping pages with PROT_EXEC when run under Docker, fixing 2400. When using docker run, you should also pass the --tmpfs /dev/shm:rw,nosuid,nodev,exec,size=1024g. Add documentation and tests to support mmap with PROT_EXEC #2402

• Made the shadow installation directory relocatable. e.g. installing to $HOME/opt/shadow and later moving to $HOME/opt/shadow-old now behaves as expected. This also makes it easier to share and reuse pre-built shadow binaries, e.g. for CI, though we still do not yet publish pre-compiled binaries. Make shadow installation directory relocatable #2391

• Added support for emulating PR_SET_DUMPABLE, which fixes compatibility with managed programs that "harden" themselves against debuggers, including arti. Emulate PR_SET_DUMPABLE and misc improvements #2370

• Fixed a bug affecting getaddrinfo on some systems. Fix getaddrinfo() error on some systems #2292

• Partly implemented fcntl. Re-enable fcntl locking for regular files #2259

• Made failures due to running out of tmpfs space easier to understand. Pre-allocate space in shared memory files #2267

Other notable changes since last update

Since the 2.2.0 release, our current focus is primarily on migrating Shadow's C code to Rust. These changes should be mostly invisible to Shadow's end users, but may be of interest to folks interested in hacking on Shadow itself. Along those lines we've:

• Migrated Shadow's scheduler to Rust. This is a fairly complex and performance-sensitive component, and we're taking care to prevent performance regressions during the migration:

  • Move the scheduler's priority queue to rust #2340
  • Add tasks to the host instead of the worker #2343
  • Rename HostSinglePolicyData to SchedulerPolicy and remove vtable #2344
  • Simplify misc scheduler-related code #2352
  • Add rust synchronization primitives needed for the scheduler #2412
  • Rust thread-per-host scheduler #2414
  • Rearrange scheduler-related code, and add scheduler wrapper #2416

• Migrated other modules to Rust.

  • Event: Move the Event to rust #2327
  • TokenBucket: Refactor token bucket from netiface to a rust module #2306
  • Manager: Replace the C Manager with a rust version #2277

• Implemented a Rust mutex suitable for use in shared memory, and compatible with rkyv. Add SelfContainedMutex #2386

• Moved most of the compilation and linking of Shadow's remaining C code from cmake into Cargo build scripts. This fixes some dependency issues and will make it easier to start migrating some of our additional support libraries from C to Rust. Cargo once #2404

• Improved organization of global state in Rust.

  • Move some of Controller's global state to the worker module #2361
  • Fix UB in the controller, and move the plugin error count to the worker module #2363
  • Move the runahead data from Controller to WorkerShared #2367
  • Move more global state to the worker module #2372
  • Improve design of rust global shared state #2373

• Refactored other components to simplify migration to Rust.

  • Controller, Manager, Scheduler: Changes to controller, manager, and scheduler #2255
  • Thread: Simplify thread #2328

Shadow in Tor

We've been working on using Shadow to help test and evaluate arti - The Tor Projects's new Rust-based implementation of tor. This has driven many of the compatibility fixes above, and we are happy to report that arti now runs under Shadow! We plan to merge a shadow-based continuous integration test into arti itself within the next few days: https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/634

Happy simulating!
The Shadow team