Improve the dump-arrays performance on Windows

[hjyamauchi]

Use the HeapWalk API for heap iteration instead of the
Heap32First/Next API, which was known to be slow. Since HeapWalk only
works locally, it requires using a remote thread and a DLL.

[compnerd]

I think that SwiftInspectClient might be a better name? I don't think that we should assume that it is only going to be limited to HeapWalk. We may wish to extend it further.

[compnerd]

This should be conditional on when the platform is Windows.

[compnerd]

Missing copyright header.

[compnerd]

We should follow LLVM style, perhaps clang-format the file?

[compnerd]

We are in C++, so prefer to use delete[] and new[].

[compnerd]

Custom deleter with std::unique_ptr should avoid this right?

[compnerd]

How about extracting these constants from the C++ side into a C-only header and then using a module to share the constants across the C++ and Swift sides?

[compnerd]

Hmm, if we use the bundle, that makes deploying this a bit more difficult as that has requirements on the layout.

[compnerd]

I think that I would prefer using MemoryLayout rather than the hardcoded 2.

[hjyamauchi]

The latest revision should address all the comments.

[tristanlabelle]

Mind-blowing! It'd be great if the code could be broken up into a few functions so that the high-level logic can be read more easily.

[hjyamauchi]

@compnerd Can you take another look?

[compnerd]

This is unsafe. We have a path limitation to 261 characters. We absolutely need to do this inside the closure to ensure that we have a NT-style path ...

URL(fileURLWithPath: swiftInspectPath)
        .deletingLastPathComponent()
        .appendingPathComponent("SwiftInspectClient.dll")
        .withUnsafeFileSystemRepresentation {
  #"\\?\\#(String(decodingCString: $0!, as: UTF16.self))"#.withCString(encodedAs: UTF16.self) {
    let faAttributes: WIN32_FILE_ATTRIBUTE_DATA = .init()
    guard GetFileAttributesExW($0, GetFileExInfoStandard, &faAttributes),
          faAttributes.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT == 0 else {
      return nil
    }

    let szLength = SIZE_T(_wcslen($0) + 1)
    guard let allocation = VirtualAllocEx(self.process, nil, szLength,
                                          DWORD(MEM_COMIT), DWORD(PAGE_READWRITE)) else {
      return nil
    }

    if !WriteProcessMemory(self.process, allocation, $0, szLength, nil) {
      VirtualFreeEx(self.process, allocation, 0, DWORD(MEM_RELEASE)
      return nil
    }

    return allocation
  }
}

[hjyamauchi]

Done. Can you elaborate? I understand there's a path limitation. What's a NT-style path? And how does using a closure ensure it? Or what did the original code do wrong?

[compnerd]

The \\?\ prefix creates a NT-style path. It is a path that bypasses the Win32 layer and goes into the kernel namespace, which allows it to bypass the 261 character limitation. The closure doesn't do that, its the interior string construction which does that. The problem is that the path must be normalised first as the normalization is something that the Win32 layer normally handles. Due to the memory handling in Foundation, we need to use a closure (withUnsafeFileSystemRepresentation). That mostly normalizes the path, and then we can create the long path.

[compnerd]

Was this formatted by swift-format?

[hjyamauchi]

Is there a swift-format config file that's used for the existing code? If I run it with its default config, it'd change the lines that aren't touched by this PR. Any preference?

[compnerd]

I don't think that I had saved it ... the default sounds like a good idea though. I think that there may be a few places where it will break before the first parameter which is probably the only divergence the existing code has.

[compnerd]

Is this formatted via swift-format?

[hjyamauchi]

see above

[compnerd]

This seems unnecessary. It resolves to the local function LoadLibraryW, so why do the dynamic lookup?

[hjyamauchi]

Casting the local function pointer LoadLibraryW to UnsafeMutableRawPointer or LPTHREAD_START_ROUTINE doesn't seem to work with Swift/Builtin.swift:95: Fatal error: Can't unsafeBitCast between types of different sizes. How?

[compnerd]

let lpfnLoadLibraryW: @convention(c) (LPCWSTR?) -> HMODULE? = LoadLibraryW
_ = unsafeBitCast(lpfnLoadLibraryW, to: LPTHREAD_START_ROUTINE.self)

I imagine you can even combine the two lines.

[CodaFi]

I’m no expert in win32, but this looks pretty good. I guess my gut reaction reading all of this is that anything that touches HeapLock needs documentation about avoiding further dynamic allocations until the lock is dropped. It’s so easy to re-enter the allocator holding this thing.

[compnerd]

Should this be checking for INVALID_HANDLE_VALUE?

[hjyamauchi]

As I understand, INVALID_HANDLE_VALUE != NULL and the APIs that we use here returns NULL on failures.

[compnerd]

Correct, the values are different. I'm worried that we might try to do a CloseHandle on INVALID_HANDLE_VALUE as that is not being checked.

[hjyamauchi]

Done

[compnerd]

Why is the unsafeBitCast needed here?

[hjyamauchi]

A cast from UnsafePointer<Int8> to UnsafePointer<UInt8> needed here

[compnerd]

Is might need to be $0.baseAddress.

[hjyamauchi]

That doesn't seem to work.

S:\SourceCache\swift\tools\swift-inspect\Sources\swift-inspect\WindowsRemoteProcess.swift:421:45: error: value of type 'UnsafePointer<Int8>?' has no member 'baseAddress'
        #"\\?\\#(String(decodingCString: $0.baseAddress, as: UTF8.self))"#
                                         ~~ ^~~~~~~~~~~

S:\SourceCache\swift\tools\swift-inspect\Sources\swift-inspect\WindowsRemoteProcess.swift:421:46: error: value of type 'UnsafePointer<Int8>' has no member 'baseAddress'
        #"\\?\\#(String(decodingCString: $0!.baseAddress, as: UTF8.self))"#

[compnerd]

I don't think that I had saved it ... the default sounds like a good idea though. I think that there may be a few places where it will break before the first parameter which is probably the only divergence the existing code has.

[compnerd]

Similar to above for LoadLibraryW, we can probably avoid the dynamic resolution of FreeLibrary.

[hjyamauchi]

    let lpfnFreeLibrary:  (HMODULE?) -> Bool = FreeLibrary
    let unloadHookAddr = unsafeBitCast(lpfnFreeLibrary, to: LPTHREAD_START_ROUTINE.self)

causes a runtime cast failure

Swift/Builtin.swift:95: Fatal error: Can't unsafeBitCast between types of different sizes
Current stack trace:
0    (null)                             0x00007fffb7581100 swift_stdlib_reportFatalErrorInFile + 132

I'm not sure why this one doesn't work when the LoadLibraryW one worked

[hjyamauchi]

Addressed the comments except for the embedding the dll into the executable thing. I imagine that we need to write a windows program that adds the dll as a resource into the executable and run it as part of the swift-inspect build process. How do I do that? Any examples?

[compnerd]

This is nearly ready! I think that the question around the invocation of FreeLibrary is something we need to think through, but the rest is looking really good!

[compnerd]

Is this correct? This is using the address of Kernel32.FreeLibrary in the swift-inspect process but invoking it in the remote process, which is not guaranteed to be loaded at the same address right? I don't think that this is safe to do. We need to have the function be bound in the process. The simplest way to do this is to have a secondary entry point that we can invoke in the injected module that can unload itself.

[hjyamauchi]

I think that kernel32 is special and guaranteed to be loaded at the same address across processes.

https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-entry-point-function

Because Kernel32.dll is guaranteed to be loaded in the process address space when the entry-point function is called...

[compnerd]

I'm not sure I read it the same way - it is that it is loaded before the entry point executes, it doesn't guarantee that the module is loaded at the same address, ASLR can relocate the base address.

[hjyamauchi]

Yeah, thatwas a misquote, sorry.

I'm reading that kernel32 is loaded at the same address across processes, however. For example, http://www.nynaeve.net/?p=198

Isn't that assumed and necessary when we call LoadLibraryW earlier?

[compnerd]

Yes, that is a mistake as well. Discussed this offline, and we will use the toolhelp32 to snapshot and find the HMODULE associated with kernel32.dll in the image and use GetProcAddress to get the proper location.

[hjyamauchi]

PTAL

[hjyamauchi]

Updated to get the remote LoadLibraryW/FreeLibrary addresses from the module snapshot and GetProcAddress() and no to rely on them being at the same addresses across processes.

[compnerd]

@swift-ci please test