ASSERTs on receiving nudges on Windows

The client.nudge_test hits multiple problems, including these two asserts:

ASSERT in ntdll_redir in infloop on nudge => relax for nudge thread; actually I undid this after the next assert was fixed to not swap state

The app exits b/c of this:

thank you for testing the client interface
nudge delivered 10
<Application D:\derek\dr\git\build_x86_dbg_tests\suite\tests\bin\win32.infloop.exe (10796).  Internal Error: DynamoRIO debug check failure: D:\derek\dr\git\src\core\win32\drwinapi\ntdll_redir.c:263 !dynamo_initialized || dynamo_exited || standalone_library || get_thread_private_dcontext() == NULL || !os_using_app_state(get_thread_private_dcontext())
(Error occurred @1149 frags)

It's non-det: not every run. Caught it:

04 014dfa28 5ad5c713 dynamorio!report_dynamorio_problem+0x5a1 [d:\derek\dr\git\src\core\utils.c @ 2255] 
05 014dfb5c 5afa0292 dynamorio!d_r_internal_error+0x133 [d:\derek\dr\git\src\core\utils.c @ 176] 
06 014dfb7c 5af9f33c dynamorio!redirect_heap_call+0x62 [d:\derek\dr\git\src\core\win32\drwinapi\ntdll_redir.c @ 261] 
07 014dfb88 5afa1644 dynamorio!redirect_RtlValidateHeap+0xc [d:\derek\dr\git\src\core\win32\drwinapi\ntdll_redir.c @ 437] 
08 014dfb9c 6dc4706b dynamorio!redirect_HeapValidate+0x14 [d:\derek\dr\git\src\core\win32\drwinapi\kernel32_mem.c @ 172] 
09 014dfbb0 6dc45c7e client_nudge_test_dll!_CrtIsValidHeapPointer+0x2b [minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 1407] 
0a 014dfbc8 6dc4765c client_nudge_test_dll!free_dbg_nolock+0xce [minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 904] 
0b 014dfc08 6dc42dcf client_nudge_test_dll!_free_dbg+0x7c [minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 1030] 
0c 014dfc18 6dc42e2f client_nudge_test_dll!__vcrt_freefls+0x1f [f:\dd\vctools\crt\vcruntime\src\internal\per_thread_data.cpp @ 195] 
0d 014dfc2c 6dc4283a client_nudge_test_dll!__vcrt_freeptd+0x4f [f:\dd\vctools\crt\vcruntime\src\internal\per_thread_data.cpp @ 186] 
0e 014dfc38 6dc4196d client_nudge_test_dll!__vcrt_thread_detach+0xa [f:\dd\vctools\crt\vcruntime\src\internal\initialization.cpp @ 117] 
0f 014dfc40 6dc4110c client_nudge_test_dll!__scrt_dllmain_crt_thread_detach+0xd [f:\dd\vctools\crt\vcstartup\src\utility\utility.cpp @ 455] 
10 014dfc50 6dc4148b client_nudge_test_dll!dllmain_crt_dispatch+0x5c [f:\dd\vctools\crt\vcstartup\src\startup\dll_dllmain.cpp @ 140] 
11 014dfc94 6dc4156f client_nudge_test_dll!dllmain_dispatch+0x10b [f:\dd\vctools\crt\vcstartup\src\startup\dll_dllmain.cpp @ 211] 
12 014dfca8 5af974de client_nudge_test_dll!_DllMainCRTStartup+0x1f [f:\dd\vctools\crt\vcstartup\src\startup\dll_dllmain.cpp @ 252] 
13 014dfd98 5ae434bd dynamorio!privload_call_entry+0x7ee [d:\derek\dr\git\src\core\win32\loader.c @ 1498] 
14 014dfdb0 5ae4204c dynamorio!privload_call_entry_if_not_yet+0x7d [d:\derek\dr\git\src\core\loader_shared.c @ 123] 
15 014dfdc8 5acad24a dynamorio!loader_thread_exit+0x5c [d:\derek\dr\git\src\core\loader_shared.c @ 314] 
16 014dfe3c 5ac9e7ef dynamorio!dynamo_thread_exit_common+0x3da [d:\derek\dr\git\src\core\dynamo.c @ 2578] 
17 014dfe58 5af07c51 dynamorio!dynamo_thread_exit+0x1f [d:\derek\dr\git\src\core\dynamo.c @ 2684] 
18 014dfe98 5af22c02 dynamorio!cleanup_and_terminate+0x4d [D:\derek\dr\git\build_x86_dbg_tests\core\CMakeFiles\dynamorio.dir\arch\x86\x86.asm.obj.s @ 2032] 
19 014dfeb0 5ae38f89 dynamorio!os_terminate+0x12 [d:\derek\dr\git\src\core\win32\os.c @ 1627] 
1a 014dfed0 5ae38e03 dynamorio!nudge_thread_cleanup+0x179 [d:\derek\dr\git\src\core\nudge.c @ 185] 
1b 014dff38 25c79a5b dynamorio!generic_nudge_handler+0x413 [d:\derek\dr\git\src\core\nudge.c @ 275] 

I thought we'd just be calling os_thread_under_dynamo() too early: but the Windows version, unlike UNIX, does not call os_swap_context()! Weird. Instead various routines call swap_peb_pointer() directly: including nudge_thread_cleanup().

ASSERT in infloop in tls cleanup post-nudge => swapping peb pointer too early

nudge delivered 10
<Application D:\derek\dr\git\build_x86_dbg_tests\suite\tests\bin\win32.infloop.exe (12636).  Internal Error: DynamoRIO debug check failure: D:\derek\dr\git\src\core\win32\loader.c:1450 tls_array_count > opd->tls_idx && tls_array != NULL
(Error occurred @42071 frags)
version 7.91.18294, custom build

Looks like a dynamically loaded lib w/ static TLS, which we don't support, but that's after a dbgcrt assert is raised on a free:

05 050f500c 5af96e5a dynamorio!d_r_internal_error(char * file = 0x5b09ba88 "D:\derek\dr\git\src\core\win32\loader.c", int line = 0n1450, char * expr = 0x5b09c854 "tls_array_count > opd->tls_idx && tls_array != NULL")+0x133 [d:\derek\dr\git\src\core\utils.c @ 176] 
06 050f50fc 5ae434bd dynamorio!privload_call_entry(struct _dcontext_t * dcontext = 0x1c146d40, struct _privmod_t * privmod = 0x1c095e98, unsigned int reason = 1)+0x16a [d:\derek\dr\git\src\core\win32\loader.c @ 1450] 
07 050f5114 5ae432e0 dynamorio!privload_call_entry_if_not_yet(struct _dcontext_t * dcontext = 0x1c146d40, struct _privmod_t * privmod = 0x1c095e98, int reason = 0n1)+0x7d [d:\derek\dr\git\src\core\loader_shared.c @ 123] 
08 050f5130 5ae42510 dynamorio!privload_load_finalize(struct _dcontext_t * dcontext = 0x1c146d40, struct _privmod_t * privmod = 0x1c095e98)+0xa0 [d:\derek\dr\git\src\core\loader_shared.c @ 845] 
09 050f5164 5af9a8fc dynamorio!privload_load(char * filename = 0x5b0fa910 "C:\WINDOWS/system32/msvcrt.dll", struct _privmod_t * dependent = 0x1c095c90, char client = 0n0 '')+0x320 [d:\derek\dr\git\src\core\loader_shared.c @ 701] 
0a 050f5184 5af9bb1e dynamorio!privload_locate_and_load(char * impname = 0x02cdb3e2 "msvcrt.dll", struct _privmod_t * dependent = 0x1c095c90, char reachable = 0n0 '')+0x24c [d:\derek\dr\git\src\core\win32\loader.c @ 1875] 
0b 050f51ac 5af97b61 dynamorio!privload_lookup_locate_and_load(char * name = 0x02cdb3e2 "msvcrt.dll", struct _privmod_t * name_dependent = 0x1c095c90, struct _privmod_t * load_dependent = 0x1c095c90, char inc_refcnt = 0n1 '', char reachable = 0n0 '')+0x19e [d:\derek\dr\git\src\core\win32\loader.c @ 1148] 
0c 050f51f4 5ae431bd dynamorio!privload_process_imports(struct _privmod_t * mod = 0x1c095c90)+0x271 [d:\derek\dr\git\src\core\win32\loader.c @ 1221] 
0d 050f5208 5ae424ea dynamorio!privload_load_process(struct _privmod_t * privmod = 0x1c095c90)+0xad [d:\derek\dr\git\src\core\loader_shared.c @ 827] 
0e 050f5238 5af9a8fc dynamorio!privload_load(char * filename = 0x5b0fa910 "C:\WINDOWS/system32/msvcrt.dll", struct _privmod_t * dependent = 0x00000000, char client = 0n0 '')+0x2fa [d:\derek\dr\git\src\core\loader_shared.c @ 695] 
0f 050f5258 5af9bb1e dynamorio!privload_locate_and_load(char * impname = 0x5b09d854 "kernel.appcore.dll", struct _privmod_t * dependent = 0x00000000, char reachable = 0n0 '')+0x24c [d:\derek\dr\git\src\core\win32\loader.c @ 1875] 
10 050f5280 5af9672e dynamorio!privload_lookup_locate_and_load(char * name = 0x050f52c4 "api-ms-win-appmodel-runtime-l1-1-2.dll", struct _privmod_t * name_dependent = 0x00000000, struct _privmod_t * load_dependent = 0x00000000, char inc_refcnt = 0n1 '', char reachable = 0n0 '')+0x19e [d:\derek\dr\git\src\core\win32\loader.c @ 1148] 
11 050f52a4 5ae41b7f dynamorio!privload_load_private_library(char * name = 0x050f52c4 "api-ms-win-appmodel-runtime-l1-1-2.dll", char reachable = 0n0 '')+0x2e [d:\derek\dr\git\src\core\win32\loader.c @ 1163] 
12 050f52b4 5afa145d dynamorio!locate_and_load_private_library(char * name = 0x050f52c4 "api-ms-win-appmodel-runtime-l1-1-2.dll", char reachable = 0n0 '')+0x1f [d:\derek\dr\git\src\core\loader_shared.c @ 344] 
13 050f53d0 5afa1323 dynamorio!helper_LoadLibrary(char * name = 0x050f52c4 "api-ms-win-appmodel-runtime-l1-1-2.dll")+0x10d [d:\derek\dr\git\src\core\win32\drwinapi\kernel32_lib.c @ 146] 
14 050f54e4 5afa134c dynamorio!redirect_LoadLibraryW(wchar_t * name = 0x721b02a8 "api-ms-win-appmodel-runtime-l1-1-2")+0xe3 [d:\derek\dr\git\src\core\win32\drwinapi\kernel32_lib.c @ 183] 
15 050f54f0 721938d7 dynamorio!redirect_LoadLibraryExW(wchar_t * name = 0x721b02a8 "api-ms-win-appmodel-runtime-l1-1-2", void * reserved = 0x00000000, unsigned long flags = 0x800)+0xc [d:\derek\dr\git\src\core\win32\drwinapi\kernel32_lib.c @ 198] 
16 050f5508 721937b9 client_nudge_test_dll!try_load_library_from_system_directory(wchar_t * name = 0x721b02a8 "api-ms-win-appmodel-runtime-l1-1-2")+0x17 [minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp @ 219] 
17 050f5524 7219360c client_nudge_test_dll!try_get_module(`anonymous-namespace'::module_id id = api_ms_win_appmodel_runtime_l1_1_2 (0n18))+0x49 [minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp @ 258] 
18 050f5538 72193893 client_nudge_test_dll!try_get_first_available_module(`anonymous-namespace'::module_id * first = 0x721b049c, `anonymous-namespace'::module_id * last = 0x721b04a0)+0x2c [minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp @ 291] 
19 050f554c 72193687 client_nudge_test_dll!try_get_proc_address_from_first_available_module(char * name = 0x721b04a0 "AppPolicyGetShowDeveloperDiagnostic", `anonymous-namespace'::module_id * first_module_id = 0x721b049c, `anonymous-namespace'::module_id * last_module_id = 0x721b04a0)+0x13 [minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp @ 309] 
1a 050f5570 7219341b client_nudge_test_dll!try_get_function(`anonymous-namespace'::function_id id = AppPolicyGetShowDeveloperDiagnostic_id (0n30), char * name = 0x721b04a0 "AppPolicyGetShowDeveloperDiagnostic", `anonymous-namespace'::module_id * first_module_id = 0x721b049c, `anonymous-namespace'::module_id * last_module_id = 0x721b04a0)+0x57 [minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp @ 346] 
1b 050f5588 721939c7 client_nudge_test_dll!try_get_AppPolicyGetShowDeveloperDiagnostic(void)+0x1b [minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp @ 397] 
1c 050f559c 72190e8e client_nudge_test_dll!__acrt_AppPolicyGetShowDeveloperDiagnosticInternal(AppPolicyShowDeveloperDiagnostic * policy = 0x050f55b8)+0x17 [minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp @ 791] 
1d 050f55a8 72190d46 client_nudge_test_dll!`__acrt_get_developer_information_policy'::`2'::developer_information_policy_properties::appmodel_get_policy(AppPolicyShowDeveloperDiagnostic * appmodelPolicy = 0x050f55b8)+0xe [minkernel\crts\ucrt\src\appcrt\internal\win_policies.cpp @ 143] 
1e 050f55c4 72190f3c client_nudge_test_dll!get_cached_win_policy<`__acrt_get_developer_information_policy'::`2'::developer_information_policy_properties>(AppPolicyShowDeveloperDiagnostic defaultValue = AppPolicyShowDeveloperDiagnostic_ShowUI (0n1))+0x46 [minkernel\crts\ucrt\src\appcrt\internal\win_policies.cpp @ 44] 
1f 050f55d0 7219a20d client_nudge_test_dll!__acrt_get_developer_information_policy(void)+0xc [minkernel\crts\ucrt\src\appcrt\internal\win_policies.cpp @ 146] 
20 050f55f0 7219a316 client_nudge_test_dll!common_show_message_box<wchar_t>(wchar_t * text = 0x050f5680 "Debug Assertion Failed!..Program: 㩄摜牥步摜屲楧屴畢汩彤㡸弶扤彧整瑳屳畳瑩履整瑳屳楢屮汣敩瑮渮摵敧瑟獥???", wchar_t * caption = 0x721af750 "Microsoft Visual C++ Runtime Library", unsigned int type = 0x12012)+0x6d [minkernel\crts\ucrt\src\appcrt\misc\crtmbox.cpp @ 58] 
21 050f5604 7218fe88 client_nudge_test_dll!__acrt_show_wide_message_box(wchar_t * text = 0x050f5680 "Debug Assertion Failed!..Program: 㩄摜牥步摜屲楧屴畢汩彤㡸弶扤彧整瑳屳畳瑩履整瑳屳楢屮汣敩瑮渮摵敧瑟獥???", wchar_t * caption = 0x721af750 "Microsoft Visual C++ Runtime Library", unsigned int type = 0x12012)+0x16 [minkernel\crts\ucrt\src\appcrt\misc\crtmbox.cpp @ 93] 
22 050f7890 72190112 client_nudge_test_dll!common_message_window<wchar_t>(int report_type = 0n2, void * return_address = 0x72185ced, wchar_t * file_name = 0x721ac100 "minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp", wchar_t * line_number = 0x050fa94c "908", wchar_t * module_name = 0x00000000 "", wchar_t * user_message = 0x050f794c "is_block_type_valid(header->_block_use)")+0x488 [minkernel\crts\ucrt\src\appcrt\misc\dbgrpt.cpp @ 409] 
23 050f78b0 7219a075 client_nudge_test_dll!__acrt_MessageWindowW(int report_type = 0n2, void * return_address = 0x72185ced, wchar_t * file_name = 0x721ac100 "minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp", wchar_t * line_number = 0x050fa94c "908", wchar_t * module_name = 0x00000000 "", wchar_t * user_message = 0x050f794c "is_block_type_valid(header->_block_use)")+0x22 [minkernel\crts\ucrt\src\appcrt\misc\dbgrpt.cpp @ 464] 
24 050ff968 721900a4 client_nudge_test_dll!_VCrtDbgReportW(int nRptType = 0n2, void * returnAddress = 0x72185ced, wchar_t * szFile = 0x721ac100 "minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp", int nLine = 0n908, wchar_t * szModule = 0x00000000 "", wchar_t * szFormat = 0x721aba48 "%ls", char * arglist = 0x050ff9b0 "")+0x985 [minkernel\crts\ucrt\src\appcrt\misc\dbgrptt.cpp @ 673] 
25 050ff994 72185ced client_nudge_test_dll!_CrtDbgReportW(int report_type = 0n2, wchar_t * file_name = 0x721ac100 "minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp", int line_number = 0n908, wchar_t * module_name = 0x00000000 "", wchar_t * format = 0x721aba48 "%ls")+0x34 [minkernel\crts\ucrt\src\appcrt\misc\dbgrpt.cpp @ 278] 
26 050ff9c0 7218765c client_nudge_test_dll!free_dbg_nolock(void * block = 0x00f366b8, int block_use = 0n2)+0x13d [minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 908] 
27 050ffa00 72182dcf client_nudge_test_dll!_free_dbg(void * block = 0x00f366b8, int block_use = 0n2)+0x7c [minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 1030] 
28 050ffa10 72182e2f client_nudge_test_dll!__vcrt_freefls(void * pfd = 0x00f366b8)+0x1f [f:\dd\vctools\crt\vcruntime\src\internal\per_thread_data.cpp @ 195] 
29 050ffa24 7218283a client_nudge_test_dll!__vcrt_freeptd(struct __vcrt_ptd * ptd = 0x00000000)+0x4f [f:\dd\vctools\crt\vcruntime\src\internal\per_thread_data.cpp @ 186] 
2a 050ffa30 7218196d client_nudge_test_dll!__vcrt_thread_detach(void)+0xa [f:\dd\vctools\crt\vcruntime\src\internal\initialization.cpp @ 117] 
2b 050ffa38 7218110c client_nudge_test_dll!__scrt_dllmain_crt_thread_detach(void)+0xd [f:\dd\vctools\crt\vcstartup\src\utility\utility.cpp @ 455] 
2c 050ffa48 7218148b client_nudge_test_dll!dllmain_crt_dispatch(struct HINSTANCE__ * instance = 0x72180000, unsigned long reason = 3, void * reserved = 0x00000000)+0x5c [f:\dd\vctools\crt\vcstartup\src\startup\dll_dllmain.cpp @ 140] 
2d 050ffa8c 7218156f client_nudge_test_dll!dllmain_dispatch(struct HINSTANCE__ * instance = 0x72180000, unsigned long reason = 3, void * reserved = 0x00000000)+0x10b [f:\dd\vctools\crt\vcstartup\src\startup\dll_dllmain.cpp @ 211] 
2e 050ffaa0 5af974de client_nudge_test_dll!_DllMainCRTStartup(struct HINSTANCE__ * instance = 0x72180000, unsigned long reason = 3, void * reserved = 0x00000000)+0x1f [f:\dd\vctools\crt\vcstartup\src\startup\dll_dllmain.cpp @ 252] 
2f 050ffb90 5ae434bd dynamorio!privload_call_entry(struct _dcontext_t * dcontext = 0x1c146d40, struct _privmod_t * privmod = 0x1c0ca950, unsigned int reason = 3)+0x7ee [d:\derek\dr\git\src\core\win32\loader.c @ 1498] 
30 050ffba8 5ae4204c dynamorio!privload_call_entry_if_not_yet(struct _dcontext_t * dcontext = 0x1c146d40, struct _privmod_t * privmod = 0x1c0ca950, int reason = 0n3)+0x7d [d:\derek\dr\git\src\core\loader_shared.c @ 123] 
31 050ffbc0 5acad24a dynamorio!loader_thread_exit(struct _dcontext_t * dcontext = 0x1c146d40)+0x5c [d:\derek\dr\git\src\core\loader_shared.c @ 314] 
32 050ffc34 5ac9e7ef dynamorio!dynamo_thread_exit_common(struct _dcontext_t * dcontext = 0x1c146d40, unsigned int id = 0x49e0, char detach_stacked_callbacks = 0n0 '', char other_thread = 0n0 '')+0x3da [d:\derek\dr\git\src\core\dynamo.c @ 2578] 
33 050ffc50 5af07c51 dynamorio!dynamo_thread_exit(void)+0x1f [d:\derek\dr\git\src\core\dynamo.c @ 2684] 
34 050ffc90 5af22c02 dynamorio!cleanup_and_terminate(void)+0x4d [D:\derek\dr\git\build_x86_dbg_tests\core\CMakeFiles\dynamorio.dir\arch\x86\x86.asm.obj.s @ 2032] 
35 050ffca8 5ae38f89 dynamorio!os_terminate(struct _dcontext_t * dcontext = 0xe82c7400, terminate_flags_t terminate_type = 0n-1494217 (No matching enumerant))+0x12 [d:\derek\dr\git\src\core\win32\os.c @ 1627] 
36 050ffcc8 5ae38e03 dynamorio!nudge_thread_cleanup(struct _dcontext_t * dcontext = 0x1c146d40, char exit_process = 0n0 '', unsigned int exit_code = 0)+0x179 [d:\derek\dr\git\src\core\nudge.c @ 185] 
37 050ffd30 1c742b7b dynamorio!generic_nudge_handler(struct nudge_arg_t * arg_dont_use = 0x00ef0000)+0x413 [d:\derek\dr\git\src\core\nudge.c @ 275] 
0:004> du 50f5680 
050f5680  "Debug Assertion Failed!..Program"
050f56c0  ": 㩄摜牥步摜屲楧屴畢汩彤㡸弶扤彧整瑳屳畳瑩履整瑳屳楢屮汣敩瑮渮"
050f5700  "摵敧瑟獥.汤.汤l.File: minkernel\crts\u"
050f5740  "crt\src\appcrt\heap\debug_heap.c"
050f5780  "pp.Line: 908..Expression: is_blo"
050f57c0  "ck_type_valid(header->_block_use"
050f5800  ")..For information on how your p"
050f5840  "rogram can cause an assertion.fa"
050f5880  "ilure, see the Visual C++ docume"
050f58c0  "ntation on asserts...(Press Retr"
050f5900  "y to debug the application)."

Should the nudge thread be calling DllMain routines?? I guess a client lib's nudge handler could depend on static TLS, or call a privlib that does.

Looks like nudge threads do regular thread init so the DllMain for thread init should have been called. Maybe the problem is we've swapped privlib state too early. Indeed: removing the swap fixes it.