1141593 - TSan: data race js/public/HeapApi.h:124 needsIncrementalBarrier (reported as ../../dist/include/js/HeapAPI.h)

Status: RESOLVED DUPLICATE of bug 1664535

(Core :: JavaScript: GC, defect)

Description

[Nathan Froyd [:froydnj]]

Attachment: needs-incremental-barrier-race.txt

The attached logfile shows a thread/data race detected by TSan (ThreadSanitizer).

* Specific information about this bug

Apologies for the unavailability of the stack for the writing side of the race.  We're racing on Zone::needsIncrementalBarrier_, which I assume is getting written from JIT code...but I don't see obvious places where it'd be getting written by JIT code, only read.  So I'm a bit in the dark here.

* General information about TSan, data races, etc.

Typically, races reported by TSan are not false positives, but it is possible that the race is benign. Even in this case though, we should try to come up with a fix unless this would cause unacceptable performance issues. Also note that seemingly benign races can possibly be harmful (also depending on the compiler and the architecture) [1][2].

If the bug cannot be fixed, then this bug should be used to either make a compile-time annotation for blacklisting or add an entry to the runtime blacklist.

[1] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong
[2] _How to miscompile programs with "benign" data races_: https://www.usenix.org/legacy/events/hotpar11/tech/final_files/Boehm.pdf

Comment 1

[Nathan Froyd [:froydnj]]

FWIW, I see similar races on Runtime::needsIncrementalBarrier_; those races appear to be more amenable to having full stacks captured.  I'll see if I can get a decent trace for those on a current version and file a separate bug for that.

Comment 2

[Nathan Froyd [:froydnj]]

Attachment: needs-incremental-barrier-complete.txt

Here's a file with complete stacks on the writing side.

Comment 3

[Kris Wright :KrisWright]

The modern version of this bug is bug 1664535.