Closed Bug 1156891 Opened 9 years ago Closed 9 years ago

TSan: data race libstagefright/stubs/include/cutils/atomic.h:23 stagefright::android_atomic_inc(int volatile*)

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla40
Tracking Flags:
Tracking Status
firefox40 --- fixed

People

(Reporter: froydnj, Assigned: jya)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tsan])

Attachments

(2 files)

libstagefright-atomic-race.txt
22.98 KB, text/plain
Details
Disable use of stagefright::String8::clear
2.43 KB, patch
ajones
: review+
Details | Diff | Splinter Review 
The attached logfile shows a thread/data race detected by TSan (ThreadSanitizer).

* Specific information about this bug

The implementation of the stagefright::android_atomic_* functions is completely bogus, substituting operations on |volatile T*| for real atomic operations.  At least the source code owns up to this:

http://mxr.mozilla.org/mozilla-central/source/media/libstagefright/stubs/include/cutils/atomic.h#9

It looks like we import this from upstream?  Is there a good way to convince them to fix this?

* General information about TSan, data races, etc.

Typically, races reported by TSan are not false positives, but it is possible that the race is benign. Even in this case though, we should try to come up with a fix unless this would cause unacceptable performance issues. Also note that seemingly benign races can possibly be harmful (also depending on the compiler and the architecture) [1][2].

If the bug cannot be fixed, then this bug should be used to either make a compile-time annotation for blacklisting or add an entry to the runtime blacklist.

[1] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong
[2] _How to miscompile programs with "benign" data races_: https://www.usenix.org/legacy/events/hotpar11/tech/final_files/Boehm.pdf
I can't think of a case where libstagefright would be used from two concurrent threads at once. 

We only use stagefright to read the metadata and this is always done on the media task queue
ThreadSanitizer is a dynamic analysis, so this is in fact happening in some test case.  It looks like the writes are happening in threads named "Media P~back #4" and "Media P~back #3".
Could have just removed all that code alltogether as we don't care about the creation date anyway.
Attachment #8596989 - Flags: review?(ajones)
Assignee: nobody → jyavenard
Status: NEW → ASSIGNED
Attachment #8596989 - Flags: review?(ajones) → review+
https://hg.mozilla.org/mozilla-central/rev/d83ea2eed9d8
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox40: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: