Closed Bug 1157382 Opened 9 years ago Closed 9 years ago

TSan: data race js/src/jsgc.cpp:442 ArenaHeader::unmarkAll

Categories

(Core :: JavaScript: GC, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla40
Tracking Status
firefox40 --- fixed

People

(Reporter: froydnj, Assigned: jonco)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tsan])

Attachments

(2 files)

Attached file unmarkall-race.txt
The attached logfile shows a thread/data race detected by TSan (ThreadSanitizer).

* Specific information about this bug

This race happens because we're touching an arena's bitmap on multiple threads without locking.  I think this is similar to bug 1120579, and bug 1120579 comment 2 contains pertinent information.  Would still be good to figure out some way to convince TSan that we know what we're doing *if* there's not an actual race here.

* General information about TSan, data races, etc.

Typically, races reported by TSan are not false positives, but it is possible that the race is benign. Even in this case though, we should try to come up with a fix unless this would cause unacceptable performance issues. Also note that seemingly benign races can possibly be harmful (also depending on the compiler and the architecture) [1][2].

If the bug cannot be fixed, then this bug should be used to either make a compile-time annotation for blacklisting or add an entry to the runtime blacklist.

[1] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong
[2] _How to miscompile programs with "benign" data races_: https://www.usenix.org/legacy/events/hotpar11/tech/final_files/Boehm.pdf
The race is between unmarkAll() and a worker getting the grey mark state on a jsid, so I'm guess this is because the worker is looking at an atom that's on a different runtime.

Here's a patch to check for this in GCThingIsMarkedGray().
Assignee: nobody → jcoppeard
Attachment #8602216 - Flags: review?(terrence)
Comment on attachment 8602216 [details] [diff] [review]
bug1157382-cell-marked-gray-race

Review of attachment 8602216 [details] [diff] [review]:
-----------------------------------------------------------------

Good find!
Attachment #8602216 - Flags: review?(terrence) → review+
FWIW, strings should never be marked gray.  Though I'm not sure how much we enforce that.
(In reply to Andrew McCreight [:mccr8] from comment #3)
> FWIW, strings should never be marked gray.  Though I'm not sure how much we
> enforce that.

That said, at a glance this method is only called by CC tracing goop, so nothing particularly performance sensitive.
https://hg.mozilla.org/mozilla-central/rev/f15de6365040
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
You need to log in before you can comment on or make changes to this bug.