Closed
Bug 1157382
Opened 9 years ago
Closed 9 years ago
TSan: data race js/src/jsgc.cpp:442 ArenaHeader::unmarkAll
Categories
(Core :: JavaScript: GC, defect)
Tracking
()
RESOLVED
FIXED
mozilla40
Tracking | Status | |
---|---|---|
firefox40 | --- | fixed |
People
(Reporter: froydnj, Assigned: jonco)
References
(Blocks 1 open bug)
Details
(Whiteboard: [tsan])
Attachments
(2 files)
20.66 KB,
text/plain
|
Details | |
2.28 KB,
patch
|
terrence
:
review+
|
Details | Diff | Splinter Review |
The attached logfile shows a thread/data race detected by TSan (ThreadSanitizer). * Specific information about this bug This race happens because we're touching an arena's bitmap on multiple threads without locking. I think this is similar to bug 1120579, and bug 1120579 comment 2 contains pertinent information. Would still be good to figure out some way to convince TSan that we know what we're doing *if* there's not an actual race here. * General information about TSan, data races, etc. Typically, races reported by TSan are not false positives, but it is possible that the race is benign. Even in this case though, we should try to come up with a fix unless this would cause unacceptable performance issues. Also note that seemingly benign races can possibly be harmful (also depending on the compiler and the architecture) [1][2]. If the bug cannot be fixed, then this bug should be used to either make a compile-time annotation for blacklisting or add an entry to the runtime blacklist. [1] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong [2] _How to miscompile programs with "benign" data races_: https://www.usenix.org/legacy/events/hotpar11/tech/final_files/Boehm.pdf
Assignee | ||
Comment 1•9 years ago
|
||
The race is between unmarkAll() and a worker getting the grey mark state on a jsid, so I'm guess this is because the worker is looking at an atom that's on a different runtime. Here's a patch to check for this in GCThingIsMarkedGray().
Assignee: nobody → jcoppeard
Attachment #8602216 -
Flags: review?(terrence)
Comment 2•9 years ago
|
||
Comment on attachment 8602216 [details] [diff] [review] bug1157382-cell-marked-gray-race Review of attachment 8602216 [details] [diff] [review]: ----------------------------------------------------------------- Good find!
Attachment #8602216 -
Flags: review?(terrence) → review+
Comment 3•9 years ago
|
||
FWIW, strings should never be marked gray. Though I'm not sure how much we enforce that.
Comment 4•9 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #3) > FWIW, strings should never be marked gray. Though I'm not sure how much we > enforce that. That said, at a glance this method is only called by CC tracing goop, so nothing particularly performance sensitive.
https://hg.mozilla.org/mozilla-central/rev/f15de6365040
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox40:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
You need to log in
before you can comment on or make changes to this bug.
Description
•