Bug in RegionLock::acquire()

RESOLVED FIXED in Firefox 43

Status

()

defect
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: lth, Assigned: lth)

Tracking

(Blocks 1 bug)

unspecified
mozilla43
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox43 fixed)

Details

Attachments

(2 attachments)

Assignee

Description

4 years ago
On most platforms this primitive uses a compareExchange in a loop.  When used with GCC __atomic operations (the default most places) or with C11 atomics the atomic_compare_exchange primitive will update the "expected" variable if the CAS fails.  This will break the algorithm; the "expected" variable must be reinitialized on the failing back-edge in the loop.

This is not an important bug since the RegionLock is not currently used, it was introduced for float64 atomics on 32-bit platforms, but that code has not landed.

Since ARM64 and MIPS have copied my broken implementations there will need to be fixes on thos platforms too.
Comment on attachment 8657737 [details] [diff] [review]
Reinitialize expected value inside the lock loop

Review of attachment 8657737 [details] [diff] [review]:
-----------------------------------------------------------------

They think it don't be like it is, but it do.
Attachment #8657737 - Flags: review?(sstangl) → review+
Comment on attachment 8657753 [details] [diff] [review]
MIPS: Reinitialize expected value inside CAS loop

Review of attachment 8657753 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks for the patch!
Attachment #8657753 - Flags: review?(sstangl) → review+

Updated

4 years ago
Attachment #8657753 - Flags: checkin?(lhansen)
Assignee

Updated

4 years ago
Attachment #8657753 - Flags: checkin?(lhansen) → checkin+
https://hg.mozilla.org/mozilla-central/rev/7d3d866c692e
https://hg.mozilla.org/mozilla-central/rev/3ad40430be78
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
You need to log in before you can comment on or make changes to this bug.