ThreadSanitizer: data race [@ nsCookieService::CountCookiesFromHostInternal] vs. [@ operator]
Categories
(Core :: Networking: Cookies, defect, P2)
Tracking
()
People
(Reporter: decoder, Assigned: ehsan.akhgari)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
Attachments
(2 files)
The attached crash information was detected while running CI tests with ThreadSanitizer on mozilla-central revision 11c9c5ce3955.
Looks like we are racing on mDBStateduring initialization of the cookie service. It seems to me that this code is not meant to run in parallel.
General information about TSan reports
Why fix races?
Data races are undefined behavior and can cause crashes as well as correctness issues. Compiler optimizations can cause racy code to have unpredictable and hard-to-reproduce behavior.
Rating
If you think this race can cause crashes or correctness issues, it would be great to rate the bug appropriately as P1/P2 and/or indicating this in the bug. This makes it a lot easier for us to assess the actual impact that these reports make and if they are helpful to you.
False Positives / Benign Races
Typically, races reported by TSan are not false positives [1], but it is possible that the race is benign. Even in this case it would be nice to come up with a fix if it is easily doable and does not regress performance. Every race that we cannot fix will have to remain on the suppression list and slows down the overall TSan performance. Also note that seemingly benign races can possibly be harmful (also depending on the compiler, optimizations and the architecture) [2][3].
[1] One major exception is the involvement of uninstrumented code from third-party libraries.
[2] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong
[3] How to miscompile programs with "benign" data races: https://www.usenix.org/legacy/events/hotpar11/tech/final_files/Boehm.pdf
Suppressing unfixable races
If the bug cannot be fixed, then a runtime suppression needs to be added in mozglue/build/TsanOptions.cpp. The suppressions match on the full stack, so it should be picked such that it is unique to this particular race. The bug number of this bug should also be included so we have some documentation on why this suppression was added.
|
Reporter | |
Comment 1•4 years ago
|
||
|
||
Updated•4 years ago
|
|
||
Comment 2•4 years ago
|
||
The check at https://searchfox.org/mozilla-central/rev/7e92a667e3829831c31e8d46aefe7ef67ad5be1c/netwerk/cookie/nsCookieService.cpp#616-617 is not clear to me. If the cookie service can get released on the main thread (only way to nullify mDBState is when nsCookieService is released (dtor) and from "profile-before-change" notification) then this whole code is wrong or the check is wrong, because there is a potential for a big race.
nsCookieService::TryInitDB doesn't seem to need mDBState (doesn't work with it), so the check seems redundant and should perhaps be removed, as https://searchfox.org/mozilla-central/rev/7e92a667e3829831c31e8d46aefe7ef67ad5be1c/netwerk/cookie/nsCookieService.cpp#1450 does its own non-null check back on the main thread.
Ehsan - what do you think?
|
Assignee | |
Comment 3•4 years ago
|
||
I think you're right, it looks to me that in order to fix this bug we should remove the check.
|
|
Assignee | |
Comment 4•4 years ago
|
||
|
||
Updated•4 years ago
|
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d8168beb550a Fix a data race in the cookie service initialization code; r=mayhemer
|
||
Updated•4 years ago
|
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
|
||
Updated•4 years ago
|
Description
•