Closed
Bug 844768
Opened 11 years ago
Closed 11 years ago
TSan: Thread data race in js::MaybeGC(JSContext*) vs. js::gc::Chunk::addArenaToFreeList(JSRuntime*, js::gc::ArenaHeader*)
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
FIXED
mozilla28
| Tracking | Status | |
|---|---|---|
| firefox28 | --- | fixed |
People
(Reporter: posidron, Assigned: jonco)
References
Details
(Keywords: sec-want, Whiteboard: [tsan][tsan-test-blocker][qa-][adv-main28-])
Attachments
(2 files)
|
18.90 KB,
text/plain
|
Details | |
|
1.14 KB,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
During Firefox start-up with ThreadSanitizer (LLVM version), we get a data race reported as described in the attached log. Trace was created on mozilla-central with changeset 122820:c233837cce08. According to the TSan devs, most of the reported traces should be real data races, even though they can be "benign". We need to determine if the race can/should be fixed, or put on the ignore list. Even for benign races, TSan devs suggest to fix them (second priority), as they can also cause problems [1]. [1] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong
|
||
Comment 1•11 years ago
|
||
Ccing bhackett and billm for some help here :)
|
Assignee | |
Comment 2•11 years ago
|
||
JSRuntime::gcNumArenasFreeCommitted can be updated by the background thread and read by the foreground thread. It's used to check whether to trigger a shrinking GC or not in MaybeGC. This is not deterministic anyway so I don't think it's a problem.
|
|
||
Comment 3•11 years ago
|
||
Same as for bug 844755 (comment 6), will put these on ignore when bug 847350 is through.
Assignee: nobody → choller
Depends on: 847350
|
|
Assignee | |
Comment 4•11 years ago
|
||
|
|
Assignee | |
Updated•11 years ago
|
Attachment #823257 -
Flags: review?(wmccloskey)
Attachment #823257 -
Flags: review?(wmccloskey) → review+
|
|
Assignee | |
Comment 5•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/94032114aaf5
Assignee: choller → jcoppeard
|
||
Comment 6•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/94032114aaf5
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
De-prioritizing QA verification of this bug. Please remove the [qa-] whiteboard tag and add the verifyme keyword if you think this needs our attention before Firefox 28 is released.
Whiteboard: [tsan][tsan-test-blocker] → [tsan][tsan-test-blocker][qa-]
status-firefox28:
--- → fixed
|
||
Updated•10 years ago
|
Whiteboard: [tsan][tsan-test-blocker][qa-] → [tsan][tsan-test-blocker][qa-][adv-main28-]
You need to log in
before you can comment on or make changes to this bug.
Description
•