Closed
Bug 850838
Opened 12 years ago
Closed 2 years ago
Helgrind warning about data race in types::TypeString() with multiple runtimes (e.g. DOM Workers)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: bent.mozilla, Unassigned)
Details
==13098== Possible data race during read of size 4 at 0xACE0DC0 by thread #10
==13098== Locks held: none
==13098== at 0x8B62ED9: js::types::TypeString(js::types::Type) (jsinfer.cpp:207)
==13098== by 0x8B62FCE: js::types::TypeObjectString(js::types::TypeObject*) (jsinfer.cpp:220)
==13098== by 0x8B61C8E: js::types::TypeObject::TypeObject(js::Class*, js::TaggedProto, bool, bool) (jsinferinlines.h:1555)
==13098== by 0x8B6E43E: js::types::TypeCompartment::newTypeObject(JSContext*, js::Class*, JS::Handle<js::TaggedProto>, bool) (jsinfer.cpp:2411)
==13098== by 0x8B8533A: JSCompartment::getNewType(JSContext*, js::Class*, js::TaggedProto, JSFunction*) (jsinfer.cpp:6165)
==13098== by 0x8C2EEF1: js::NewObjectWithGivenProto(JSContext*, js::Class*, js::TaggedProto, JSObject*, js::gc::AllocKind, js::NewObjectKind) (jsobj.cpp:1243)
==13098== by 0x89E4AA9: js::NewObjectWithGivenProto(JSContext*, js::Class*, js::TaggedProto, JSObject*, js::NewObjectKind) (jsobjinlines.h:1593)
==13098== by 0x89E4AF8: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*, js::NewObjectKind) (jsobjinlines.h:1600)
==13098== by 0x8E43A35: js::GlobalObject::create(JSContext*, js::Class*) (GlobalObject.cpp:427)
==13098== by 0x8A17453: JS_NewGlobalObject(JSContext*, JSClass*, JSPrincipals*) (jsapi.cpp:3309)
==13098== by 0x8F19D2D: JSRuntime::initSelfHosting(JSContext*) (SelfHosting.cpp:463)
==13098== by 0x8A8F258: js::NewContext(JSRuntime*, unsigned long) (jscntxt.cpp:356)
==13098== by 0x8A0E224: JS_NewContext(JSRuntime*, unsigned long) (jsapi.cpp:1240)
==13098== by 0x67BC751: (anonymous namespace)::CreateJSContextForWorker(mozilla::dom::workers::WorkerPrivate*) (RuntimeService.cpp:447)
==13098== by 0x67BC971: (anonymous namespace)::WorkerThreadRunnable::Run() (RuntimeService.cpp:503)
==13098== by 0x7D8622B: nsThread::ProcessNextEvent(bool, bool*) (nsThread.cpp:637)
==13098== by 0x7D0C1F2: NS_ProcessNextEvent_P(nsIThread*, bool) (nsThreadUtils.cpp:238)
==13098== by 0x7D84F71: nsThread::ThreadFunc(void*) (nsThread.cpp:269)
==13098== by 0x4097624: _pt_root (ptthread.c:192)
==13098== by 0x403032F: mythread_wrapper (hg_intercepts.c:219)
==13098== by 0x4A2CE99: start_thread (pthread_create.c:308)
==13098== by 0xB494CBC: clone (clone.S:112)
==13098==
==13098== This conflicts with a previous write of size 4 by thread #9
==13098== Locks held: none
==13098== at 0x8B62EE5: js::types::TypeString(js::types::Type) (jsinfer.cpp:207)
==13098== by 0x8B62FCE: js::types::TypeObjectString(js::types::TypeObject*) (jsinfer.cpp:220)
==13098== by 0x8B61C8E: js::types::TypeObject::TypeObject(js::Class*, js::TaggedProto, bool, bool) (jsinferinlines.h:1555)
==13098== by 0x8B6E43E: js::types::TypeCompartment::newTypeObject(JSContext*, js::Class*, JS::Handle<js::TaggedProto>, bool) (jsinfer.cpp:2411)
==13098== by 0x8B8533A: JSCompartment::getNewType(JSContext*, js::Class*, js::TaggedProto, JSFunction*) (jsinfer.cpp:6165)
==13098== by 0x8C2EEF1: js::NewObjectWithGivenProto(JSContext*, js::Class*, js::TaggedProto, JSObject*, js::gc::AllocKind, js::NewObjectKind) (jsobj.cpp:1243)
==13098== by 0x89E4AA9: js::NewObjectWithGivenProto(JSContext*, js::Class*, js::TaggedProto, JSObject*, js::NewObjectKind) (jsobjinlines.h:1593)
==13098== by 0x89E4AF8: js::NewObjectWithGivenProto(JSContext*, js::Class*, JSObject*, JSObject*, js::NewObjectKind) (jsobjinlines.h:1600)
==13098== by 0x8E444D4: CreateBlankProto(JSContext*, js::Class*, JSObject&, js::GlobalObject&) (GlobalObject.cpp:518)
==13098== by 0x8E445C6: js::GlobalObject::createBlankPrototype(JSContext*, js::Class*) (GlobalObject.cpp:533)
==13098== by 0x8D299E3: js_InitStringClass(JSContext*, JS::Handle<JSObject*>) (jsstr.cpp:3496)
==13098== by 0x8E43EDA: js::GlobalObject::initStandardClasses(JSContext*, JS::Handle<js::GlobalObject*>) (GlobalObject.cpp:471)
==13098== by 0x8F19E49: JSRuntime::initSelfHosting(JSContext*) (SelfHosting.cpp:473)
==13098== by 0x8A8F258: js::NewContext(JSRuntime*, unsigned long) (jscntxt.cpp:356)
==13098== by 0x8A0E224: JS_NewContext(JSRuntime*, unsigned long) (jsapi.cpp:1240)
==13098== by 0x67BC751: (anonymous namespace)::CreateJSContextForWorker(mozilla::dom::workers::WorkerPrivate*) (RuntimeService.cpp:447)
==13098== by 0x67BC971: (anonymous namespace)::WorkerThreadRunnable::Run() (RuntimeService.cpp:503)
==13098== by 0x7D8622B: nsThread::ProcessNextEvent(bool, bool*) (nsThread.cpp:637)
==13098== by 0x7D0C1F2: NS_ProcessNextEvent_P(nsIThread*, bool) (nsThreadUtils.cpp:238)
==13098== by 0x7D84F71: nsThread::ThreadFunc(void*) (nsThread.cpp:269)
==13098== by 0x4097624: _pt_root (ptthread.c:192)
==13098== by 0x403032F: mythread_wrapper (hg_intercepts.c:219)
==13098== by 0x4A2CE99: start_thread (pthread_create.c:308)
==13098== by 0xB494CBC: clone (clone.S:112)
This function uses a static array of buffers that will get shared by each runtime but isn't synchronized in any way.
|
Reporter | |
Comment 1•12 years ago
|
||
Looks like there's another in the DEBUG-only types::TypeIdStringImpl(RawId id)
|
Assignee | |
Updated•11 years ago
|
Assignee: general → nobody
|
||
Updated•3 years ago
|
Severity: normal → S3
|
||
Updated•2 years ago
|
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•