Closed
Bug 967474
Opened 11 years ago
Closed 11 years ago
TSan: data race js/src/../../js/src/jsinfer.h:510 baseFlags
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: decoder, Assigned: jandem)
References
(Blocks 1 open bug)
Details
(Whiteboard: [tsan])
Attachments
(2 files)
|
15.21 KB,
text/plain
|
Details | |
|
1.78 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
The attached logfile shows a thread/data race (mozilla-central revision 44ba69cacd7e) detected by TSan (ThreadSanitizer).
Typically, races reported by TSan are not false positives, but it is possible that the race is benign. Even in this case though, we should try to come up with a fix unless this would cause inacceptable performance issues. Also note that seemingly benign races can possibly be harmful (also depending on the compiler and the architecture) [1].
If the bug cannot be fixed, then this bug should be used to either make a compile-time annotation for blacklisting or add an entry to the runtime blacklist.
[1] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong
|
Assignee | |
Comment 1•11 years ago
|
||
The problem here is that JSScript::makeTypes is allocating/initializing a TypeScript, and in the meantime that TypeScript is accessible to the background thread (script->types) in IonBuilder::testNeedsArgumentCheck.
This patch initializes TypeScript first, then assigns it.
Assignee: general → jdemooij
Status: NEW → ASSIGNED
Attachment #8370065 -
Flags: review?(bhackett1024)
|
||
Updated•11 years ago
|
Attachment #8370065 -
Flags: review?(bhackett1024) → review+
|
|
Assignee | |
Comment 3•11 years ago
|
||
|
||
Comment 4•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in
before you can comment on or make changes to this bug.
Description
•