[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VM: data race in dart::OSThread::RemoveThreadFromList(dart::OSThread*) #25236

Closed
fsc8000 opened this issue Dec 11, 2015 · 3 comments
Closed

VM: data race in dart::OSThread::RemoveThreadFromList(dart::OSThread*) #25236

fsc8000 opened this issue Dec 11, 2015 · 3 comments
Assignees
@a-siva
Labels
area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends.

Comments

@fsc8000
Copy link
Contributor
fsc8000 commented Dec 11, 2015

At shutdown It may occur that two threads arrive in OSThread::Cleanup() - therefore causing a double-free error.

I'm not sure yet how to perform this cleanup properly - use atexit maybe? The current approach seems very fragile.

Here is the relevant tsan output:

==================
WARNING: ThreadSanitizer: data race (pid=19135)
  Write of size 8 at 0x7faeedfe8fa0 by thread T4 (mutexes: write M9):
    #0 dart::OSThread::RemoveThreadFromList(dart::OSThread*) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread.cc:187 (exe+0x000000995eed)
    #1 ~OSThread /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread.cc:39 (exe+0x000000995be7)
    #2 dart::DeleteThread(void*) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread.cc:80 (exe+0x000000996524)
    #3 __nptl_deallocate_tsd /build/buildd/eglibc-2.19/nptl/pthread_create.c:158 (libpthread.so.0+0x000000007f81)

  Previous read of size 8 at 0x7faeedfe8fa0 by thread T5:
    #0 dart::OSThread::RemoveThreadFromList(dart::OSThread*) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread.cc:200 (exe+0x000000996020)
    #1 ~OSThread /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread.cc:39 (exe+0x000000995be7)
    #2 dart::DeleteThread(void*) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread.cc:80 (exe+0x000000996524)
    #3 __nptl_deallocate_tsd /build/buildd/eglibc-2.19/nptl/pthread_create.c:158 (libpthread.so.0+0x000000007f81)

  Mutex M9 created at:
    #0 pthread_mutex_init /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:909 (exe+0x00000038745f)
    #1 Mutex /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread_linux.cc:226 (exe+0x000000998743)
    #2 dart::OSThread::InitOnce() /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread.cc:87 (exe+0x000000996311)
    #3 dart::Dart::InitOnce(unsigned char const*, unsigned char const*, _Dart_Isolate* (*)(char const*, char const*, char const*, char const**, Dart_IsolateFlags*, void*, char**), void (*)(void*), void* (*)(char const*, bool), void (*)(unsigned char const**, long*, void*), void (*)(void const*, long, void*), void (*)(void*), bool (*)(unsigned char*, long), _Dart_Handle* (*)()) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/dart.cc:91 (exe+0x00000053a891)
    #4 Dart_Initialize /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/dart_api_impl.cc:1135 (exe+0x0000003ec9ed)
    #5 dart::bin::main(int, char**) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/bin/gen_snapshot.cc:1040 (exe+0x0000003d3d72)
    #6 main /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/bin/gen_snapshot.cc:1158 (exe+0x0000003d6c4d)

  Thread T4 (tid=19156, running) created by main thread at:
    #0 pthread_create /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:855 (exe+0x000000386e52)
    #1 dart::OSThread::Start(char const*, void (*)(unsigned long), unsigned long) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread_linux.cc:124 (exe+0x0000009976eb)
    #2 dart::ThreadPool::Worker::StartThread() /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/thread_pool.cc:340 (exe+0x000000b9c417)
    #3 dart::ThreadPool::Run(dart::ThreadPool::Task*) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/thread_pool.cc:69 (exe+0x000000b9c1fd)
    #4 dart::GCMarker::MarkObjects(dart::Isolate*, dart::PageSpace*, bool, bool) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/gc_marker.cc:721 (exe+0x000000c67c43)
    #5 dart::PageSpace::MarkSweep(bool) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/pages.cc:841 (exe+0x0000009a139c)
    #6 dart::Heap::CollectGarbage(dart::Heap::Space, dart::Heap::ApiCallbacks, dart::Heap::GCReason) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.cc:362 (exe+0x000000712b87)
    #7 dart::Heap::CollectGarbage(dart::Heap::Space, dart::Heap::ApiCallbacks, dart::Heap::GCReason) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.cc:350 (exe+0x000000712a7b)
    #8 dart::Heap::CollectGarbage(dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.cc:388 (exe+0x000000710517)
    #9 dart::Heap::AllocateNew(long) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.cc:82 (exe+0x00000071031e)
    #10 dart::Heap::Allocate(long, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.h:83 (exe+0x000000936b3d)
    #11 dart::Object::Allocate(long, long, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:1837 (exe+0x00000085bd1e)
    #12 dart::OneByteString::New(long, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:19783 (exe+0x000000918562)
    #13 dart::String::FromUTF8(unsigned char const*, long, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:18858 (exe+0x0000009180fd)
    #14 dart::String::New(char const*, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:18848 (exe+0x00000085cc6b)
    #15 dart::Library::GetFunction(dart::GrowableArray<dart::Library*> const&, char const*, char const*) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:11121 (exe+0x0000008bdf72)
    #16 dart::Library::CheckFunctionFingerprints() /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:11159 (exe+0x0000008ce6df)
    #17 Dart_CreateIsolate /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/dart_api_impl.cc:1241 (exe+0x0000003ed0ff)
    #18 dart::bin::main(int, char**) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/bin/gen_snapshot.cc:1059 (exe+0x0000003d3e2a)
    #19 main /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/bin/gen_snapshot.cc:1158 (exe+0x0000003d6c4d)

  Thread T5 (tid=19157, finished) created by main thread at:
    #0 pthread_create /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:855 (exe+0x000000386e52)
    #1 dart::OSThread::Start(char const*, void (*)(unsigned long), unsigned long) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread_linux.cc:124 (exe+0x0000009976eb)
    #2 dart::ThreadPool::Worker::StartThread() /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/thread_pool.cc:340 (exe+0x000000b9c417)
    #3 dart::ThreadPool::Run(dart::ThreadPool::Task*) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/thread_pool.cc:69 (exe+0x000000b9c1fd)
    #4 dart::GCMarker::MarkObjects(dart::Isolate*, dart::PageSpace*, bool, bool) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/gc_marker.cc:721 (exe+0x000000c67c43)
    #5 dart::PageSpace::MarkSweep(bool) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/pages.cc:841 (exe+0x0000009a139c)
    #6 dart::Heap::CollectGarbage(dart::Heap::Space, dart::Heap::ApiCallbacks, dart::Heap::GCReason) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.cc:362 (exe+0x000000712b87)
    #7 dart::Heap::CollectGarbage(dart::Heap::Space, dart::Heap::ApiCallbacks, dart::Heap::GCReason) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.cc:350 (exe+0x000000712a7b)
    #8 dart::Heap::CollectGarbage(dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.cc:388 (exe+0x000000710517)
    #9 dart::Heap::AllocateNew(long) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.cc:82 (exe+0x00000071031e)
    #10 dart::Heap::Allocate(long, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/heap.h:83 (exe+0x000000936b3d)
    #11 dart::Object::Allocate(long, long, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:1837 (exe+0x00000085bd1e)
    #12 dart::OneByteString::New(long, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:19783 (exe+0x000000918562)
    #13 dart::String::FromUTF8(unsigned char const*, long, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:18858 (exe+0x0000009180fd)
    #14 dart::String::New(char const*, dart::Heap::Space) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:18848 (exe+0x00000085cc6b)
    #15 dart::Library::GetFunction(dart::GrowableArray<dart::Library*> const&, char const*, char const*) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:11121 (exe+0x0000008bdf72)
    #16 dart::Library::CheckFunctionFingerprints() /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/object.cc:11159 (exe+0x0000008ce6df)
    #17 Dart_CreateIsolate /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/dart_api_impl.cc:1241 (exe+0x0000003ed0ff)
    #18 dart::bin::main(int, char**) /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/bin/gen_snapshot.cc:1059 (exe+0x0000003d3e2a)
    #19 main /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/bin/gen_snapshot.cc:1158 (exe+0x0000003d6c4d)

SUMMARY: ThreadSanitizer: data race /usr/local/google/home/fschneider/s/dartgit2/sdk/runtime/vm/os_thread.cc:187 dart::OSThread::RemoveThreadFromList(dart::OSThread*)
==================
@fsc8000 fsc8000 added the area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends. label Dec 11, 2015
@johnmccutchan johnmccutchan self-assigned this Dec 14, 2015
@a-siva a-siva assigned a-siva and unassigned johnmccutchan Dec 15, 2015
@a-siva
Copy link
Contributor
a-siva commented Dec 15, 2015

thread_list_head_ is being accessed without the lock and two threads can see it as being null at the same time resulting in the race to delete.

@bkonyi
Copy link
Contributor
bkonyi commented Jun 21, 2018

@a-siva, any chance this has been fixed in the past couple of years?

@a-siva
Copy link
Contributor
a-siva commented Sep 30, 2019

access to thread_list_head_ is now under a lock thread_list_lock_.

@a-siva a-siva closed this as completed Sep 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@a-siva a-siva

Labels
area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@johnmccutchan @fsc8000 @a-siva @bkonyi