144378 – LazyNeverDestroyed is not thread safe in debug builds, causing assertions

Bug 144378 - LazyNeverDestroyed is not thread safe in debug builds, causing assertions

Summary: LazyNeverDestroyed is not thread safe in debug builds, causing assertions

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Template Framework (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Alexey Proskuryakov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-04-28 23:57 PDT by Alexey Proskuryakov
Modified:	2015-04-29 20:07 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
proposed fix (1.10 KB, patch) 2015-04-29 12:39 PDT, Alexey Proskuryakov	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Proskuryakov 2015-04-28 23:57:50 PDT

Thread 28 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x00000001128509da WTFCrash + 42 (Assertions.cpp:321)

ASSERT(m_isConstructed);

1   com.apple.JavaScriptCore      	0x0000000112862ed2 WTF::LazyNeverDestroyed<std::__1::mutex>::asPtr() + 66 (NeverDestroyed.h:102)
2   com.apple.JavaScriptCore      	0x0000000112862e85 WTF::LazyNeverDestroyed<std::__1::mutex>::operator std::__1::mutex&() + 21 (NeverDestroyed.h:94)
3   com.apple.JavaScriptCore      	0x0000000112862161 WTF::cachedCollatorMutex() + 577 (CollatorICU.cpp:62)
4   com.apple.JavaScriptCore      	0x0000000112861c8b WTF::Collator::Collator(char const*, bool) + 43 (CollatorICU.cpp:120)
5   com.apple.JavaScriptCore      	0x0000000112861c4c WTF::Collator::Collator(char const*, bool) + 44 (CollatorICU.cpp:146)
6   com.apple.JavaScriptCore      	0x0000000112788a4b JSC::stringProtoFuncLocaleCompare(JSC::ExecState*) + 155 (StringPrototype.cpp:1429)

LazyNeverDestroyed has a non-trivial constructor in debug builds, which is obviously wrong to have for the pattern we normally use it with.

static std::mutex& cachedCollatorMutex()
{
    static std::once_flag onceFlag;

    static LazyNeverDestroyed<std::mutex> mutex;
    std::call_once(onceFlag, []{
        mutex.construct();
    });

    return mutex;
}

Comment 1 Zan Dobersek 2015-04-29 02:40:36 PDT

Removing the brace initializer for the m_isConstructed member will make it trivial again.

Comment 2 Alexey Proskuryakov 2015-04-29 10:09:02 PDT

Yes, this class is only used for static variables. I don't know of a way to assert that though.

Comment 3 Alexey Proskuryakov 2015-04-29 12:39:23 PDT

Created attachment 251979 [details]
proposed fix

Comment 4 WebKit Commit Bot 2015-04-29 20:06:53 PDT

Comment on attachment 251979 [details]
proposed fix

Clearing flags on attachment: 251979

Committed r183608: <http://trac.webkit.org/changeset/183608>

Comment 5 WebKit Commit Bot 2015-04-29 20:07:03 PDT

All reviewed patches have been landed.  Closing bug.