CLOSED INVALID 157462
ThreadSanitizer: Data race in WebCore::ScrollingThread::initializeRunLoop 
https://bugs.webkit.org/show_bug.cgi?id=157462
Summary ThreadSanitizer: Data race in WebCore::ScrollingThread::initializeRunLoop
David Kilzer (:ddkilzer)
Reported 2016-05-08 04:40:37 PDT
ThreadSanitizer has found a data race and thread leak in WebCore::ScrollingThread::createThreadIfNeeded while running layout tests: CRASHING TEST: compositing/layer-creation/translate-scale-animation-overlap.html ==65095== ================== WARNING: ThreadSanitizer: data race (pid=65095) Write of size 8 at 0x000110863150 by thread T12: #0 WebCore::ScrollingThread::initializeRunLoop() <null> (WebCore+0x00000174e78e) #1 WebCore::ScrollingThread::threadCallback(void*) <null> (WebCore+0x00000174e0f0) #2 WTF::threadEntryPoint(void*) <null> (JavaScriptCore+0x000000a06801) Previous read of size 8 at 0x000110863150 by main thread: #0 WebCore::ScrollingThread::createThreadIfNeeded() <null> (WebCore+0x00000174de3b) #1 WebCore::ScrollingThread::dispatch(std::__1::function<void ()>) <null> (WebCore+0x00000174dc2a) #2 WebCore::MemoryPressureHandler::releaseMemory(WebCore::Critical, WebCore::Synchronous) <null> (WebCore+0x0000012d3c93) #3 std::__1::__function::__func<WebCore::MemoryPressureHandler::MemoryPressureHandler()::$_0, std::__1::allocator<WebCore::MemoryPressureHandler::MemoryPressureHandler()::$_0>, void (WebCore::Critical, WebCore::Synchronous)>::operator()(WebCore::Critical&&, WebCore::Synchronous&&) <null> (WebCore+0x0000012d40a9) #4 WebCore::MemoryPressureHandler::respondToMemoryPressure(WebCore::Critical, WebCore::Synchronous) <null> (WebCore+0x0000012d4c26) #5 invocation function for block in WebCore::MemoryPressureHandler::install() <null> (WebCore+0x0000012d4b60) #6 __wrap_dispatch_source_set_event_handler_block_invoke <null> (libclang_rt.tsan_osx_dynamic.dylib+0x00000005c7e2) Location is global 'WebCore::ScrollingThread::singleton()::scrollingThread' at 0x000110863138 (WebCore+0x0000020d1150) Thread T12 (tid=1603665, running) created by main thread at: #0 pthread_create <null> (libclang_rt.tsan_osx_dynamic.dylib+0x0000000230c1) #1 WTF::createThreadInternal(void (*)(void*), void*, char const*) <null> (JavaScriptCore+0x000000a06b4d) #2 WebCore::ScrollingThread::dispatch(std::__1::function<void ()>) <null> (WebCore+0x00000174dc2a) #3 WebCore::MemoryPressureHandler::releaseMemory(WebCore::Critical, WebCore::Synchronous) <null> (WebCore+0x0000012d3c93) #4 std::__1::__function::__func<WebCore::MemoryPressureHandler::MemoryPressureHandler()::$_0, std::__1::allocator<WebCore::MemoryPressureHandler::MemoryPressureHandler()::$_0>, void (WebCore::Critical, WebCore::Synchronous)>::operator()(WebCore::Critical&&, WebCore::Synchronous&&) <null> (WebCore+0x0000012d40a9) #5 WebCore::MemoryPressureHandler::respondToMemoryPressure(WebCore::Critical, WebCore::Synchronous) <null> (WebCore+0x0000012d4c26) #6 invocation function for block in WebCore::MemoryPressureHandler::install() <null> (WebCore+0x0000012d4b60) #7 __wrap_dispatch_source_set_event_handler_block_invoke <null> (libclang_rt.tsan_osx_dynamic.dylib+0x00000005c7e2) SUMMARY: ThreadSanitizer: data race (OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x174e78e) in WebCore::ScrollingThread::initializeRunLoop() ================== ================== WARNING: ThreadSanitizer: thread leak (pid=65095) Thread T10 (tid=1603424, finished) created by main thread at: #0 pthread_create <null> (libclang_rt.tsan_osx_dynamic.dylib+0x0000000230c1) #1 WTF::createThreadInternal(void (*)(void*), void*, char const*) <null> (JavaScriptCore+0x000000a06b4d) SUMMARY: ThreadSanitizer: thread leak (OpenSource/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xa06b4d) in WTF::createThreadInternal(void (*)(void*), void*, char const*) ================== ThreadSanitizer: reported 2 warnings
Attachments
Patch v1 (2.20 KB, patch)
2016-05-08 04:54 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2016-05-08 04:42:08 PDT
<rdar://problem/26157286>
David Kilzer (:ddkilzer)
Comment 2 2016-05-08 04:54:42 PDT
Created attachment 278361 [details] Patch v1
Darin Adler
Comment 3 2016-05-08 08:01:00 PDT
Comment on attachment 278361 [details] Patch v1 Seems a little bit messy the way this function combines Mac-specific code, some of which is guarded by #if PLATFORM(COCOA) and some of which is not, with platform independent code.
WebKit Commit Bot
Comment 4 2016-05-08 08:21:51 PDT
Comment on attachment 278361 [details] Patch v1 Clearing flags on attachment: 278361 Committed r200554: <http://trac.webkit.org/changeset/200554>
WebKit Commit Bot
Comment 5 2016-05-08 08:21:57 PDT
All reviewed patches have been landed. Closing bug.
David Kilzer (:ddkilzer)
Comment 6 2016-05-08 12:11:16 PDT
Rolled out r200554 in r200561. Committed r200561: <http://trac.webkit.org/changeset/200561> Turns out the thread leak is for a separate issue (that reproduces when using --run-singly with "run-webkit-tests -1"). This issue is about a data race in WebCore::ScrollingThread::initializeRunLoop.
David Kilzer (:ddkilzer)
Comment 7 2016-05-09 18:56:49 PDT
Yep, this was a false positive due to use of bmalloc. Adding --additional-env-var=“Malloc=1” to the run-webkit-tests invocation makes these false positives go away.
Alexey Proskuryakov
Comment 8 2016-05-09 23:25:26 PDT
blame has an explicit check for injected ASan library, we should add the same for TSan.
Note You need to log in before you can comment on or make changes to this bug.