[chromium-bugs] Issue 23423 in chromium: A possible data race on the unique ID counter in IPC::SyncMessage::SyncMessage

codesite-noreply Wed, 30 Sep 2009 02:38:43 -0700

Status: Unconfirmed
Owner: ----
Labels: OS-Mac Area-Misc Pri-2 Type-Bug

New issue 23423 by ramosian.glider: A possible data race on the unique ID  
counter in IPC::SyncMessage::SyncMessage
http://code.google.com/p/chromium/issues/detail?id=23423


Chrome Version       : 27599

ThreadSanitizer bots report a possible data race on the static
IPC::SyncMessage::next_id_ counter during the calls to
IPC::SyncMessage::SyncMessage():

==65383== WARNING: Possible data race during read of size 4 at 0xC140A4: {{{
==65383==    T29 (locks held: {}):
==65383==     #0  0x36187 IPC::SyncMessage::SyncMessage(int, unsigned
short, IPC::Message::PriorityValue, IPC::MessageReplyDeserializer*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_message.cc:37
==65383==     #1  0x16EA6 IPC::MessageWithReply<Tuple1<int>, Tuple1<int&>
> ::MessageWithReply(int, unsigned short, Tuple1<int const&> const&,
Tuple1<int&> const&) ipc_message_utils.h:1148
==65383==     #2  0x16F1E
SyncChannelTestMsg_Double::SyncChannelTestMsg_Double(int const&, int*)
ipc_sync_message_unittest.h:13
==65383==     #3  0x16F50
SyncChannelTestMsg_Double::SyncChannelTestMsg_Double(int const&, int*)
ipc_sync_message_unittest.h:13
==65383==     #4  0xF465 (anonymous namespace)::Worker::SendDouble(bool,
bool)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_channel_unittest.cc:100
==65383==     #5  0xFC3D (anonymous
namespace)::UnblockClient::OnAnswer(int*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_channel_unittest.cc:395
==65383==     #6  0xF11C (anonymous
namespace)::Worker::OnAnswerDelay(IPC::Message*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_channel_unittest.cc:125
==65383==     #7  0xEB5F void DispatchToMethod<(anonymous
namespace)::Worker, void ((anonymous namespace)::Worker::*)(IPC::Message*),
IPC::Message&>((anonymous namespace)::Worker*, void ((anonymous
namespace)::Worker::*)(IPC::Message*), Tuple0 const&,
Tuple1<IPC::Message&>*) tuple.h:569
==65383==     #8  0xFE8E bool IPC::MessageWithReply<Tuple0, Tuple1<int&>
> ::DispatchDelayReply<(anonymous namespace)::Worker, void ((anonymous
namespace)::Worker::*)(IPC::Message*)>(IPC::Message const*, (anonymous
namespace)::Worker*, void ((anonymous
namespace)::Worker::*)(IPC::Message*)) ipc_message_utils.h:1224
==65383==     #9  0x10198 (anonymous
namespace)::Worker::OnMessageReceived(IPC::Message const&)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_channel_unittest.cc:180
==65383==     #10 0x2B3E6
IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_channel_proxy.cc:204
==65383==     #11 0x35300
IPC::SyncChannel::ReceivedSyncMsgQueue::DispatchMessages()
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_channel.cc:106
==65383==     #12 0x316B5 IPC::SyncChannel::SyncContext::DispatchMessages()
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_channel.cc:249
==65383==     #13 0x3172C
IPC::SyncChannel::OnWaitableEventSignaled(base::WaitableEvent*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_channel.cc:445
==65383==     #14 0x8CF39 base::AsyncCallbackTask::Run()
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/waitable_event_watcher_posix.cc:109
==65383==     #15 0x550C9 MessageLoop::RunTask(Task*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/message_loop.cc:314
==65383==     #16 0x55672
MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/message_loop.cc:322
==65383==     #17 0x558A3 MessageLoop::DoWork()
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/message_loop.cc:429
==65383==     #18 0x59FC5
base::MessagePumpDefault::Run(base::MessagePump::Delegate*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/message_pump_default.cc:23
==65383==     #19 0x55D5A MessageLoop::RunInternal()
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/message_loop.cc:199
==65383==     #20 0x55D74 MessageLoop::RunHandler()
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/message_loop.cc:181
==65383==     #21 0x55DDD MessageLoop::Run()
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/message_loop.cc:155
==65383==     #22 0x79A50 base::Thread::Run(MessageLoop*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/thread.cc:132
==65383==     #23 0x79D55 base::Thread::ThreadMain()
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/thread.cc:153
==65383==     #24 0x61E00 ThreadFunc(void*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/base/platform_thread_posix.cc:26
==65383==     #25 0x1EEBC07D ThreadSanitizerStartThread
/Users/glider/src/tsan-chromium/valgrind-current/tsan/ts_valgrind_intercepts.c
==65383==   Concurrent write(s) happened at (OR AFTER) these points:
==65383==    T27 (locks held: {}):
==65383==     #0  0x36187 IPC::SyncMessage::SyncMessage(int, unsigned
short, IPC::Message::PriorityValue, IPC::MessageReplyDeserializer*)
/Users/glider/buildbot-slave/buildbot_tsan/slave/sub-dbg-mac-tsan/build/src/ipc/ipc_sync_message.cc:37
==65383==     #1  0x16FAE IPC::MessageWithReply<Tuple0, Tuple1<int&>
> ::MessageWithReply(int, unsigned short, Tuple0 const&, Tuple1<int&>
const&) ipc_message_utils.h:1148
==65383==     #2  0x17015
SyncChannelTestMsg_AnswerToLife::SyncChannelTestMsg_AnswerToLife(int*)
ipc_sync_message_unittest.h:10
==65383==     #3  0x17041
SyncChannelTestMsg_AnswerToLife::SyncChannelTestMsg_AnswerToLife(int*)
ipc_sync_message_unittest.h:10

next_id_ is written without any locks, so its value may potentially be
corrupted (i.e. we'll end up with two messages having the same ID). A
possible fix is to make next_id_ a base::AtomicSequenceNumber.

This report is observed on both Linux and Mac OS, but is very hard to pin
down, so we are not totally sure that it is not a false positive.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 23423 in chromium: A possible data race on the unique ID counter in IPC::SyncMessage::SyncMessage

Reply via email to