Title: [232227] trunk/Source/WTF
- Revision
- 232227
- Author
- [email protected]
- Date
- 2018-05-26 13:59:04 -0700 (Sat, 26 May 2018)
Log Message
testair sometimes crashes due to races in initialization of ARC4RandomNumberGenerator
https://bugs.webkit.org/show_bug.cgi?id=186014
Reviewed by Yusuke Suzuki.
testair launches a bunch of threads and the threads do B3 things that use random numbers.
Sometimes two threads will initialize the random number generator at the same time, because
that's what happens when you use static NeverDestroyed<>.
This changes that code to use std::call_once to initialize the shared
ARC4RandomNumberGenerator.
Also, this adds a diagnostic message to the lock's assertion. This assertion was the symptom
of the race, and knowing the state of the lock when the assertion fired gave a darn good clue
about what was going on: the lock's value was 0 at time of unlock, implying that another
thread reinitialized the lock to zero by rerunning the constructor.
* wtf/CryptographicallyRandomNumber.cpp:
* wtf/LockAlgorithmInlines.h:
(WTF::Hooks>::unlockSlow):
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (232226 => 232227)
--- trunk/Source/WTF/ChangeLog 2018-05-26 18:17:09 UTC (rev 232226)
+++ trunk/Source/WTF/ChangeLog 2018-05-26 20:59:04 UTC (rev 232227)
@@ -1,3 +1,26 @@
+2018-05-26 Filip Pizlo <[email protected]>
+
+ testair sometimes crashes due to races in initialization of ARC4RandomNumberGenerator
+ https://bugs.webkit.org/show_bug.cgi?id=186014
+
+ Reviewed by Yusuke Suzuki.
+
+ testair launches a bunch of threads and the threads do B3 things that use random numbers.
+ Sometimes two threads will initialize the random number generator at the same time, because
+ that's what happens when you use static NeverDestroyed<>.
+
+ This changes that code to use std::call_once to initialize the shared
+ ARC4RandomNumberGenerator.
+
+ Also, this adds a diagnostic message to the lock's assertion. This assertion was the symptom
+ of the race, and knowing the state of the lock when the assertion fired gave a darn good clue
+ about what was going on: the lock's value was 0 at time of unlock, implying that another
+ thread reinitialized the lock to zero by rerunning the constructor.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ * wtf/LockAlgorithmInlines.h:
+ (WTF::Hooks>::unlockSlow):
+
2018-05-25 Michael Saboff <[email protected]>
_javascript_Core: Disable 32-bit JIT on Windows
Modified: trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp (232226 => 232227)
--- trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp 2018-05-26 18:17:09 UTC (rev 232226)
+++ trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp 2018-05-26 20:59:04 UTC (rev 232227)
@@ -159,7 +159,13 @@
ARC4RandomNumberGenerator& sharedRandomNumberGenerator()
{
- static NeverDestroyed<ARC4RandomNumberGenerator> randomNumberGenerator;
+ static LazyNeverDestroyed<ARC4RandomNumberGenerator> randomNumberGenerator;
+ static std::once_flag onceFlag;
+ std::call_once(
+ onceFlag,
+ [] {
+ randomNumberGenerator.construct();
+ });
return randomNumberGenerator;
}
Modified: trunk/Source/WTF/wtf/LockAlgorithmInlines.h (232226 => 232227)
--- trunk/Source/WTF/wtf/LockAlgorithmInlines.h 2018-05-26 18:17:09 UTC (rev 232226)
+++ trunk/Source/WTF/wtf/LockAlgorithmInlines.h 2018-05-26 20:59:04 UTC (rev 232227)
@@ -110,9 +110,11 @@
// be held and parked if someone attempts to lock just as we are unlocking.
for (;;) {
uint8_t oldByteValue = lock.load();
- RELEASE_ASSERT(
- (oldByteValue & mask) == isHeldBit
- || (oldByteValue & mask) == (isHeldBit | hasParkedBit));
+ if ((oldByteValue & mask) != isHeldBit
+ && (oldByteValue & mask) != (isHeldBit | hasParkedBit)) {
+ dataLog("Invalid value for lock: ", oldByteValue, "\n");
+ RELEASE_ASSERT_NOT_REACHED();
+ }
if ((oldByteValue & mask) == isHeldBit) {
if (lock.compareExchangeWeak(oldByteValue, Hooks::unlockHook(oldByteValue & ~isHeldBit)))
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
