[Webkit-unassigned] [Bug 55516] New: Possible data race on JSC::Yarr::Interpreter::interpret

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 1 15:17:33 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=55516

           Summary: Possible data race on
                    JSC::Yarr::Interpreter::interpret
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://build.chromium.org/p/chromium.fyi/builders/Chro
                    mium%20OS%20Tests%20(tsan%20ui)/builds/721/steps/memor
                    y%20test:%20ui/logs/stdio
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dhollowa at chromium.org
                CC: barraclough at apple.com


Chrome's Thread Sanitizer bot revealed a possible data race in JSC::Yarr::Interpreter::interpret().

See http://crbug.com/72548 for original report.

Details of the bot's output:


==27237== WARNING: Possible data race during write of size 4 at 0x802F000: {{{
==27237==    T0 (L{}):
==27237==     #0  JSC::Yarr::Interpreter::DisjunctionContext::DisjunctionContext() third_party/WebKit/Source/JavaScriptCore/yarr/YarrInterpreter.cpp:90
==27237==     #1  JSC::Yarr::Interpreter::allocDisjunctionContext(JSC::Yarr::ByteDisjunction*) third_party/WebKit/Source/JavaScriptCore/yarr/YarrInterpreter.cpp:111
==27237==     #2  JSC::Yarr::Interpreter::interpret() third_party/WebKit/Source/JavaScriptCore/yarr/YarrInterpreter.cpp:1388
==27237==     #3  JSC::Yarr::interpret(JSC::Yarr::BytecodePattern*, unsigned short const*, unsigned int, unsigned int, int*) third_party/WebKit/Source/JavaScriptCore/yarr/YarrInterpreter.cpp:1878
==27237==     #4  WebCore::RegularExpression::match(WTF::String const&, int, int*) const third_party/WebKit/Source/WebCore/platform/text/RegularExpression.cpp:113
==27237==     #5  WebKit::WebRegularExpression::match(WebKit::WebString const&, int, int*) const third_party/WebKit/Source/WebKit/chromium/src/WebRegularExpression.cpp:64
==27237==     #6  FormField::MatchLabel(AutoFillField*, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&) chrome/browser/autofill/form_field.cc:139
==27237==     #7  FormField::Match(AutoFillField*, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, bool) chrome/browser/autofill/form_field.cc:113
==27237==     #8  FormField::ParseText(__gnu_cxx::__normal_iterator<AutoFillField* const*, std::vector<AutoFillField*, std::allocator<AutoFillField*> > >*, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, AutoFillField**, bool) chrome/browser/autofill/form_field.cc:207
==27237==     #9  FormField::ParseText(__gnu_cxx::__normal_iterator<AutoFillField* const*, std::vector<AutoFillField*, std::allocator<AutoFillField*> > >*, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, AutoFillField**) chrome/browser/autofill/form_field.cc:180
==27237==     #10 AddressField::ParseCity(__gnu_cxx::__normal_iterator<AutoFillField* const*, std::vector<AutoFillField*, std::allocator<AutoFillField*> > >*, bool, AddressField*) chrome/browser/autofill/address_field.cc:344
==27237==     #11 AddressField::Parse(__gnu_cxx::__normal_iterator<AutoFillField* const*, std::vector<AutoFillField*, std::allocator<AutoFillField*> > >*, bool) chrome/browser/autofill/address_field.cc:102
==27237==     #12 FormField::ParseFormField(__gnu_cxx::__normal_iterator<AutoFillField* const*, std::vector<AutoFillField*, std::allocator<AutoFillField*> > >*, bool) chrome/browser/autofill/form_field.cc:157
==27237==     #13 FormFieldSet::FormFieldSet(FormStructure*) chrome/browser/autofill/form_field.cc:273
==27237==     #14 FormStructure::GetHeuristicFieldInfo(std::map<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> >, _FieldType, std::less<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > >, std::allocator<std::pair<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const, _FieldType> > >*) chrome/browser/autofill/form_structure.cc:392
==27237==     #15 FormStructure::GetHeuristicAutoFillTypes() chrome/browser/autofill/form_structure.cc:366
==27237==     #16 FormStructure::FormStructure(webkit_glue::FormData const&) chrome/browser/autofill/form_structure.cc:71
==27237==     #17 AutoFillManager::OnFormSubmitted(webkit_glue::FormData const&) chrome/browser/autofill/autofill_manager.cc:293
==27237==     #18 void DispatchToMethod<AutoFillManager, void (AutoFillManager::*)(webkit_glue::FormData const&), webkit_glue::FormData>(AutoFillManager*, void (AutoFillManager::*)(webkit_glue::FormData const&), Tuple1<webkit_glue::FormData> const&) base/tuple.h:551
==27237==     #19 bool IPC::MessageWithTuple<Tuple1<webkit_glue::FormData> >::Dispatch<AutoFillManager, AutoFillManager, void (AutoFillManager::*)(webkit_glue::FormData const&)>(IPC::Message const*, AutoFillManager*, AutoFillManager*, void (AutoFillManager::*)(webkit_glue::FormData const&)) ipc/ipc_message_utils.h:933
==27237==     #20 AutoFillManager::OnMessageReceived(IPC::Message const&) chrome/browser/autofill/autofill_manager.cc:261
==27237==     #21 TabContents::OnMessageReceived(IPC::Message const&) chrome/browser/tab_contents/tab_contents.cc:503
==27237==     #22 RenderViewHost::OnMessageReceived(IPC::Message const&) chrome/browser/renderer_host/render_view_host.cc:728
==27237==     #23 BrowserRenderProcessHost::OnMessageReceived(IPC::Message const&) chrome/browser/renderer_host/browser_render_process_host.cc:1008
==27237==     #24 IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ipc/ipc_channel_proxy.cc:255
==27237==     #25 void DispatchToMethod<IPC::ChannelProxy::Context, void (IPC::ChannelProxy::Context::*)(IPC::Message const&), IPC::Message>(IPC::ChannelProxy::Context*, void (IPC::ChannelProxy::Context::*)(IPC::Message const&), Tuple1<IPC::Message> const&) base/tuple.h:551
==27237==     #26 RunnableMethod<IPC::ChannelProxy::Context, void (IPC::ChannelProxy::Context::*)(IPC::Message const&), Tuple1<IPC::Message> >::Run() base/task.h:331
==27237==     #27 MessageLoop::RunTask(Task*) base/message_loop.cc:362
==27237==     #28 MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) base/message_loop.cc:371
==27237==     #29 MessageLoop::DoWork() base/message_loop.cc:564
==27237==   Concurrent write(s) happened at (OR AFTER) these points:
==27237==    T9 (Chrome_IOThread) (L{}):
==27237==     #0  ???//mnt/data/build/slave/chromium-rel-chromeos-tsan-ui/build/src/out/Release/chrome out/Release/chrome
==27237==     #1  net::HttpStreamParser::DoReadBody() net/http/http_stream_parser.cc:412
==27237==     #2  net::HttpStreamParser::DoLoop(int) net/http/http_stream_parser.cc:195
==27237==     #3  net::HttpStreamParser::ReadResponseBody(net::IOBuffer*, int, CallbackRunner<Tuple1<int> >*) net/http/http_stream_parser.cc:132
==27237==     #4  net::HttpBasicStream::ReadResponseBody(net::IOBuffer*, int, CallbackRunner<Tuple1<int> >*) net/http/http_basic_stream.cc:71
==27237==     #5  net::HttpNetworkTransaction::DoReadBody() net/http/http_network_transaction.cc:793
==27237==     #6  net::HttpNetworkTransaction::DoLoop(int) net/http/http_network_transaction.cc:519
==27237==     #7  net::HttpNetworkTransaction::Read(net::IOBuffer*, int, CallbackRunner<Tuple1<int> >*) net/http/http_network_transaction.cc:325
==27237==     #8  net::HttpCache::Transaction::DoNetworkRead() net/http/http_cache_transaction.cc:725
==27237==     #9  net::HttpCache::Transaction::DoLoop(int) net/http/http_cache_transaction.cc:452
==27237==   Concurrent read(s) happened at (OR AFTER) these points:
==27237==    T6 (Chrome_CacheThread) (L{}):
==27237==     #0  memmove /lib/tls/i686/cmov/libc-2.7.so
==27237==     #1  char* std::__copy<true, std::random_access_iterator_tag>::copy<char>(char const*, char const*, char*) /usr/include/c++/4.2/bits/stl_algobase.h:298
==27237==     #2  char* std::__copy_aux<char*, char*>(char*, char*, char*) /usr/include/c++/4.2/bits/stl_algobase.h:315
==27237==     #3  char* std::__copy_normal<false, false>::__copy_n<char*, char*>(char*, char*, char*) /usr/include/c++/4.2/bits/stl_algobase.h:340
==27237==     #4  char* std::copy<char*, char*>(char*, char*, char*) /usr/include/c++/4.2/bits/stl_algobase.h:401
==27237==     #5  char* std::__uninitialized_copy_aux<char*, char*>(char*, char*, char*, std::__true_type) /usr/include/c++/4.2/bits/stl_uninitialized.h:75
==27237==     #6  char* std::uninitialized_copy<char*, char*>(char*, char*, char*) /usr/include/c++/4.2/bits/stl_uninitialized.h:114
==27237==     #7  char* std::__uninitialized_copy_a<char*, char*, char>(char*, char*, char*, std::allocator<char>) /usr/include/c++/4.2/bits/stl_uninitialized.h:254
==27237==     #8  void std::vector<char, std::allocator<char> >::_M_range_insert<char*>(__gnu_cxx::__normal_iterator<char*, std::vector<char, std::allocator<char> > >, char*, char*, std::forward_iterator_tag) /usr/include/c++/4.2/bits/vector.tcc:434
==27237==     #9  void std::vector<char, std::allocator<char> >::_M_insert_dispatch<char*>(__gnu_cxx::__normal_iterator<char*, std::vector<char, std::allocator<char> > >, char*, char*, std::__false_type) /usr/include/c++/4.2/bits/stl_vector.h:890
==27237==    Race verifier data: 0xA0FE534,0x806D608,0x4C9C52D
==27237== }}}

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list