[Webkit-unassigned] [Bug 118881] Potential race condition getting NetworkStateNotifier::onLine()

Thu Jul 18 22:40:01 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=118881

--- Comment #2 from Kwang Yul Seo <skyul at company100.net>  2013-07-18 22:39:57 PST ---
(In reply to comment #1)
> Could you please elaborate?
> 
> I don't think that this is a WebKit bug - any JavaScript code that uses the onLine attribute is racy by definition, because network state can change after it's queried. So, a little more race shouldn't hurt.

Sorry, I should have explained it in more details. Yes, the semantic of onLine is racy and it is definitely not a bug.

But NetworkStateNotifier::m_isOnLine member variable has a data race as there are simultaneous access to the same memory location by multiple threads, where at least one of the accesses modiﬁes the memory location.

Because C++ (even C++11) treats all data races as errors and provides no defined semantics for programs with data races, data races shouldn't be allowed in multi-threaded versions of C++ even if they seem benign.

The data race with m_isOnLine seems benign because at worst the updated value of m_isOnLine might not be visible to worker threads for a very short period time in most modern architectures. But there are many ways to miscompile programs with "benign" data races as explained in the following paper:

https://www.usenix.org/legacy/events/hotpar11/tech/final_files/Boehm.pdf

So my suggestion is to notify network state change through WorkerMessagingProxy (already done in Bug 118832) and keep the value of isOnLine in each WorkerNavigator instance and return it when WorkerNavigator.isOnLine is requested.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.