Skip to content

[vm] Fix data race in Function::unoptimized_code (#61800) #61823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[vm] Fix data race in Function::unoptimized_code (#61800) #61823

wants to merge 2 commits into from
+2 −5

Conversation

@Hassnaa9
Copy link

Summary

Fixes a ThreadSanitizer-detected data race when accessing Function::unoptimized_code between the main compilation thread and background optimizer thread.

Issue

Fixes #61800

ThreadSanitizer detected a data race where:

  • Main thread writes to unoptimized_code via Function::set_unoptimized_code() during compilation
  • Background compiler thread reads unoptimized_code during the inlining optimization pass in CallSiteInliner::GetParsedFunction()

This unsynchronized access could lead to:

  • Reading stale or partially-written pointer values
  • Undefined behavior on ARM architectures with weak memory ordering
  • Potential crashes or incorrect optimization decisions

Changes

Applied proper acquire-release synchronization to Function::unoptimized_code accessors:

runtime/vm/object.h:

  • Modified unoptimized_code() getter to use std::memory_order_acquire when reading

runtime/vm/object.cc:

  • Modified set_unoptimized_code() setter to use std::memory_order_release when writing

The existing COMPRESSED_POINTER_FIELD macro already supports templated memory ordering, so this change leverages that existing infrastructure.

Memory Ordering Semantics

  • Release semantics on write: Ensures all prior memory operations are visible before the store
  • Acquire semantics on read: Ensures all memory operations from the releasing thread are visible after the load
  • This establishes a "happens-before" relationship that eliminates the race condition

Related Work

This follows the same pattern used for other concurrent code access in the Dart VM and is consistent with the existing memory ordering support in the COMPRESSED_POINTER_FIELD macro infrastructure.

TEST=language/vm/regression_39193_test

  • [ x] I’ve reviewed the contributor guide and applied the relevant portions to this PR.
Contribution guidelines:
  • See our contributor guide for general expectations for PRs.
  • Larger or significant changes should be discussed in an issue before creating a PR.
  • Contributions to our repos should follow the Dart style guide and use dart format.

Note that this repository uses Gerrit for code reviews. Your pull request will be automatically converted into a Gerrit CL and a link to the CL written into this PR. The review will happen on Gerrit but you can also push additional commits to this PR to update the code review.

@copybara-service
Copy link

Thank you for your contribution! This project uses Gerrit for code reviews. Your pull request has automatically been converted into a code review at:

https://dart-review.googlesource.com/c/sdk/+/457660

Please wait for a developer to review your code review at the above link; you can speed up the review if you sign into Gerrit and manually add a reviewer that has recently worked on the relevant code. See CONTRIBUTING.md to learn how to upload changes to Gerrit directly.

Additional commits pushed to this PR will update both the PR and the corresponding Gerrit CL. After the review is complete on the CL, your reviewer will merge the CL (automatically closing this PR).

@Hassnaa9
[vm] Remove unused ParsedFunction::code_ field
e9c6834 
Removes the cached handle to unoptimized_code in ParsedFunction
which was causing a TSAN-detected data race. The ParsedFunction
was caching a handle to the function's unoptimized code, but this
handle was never used and its initialization was racing with
writes to Function::unoptimized_code_ from other threads.

The correct fix is to remove the unused cached handle rather than
adding memory ordering, as there's no actual need for concurrent
access to the loaded Code object.

Fixes dart-lang#61800
@copybara-service
Copy link

https://dart-review.googlesource.com/c/sdk/+/457660 has been updated with the latest commits from this pull request.

1 similar comment
@copybara-service
Copy link

https://dart-review.googlesource.com/c/sdk/+/457660 has been updated with the latest commits from this pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Data race when accessing Function::unoptimized_code

1 participant

@Hassnaa9