Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positive on atomic write vs free #602

Closed
dvyukov opened this issue Sep 24, 2015 · 4 comments
Closed

False positive on atomic write vs free #602

dvyukov opened this issue Sep 24, 2015 · 4 comments
Labels
ProjectThreadSanitizer

Comments

@dvyukov
Copy link
Contributor

dvyukov commented Sep 24, 2015

ThreadSanitizer currently reports a data race on the following program:

void *Thread(void *a) {
  __atomic_store_n((int*)a, 1, __ATOMIC_RELAXED);
  return 0;
}

int main() {
  int *a = new int(0);
  pthread_t t;
  pthread_create(&t, 0, Thread, a);
  while (__atomic_load_n(a, __ATOMIC_RELAXED) == 0)
    pthread_yield();
  delete a;
  pthread_join(t, 0);
}
WARNING: ThreadSanitizer: data race (pid=49350)
  Write of size 8 at 0x7d040000f7f0 by main thread:
    #0 operator delete(void*) lib/tsan/rtl/tsan_new_delete.cc:69
    #1 main test/tsan/./atomic_free3.cc:15:3

  Previous atomic write of size 4 at 0x7d040000f7f0 by thread T1:
    #0 __tsan_atomic32_store lib/tsan/rtl/tsan_interface_atomic.cc:560
    #1 Thread(void*) test/tsan/./atomic_free3.cc:5:3

This is false positive.
However, nobody ever complained and fixing it will lead to false negatives for races that actually happen.
@dvyukov
Copy link
Contributor Author

dvyukov commented Sep 24, 2015

On second though, it can actually be a race according to C/C++ memory model. delete a can read/write the object and delete is not synchronized with the atomic write.

Test is added in revision 248522.

@dvyukov
Copy link
Contributor Author

dvyukov commented Dec 1, 2015

Not a bug.

@dvyukov dvyukov closed this as completed Dec 1, 2015
@conversy
Copy link

came across this ^^
This comment for other people trying to fix such a data race: swapping 'delete' and 'join' fixes the data race, supposedly because there is now a synchronization (join), before the deletion. I said 'supposedly' because I do not consider myself as a specialist, take this with a grain of salt.

@talchas talchas mentioned this issue Feb 5, 2023
Closed
@dvyukov
Copy link
Contributor Author

dvyukov commented May 6, 2024

An update on this: this is now considered a defect in the standard. If the proposal is accepted, there is no race and TSAN shouldn't produce a race report.

On first glance precise modelling is problematic. TSAN is all based on vector clocks and transitive HB. Everything is timestamped with per-thread clock and then checked against vector clocks.

If we make the store HB the load, then it may cause massive false negatives, since now everything in the first HB the load (effectively promote all relaxed store/load to release/acquire). This is probably worse overall.

Precise modelling will require some new per-pair-of-thread/per-location relation, which looks extremely expensive to maintain and does not worth it for this obscure corner case.

A possible practical solution may be to wipe the store after the value was loaded (pretend the store did not happen anymore), or make it appear to happen at a much earlier point in time (at the time that HB the load). This should prevent this particular FP w/o introducing massive side effects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ProjectThreadSanitizer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dvyukov @conversy