fengxueren / google-breakpad

Automatically exported from code.google.com/p/google-breakpad
0 stars 0 forks source link

Races in breakpad/src/client/windows/crash_generation/crash_generation_server.cc #491

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
ThreadSanitizer for Windows reports data races in Chromium BreakpadWinDeathTest:

INFO: T0 is program's main thread
INFO: T1 has been created by T-1 at this point: {{{
NO STACK TRACE
}}}
INFO: T0 is program's main thread
WARNING: Possible data race during read of size 4 at 18BAFED0: {{{
   T1 (L{}):
    #0  google_breakpad::CrashGenerationServer::HandleConnectionRequest breakpad/src/client/windows/crash_generation/crash_generation_server.cc:729
    #1  google_breakpad::CrashGenerationServer::OnPipeConnected breakpad/src/client/windows/crash_generation/crash_generation_server.cc:824
    #2  RtlSetTimer C:\Windows\SysWOW64\ntdll.dll
    #3  RtlSetTimer C:\Windows\SysWOW64\ntdll.dll
    #4  TpReleaseTimer C:\Windows\SysWOW64\ntdll.dll
    #5  TpReleaseTimer C:\Windows\SysWOW64\ntdll.dll
    #6  RtlMultiByteToUnicodeSize C:\Windows\SysWOW64\ntdll.dll
    #7  TpCallbackMayRunLong C:\Windows\SysWOW64\ntdll.dll
    #8  TpCallbackMayRunLong C:\Windows\SysWOW64\ntdll.dll
    #9  BaseThreadInitThunk C:\Windows\syswow64\kernel32.dll
  Concurrent write(s) happened at (OR AFTER) these points:
   T0 (L{}):
    #0  google_breakpad::CrashGenerationServer::EnterStateWhenSignaled breakpad/src/client/windows/crash_generation/crash_generation_server.cc:599
    #1  google_breakpad::CrashGenerationServer::HandleInitialState breakpad/src/client/windows/crash_generation/crash_generation_server.cc:309
    #2  google_breakpad::CrashGenerationServer::HandleInitialState breakpad/src/client/windows/crash_generation/crash_generation_server.cc:300
    #3  google_breakpad::CrashGenerationServer::Start breakpad/src/client/windows/crash_generation/crash_generation_server.cc:250
    #4  remoting::BreakpadWinDeathTest::SetUp remoting/base/breakpad_win_unittest.cc:137
    #5  testing::internal::HandleExceptionsInMethodIfSupported testing/gtest/src/gtest.cc:2126
  Location 18BAFED0 is 120 bytes inside a block starting at 18BAFE58 of size 196 allocated by T0 from heap:
    #0  operator new f:/dd/vctools/crt_bld/self_x86/crt/src/new.cpp:57
    #1  remoting::BreakpadWinDeathTest::SetUp remoting/base/breakpad_win_unittest.cc:136
    #2  testing::internal::HandleExceptionsInMethodIfSupported testing/gtest/src/gtest.cc:2126
   Race verifier data: 01077402,010762A3
}}}

WARNING: Possible data race during read of size 4 at 18BAFE9C: {{{
   T1 (L{}):
    #0  google_breakpad::CrashGenerationServer::HandleConnectingState breakpad/src/client/windows/crash_generation/crash_generation_server.cc:335
    #1  google_breakpad::CrashGenerationServer::OnPipeConnected breakpad/src/client/windows/crash_generation/crash_generation_server.cc:824
    #2  RtlSetTimer C:\Windows\SysWOW64\ntdll.dll
    #3  RtlSetTimer C:\Windows\SysWOW64\ntdll.dll
    #4  TpReleaseTimer C:\Windows\SysWOW64\ntdll.dll
    #5  TpReleaseTimer C:\Windows\SysWOW64\ntdll.dll
    #6  RtlMultiByteToUnicodeSize C:\Windows\SysWOW64\ntdll.dll
    #7  TpCallbackMayRunLong C:\Windows\SysWOW64\ntdll.dll
    #8  TpCallbackMayRunLong C:\Windows\SysWOW64\ntdll.dll
    #9  BaseThreadInitThunk C:\Windows\syswow64\kernel32.dll
  Concurrent write(s) happened at (OR AFTER) these points:
   T0 (L{}):
    #0  google_breakpad::CrashGenerationServer::Start breakpad/src/client/windows/crash_generation/crash_generation_server.cc:243
    #1  remoting::BreakpadWinDeathTest::SetUp remoting/base/breakpad_win_unittest.cc:137
    #2  testing::internal::HandleExceptionsInMethodIfSupported testing/gtest/src/gtest.cc:2126
  Location 18BAFE9C is 68 bytes inside a block starting at 18BAFE58 of size 196 allocated by T0 from heap:
    #0  operator new f:/dd/vctools/crt_bld/self_x86/crt/src/new.cpp:57
    #1  remoting::BreakpadWinDeathTest::SetUp remoting/base/breakpad_win_unittest.cc:136
    #2  testing::internal::HandleExceptionsInMethodIfSupported testing/gtest/src/gtest.cc:2126
   Race verifier data: 01076608,01077539
}}}

WARNING: Possible data race during write of size 1 at 18BAFED4: {{{
   T0 (L{L318}):
    #0  google_breakpad::CrashGenerationServer::~CrashGenerationServer breakpad/src/client/windows/crash_generation/crash_generation_server.cc:141
    #1  google_breakpad::CrashGenerationServer::`scalar deleting destructor' e:\b\build\slave\chromium-dbg-win-tsan\build\src\build\Debug\remoting_unittests.exe
    #2  scoped_ptr::~scoped_ptr base/memory/scoped_ptr.h:166
    #3  remoting::BreakpadWinDeathTest::~BreakpadWinDeathTest remoting/base/breakpad_win_unittest.cc:86
    #4  remoting::BreakpadWinDeathTest_TestAccessViolation_Test::`scalar deleting destructor' e:\b\build\slave\chromium-dbg-win-tsan\build\src\build\Debug\remoting_unittests.exe
    #5  testing::Test::DeleteSelf_ testing/gtest/include/gtest/gtest.h:438
    #6  testing::internal::HandleExceptionsInMethodIfSupported testing/gtest/src/gtest.cc:2126
  Concurrent read(s) happened at (OR AFTER) these points:
   T1 (L{}):
    #0  google_breakpad::CrashGenerationServer::HandleConnectionRequest breakpad/src/client/windows/crash_generation/crash_generation_server.cc:720
    #1  google_breakpad::CrashGenerationServer::OnPipeConnected breakpad/src/client/windows/crash_generation/crash_generation_server.cc:824
    #2  RtlSetTimer C:\Windows\SysWOW64\ntdll.dll
    #3  RtlSetTimer C:\Windows\SysWOW64\ntdll.dll
    #4  TpReleaseTimer C:\Windows\SysWOW64\ntdll.dll
    #5  TpReleaseTimer C:\Windows\SysWOW64\ntdll.dll
    #6  RtlMultiByteToUnicodeSize C:\Windows\SysWOW64\ntdll.dll
    #7  RtlMultiByteToUnicodeSize C:\Windows\SysWOW64\ntdll.dll
    #8  TpCallbackMayRunLong C:\Windows\SysWOW64\ntdll.dll
    #9  TpCallbackMayRunLong C:\Windows\SysWOW64\ntdll.dll
  Location 18BAFED4 is 124 bytes inside a block starting at 18BAFE58 of size 196 allocated by T0 from heap:
    #0  operator new f:/dd/vctools/crt_bld/self_x86/crt/src/new.cpp:57
    #1  remoting::BreakpadWinDeathTest::SetUp remoting/base/breakpad_win_unittest.cc:136
    #2  testing::internal::HandleExceptionsInMethodIfSupported testing/gtest/src/gtest.cc:2126
  Locks involved in this report (reporting last lock sites): {L318}
   L318 (18BAFE58)
    #0  RtlEnterCriticalSection C:\Windows\SysWOW64\ntdll.dll
    #1  google_breakpad::AutoCriticalSection::Acquire breakpad/src/client/windows/common/auto_critical_section.h:58
    #2  google_breakpad::AutoCriticalSection::AutoCriticalSection breakpad/src/client/windows/common/auto_critical_section.h:45
    #3  google_breakpad::CrashGenerationServer::~CrashGenerationServer breakpad/src/client/windows/crash_generation/crash_generation_server.cc:137
    #4  google_breakpad::CrashGenerationServer::`scalar deleting destructor' e:\b\build\slave\chromium-dbg-win-tsan\build\src\build\Debug\remoting_unittests.exe
    #5  scoped_ptr::~scoped_ptr base/memory/scoped_ptr.h:166
    #6  remoting::BreakpadWinDeathTest::~BreakpadWinDeathTest remoting/base/breakpad_win_unittest.cc:86
    #7  remoting::BreakpadWinDeathTest_TestAccessViolation_Test::`scalar deleting destructor' e:\b\build\slave\chromium-dbg-win-tsan\build\src\build\Debug\remoting_unittests.exe
    #8  testing::Test::DeleteSelf_ testing/gtest/include/gtest/gtest.h:438
    #9  testing::internal::HandleExceptionsInMethodIfSupported testing/gtest/src/gtest.cc:2126
   Race verifier data: 010770EA,010773E4
}}}

All of them happen while accessing |server_state_|, which has been protected by 
|sync_| before r1013.
Because |sync_| isn't intended to protect the server state, a fix may require 
introducing an additional CRITICAL_SECTION object.

Original issue reported on code.google.com by gli...@chromium.org on 30 Aug 2012 at 9:43

GoogleCodeExporter commented 9 years ago
http://code.google.com/p/chromium/issues/detail?id=144928 is the corresponding 
Chromium bug report

Original comment by gli...@google.com on 30 Aug 2012 at 9:44

GoogleCodeExporter commented 9 years ago

Original comment by gli...@chromium.org on 10 Jan 2013 at 10:38