Reports on std::string internal rep

GoogleCodeExporter commented 9 years ago

The implementation of basic_string<> contains atomic reference counting without 
annotations.
Currently, this gives TSan reports with --free-is-write=yes

See NegativeTests.StdStringDtor for a reproducer.

Proposal to modify the std::string sent to gcc team:
http://gcc.gnu.org/ml/libstdc++/2010-07/msg00029.html

Original issue reported on code.google.com by timurrrr on 21 Jul 2010 at 12:44

GoogleCodeExporter commented 9 years ago

The new regression found on Chromium
-> test NegativeTests.StdStringDtorVsAssign (See r2349)
-> reports a race between two std::string::assign, both threads access 
per-thread local strings

Original comment by timurrrr@google.com on 27 Jul 2010 at 1:03

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

A new report on Chromium:
http://build.chromium.org/buildbot/memory/builders/Linux%20Tests%20(tsan)/builds
/5669/steps/memory%20test:%20unit_1/logs/stdio

What looks strange is that this is despite --free-is-write=no
Re-assigning to myself to investigate.

WARNING: Possible data race during write of size 4 at 0xBCB2BC8: {{{
   T268 (Chrome_FileThread) (L{}):
    #0  std::string::_M_mutate(unsigned int, unsigned int, unsigned int) /usr/lib/libstdc++.so.6.0.9
    #1  std::string::clear() /usr/lib/libstdc++.so.6.0.9
    #2  FilePath::clear() /b/slave/chromium-rel-linux-valgrind-builder/build/src/./base/file_path.h:173
    #3  (anonymous namespace)::FilePathWatcherImpl::Cancel() /b/slave/chromium-rel-linux-valgrind-builder/build/src/chrome/browser/file_path_watcher_inotify.cc:373
    #4  FilePathWatcher::~FilePathWatcher() /b/slave/chromium-rel-linux-valgrind-builder/build/src/./chrome/browser/file_path_watcher.h:37
    #5  scoped_ptr<FilePathWatcher>::reset(FilePathWatcher*) /b/slave/chromium-rel-linux-valgrind-builder/build/src/./base/scoped_ptr.h:84
    #6  (anonymous namespace)::(anonymous namespace)::Deleter::OnFilePathChanged(FilePath const&) /b/slave/chromium-rel-linux-valgrind-builder/build/src/chrome/browser/file_path_watcher_unittest.cc:252
    #7  (anonymous namespace)::FilePathWatcherImpl::OnFilePathChanged(int, std::string const&, bool, bool) /b/slave/chromium-rel-linux-valgrind-builder/build/src/chrome/browser/file_path_watcher_inotify.cc:335
    #8  void DispatchToMethod<(anonymous namespace)::FilePathWatcherImpl, void ((anonymous namespace)::FilePathWatcherImpl::*)(int, std::string const&, bool, bool), int, std::string, unsigned int, unsigned int>((anonymous namespace)::FilePathWatcherImpl*, void ((anonymous namespace)::FilePathWatcherImpl::*)(int, std::string const&, bool, bool), Tuple4<int, std::string, unsigned int, unsigned int> const&) /b/slave/chromium-rel-linux-valgrind-builder/build/src/./base/tuple.h:566
    ...
  Concurrent read(s) happened at (OR AFTER) these points:
   T0 (L{}):
    #0  std::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() /usr/lib/libstdc++.so.6.0.9
    #1  FilePath::~FilePath() /b/slave/chromium-rel-linux-valgrind-builder/build/src/base/file_path.cc:170
    #2  (anonymous namespace)::FilePathWatcherTest_DeleteDuringNotify_Test::TestBody() /b/slave/chromium-rel-linux-valgrind-builder/build/src/chrome/browser/file_path_watcher_unittest.cc:266
    #3  testing::Test::Run() /b/slave/chromium-rel-linux-valgrind-builder/build/src/testing/gtest/src/gtest.cc:2095
  Location 0xBCB2BC8 is 8 bytes inside a block starting at 0xBCB2BC0 of size 63 allocated by T0 from heap:
    #0  operator new(unsigned int) /tmp/vg-bins/scripts/tsan/tsan/ts_valgrind_intercepts.c:420
    #1  std::string::_Rep::_S_create(unsigned int, unsigned int, std::allocator<char> const&) /usr/lib/libstdc++.so.6.0.9
    #2  std::string::_Rep::_M_clone(std::allocator<char> const&, unsigned int) /usr/lib/libstdc++.so.6.0.9
    #3  std::string::reserve(unsigned int) /usr/lib/libstdc++.so.6.0.9
    #4  std::string::append(unsigned int, char) /usr/lib/libstdc++.so.6.0.9
    #5  FilePath::Append(std::string const&) const /b/slave/chromium-rel-linux-valgrind-builder/build/src/base/file_path.cc:466
    #6  FilePath::AppendASCII(base::StringPiece const&) const /b/slave/chromium-rel-linux-valgrind-builder/build/src/base/file_path.cc:484
    #7  (anonymous namespace)::FilePathWatcherTest::test_file() /b/slave/chromium-rel-linux-valgrind-builder/build/src/chrome/browser/file_path_watcher_unittest.cc:125
    #8  (anonymous namespace)::FilePathWatcherTest_DeleteDuringNotify_Test::TestBody() /b/slave/chromium-rel-linux-valgrind-builder/build/src/chrome/browser/file_path_watcher_unittest.cc:266
    #9  testing::Test::Run() /b/slave/chromium-rel-linux-valgrind-builder/build/src/testing/gtest/src/gtest.cc:2095
   Race verifier data: 0x4C176B7,0x4C17573
}}}

Original comment by timurrrr on 19 Aug 2010 at 1:42

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

See test LibStdCPlusPlus.basic_string_Test and 
http://code.google.com/p/data-race-test/wiki/AtomicReferenceCounting

Original comment by konstant...@gmail.com on 1 Sep 2010 at 1:47

Added labels: ****
Removed labels: ****

staticanalysis / data-race-test

Reports on std::string internal rep #40