Closed
Bug 512976
Opened 15 years ago
Closed 15 years ago
MMGC_ENTER not thread safe
Categories
(Tamarin Graveyard :: Garbage Collection (mmGC), defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
flash10.1
People
(Reporter: treilly, Assigned: treilly)
References
Details
Attachments
(1 file)
(deleted),
patch
|
Details | Diff | Splinter Review |
The operation of ShouldNotEnter and Enter need to be combined so they are atomic. Currently we could return false from ShouldNotEnter and then Enter a blown away heap.
Updated•15 years ago
|
Flags: flashplayer-qrb?
Target Milestone: --- → flash10.1
Assignee: nobody → treilly
Status: NEW → ASSIGNED
Flags: flashplayer-qrb? → flashplayer-qrb+
Priority: -- → P2
Updated•15 years ago
|
Priority: P2 → P1
Assignee | ||
Updated•15 years ago
|
Summary: OOM not thread safe → MMGC_ENTER not thread safe
Assignee | ||
Comment 1•15 years ago
|
||
Easy fix, just enter first then check if we should have entered, also make Enter handle NULL heap.
Attachment #405322 -
Flags: superreview?(lhansen)
Comment 2•15 years ago
|
||
(In reply to comment #1)
> Created an attachment (id=405322) [details]
> fix
Can you describe the problem in more detail? (Since there's no synchronization here I don't understand how this rearrangement fixes anything, but I'm also not sure I understand the problem that's being addressed.)
Assignee | ||
Comment 3•15 years ago
|
||
Right now this is possible:
thread 1 thread 2
ShouldNotEnter returns false
OOM happens, destroy heap
EnterFrame ctor crash
So this change makes that impossible because we call EnterFrame first (which increments the ref count if the GCHeap exists) and then check if we should proceed. Because the heap isn't deleted until the ref count is zero, we're good.
Comment 4•15 years ago
|
||
Isnt it possible to again get into the same crash situation?
thread1 thread2
checks in the Enterframe ctor if heap is avail
destroys heap
calls Enter on the heap
Comment 5•15 years ago
|
||
My Last comment is not clear: here it is again
Isnt it possible to again get into the same crash situation?
T1:checks in the Enterframe ctor if heap is present
T2: destroy heap
T1: calls Enter on the heap
Comment 6•15 years ago
|
||
I'm with Ruchi. Unless the lock is lifted to the EnterFrame constructor (at least) I think there will be a race.
Assignee | ||
Comment 7•15 years ago
|
||
Hmm, how do I check that a pointer is not NULL and then perform a lock on a section of memory relative to that pointer atomically? I think we need to lift the lock out of the GCHeap instance to a static variable. I'll submit a new patch.
Assignee | ||
Updated•15 years ago
|
Attachment #405322 -
Flags: superreview?(lhansen)
Comment 8•15 years ago
|
||
I think locking will be required in ShouldNotEnter() implementation also. It is also doing a check of gc heap and then gets the status.
Assignee | ||
Comment 9•15 years ago
|
||
This is fixed by the new EnterLock/EnterRelease code
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•