diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2021-12-20 17:19:42 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2021-12-20 18:55:51 +0100 |
| commit | 4c5476b0664a2ba4bd51f69552852160ba6451be (patch) | |
| tree | f048d67eefa69f7b1b8b6b496359b6cc67139e72 /llvm/lib/Bitcode/Writer/BitcodeWriter.cpp | |
| parent | 2eb3e204618209a7f3bd9fa9f6e98c38984997b2 (diff) | |
| download | llvm-4c5476b0664a2ba4bd51f69552852160ba6451be.zip llvm-4c5476b0664a2ba4bd51f69552852160ba6451be.tar.gz llvm-4c5476b0664a2ba4bd51f69552852160ba6451be.tar.bz2 | |
tsan: fix NULL deref in TraceSwitchPart
There is a small chance that the slot may be not queued in TraceSwitchPart.
This can happen if the slot has kEpochLast epoch and another thread
in FindSlotAndLock discovered that it's exhausted and removed it from
the slot queue. kEpochLast can happen in 2 cases: (1) if TraceSwitchPart
was called with the slot locked and epoch already at kEpochLast,
or (2) if we've acquired a new slot in SlotLock in the beginning
of the function and the slot was at kEpochLast - 1, so after increment
in SlotAttachAndLock it become kEpochLast.
If this happens we crash on ctx->slot_queue.Remove(thr->slot).
Skip the requeueing if the slot is not queued.
The slot is exhausted, so it must not be ctx->slot_queue.
The existing stress test triggers this with very small probability.
I am not sure how to make this condition more likely to be triggered,
it evaded lots of testing.
Depends on D116040.
Reviewed By: melver
Differential Revision: https://reviews.llvm.org/D116041
Diffstat (limited to 'llvm/lib/Bitcode/Writer/BitcodeWriter.cpp')
0 files changed, 0 insertions, 0 deletions