[Bug sanitizer/57507] gcc 4.8: thread sanitizer: std::thread false(?) positive

dvyukov at google dot com gcc-bugzilla@gcc.gnu.org
Mon Jun 3 13:21:00 GMT 2013 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57507

Dmitry Vyukov <dvyukov at google dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dvyukov at google dot com

--- Comment #3 from Dmitry Vyukov <dvyukov at google dot com> ---
The problem is that libstdc++ is not instrumented. It makes atomic accesses to
the shared_ptr that tsan does not see.

Here are the only events related to address that tsan sees (the first number is
thread id):

#0: alloc(48) = 0x7d0c0000efd0
#0: MemoryAccess: @0x7f5094bb5021 0x7d0c0000efd0 size=8 is_write=0
shadow_mem=0x04300003bf40 {402418, 0, 0, 0}
#0: __tsan_atomic32_fetch_add(0x7d0c0000efd8, 4)
#0: MemoryAccess: @0x7f5094bcd8d4 0x7d0c0000efd8 size=4 is_write=1
shadow_mem=0x04300003bf60 {402418, 0, 0, 0}
#1: free(0x7d0c0000efd0)
#1: MemoryAccessRange: @0x7f5094bb6c27 0x7d0c0000efd0 size=48 is_write=1
  Write of size 8 at 0x7d0c0000efd8 by thread T1:
  Previous atomic write of size 4 at 0x7d0c0000efd8 by main thread:
  Location is heap block of size 48 at 0x7d0c0000efd0 allocated by main thread:

And here the stack where we detect the race:

#0  __tsan::ReportRace (thr=0x7f8a1c35e800) at tsan_rtl_report.cc:596
#1  0x00007f8a1c520565 in __tsan::__tsan_report_race () at tsan_rtl.cc:351
#2  0x00007f8a1c5205b8 in __tsan::HandleRace (thr=0x7f8a1c35e800,
shadow_mem=0x4300003bf60, cur=..., old=...) at tsan_rtl.cc:378
#3  0x00007f8a1c5381a3 in __tsan::MemoryAccessImpl (thr=0x7f8a1c35e800,
addr=137490493140952, kAccessSizeLog=3, kAccessIsWrite=true, kIsAtomic=false,
shadow_mem=0x4300003bf60, cur=...)
    at tsan_rtl.cc:462
#4  0x00007f8a1c5438ca in __tsan::MemoryAccessRange (thr=0x7f8a1c35e800,
pc=140231157189671, addr=137490493140952, size=40, is_write=true) at
tsan_rtl_thread.cc:363
#5  0x00007f8a1c522952 in __tsan::MemoryRangeFreed (thr=0x7f8a1c35e800,
pc=140231157189671, addr=137490493140944, size=48) at tsan_rtl.cc:607
#6  0x00007f8a1c5187e6 in __tsan::user_free (thr=0x7f8a1c35e800,
pc=140231157189671, p=0x7d0c0000efd0) at tsan_mman.cc:138
#7  0x00007f8a1c4f8c4b in operator delete (ptr=0x7d0c0000efd0) at
tsan_interceptors.cc:519
#8  0x00007f8a1c4f61ee in
__gnu_cxx::new_allocator<std::_Sp_counted_ptr_inplace<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> >,
std::allocator<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> > >, (__gnu_cxx::_Lock_policy)2u>
>::deallocate(__gnu_cxx::new_allocator<std::_Sp_counted_ptr_inplace<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> >,
std::allocator<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> > >, (__gnu_cxx::_Lock_policy)2u> >::pointer,
__gnu_cxx::new_allocator<std::_Sp_counted_ptr_inplace<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> >,
std::allocator<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> > >, (__gnu_cxx::_Lock_policy)2u> >::size_type)
(this=0x7f8a1c35de4f, __p=0x7d0c0000efd0) at
gccinstall/include/c++/4.9.0/ext/new_allocator.h:110
#9  0x00007f8a1c4f60dd in
std::allocator_traits<std::allocator<std::_Sp_counted_ptr_inplace<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> >,
std::allocator<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> > >, (__gnu_cxx::_Lock_policy)2u> >
>::deallocate(std::allocator<std::_Sp_counted_ptr_inplace<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> >,
std::allocator<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> > >, (__gnu_cxx::_Lock_policy)2u> > &,
std::allocator_traits<std::allocator<std::_Sp_counted_ptr_inplace<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> >,
std::allocator<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> > >, (__gnu_cxx::_Lock_policy)2u> > >::pointer,
std::allocator_traits<std::allocator<std::_Sp_counted_ptr_inplace<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> >,
std::allocator<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> > >, (__gnu_cxx::_Lock_policy)2u> > >::size_type)
(__a=..., __p=0x7d0c0000efd0, __n=1)
    at gccinstall/include/c++/4.9.0/bits/alloc_traits.h:377
#10 0x00007f8a1c4f6855 in
std::_Sp_counted_ptr_inplace<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> >,
std::allocator<std::thread::_Impl<std::_Bind_simple<main(int,
char**)::<lambda()>()> > >, (__gnu_cxx::_Lock_policy)2u>::_M_destroy(void)
(this=0x7d0c0000efd0) at
gccinstall/include/c++/4.9.0/bits/shared_ptr_base.h:454
#11 0x00007f8a1bc56e7b in _M_release (this=0x7d0c0000efd0) at
gccbuild/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/shared_ptr_base.h:163
#12 ~__shared_count (this=<synthetic pointer>, __in_chrg=<optimized out>)
    at
gccbuild/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/shared_ptr_base.h:589
#13 ~__shared_ptr (this=<synthetic pointer>, __in_chrg=<optimized out>)
    at
gccbuild/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/shared_ptr_base.h:846
#14 ~shared_ptr (this=<synthetic pointer>, __in_chrg=<optimized out>) at
gccbuild/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/shared_ptr.h:93
#15 std::(anonymous namespace)::execute_native_thread_routine (__p=<optimized
out>) at ../../../../../gcc/libstdc++-v3/src/c++11/thread.cc:95
#16 0x00007f8a1c4fb1e6 in __tsan_thread_start_func (arg=0x7fff46a94080) at
tsan_interceptors.cc:802
#17 0x00007f8a1c0b4e9a in start_thread (arg=0x7f8a1c3cf840) at
pthread_create.c:308
#18 0x00007f8a1b3c8ccd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112

We had a similar problem with libgomp:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55561

More information about the Gcc-bugs mailing list