Get rid of ANNOTATE_BENIGN_RACE/WTF_ANNOTATE_BENIGN_RACE in the codebase |
|||||
Issue descriptionWe're going to disable these annotations in Chrome, but first need to make sure all instances of them are removed: $ grep -RI ANNOTATE_BENIGN_RACE 2>/dev/null | grep -v 'dynamic_annotations\|DynamicAnnotations' device/geolocation/wifi_data_provider_common_unittest.cc: ANNOTATE_BENIGN_RACE(&calls_, "This is a test-only data race on a counter"); device/gamepad/gamepad_provider.cc: ANNOTATE_BENIGN_RACE_SIZED(gamepad_shared_buffer_->buffer(), device/base/synchronization/one_writer_seqlock_unittest.cc: ANNOTATE_BENIGN_RACE_SIZED(&data, sizeof(data), "Racey reads are discarded"); third_party/tcmalloc/vendor/src/base/low_level_alloc.cc: ANNOTATE_BENIGN_RACE(&r, "benign race, not critical."); third_party/tcmalloc/chromium/src/base/low_level_alloc.cc: ANNOTATE_BENIGN_RACE(&r, "benign race, not critical."); third_party/WebKit/Source/wtf/text/StringImpl.cpp: WTF_ANNOTATE_BENIGN_RACE(StringImpl::empty, third_party/WebKit/Source/wtf/text/StringImpl.cpp: WTF_ANNOTATE_BENIGN_RACE(StringImpl::empty16Bit, third_party/WebKit/Source/wtf/text/StringImpl.cpp: WTF_ANNOTATE_BENIGN_RACE(impl, third_party/WebKit/Source/core/inspector/InspectorTraceEvents.cpp: WTF_ANNOTATE_BENIGN_RACE(&traceCategoryEnabled, "trace_event category"); content/browser/loader/resource_dispatcher_host_impl.cc: ANNOTATE_BENIGN_RACE( base/trace_event/trace_event_synthetic_delay.cc: ANNOTATE_BENIGN_RACE(&target_duration_, "Synthetic delay duration"); base/trace_event/trace_event_synthetic_delay.cc: ANNOTATE_BENIGN_RACE(&target_duration_, "Synthetic delay duration"); base/trace_event/trace_event_synthetic_delay.cc: ANNOTATE_BENIGN_RACE(&target_duration_, "Synthetic delay duration"); base/trace_event/category_registry.cc: ANNOTATE_BENIGN_RACE(g_categories[i].state_ptr(), base/tools_sanity_unittest.cc: ANNOTATE_BENIGN_RACE(&shared, "Intentional race - make sure doesn't show up"); base/threading/thread_unittest.cc: ANNOTATE_BENIGN_RACE(value, "Test-only data race on boolean " base/threading/thread_unittest.cc: ANNOTATE_BENIGN_RACE( Code owners, please take another look at your code and make sure you understand why the races are there.
,
Mar 17 2017
> A racy random number is still random enough You underestimate effects of data races. Please read this: https://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong Language standard clearly states that behavior of a program with data races is undefined.
,
Mar 17 2017
Re #2. Hmm if I can be honest that article isn't really too pragmatic (I've seen more convincing examples on the topic than "launch_nuclear_missile()"). Regardless, really, I fully buy the argument that data races can cause very subtle effect that are extremely hard to reason about. That article makes a great point about using std::atomic, and I am fully onboard with that. I would love to use std::atomic and std::memory_order_relaxed, but I have a very realistic and pragmatic problem with it. Unfortunately, as I found out at my own expense in Issue 593344 , today std::memory_order_relaxed causes a double mfence to be emitted for no good reason (tracking bug Issue 592903 ). I am quite reluctant to introduce two mfence in an allocator, especially considering that: - that code has been there for years and is hit, at the peak, 400 K times / second * several hundreds million users (so, realistically, if there was a bug today, that would have popped up) - Those extra mfences in the allocator were the cause a performance regression that showed up in our perf waterfall (which is how I opened that can of worms). I will be extremely happy to switch to std::atomic std::memory_order_relaxed, once our toolchain will emit the right assembly.
,
Mar 17 2017
Chromium has base::subtle::NoBarrier_Load/Store for this.
,
Mar 17 2017
Yup, I know. Unfortunately, I might be misreading the code, but that doesn't seem to be any precedent for third_party/tcmalloc to use chromium's base (unfortunately, tcmalloc has its own base/)
,
Mar 17 2017
We also have NoBarrier operations in third_party/tcmalloc/chromium/src/base/atomicops.h, however it doesn't seem to support TSan.
,
Mar 17 2017
"static" strings in blink will have their reference counters written to, but the value is never used for any meaningful logic. I think this is the reason why their "benign" race was considered ok in the past. Reading up on this, it seems like it is not the case and it is a real bug due to things like storage reuse indicated on the linked article. Strings in Blink are very performance sensitive. I think our only alternative is to ensure static strings do not do any ref counting whatsoever, without resorting to adding additional conditional branches in StringImpl. This probably requires templating StringImpl. +esprehn. This may have additional benefits if static strings are used in perf sensitive places that aggressively ref bump. Plus, if ref/deref are inlined in many places we could see a binary size reduction.
,
Mar 17 2017
I don't think we can templatize the StringImpl and keep the generality that String and static strings are the same thing in the code which is important for the ergonomics of it. I read those papers and I'm aware of many of the issues, but the ref count on a static string is basically garbage on purpose so we don't really care what the compiler is doing with that value in memory. If someone has a way to make the binary literally the same number of bytes and the same instructions inside StringImpl and the usage of Strings look literally identical then we can change the code of course. In the absence of a bug where someone can point to this actually being a problem I don't want to chase a ghost. The code has been this way and produced correct code for many years. :)
,
Mar 23 2017
,
Jan 8 2018
,
Mar 9 2018
Un-cc-ing me from all bugs on my final day. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by primiano@chromium.org
, Mar 17 2017