Context Navigation

Changes between Version 1 and Version 2 of helgrind

Timestamp:: Apr 2, 2015 6:02:56 AM (9 years ago)
Author:: ming
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

helgrind

-                      v1
+                      v2
 This wiki describes the issue from ticket #1820 (Helgrind thread error detector test and analysis)
+Helgrind issue !#1
+Description: Data race over possible concurrent read/write access for thread's quit flag.[[br]]
+One thread tries to write the quit flag while another tries to read it.[[br]]
+Status: false positive, this is intentional behaviour.
+{{{
+==26641== ---Thread-Announcement------------------------------------------
+==26641==
+==26641== Thread #6 was created
+==26641==    at 0x5953FCE: clone (clone.S:74)
+==26641==    by 0x5352199: do_clone.constprop.3 (createthread.c:75)
+==26641==    by 0x53538BA: pthread_create@@GLIBC_2.2.5 (createthread.c:245)
+==26641==    by 0x4C30C90: pthread_create_WRK (hg_intercepts.c:269)
+==26641==    by 0x56704B: pj_thread_create (os_core_unix.c:616)
+==26641==    by 0x49CC57: pjmedia_endpt_create (endpoint.c:169)
+==26641==    by 0x43102A: pjsua_media_subsys_init (pjsua_media.c:80)
+==26641==    by 0x42B576: pjsua_init (pjsua_core.c:1058)
+==26641==    by 0x40800A: app_init (pjsua_app.c:1346)
+==26641==    by 0x408F1A: pjsua_app_init (pjsua_app.c:1881)
+==26641==    by 0x405AA9: main_func (main.c:108)
+==26641==    by 0x568914: pj_run_app (os_core_unix.c:1930)
+==26641==
+==26641== Possible data race during write of size 4 at 0x8182E8 by thread #1
+==26641== Locks held: none
+==26641==    at 0x42AA5E: pjsua_stop_worker_threads (pjsua_core.c:730)
+==26641==    by 0x42C753: pjsua_destroy2 (pjsua_core.c:1548)
+==26641==    by 0x42CDC9: pjsua_destroy (pjsua_core.c:1775)
+==26641==    by 0x409291: app_destroy (pjsua_app.c:2011)
+==26641==    by 0x409304: pjsua_app_destroy (pjsua_app.c:2035)
+==26641==    by 0x405ADF: main_func (main.c:116)
+==26641==    by 0x568914: pj_run_app (os_core_unix.c:1930)
+==26641==    by 0x405B32: main (main.c:129)
+==26641==
+==26641== This conflicts with a previous read of size 4 by thread #7
+==26641== Locks held: none
+==26641==    at 0x42A978: worker_thread (pjsua_core.c:691)
+==26641==    by 0x566E30: thread_main (os_core_unix.c:523)
+==26641==    by 0x4C30E26: mythread_wrapper (hg_intercepts.c:233)
+==26641==    by 0x5353181: start_thread (pthread_create.c:312)
+==26641==    by 0x595400C: clone (clone.S:111)
+}}}
+Helgrind issue !#2
+Lock order inversion involving rwmutex_lock_read()[[br]]
+. Data race over possible concurrent read/write access for thread's quit flag.[[br]]
+  Description: One thread tries to write the quit flag while another tries to read it.[[br]]
+  Status: false positive, this is intentional behaviour.
+  {{{
+  ==26641== ---Thread-Announcement------------------------------------------
+  ==26641==
+  ==26641== Thread #6 was created
+  ==26641==    at 0x5953FCE: clone (clone.S:74)
+  ==26641==    by 0x5352199: do_clone.constprop.3 (createthread.c:75)
+  ==26641==    by 0x53538BA: pthread_create@@GLIBC_2.2.5 (createthread.c:245)
+  ==26641==    by 0x4C30C90: pthread_create_WRK (hg_intercepts.c:269)
+  ==26641==    by 0x56704B: pj_thread_create (os_core_unix.c:616)
+  ==26641==    by 0x49CC57: pjmedia_endpt_create (endpoint.c:169)
+  ==26641==    by 0x43102A: pjsua_media_subsys_init (pjsua_media.c:80)
+  ==26641==    by 0x42B576: pjsua_init (pjsua_core.c:1058)
+  ==26641==    by 0x40800A: app_init (pjsua_app.c:1346)
+  ==26641==    by 0x408F1A: pjsua_app_init (pjsua_app.c:1881)
+  ==26641==    by 0x405AA9: main_func (main.c:108)
+  ==26641==    by 0x568914: pj_run_app (os_core_unix.c:1930)
+  ==26641==
+  ==26641== Possible data race during write of size 4 at 0x8182E8 by thread #1
+  ==26641== Locks held: none
+  ==26641==    at 0x42AA5E: pjsua_stop_worker_threads (pjsua_core.c:730)
+  ==26641==    by 0x42C753: pjsua_destroy2 (pjsua_core.c:1548)
+  ==26641==    by 0x42CDC9: pjsua_destroy (pjsua_core.c:1775)
+  ==26641==    by 0x409291: app_destroy (pjsua_app.c:2011)
+  ==26641==    by 0x409304: pjsua_app_destroy (pjsua_app.c:2035)
+  ==26641==    by 0x405ADF: main_func (main.c:116)
+  ==26641==    by 0x568914: pj_run_app (os_core_unix.c:1930)
+  ==26641==    by 0x405B32: main (main.c:129)
+  ==26641==
+  ==26641== This conflicts with a previous read of size 4 by thread #7
+  ==26641== Locks held: none
+  ==26641==    at 0x42A978: worker_thread (pjsua_core.c:691)
+  ==26641==    by 0x566E30: thread_main (os_core_unix.c:523)
+  ==26641==    by 0x4C30E26: mythread_wrapper (hg_intercepts.c:233)
+  ==26641==    by 0x5353181: start_thread (pthread_create.c:312)
+  ==26641==    by 0x595400C: clone (clone.S:111)
+  }}}
+. Lock order inversion involving rwmutex_lock_read()
 Both threads try to acquire read locks, which should be ok. However, on some platforms, read write mutex may be implemented as some regular mutex, and deadlock can occur.
 {{{
+  {{{
 ==26641== Thread #7: lock order "0x5EDC798 before 0x5E25638" violated
 (lock read should be ok)
 …
 }}}
+Helgrind issue !#3
+Pulse Audio related[[br]]
+Status: outside PJSIP's scope[[br]]
+TODO: create a suppression file for this
+. Pulse Audio related[[br]]
+  Status: outside PJSIP's scope[[br]]
+  TODO: create a suppression file for this
 {{{
 …
 }}}
+Helgrind issue !#4
+Data race over access to g_last_thread variable.[[br]]
+. Data race over access to g_last_thread variable.
 Status: won't fix. The variable is only used for information purpose only, while mutex locking for logging will be quite expensive.
 …
 }}}
+Helgrind issue !#5
+Data race over cp->used_size variable in pool_caching.[[br]]
+. Data race over cp->used_size variable in pool_caching.
 Status: won't fix, the variable is for statistics purpose only.
 …
 }}}
+Helgrind issue !#6
+Data race over tcp->pending_connect variable[[br]]
+. Data race over tcp->pending_connect variable[[br]]
 Status: should be safe. A modification to suppress this would be desirable.
 …
 ==5950==    by 0x408DCF: app_init (pjsua_app.c:1813)
 }}}
+. Destroying a locked mutex in sip dialog
+Status: won't fix. When calling pj_mutex_destroy() there is actually no requirement that the mutex should be unlocked. If the mutex destroy fails, pj_mutex_destroy() will automatically retry several times by unlocking the mutex first.
+{{{
+==27298== Thread #9 unlocked an invalid lock at 0x6B1B408
+==27298==    at 0x4C325C0: pthread_mutex_unlock (hg_intercepts.c:632)
+==27298==    by 0x578334: pj_mutex_destroy (os_core_unix.c:1413)
+==27298==    by 0x4F8D7A: destroy_dialog (sip_dialog.c:114)
+==27298==    by 0x4FA4C9: unregister_and_destroy_dialog (sip_dialog.c:760)
+==27298==    by 0x4FA94B: pjsip_dlg_dec_lock (sip_dialog.c:896)
+==27298==    by 0x4FCD4A: pjsip_dlg_on_tsx_state (sip_dialog.c:2030)
+==27298==    by 0x4FD674: mod_ua_on_tsx_state (sip_ua_layer.c:178)
+==27298==    by 0x4F4771: tsx_set_state (sip_transaction.c:1210)
+==27298==    by 0x4F8103: tsx_on_state_completed_uas (sip_transaction.c:3150)
+==27298==    by 0x4F4591: tsx_timer_callback (sip_transaction.c:1153)
+==27298==    by 0x58808F: pj_timer_heap_poll (timer.c:643)
+==27298==    by 0x4DF50A: pjsip_endpt_handle_events2 (sip_endpoint.c:712)
+}}}