[PATCH] D15380: [tsan] Update dispatch_group support to avoid using a disposed group object
Dmitry Vyukov via llvm-commits
llvm-commits at lists.llvm.org
Fri Dec 11 05:18:11 PST 2015
dvyukov added inline comments.
================
Comment at: lib/tsan/rtl/tsan_libdispatch_mac.cc:93
@@ -90,2 +92,3 @@
user_free(thr, pc, context);
+ if (context->object_to_release) dispatch_release(context->object_to_release);
}
----------------
Looks like use-after-free. You've just freed the context line above.
================
Comment at: lib/tsan/rtl/tsan_libdispatch_mac.cc:93
@@ -90,2 +92,3 @@
user_free(thr, pc, context);
+ if (context->object_to_release) dispatch_release(context->object_to_release);
}
----------------
dvyukov wrote:
> Looks like use-after-free. You've just freed the context line above.
Please add a comment somewhere here explaining why we need this additional lifetime management.
================
Comment at: lib/tsan/rtl/tsan_libdispatch_mac.cc:93
@@ -90,2 +92,3 @@
user_free(thr, pc, context);
+ if (context->object_to_release) dispatch_release(context->object_to_release);
}
----------------
dvyukov wrote:
> dvyukov wrote:
> > Looks like use-after-free. You've just freed the context line above.
> Please add a comment somewhere here explaining why we need this additional lifetime management.
I don't understand the exact scenario that leads to the problem. The group is context->object_to_acquire, which we touch in the very beginning of this function. Then we call user callback orig_work. In your tests orig_work calls dispatch_group_leave on the group. So either (1) test code is also buggy, or (2) we don't have use-after-free in this function and don't need this change, or (3) I am missing something.
http://reviews.llvm.org/D15380
More information about the llvm-commits
mailing list