Info

MozJSImplScope::ASANHandles is used to track the addresses of allocations within mozjs. Prior to the ESR115 upgrade, the implementation was done in a thread local fashion, with each thread getting its own ASANHandles tracker. After the ESR115 upgrade, the implementation had to be changed to a global singleton shared by all threads. This introduces additional complexity, as contending threads could be modifying the internal address map simultaneously. Whenever an allocation (or deallocation) takes place within mozjs, the corresponding allocated/freed address is added or removed from the map within ASANHandles. The map within ASANHandles is guarded by a lock, however, since the allocate/free operation is not under the same lock, it is possible that we could find ourselves in a situation where one thread still has to remove its pointer from the map (but the memory has already been freed), while a separate thread has received the same address during an allocation, and is inserting into the map. BF-32781 detects this exact scenario. As a quick fix, we will use an unordered_map (instead of the current unordered_set) to keep track of the current usage of allocated memory, allowing multiple threads to add a reference count to the tracked handled. As an alternative, ASANHandles could be refactored to ensure allocations are performed under the same lock as the address map, however this would cause unnecessary lengthening of the critical section under the lock, which is undesirable. Given that this code is only active in ASAN builds, we would like to minimize any significant impact on the release builds. It is important to note that this code does not affect any runtime logic or behaviour, it is in place to appease the ASAN build by keeping the addresses in memory.

Top User Comments

xgen-internal-githook commented on Thu, 13 Jun 2024 18:06:36 +0000: Author: {'name': 'Christopher M. Wolff', 'email': 'chris.wolff@mongodb.com', 'username': 'wolffcm'} Message: SERVER-89466 Fix thread contention in MozJSImplScope::ASANHandles (#23424) GitOrigin-RevId: f4bb5878d31488d71173a227a5a773c195e2ef22 Branch: v7.0 https://github.com/mongodb/mongo/commit/bc7dd5da66a6b6a6c0f78f966e90e6d62fd981cd xgen-internal-githook commented on Thu, 25 Apr 2024 20:22:21 +0000: Author: {'name': 'Santiago Roche', 'email': '69868136+sroches@users.noreply.github.com', 'username': 'sroches'} Message: SERVER-89466 Fix thread contention in MozJSImplScope::ASANHandles (#21467) GitOrigin-RevId: 2dcd5810a9a09aa18999d17369bafd9cade378d5 Branch: v8.0 https://github.com/mongodb/mongo/commit/489c604b968678258d1e323b27ce2a5ca690cb2f xgen-internal-githook commented on Tue, 23 Apr 2024 18:16:06 +0000: Author: {'name': 'Santiago Roche', 'email': '69868136+sroches@users.noreply.github.com', 'username': 'sroches'} Message: SERVER-89466 Fix thread contention in MozJSImplScope::ASANHandles. (#21180) GitOrigin-RevId: e758a4e0fa164d62ee058f4f618b6884294efd08 Branch: master https://github.com/mongodb/mongo/commit/cb3aec862151a15d6f363d9589e378615348cf10

Steps to Reproduce