build_runner: fix race condition in dispatch_deps capacity reservation #30561

Merged

andrewrk merged 1 commit from erg/zig:fix-30014 into master 2025-12-22 03:54:57 +01:00

Conversation 2 Commits 1 Files changed 1 +2 -1

erg commented 2025-12-22 03:49:33 +01:00

Contributor

Copy link

Fix for #30014

The bug is that we reserve capacity based on a stale length read outside the mutex, then iterate over the current larger list inside the mutex.

To reproduce the crash:

• check out https://codeberg.org/erg/zig/src/branch/fix-30014-repro or view here and make the changes locally: erg/zig@d279e47b4a
• rebuild zig or just stage3 with rm -rf build/stage3 && cmake --build build --target stage3 && cd race_test && ../build/stage3/bin/zig build -j16 --maxrss 500000000
• the actual repro is running your stage3 zig on race_test/build.zig with zig build -j16 --maxrss 500000000

It will crash if you haven't applied the patch in this PR, so apply the patch and rebuild your stage3 and rerun the race_test/build.zig

Race scenario:

• ensureUnusedCapacity(run.memory_blocked_steps.items.len) outside the mutex (bug)
• line 1346 can add items items run.memory_blocked_steps.append(gpa, s) catch @panic("OOM");
• lock mutex and iterate for (memory_blocked_steps.items) |dep| { (bug: memory_blocked_steps could have grown)
• appendAssumeCapacity(dep) but if dep > N we crash

ArrayList can grow here:

erg/zig – lib/compiler/build_runner.zig

Line 1346 in erg/zig@d279e47

run.memory_blocked_steps.append(gpa, s) catch @panic("OOM");

I am liking zig so far. Thanks yall!

Fix for https://codeberg.org/ziglang/zig/issues/30014 The bug is that we reserve capacity based on a stale length read outside the mutex, then iterate over the current larger list inside the mutex. To reproduce the crash: - check out https://codeberg.org/erg/zig/src/branch/fix-30014-repro or view here and make the changes locally: https://codeberg.org/erg/zig/commit/d279e47b4ad2a69bc168ec5f6e4e787dfb36b653 - rebuild `zig` or just stage3 with `rm -rf build/stage3 && cmake --build build --target stage3 && cd race_test && ../build/stage3/bin/zig build -j16 --maxrss 500000000` - the actual repro is running your stage3 zig on `race_test/build.zig` with `zig build -j16 --maxrss 500000000` It will crash if you haven't applied the patch in this PR, so apply the patch and rebuild your stage3 and rerun the `race_test/build.zig` Race scenario: - `ensureUnusedCapacity(run.memory_blocked_steps.items.len)` outside the mutex (bug) - line 1346 can add items `items run.memory_blocked_steps.append(gpa, s) catch @panic("OOM");` - lock mutex and iterate `for (memory_blocked_steps.items) |dep| {` (bug: memory_blocked_steps could have grown) - `appendAssumeCapacity(dep)` but if dep > N we crash ArrayList can grow here: https://codeberg.org/erg/zig/src/commit/d279e47b4ad2a69bc168ec5f6e4e787dfb36b653/lib/compiler/build_runner.zig#L1346 I am liking zig so far. Thanks yall!

erg added 1 commit 2025-12-22 03:49:35 +01:00

build_runner: fix race condition in dispatch_deps capacity reservation ... 6b9125cbe6

Move ensureUnusedCapacity inside the mutex call to prevent
a race condition where other worker threads could append to
memory_blocked_steps between checking the length and iterating.

repro branch: https://codeberg.org/erg/zig/src/branch/fix-30014-repro
check out that branch, and depending on if you have the fix-30014 patch or not,
it will either race condition or succeed

Fixes #30014

andrewrk approved these changes 2025-12-22 03:54:25 +01:00

andrewrk left a comment

Owner

Copy link

Nice catch, thank you!

Nice catch, thank you!

andrewrk merged commit 6b9125cbe6 into master 2025-12-22 03:54:57 +01:00

andrewrk commented 2025-12-22 03:55:35 +01:00

Owner

Copy link

Oops, I expected that to mark the PR as merge after CI checks succeeding. Will revert if it fails on master.

Oops, I expected that to mark the PR as merge after CI checks succeeding. Will revert if it fails on master.

andrewrk referenced this pull request from forgejo/forgejo 2025-12-22 19:34:28 +01:00

feat: make auto-merge the default/primary PR merge mode in the web interface #10340

Sign in to join this conversation.

Reviewers

No reviewers

andrewrk

Labels

Clear labels   

abi/f32

  

abi/ilp32

  

abi/n32

  

abi/sf

  

abi/x32

  

accepted

This proposal is planned.

  

arch/1750a

  

arch/21k

  

arch/6502

  

arch/a29k

  

arch/aarch64

  

arch/alpha

  

arch/amdgcn

  

arch/arc

  

arch/arc32

  

arch/arc64

  

arch/arm

  

arch/avr

  

arch/avr32

  

arch/bfin

  

arch/bpf

  

arch/clipper

  

arch/colossus

  

arch/cr16

  

arch/cris

  

arch/csky

  

arch/dlx

  

arch/dsp16xx

  

arch/elxsi

  

arch/epiphany

  

arch/fr30

  

arch/frv

  

arch/h8300

  

arch/h8500

  

arch/hexagon

  

arch/hppa

  

arch/hppa64

  

arch/i370

  

arch/i860

  

arch/i960

  

arch/ia64

  

arch/ip2k

  

arch/kalimba

  

arch/kvx

  

arch/lanai

  

arch/lm32

  

arch/loongarch32

  

arch/loongarch64

  

arch/m32r

  

arch/m68k

  

arch/m88k

  

arch/maxq

  

arch/mcore

  

arch/metag

  

arch/microblaze

  

arch/mips

  

arch/mips64

  

arch/mmix

  

arch/mn10200

  

arch/mn10300

  

arch/moxie

  

arch/mrisc32

  

arch/msp430

  

arch/nds32

  

arch/nios2

  

arch/ns32k

  

arch/nvptx

  

arch/or1k

  

arch/pdp10

  

arch/pdp11

  

arch/pj

  

arch/powerpc

  

arch/powerpc64

  

arch/propeller

  

arch/riscv32

  

arch/riscv64

  

arch/rl78

  

arch/rx

  

arch/s390

  

arch/s390x

  

arch/sh

  

arch/sh64

  

arch/sparc

  

arch/sparc64

  

arch/spirv

  

arch/spu

  

arch/st200

  

arch/starcore

  

arch/tilegx

  

arch/tilepro

  

arch/tricore

  

arch/ts

  

arch/v850

  

arch/vax

  

arch/vc4

  

arch/ve

  

arch/wasm

  

arch/we32k

  

arch/x86

  

arch/x86_16

  

arch/x86_64

  

arch/xcore

  

arch/xgate

  

arch/xstormy16

  

arch/xtensa

  

autodoc

The web application for interactive documentation and generation of its assets.

  

backend/c

The C backend outputs C source code.

  

backend/llvm

The LLVM backend outputs an LLVM bitcode module.

  

backend/self-hosted

The self-hosted backends produce machine code directly.

  

binutils

Zig's included binary utilities: zig ar, zig dlltool, zig lib, zig ranlib, zig objcopy, and zig rc.

  

breaking

Implementing this issue could cause existing code to no longer compile or have different behavior.

  

build system

The Zig build system - zig build, std.Build, the build runner, and package management.

  

debug info

An issue related to debug information (e.g. DWARF) produced by the Zig compiler.

  

docs

An issue with documentation, e.g. the language reference or standard library doc comments.

  

error message

This issue points out an error message that is unhelpful and should be improved.

  

frontend

Tokenization, parsing, AstGen, ZonGen, Sema, Legalize, and Liveness.

  

fuzzing

An issue related to Zig's integrated fuzz testing.

  

incremental

Reuse of internal compiler state for faster compilation.

  

lib/c

This issue relates to Zig's libc implementation and/or vendored libcs.

  

lib/compiler-rt

This issue relates to Zig's compiler-rt library.

  

lib/cxx

This issue relates to Zig's vendored libc++ and/or libc++abi.

  

lib/std

This issue relates to Zig's standard library.

  

lib/tsan

This issue relates to Zig's vendored libtsan.

  

lib/ubsan-rt

This issue relates to Zig's ubsan-rt library.

  

lib/unwind

This issue relates to Zig's vendored libunwind.

  

linking

Zig's integrated object file and incremental linker.

  

miscompilation

The compiler reports success but produces semantically incorrect code.

  

os/aix

  

os/android

  

os/bridgeos

  

os/contiki

  

os/dragonfly

  

os/driverkit

  

os/emscripten

  

os/freebsd

  

os/fuchsia

  

os/haiku

  

os/hermit

  

os/hurd

  

os/illumos

  

os/ios

  

os/kfreebsd

  

os/linux

  

os/maccatalyst

  

os/macos

  

os/managarm

  

os/netbsd

  

os/ohos

  

os/openbsd

  

os/plan9

  

os/redox

  

os/rtems

  

os/serenity

  

os/solaris

  

os/tvos

  

os/uefi

  

os/visionos

  

os/wali

  

os/wasi

  

os/watchos

  

os/windows

  

os/zos

  

proposal

This issue suggests modifications. If it also has the "accepted" label then it is planned.

  

release notes

This issue or pull request should be mentioned in the release notes.

  

testing

This issue is related to testing the compiler, standard library, or other parts of Zig.

  

tier system

This issue tracks the support tier for a target.

  

zig cc

Zig as a drop-in C-family compiler.

  

zig fmt

The Zig source code formatter.

  

bounty

https://ziglang.org/news/announcing-donor-bounties

  

bug

Observed behavior contradicts documented or intended behavior.

  

contributor-friendly

This issue is limited in scope and/or knowledge of project internals.

  

downstream

An issue with a third-party project that uses this project.

  

enhancement

Solving this issue will likely involve adding new logic or components to the codebase.

  

infra

An issue related to project infrastructure, e.g. continuous integration.

  

optimization

A task to improve performance and/or resource usage.

  

question

No questions on the issue tracker; use a community space instead.

  

regression

A bug that did not occur in a previous version.

  

upstream

An issue with a third-party project that this project uses.

No labels

abi/f32

abi/ilp32

abi/n32

abi/sf

abi/x32

accepted

arch/1750a

arch/21k

arch/6502

arch/a29k

arch/aarch64

arch/alpha

arch/amdgcn

arch/arc

arch/arc32

arch/arc64

arch/arm

arch/avr

arch/avr32

arch/bfin

arch/bpf

arch/clipper

arch/colossus

arch/cr16

arch/cris

arch/csky

arch/dlx

arch/dsp16xx

arch/elxsi

arch/epiphany

arch/fr30

arch/frv

arch/h8300

arch/h8500

arch/hexagon

arch/hppa

arch/hppa64

arch/i370

arch/i860

arch/i960

arch/ia64

arch/ip2k

arch/kalimba

arch/kvx

arch/lanai

arch/lm32

arch/loongarch32

arch/loongarch64

arch/m32r

arch/m68k

arch/m88k

arch/maxq

arch/mcore

arch/metag

arch/microblaze

arch/mips

arch/mips64

arch/mmix

arch/mn10200

arch/mn10300

arch/moxie

arch/mrisc32

arch/msp430

arch/nds32

arch/nios2

arch/ns32k

arch/nvptx

arch/or1k

arch/pdp10

arch/pdp11

arch/pj

arch/powerpc

arch/powerpc64

arch/propeller

arch/riscv32

arch/riscv64

arch/rl78

arch/rx

arch/s390

arch/s390x

arch/sh

arch/sh64

arch/sparc

arch/sparc64

arch/spirv

arch/spu

arch/st200

arch/starcore

arch/tilegx

arch/tilepro

arch/tricore

arch/ts

arch/v850

arch/vax

arch/vc4

arch/ve

arch/wasm

arch/we32k

arch/x86

arch/x86_16

arch/x86_64

arch/xcore

arch/xgate

arch/xstormy16

arch/xtensa

autodoc

backend/c

backend/llvm

backend/self-hosted

binutils

breaking

build system

debug info

docs

error message

frontend

fuzzing

incremental

lib/c

lib/compiler-rt

lib/cxx

lib/std

lib/tsan

lib/ubsan-rt

lib/unwind

linking

miscompilation

os/aix

os/android

os/bridgeos

os/contiki

os/dragonfly

os/driverkit

os/emscripten

os/freebsd

os/fuchsia

os/haiku

os/hermit

os/hurd

os/illumos

os/ios

os/kfreebsd

os/linux

os/maccatalyst

os/macos

os/managarm

os/netbsd

os/ohos

os/openbsd

os/plan9

os/redox

os/rtems

os/serenity

os/solaris

os/tvos

os/uefi

os/visionos

os/wali

os/wasi

os/watchos

os/windows

os/zos

proposal

release notes

testing

tier system

zig cc

zig fmt

bounty

bug

contributor-friendly

downstream

enhancement

infra

optimization

question

regression

upstream

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ziglang/zig!30561

No description provided.