[FFmpeg-devel] tsan warning about a data race in libavcodec/h264_direct.c

Wan-Teh Chang wtc at google.com
Wed Jul 19 07:26:42 EEST 2017


Hi,

I'd like to report a tsan warning about a data race in libavcodec/h264_direct.c.

1. Steps to reproduce:

./configure --samples=~/fate-suite/ --toolchain=clang-tsan --disable-stripping

make fate-h264 THREADS=4

2. Here is an excerpt of the tsan warning in
tests/data/fate/h264-conformance-frext-hpcafl_bcrm_c.err:

WARNING: ThreadSanitizer: data race (pid=116081)
  Read of size 4 at 0x7b7000020118 by thread T3 (mutexes: write M2239):
    #0 pred_temp_direct_motion ffmpeg/libavcodec/h264_direct.c:505:9
(ffmpeg+0x1159c60)
    #1 ff_h264_pred_direct_motion ffmpeg/libavcodec/h264_direct.c:727
(ffmpeg+0x1159c60)
    #2 ff_h264_decode_mb_cabac ffmpeg/libavcodec/h264_cabac.c:2118:17
(ffmpeg+0x1471f03)
    #3 decode_slice ffmpeg/libavcodec/h264_slice.c:2569:19 (ffmpeg+0x11930ba)
    #4 ff_h264_execute_decode_slices
ffmpeg/libavcodec/h264_slice.c:2748:15 (ffmpeg+0x1192377)
    #5 decode_nal_units ffmpeg/libavcodec/h264dec.c:716:27 (ffmpeg+0x792022)
    #6 h264_decode_frame ffmpeg/libavcodec/h264dec.c:1006 (ffmpeg+0x792022)
    #7 frame_worker_thread ffmpeg/libavcodec/pthread_frame.c:201:21
(ffmpeg+0xae56cc)

  Previous write of size 4 at 0x7b7000020118 by thread T1 (mutexes:
write M2234):
    #0 ff_h264_decode_mb_cabac ffmpeg/libavcodec/h264_cabac.c:2386:31
(ffmpeg+0x1475e0a)
    #1 decode_slice ffmpeg/libavcodec/h264_slice.c:2569:19 (ffmpeg+0x11930ba)
    #2 ff_h264_execute_decode_slices
ffmpeg/libavcodec/h264_slice.c:2748:15 (ffmpeg+0x1192377)
    #3 decode_nal_units ffmpeg/libavcodec/h264dec.c:716:27 (ffmpeg+0x792022)
    #4 h264_decode_frame ffmpeg/libavcodec/h264dec.c:1006 (ffmpeg+0x792022)
    #5 frame_worker_thread ffmpeg/libavcodec/pthread_frame.c:201:21
(ffmpeg+0xae56cc)

3. The relevant source code is:

libavcodec/h264_direct.c:

487 static void pred_temp_direct_motion(const H264Context *const h,
H264SliceContext *sl,
488                                     int *mb_type)
489 {
490     int b8_stride = 2;
491     int b4_stride = h->b_stride;
492     int mb_xy = sl->mb_xy, mb_y = sl->mb_y;
...
502     await_reference_mb_row(h, &sl->ref_list[1][0],
503                            sl->mb_y + !!IS_INTERLACED(*mb_type));
504
505     if (IS_INTERLACED(sl->ref_list[1][0].parent->mb_type[mb_xy]))
{ // AFL/AFR/FR/FL -> AFL/FL

Note: tsan warns about the read of mb_type[mb_xy], not the read of
sl->ref_list[1][0].parent.

libavcodec/h264_slice.c:

1914 int ff_h264_decode_mb_cabac(const H264Context *h, H264SliceContext *sl)
1915 {
...
2386     h->cur_pic.mb_type[mb_xy] = mb_type;

4. I've investigated this tsan warning for several hours in my spare
time, but I can't figure out how to fix it. I hope someone familiar
with the h264 decoder will see what's wrong or suggest fixes for me to
try.

Here are two facts that may be helpful.

- This tsan warning does not occur when I run "make fate-h264" with
THREADS=2. It starts to occur with THREADS=3.

- If I annotate libavcodec/h264_direct.c so that tsan ignores the read
of sl->ref_list[1][0].parent->mb_type[mb_xy] at line 505, then "make
fate-h264 THREADS=4" runs to completion with no tsan warning (assuming
the fix in http://ffmpeg.org/pipermail/ffmpeg-devel/2017-July/213777.html
is applied). So this seems to be the last tsan warning in fate-h264.

Thanks,
Wan-Teh Chang


More information about the ffmpeg-devel mailing list