Add ThreadSanitizer CI jobs (Linux + macOS) (#148)

Add ThreadSanitizer (TSan) support for detecting data races at runtime.

[Created by Copilot on behalf of @bghgary]

## Changes

- **CMakeLists.txt**: New `ENABLE_THREAD_SANITIZER` option with
`-fsanitize=thread`. Includes a mutual exclusion check with
`ENABLE_SANITIZERS` since TSan and ASan cannot be combined.
- **.github/workflows/build-linux.yml**: New `enable-thread-sanitizer`
input, passed as `ENABLE_THREAD_SANITIZER` to CMake. Wires
`TSAN_OPTIONS` with suppression file and sets `JSC_useConcurrentGC=0`
for the Run Tests step (see below).
- **.github/workflows/build-macos.yml**: New `enable-thread-sanitizer`
input; wires `TSAN_OPTIONS`.
- **.github/workflows/ci.yml**: New `Ubuntu_ThreadSanitizer_clang` and
`macOS_Xcode164_ThreadSanitizer` jobs.
- **.github/tsan_suppressions.txt**: Suppresses JSC-internal data races
on Ubuntu (`called_from_lib:libjavascriptcoregtk`). These are
allocator-level races in JSC's JIT worker threads that we cannot fix.

## Linux TSan: Concurrent GC Workaround

JSC on Linux uses `pthread_kill(tid, SIGUSR1)` + `sem_wait` in
`WTF::Thread::suspend()` to stop mutator threads at GC safepoints.
TSan's signal interception defers SIGUSR1 delivery indefinitely when the
target is inside instrumented code; the handler never runs and the
Collector Thread's `sem_wait` deadlocks. macOS JSC uses Mach
`thread_suspend()` (no Unix signals) and is unaffected.

Setting `JSC_useConcurrentGC=0` on the Linux TSan job removes the
dedicated Collector Thread; GC runs on the mutator without cross-thread
signals. Reproduced locally in WSL Ubuntu: default configuration hung
9/20 runs; with `JSC_useConcurrentGC=0`, 0/30 runs hung.

## Dependency Updates

- **arcana.cpp**: Points to upstream `microsoft/arcana.cpp` (includes
#61 — TSan-safe test hook callback mutex).
- **UrlLib**: Points to upstream `BabylonJS/UrlLib` at `d251ad44`
(includes BabylonJS/UrlLib#27 — Apple WebSocket `@synchronized` fixes).

## Platform Support

TSan is supported on Linux and macOS with Clang/GCC. MSVC does not
support TSan and Clang targeting Windows does not have a TSan runtime
library.

## CI Impact

The TSan jobs run in parallel with other jobs and do not increase
overall pipeline time.

## Status

- macOS TSan: passes clean
- Ubuntu TSan: JSC-internal races suppressed via
`called_from_lib:libjavascriptcoregtk`; concurrent GC disabled to avoid
TSan/signal deadlock

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: bghgary

.github/tsan_suppressions.txt

@@ -0,0 +1,17 @@
+# ThreadSanitizer suppressions for JsRuntimeHost
+#
+# These suppress data races internal to third-party libraries that we cannot fix.
+# TSan on macOS (JavaScriptCore via Xcode) passes clean — these suppressions are
+# only needed for the Ubuntu JSC build (libjavascriptcoregtk).
+
+# JavaScriptCore internal races in libjavascriptcoregtk.
+# Races manifest in TSan interceptors (free/malloc/memcpy/close) called from
+# JSC's JIT worker threads. function-name suppressions are needed because the
+# top frame is a libc interceptor attributed to UnitTests, not libjavascriptcoregtk.
+called_from_lib:libjavascriptcoregtk
+race:free
+race:close
+race:memcpy
+
+# JSC signal handler that doesn't save/restore errno
+signal:libjavascriptcoregtk

.github/workflows/build-linux.yml

@@ -15,6 +15,10 @@ on:
         required: false
         type: boolean
         default: false
+      enable-thread-sanitizer:
+        required: false
+        type: boolean
+        default: false
 
 jobs:
   build:
@@ -36,6 +40,7 @@ jobs:
           cmake -B Build/ubuntu -G Ninja \
             -D CMAKE_BUILD_TYPE=RelWithDebInfo \
             -D ENABLE_SANITIZERS=${{ inputs.enable-sanitizers && 'ON' || 'OFF' }} \
+            -D ENABLE_THREAD_SANITIZER=${{ inputs.enable-thread-sanitizer && 'ON' || 'OFF' }} \
             -D CMAKE_C_COMPILER=${{ inputs.cc }} \
             -D CMAKE_CXX_COMPILER=${{ inputs.cxx }}
 
@@ -45,3 +50,13 @@ jobs:
       - name: Run Tests
         working-directory: Build/ubuntu/Tests/UnitTests
         run: ./UnitTests
+        env:
+          TSAN_OPTIONS: ${{ inputs.enable-thread-sanitizer && format('suppressions={0}/.github/tsan_suppressions.txt', github.workspace) || '' }}
+          # JSC's concurrent GC on Linux uses SIGUSR1 + sem_wait to suspend mutator
+          # threads at safepoints. TSan's signal interception delays SIGUSR1 delivery
+          # indefinitely, deadlocking the Collector Thread's sem_wait. Disabling the
+          # concurrent collector removes the dedicated Collector Thread, so GC runs
+          # on the mutator without cross-thread signals. macOS JSC uses Mach
+          # thread_suspend() and is unaffected.
+          JSC_useConcurrentGC: ${{ inputs.enable-thread-sanitizer && '0' || '' }}
+

.github/workflows/build-macos.yml

@@ -14,6 +14,10 @@ on:
         required: false
         type: boolean
         default: false
+      enable-thread-sanitizer:
+        required: false
+        type: boolean
+        default: false
 
 jobs:
   build:
@@ -28,11 +32,15 @@ jobs:
       - name: Configure CMake
         run: |
           cmake -B Build/macOS -G Xcode \
-            -D ENABLE_SANITIZERS=${{ inputs.enable-sanitizers && 'ON' || 'OFF' }}
+            -D ENABLE_SANITIZERS=${{ inputs.enable-sanitizers && 'ON' || 'OFF' }} \
+            -D ENABLE_THREAD_SANITIZER=${{ inputs.enable-thread-sanitizer && 'ON' || 'OFF' }}
 
       - name: Build
         run: cmake --build Build/macOS --target UnitTests --config RelWithDebInfo
 
       - name: Run Tests
         working-directory: Build/macOS/Tests/UnitTests/RelWithDebInfo
         run: ./UnitTests
+        env:
+          TSAN_OPTIONS: ${{ inputs.enable-thread-sanitizer && format('suppressions={0}/.github/tsan_suppressions.txt', github.workspace) || '' }}
+

.github/workflows/ci.yml

@@ -83,6 +83,14 @@ jobs:
       runs-on: macos-latest
       enable-sanitizers: true
 
+  macOS_Xcode164_ThreadSanitizer:
+    uses: ./.github/workflows/build-macos.yml
+    with:
+      xcode-version: '16.4'
+      runs-on: macos-latest
+      enable-thread-sanitizer: true
+
+
   # ── iOS ───────────────────────────────────────────────────────
   iOS_Xcode164:
     uses: ./.github/workflows/build-ios.yml
@@ -114,3 +122,10 @@ jobs:
       cc: clang
       cxx: clang++
       enable-sanitizers: true
+
+  Ubuntu_ThreadSanitizer_clang:
+    uses: ./.github/workflows/build-linux.yml
+    with:
+      cc: clang
+      cxx: clang++
+      enable-thread-sanitizer: true

CMakeLists.txt

@@ -15,7 +15,7 @@ FetchContent_Declare(AndroidExtensions
     EXCLUDE_FROM_ALL)
 FetchContent_Declare(arcana.cpp
     GIT_REPOSITORY https://github.com/microsoft/arcana.cpp.git
-    GIT_TAG b9bf9d85fce37d5fc9dbfc4a4dc5e1531bee215a
+    GIT_TAG 0b9f9b6d761909fbca9d3ab1f2d8ff1c3d25ed3d
     EXCLUDE_FROM_ALL)
 FetchContent_Declare(asio
     GIT_REPOSITORY https://github.com/chriskohlhoff/asio.git
@@ -37,7 +37,7 @@ FetchContent_Declare(llhttp
     EXCLUDE_FROM_ALL)
 FetchContent_Declare(UrlLib
     GIT_REPOSITORY https://github.com/BabylonJS/UrlLib.git
-    GIT_TAG 880c2575e57ca0b59068ecc4860f185b9970e0ce
+    GIT_TAG d251ad44015e1ee6cd071514cb863d8ffc220f16
     EXCLUDE_FROM_ALL)
 # --------------------------------------------------
 
@@ -85,6 +85,11 @@ option(JSRUNTIMEHOST_POLYFILL_TEXTDECODER "Include JsRuntimeHost Polyfill TextDe
 
 # Sanitizers
 option(ENABLE_SANITIZERS "Enable AddressSanitizer and UBSan" OFF)
+option(ENABLE_THREAD_SANITIZER "Enable ThreadSanitizer" OFF)
+
+if(ENABLE_SANITIZERS AND ENABLE_THREAD_SANITIZER)
+    message(FATAL_ERROR "ENABLE_SANITIZERS and ENABLE_THREAD_SANITIZER cannot be used together.")
+endif()
 
 if(ENABLE_SANITIZERS)
     set(ENABLE_RTTI ON CACHE BOOL "" FORCE)
@@ -111,6 +116,15 @@ if(ENABLE_SANITIZERS)
     endif()
 endif()
 
+if(ENABLE_THREAD_SANITIZER)
+    if(CMAKE_CXX_COMPILER_ID MATCHES "Clang|GNU")
+        add_compile_options(-fsanitize=thread -fno-omit-frame-pointer)
+        add_link_options(-fsanitize=thread)
+    else()
+        message(WARNING "ThreadSanitizer not supported on this compiler.")
+    endif()
+endif()
+
 # --------------------------------------------------
 
 if(JSRUNTIMEHOST_TESTS)