[musl] Maybe A Bug about timer_create and pthread_barrier

mailing list of musl libc
 help / color / mirror / code / Atom feed

* [musl] Maybe A Bug about timer_create and pthread_barrier_wait
@ 2024-07-08 13:23 AK47
  0 siblings, 0 replies; only message in thread
From: AK47 @ 2024-07-08 13:23 UTC (permalink / raw)
  To: musl

[-- Attachment #1: Type: text/plain, Size: 2575 bytes --]

Hello:

&nbsp; &nbsp; I had a low-probability crash in the child thread when using the timer_create interface. After debug, I found that the crash occured when the sub-thread accessed in code "if (b-&gt;_b_waiters)" which&nbsp;&nbsp;is a&nbsp;stack variable created in the main thread and passed to child thread by args. It looks like the main thread's timer_create has finished executing at this point, so the variables (start_args) on the stack have been cleaned up. I take a look at the&nbsp;pthread_barrier_wait code and I think it should be a scheduling problem in pthread_barrier_wait.&nbsp;

&nbsp; &nbsp;Take the timer_create as an example, when the child thread is the first thread for "pthread_barrier_wait" and it is suspened after it executes the code "a_store(&amp;b-&gt;_b_lock, 0)", then the main thread in timer_create will arrive as the last thread, it will nerver wait for the child thread to be rescheduled, the main thread can pass the&nbsp;barrier and continue execution, the args created in timer_create will be cleaned up. when the child thread is finally&nbsp;rescheduled, it access the "b-&gt;_b_waiters" which has already been cleaned up by main thread and the crash will occur.&nbsp;

&nbsp; &nbsp;Is there a bug here? Looking forward to your reply.
      /* First thread to enter the barrier becomes the "instance owner" */
      if (!inst) {
            struct instance new_inst = { 0 };
            int spins = 200;
            b-&gt;_b_inst = inst = &amp;new_inst;
            a_store(&amp;b-&gt;_b_lock, 0);
            if (b-&gt;_b_waiters) __wake(&amp;b-&gt;_b_lock, 1, 1);&nbsp; // crash here b-&gt;_b_waiters
            while (spins-- &amp;&amp; !inst-&gt;finished)

      /* First thread to enter the barrier becomes the "instance owner" */
      if (!inst) {
            struct instance new_inst = { 0 };
            int spins = 200;
            b-&gt;_b_inst = inst = &amp;new_inst;
            a_store(&amp;b-&gt;_b_lock, 0);
            // when the child thread is the first thread and is scheduled out here

            if (b-&gt;_b_waiters) __wake(&amp;b-&gt;_b_lock, 1, 1);
            while (spins-- &amp;&amp; !inst-&gt;finished)

Li

[-- Attachment #2: Type: text/html, Size: 5524 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-07-08 13:23 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-07-08 13:23 [musl] Maybe A Bug about timer_create and pthread_barrier_wait AK47

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).