This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC][BZ #16549] Add sanity check for condvar alignment.
- From: Torvald Riegel <triegel at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: "Joseph S. Myers" <joseph at codesourcery dot com>, OndÅej BÃlka <neleai at seznam dot cz>, libc-alpha at sourceware dot org
- Date: Fri, 11 Apr 2014 22:14:39 +0200
- Subject: Re: [RFC][BZ #16549] Add sanity check for condvar alignment.
- Authentication-results: sourceware.org; auth=none
- References: <20140211124346 dot GA31165 at domone dot podge> <52FA4AC2 dot 1070400 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1402112242300 dot 11759 at digraph dot polyomino dot org dot uk> <53391498 dot 3010607 at redhat dot com>
On Mon, 2014-03-31 at 09:09 +0200, Florian Weimer wrote:
> On 02/11/2014 11:44 PM, Joseph S. Myers wrote:
> > On Tue, 11 Feb 2014, Florian Weimer wrote:
> >
> >> I think the real issue here is our lack of error checking for the futex system
> >> call. strace on the test case shows this:
> >
> > I'm not sure what we would do with an error here. Cf
> > <https://sourceware.org/glibc/wiki/Style_and_Conventions#Invalid_pointers>
> > noting that a crash or assertion failure on an invalid NULL pointer is
> > better than returning an error value that would likely be ignored by the
> > buggy caller (although it's not obvious to me that diagnosing a misaligned
> > pointer through an assertion is worthwhile anyway).
>
> We'd probably have to abort anyway in contexts where an unexpected error
> occurs. But I find it rather questionable that we completely discard
> the system call results in most cases.
>
> Here, the glibc behavior happens to be correctâsilently not locking is
> allowed if the pointer is invalid. But I don't think we know for sure
> that all unexpected futex errors are due to precondition violations by
> user code.
I think that even this isn't documented in the code, that this is the
intention in the current implementation. And AFAIA, this is a correct
assumption currently.