linuxthreads/spinlock.c bug
Wolfram Gloger
wmglo@dent.med.uni-muenchen.de
Fri Oct 19 03:36:00 GMT 2001
>E.g. suppose
>you evaluate the head pointer while the list looks like this:
>
> X -> Y -> Z -> 0
>
>Meanwhile some other threads comes along and do:
>
>(pop X)
>
> Y -> Z -> 0
>
>(pop Y)
>
> Z -> 0
>(push X)
>
> X -> Z -> 0
>
> So now the original thread's compare_and_swap can still succeed, due
> to the match on the X, even though the list is different now.
Hmm, to me it looks like you are right. You mean that wait_node_alloc
could erroneously put Y 'back' on the free list, even though it has
been removed/used by another thread. Bad.
> I propose to scrap the ``optimization'' in wait_node_alloc/free and just
> use malloc/free directly.
Couldn't we just use the code conditional on !HAS_COMPARE_AND_SWAP
with the spinlock? Isn't there the assumption elsewhere that
wait_node's are never actually free()d?
Regards,
Wolfram.
More information about the Libc-alpha
mailing list