After the fix of PR 91910 I tried to consider other possible race
condition and I think we still have a problem.
Like stated in the PR when a container is destroyed all associated
iterators are made singular. If at the same time another thread try to
access this iterator the _M_singular check will face a data race when
accessing _M_sequence member. In case of race condition the program is
likely to abort but maybe because of memory access violation rather than
a clear singular iterator assertion.
To avoid this I rework _M_sequence manipulation to use atomic read when
necessary and make sure that otherwise container mutex is locked.
* src/c++/debug.cc
(_Safe_sequence_base::_M_attach_single): Set attached iterator
sequence pointer and version.
(_Safe_sequence_base::_M_detach_single): Reset detached
iterator.
(_Safe_iterator_base::_M_attach): Remove attached iterator
sequence
pointer and version assignments.
(_Safe_iterator_base::_M_attach_single): Likewise.
(_Safe_iterator_base::_M_detach_single): Remove detached
iterator
reset.
(_Safe_iterator_base::_M_singular): Use atomic load to
access parent
sequence.
(_Safe_iterator_base::_M_can_compare): Likewise.
(_Safe_iterator_base::_M_get_mutex): Likewise.
(_Safe_local_iterator_base::_M_attach): Remove attached
iterator container
pointer and version assignments.
(_Safe_local_iterator_base::_M_attach_single): Likewise.
(_Safe_unordered_container_base::_M_attach_local_single):
Set attached iterator container pointer and version.
(_Safe_unordered_container_base::_M_detach_local_single): Reset detached
iterator.
Running tests in Debug mode.
Ok to commit if successful ?
François
diff --git a/libstdc++-v3/src/c++11/debug.cc b/libstdc++-v3/src/c++11/debug.cc
index 18da9da9c52..711ba558eb2 100644
--- a/libstdc++-v3/src/c++11/debug.cc
+++ b/libstdc++-v3/src/c++11/debug.cc
@@ -318,6 +318,8 @@ namespace __gnu_debug
_Safe_sequence_base::
_M_attach_single(_Safe_iterator_base* __it, bool __constant) throw ()
{
+ __it->_M_sequence = this;
+ __it->_M_version = _M_version;
_Safe_iterator_base*& __its =
__constant ? _M_const_iterators : _M_iterators;
__it->_M_next = __its;
@@ -341,6 +343,7 @@ namespace __gnu_debug
{
// Remove __it from this sequence's list
__it->_M_unlink();
+ __it->_M_reset();
if (_M_const_iterators == __it)
_M_const_iterators = __it->_M_next;
if (_M_iterators == __it)
@@ -355,11 +358,7 @@ namespace __gnu_debug
// Attach to the new sequence (if there is one)
if (__seq)
- {
- _M_sequence = __seq;
- _M_version = _M_sequence->_M_version;
- _M_sequence->_M_attach(this, __constant);
- }
+ __seq->_M_attach(this, __constant);
}
void
@@ -370,11 +369,7 @@ namespace __gnu_debug
// Attach to the new sequence (if there is one)
if (__seq)
- {
- _M_sequence = __seq;
- _M_version = _M_sequence->_M_version;
- _M_sequence->_M_attach_single(this, __constant);
- }
+ __seq->_M_attach_single(this, __constant);
}
void
@@ -400,10 +395,7 @@ namespace __gnu_debug
_M_detach_single() throw ()
{
if (_M_sequence)
- {
- _M_sequence->_M_detach_single(this);
- _M_reset();
- }
+ _M_sequence->_M_detach_single(this);
}
void
@@ -419,20 +411,32 @@ namespace __gnu_debug
bool
_Safe_iterator_base::
_M_singular() const throw ()
- { return !_M_sequence || _M_version != _M_sequence->_M_version; }
+ {
+ auto seq = __atomic_load_n(&_M_sequence, __ATOMIC_ACQUIRE);
+ return !seq || _M_version != seq->_M_version;
+ }
bool
_Safe_iterator_base::
_M_can_compare(const _Safe_iterator_base& __x) const throw ()
{
- return (!_M_singular()
- && !__x._M_singular() && _M_sequence == __x._M_sequence);
+ auto seq = __atomic_load_n(&_M_sequence, __ATOMIC_ACQUIRE);
+ if (seq && _M_version == seq->_M_version)
+ {
+ auto xseq = __atomic_load_n(&__x._M_sequence, __ATOMIC_ACQUIRE);
+ return xseq && __x._M_version == xseq->_M_version && seq == xseq;
+ }
+
+ return false;
}
__gnu_cxx::__mutex&
_Safe_iterator_base::
_M_get_mutex() throw ()
- { return _M_sequence->_M_get_mutex(); }
+ {
+ auto seq = __atomic_load_n(&_M_sequence, __ATOMIC_ACQUIRE);
+ return get_safe_base_mutex(seq);
+ }
_Safe_unordered_container_base*
_Safe_local_iterator_base::
@@ -447,11 +451,8 @@ namespace __gnu_debug
// Attach to the new container (if there is one)
if (__cont)
- {
- _M_sequence = __cont;
- _M_version = _M_sequence->_M_version;
- _M_get_container()->_M_attach_local(this, __constant);
- }
+ static_cast<_Safe_unordered_container_base*>(__cont)
+ ->_M_attach_local(this, __constant);
}
void
@@ -462,11 +463,8 @@ namespace __gnu_debug
// Attach to the new container (if there is one)
if (__cont)
- {
- _M_sequence = __cont;
- _M_version = _M_sequence->_M_version;
- _M_get_container()->_M_attach_local_single(this, __constant);
- }
+ static_cast<_Safe_unordered_container_base*>(__cont)
+ ->_M_attach_local_single(this, __constant);
}
void
@@ -526,6 +524,8 @@ namespace __gnu_debug
_Safe_unordered_container_base::
_M_attach_local_single(_Safe_iterator_base* __it, bool __constant) throw ()
{
+ __it->_M_sequence = this;
+ __it->_M_version = _M_version;
_Safe_iterator_base*& __its =
__constant ? _M_const_local_iterators : _M_local_iterators;
__it->_M_next = __its;
@@ -549,6 +549,7 @@ namespace __gnu_debug
{
// Remove __it from this container's list
__it->_M_unlink();
+ __it->_M_reset();
if (_M_const_local_iterators == __it)
_M_const_local_iterators = __it->_M_next;
if (_M_local_iterators == __it)
