Page History

...

The use of cnd_broadcast() avoids these problems because it wakes up all the threads associated with the condition variable, and because all the threads must reevaluate the predicate condition, one thread will find its test to be true, avoiding deadlock.

Noncompliant Code Example (cnd_signal())

This noncompliant code example uses five threads that are intended to execute sequentially according to the step level assigned to each thread when it is created (serialized processing). The current_step variable holds the current step level and is incremented when the respective thread completes. Finally, another thread is signaled so that the next step can be executed. Each thread waits until its step level is ready, and the cnd_wait() function call is wrapped inside a while loop, in compliance with CON36-C. Wrap functions that can spuriously wake up in a loop.

...

This noncompliant code example violates the liveness property.

Compliant Solution (cnd_broadcast())

This compliant solution uses the cnd_broadcast() function to signal all waiting threads instead of a single random thread. Only the run_step() thread code from the noncompliant code example is modified, as follows:

...

Awakening all threads solves guarantees the liveness property because each thread will execute its condition predicate test, and exactly one will succeed and continue execution.

Compliant Solution (Using cnd_signal() but with a Unique Condition Variable per Thread)

Another compliant solution is to use a unique condition variable for each thread (all associated with a single mutex). In this case, the signal operation (cnd_signal()) wakes up only the thread that is waiting on it. This solution is more efficient than using cnd_broadcast() because only the desired thread is awakened.

...

#include <stdio.h>
#include <threads.h>

enum { NTHREADS = 5 };

mtx_t mutex;
cnd_t cond[NTHREADS];

int run_step(void *t) {
  static size_t current_step = 0;
  size_t my_step = (size_t)t;

  if (thrd_success != mtx_lock(&mutex)) {
    /* Handle error condition */
  }

  printf("Thread %d has the lock\n", my_step);

  while (current_step != my_step) {
    printf("Thread %d is sleeping...\n", my_step);

    if (thrd_success != cnd_wait(&cond[my_step], &mutex)) {
      /* Handle error condition */
    }

    printf("Thread %d woke up\n", my_step);
  }

  /* Do processing ... */
  printf("Thread %d is processing...\n", my_step);

  current_step++;

  /* Signal next step thread */
  if ((my_step + 1) < NTHREADS) {
    if (thrd_success != cnd_signal(&cond[my_step + 1])) {
      /* Handle error condition */
    }
  }

  printf("Thread %d is exiting...\n", my_step);

  if (thrd_success != mtx_unlock(&mutex)) {
    /* Handle error condition */
  }
  return 0;
}

int main(int argc, char *argv[]) {
  thrd_t threads[NTHREADS];
  size_t step[NTHREADS];

  if (thrd_success != mtx_init(&mutex, mtx_plain)) {
    /* Handle error condition */
  }

  for (size_t i = 0; i< NTHREADS; ++i) {
    if (thrd_success != cnd_init(&cond[i])) {
      /* Handle error condition */
    }
  }

  /* Create threads */
  for (size_t i = 0; i < NTHREADS; ++i) {
    step[i] = i;
    if (thrd_success != thrd_create(&threads[i], run_step,
                                    (void *)step[i])) {
      /* Handle error condition */
    }
  }

  /* Wait for all threads to complete */
  for (size_t i = NTHREADS; i != 0; --i) {
    if (thrd_success != thrd_join(threads[i-1], NULL)) {
      /* Handle error condition */
    }
  }

  mtx_destroy(&mutex);

  for (size_t i = 0; i < NTHREADS; ++i) {
    cnd_destroy(&cond[i]);
  }
  return 0;
}

Compliant Solution (Windows, Condition Variables)

This compliant solution uses  a CONDITION_VARIABLE object, available on Microsoft Windows (Vista and later).

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website. 

Related Guidelines

Bibliography

...