SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 64

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 65

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: thrd_success !=

...

Code Block
bgColor#ffcccc
langc
#include <stdlib.h>
#include <threads.h>
 
typedef struct {
  int balance;
  mtx_t balance_mutex;
} bank_account;

typedef struct {
  bank_account *from;
  bank_account *to;
  int amount;
} deposit_thr_args;

void create_bank_account(bank_account **ba,
                         int initial_amount) {
  int result;
  bank_account *nba = (bank_account *)
                        malloc(sizeof(bank_account));
  if (nba == NULL) {
    /* Handle Error */
  }

  nba->balance = initial_amount;
  if result(thrd_success != mtx_init(&nba->balance_mutex, mtx_plain);
  if (result == thrd_error) {
    /* Handle error */
  }

  *ba = nba;
}

int deposit(void *ptr) {
  int result;
  deposit_thr_args *args = (deposit_thr_args *)ptr;

  if ((resultthrd_success != mtx_lock(&(args->from->balance_mutex)))
        != thrd_success) {
    /* Handle error */
  }

  /* not enough balance to transfer */
  if (args->from->balance < args->amount) {
    if ((resultthrd_suceess != mtx_unlock(&(args->from->balance_mutex)))
          != thrd_success) {
      /* Handle error  */
    }
    return -1;  /* Indicate error */
  }

  if ((resultthrd_success != mtx_lock(&(args->to->balance_mutex)))
        != thrd_success) {
    /* Handle error */
  }

  args->from->balance -= args->amount;
  args->to->balance += args->amount;

  if ((resultthrd_success != mtx_unlock(&(args->from->balance_mutex)))
        != thrd_success) {
    /* Handle error */
  }
  if ((resultthrd_success != mtx_unlock(&(args->to->balance_mutex)))
        != thrd_success) {
    /* Handle error */
  }

  free(ptr);
  
  return 0;
}

int main(void) {
  pthreadthrd_t thr1, thr2;
  int result;
  deposit_thr_args *arg1;
  deposit_thr_args *arg2;
  bank_account *ba1;
  bank_account *ba2;

  create_bank_account(&ba1, 1000);
  create_bank_account(&ba2, 1000);

  arg1 = (deposit_thr_args *)malloc(sizeof(deposit_thr_args));
  if (arg1 == NULL) {
    /* Handle error */
  }
  arg2 = (deposit_thr_args *)malloc(sizeof(deposit_thr_args));
  if (arg2 == NULL) {
    /* Handle error */
  }

  arg1->from = ba1;
  arg1->to = ba2;
  arg1->amount = 100;

  arg2->from = ba2;
  arg2->to = ba1;
  arg2->amount = 100;

  /* Perform the deposits. */
  if ((resultthrd_success != thrd_create(&thr1, deposit, (void *)arg1))
        != thrd_success) {
    /* Handle error */
  }
  if ((resultthrd_success != thrd_create(&thr2, deposit, (void *)arg2))
        != thrd_success) {
    /* Handle error */
  }

  return 0;
}

Compliant Solution

...

Code Block
bgColor#ccccff
langc
#include <stdlib.h>
#include <threads.h>
 
typedef struct {
  int balance;
  mtx_t balance_mutex;
 
  /* Should never be changed after initialized. */ 
  unsigned int id;
} bank_account;

unsigned int global_id = 1;

void create_bank_account(bank_account **ba,
                         int initial_amount) {
  int result;
  bank_account *nba = (bank_account *)
                        malloc(sizeof(bank_account));
  if (nba == NULL) {
    /* Handle error */
  }

  nba->balance = initial_amount;
  result if (thrd_success != mtx_init(&nba->balance_mutex, mtx_plain);
  if (result != thrd_success) {
    /* Handle error */
  }

  nba->id = global_id++;
  *ba = nba;
}

int deposit(void *ptr) {
  deposit_thr_args *args = (deposit_thr_args *)ptr;
  int result, ret_val = -1;
  mtx_t *first;
  mtx_t *second;

  if (args->from->id == args->to->id)
    return -1;  /* Indicate error */

  /* Ensure proper ordering for locking */
  if (args->from->id < args->to->id) {
    first = &args->from->balance_mutex;
    second = &args->to->balance_mutex;
  } else {
    first = &args->to->balance_mutex;
    second = &args->from->balance_mutex;
  }
  if ((resultthrd_success != mtx_lock(first)) != thrd_success) {
    /* Handle error */
  }
  if ((resultthrd_success != mtx_lock(second)) != thrd_success) {
    /* Handle error */
  }

  /* Not enough balance to transfer. */
  if (args->from->balance >= args->amount) {

    args->from->balance -= args->amount;
    args->to->balance += args->amount;
    ret_valresult = 0;
  }

  if ((resultthrd_success != mtx_unlock(second)) != thrd_success) {
    /* Handle error */
  }
  if ((resultthrd_success != mtx_unlock(first)) != thrd_success) {
    /* Handle error */
  }

  free(ptr);

  return ret_valresult;
}

Risk Assessment

Deadlock prevents multiple threads from progressing, thus halting the executing program. A denial-of-service attack is possible because the attacker can force deadlock situations. Deadlock is likely to occur in multithreaded programs that manage multiple shared resources.

...