...
The following noncompliant code example consists on a given number of threads (5) that should execute one after another according to the step level that is assigned to them when created (serialized processing). The time current_step variable holds the current step level and is incremented as soon as the respective thread finishes its processing. Finally, another thread is signaled so that the next step can be executed.
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#define NTHREADS 5
pthread_mutex_t mutex;
pthread_cond_t cond;
int main(int argc, char** argv) {
int i;
int result;
pthread_attr_t attr;
pthread_t threads[NTHREADS];
int step[NTHREADS];
if ((result = pthread_mutex_init(&mutex, NULL)) != 0) {
/* Handle error condition */
}
if ((result = pthread_cond_init(&cond, NULL)) != 0) {
/* Handle error condition */
}
if ((result = pthread_attr_init(&attr)) != 0) {
/* Handle error condition */
}
if ((result = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE)) != 0) {
/* Handle error condition */
}
/* Create threads */
for (i = 0; i < NTHREADS; i++) {
step[i] = i;
if ((result = pthread_create(&threads[i], &attr, run_step, (void *)step[i])) != 0) {
/* Handle error condition */
}
}
/* Wait for all threads to complete */
for (i = NTHREADS-1; i >= 0; i--) {
if ((result = pthread_join(threads[i], NULL)) != 0) {
/* Handle error condition */
}
}
if ((result = pthread_mutex_destroy(&mutex)) != 0) {
/* Handle error condition */
}
if ((result = pthread_cond_destroy(&cond)) != 0) {
/* Handle error condition */
}
if ((result = pthread_attr_destroy(&attr)) != 0) {
/* Handle error condition */
}
pthread_exit(NULL);
}
void *run_step(void *t) {
static int timecurrent_step = 0;
int my_step = (int)t;
int result;
if ((result = pthread_mutex_lock(&mutex)) != 0) {
/* Handle error condition */
}
printf("Thread %d has the lock\n", my_step);
while (timecurrent_step != my_step) {
printf("Thread %d is sleeping...\n", my_step);
if ((result = pthread_cond_wait(&cond, &mutex)) != 0) {
/* Handle error condition */
}
printf("Thread %d woke up\n", my_step);
}
/* Do processing... */
printf("Thread %d is processing...\n", my_step);
timecurrent_step++;
/* Signal a waiting task */
if ((result = pthread_cond_signal(&cond)) != 0) {
/* Handle error condition */
}
printf("Thread %d is exiting...\n", my_step);
if ((result = pthread_mutex_unlock(&mutex)) != 0) {
/* Handle error condition */
}
pthread_exit(NULL);
}
|
In the above code, each thread has its own predicate because each requires time current_step to have a different value before proceeding. Having into consideration that upon the signal operation (pthread_cond_signal()) any of the waiting threads can wake up and that if by chance it is not the one with the next step value, that one will wait again pthread_cond_wait(), thus resulting in a deadlock situation because no more signal operations will occur. Therefore, this noncompliant code example violates the liveness property.
Let's consider the following example:
Time | Thread # | current_step | Action |
|---|---|---|---|
0 | 3 | 0 | Thread 3 executes 1st time: predicate is FALSE -> wait() |
1 | 2 | 0 | Thread 2 executes 1st time: predicate is FALSE -> wait() |
2 | 4 | 0 | Thread 4 executes 1st time: predicate is FALSE -> wait() |
3 | 0 | 0 | Thread 0 executes 1st time: predicate is TRUE -> current_step++; signal() |
4 | 1 | 1 | Thread 1 executes 1st time: predicate is TRUE -> current_step++; signal() |
5 | 3 | 2 | Thread 3 wakes up (scheduler choice): predicate is FALSE -> wait() |
6 | - | - | Deadlock situation! No more threads to run and a signal is needed to wake up the others. |
Therefore, this noncompliant code example violates the liveness property.
Compliant Solution (using pthread_condCompliant Solution (using pthread_cond_broadcast())
This compliant solution uses the pthread_cond_broadcast() method to signal all waiting threads instead of a single "random" one.
Only the run_step() thread code from the noncompliant code example is modified, as follows:
| Code Block | ||
|---|---|---|
| ||
void *run_step(void *t) {
static int timecurrent_step = 0;
int my_step = (int)t;
int result;
if ((result = pthread_mutex_lock(&mutex)) != 0) {
/* Handle error condition */
}
printf("Thread %d has the lock\n", my_step);
while (timecurrent_step != my_step) {
printf("Thread %d is sleeping...\n", my_step);
if ((result = pthread_cond_wait(&cond, &mutex)) != 0) {
/* Handle error condition */
}
printf("Thread %d woke up\n", my_step);
}
/* Do processing... */
printf("Thread %d is processing...\n", my_step);
timecurrent_step++;
/* Signal ALL waiting tasks */
if ((result = pthread_cond_broadcast(&cond)) != 0) {
/* Handle error condition */
}
printf("Thread %d is exiting...\n", my_step);
if ((result = pthread_mutex_unlock(&mutex)) != 0) {
/* Handle error condition */
}
pthread_exit(NULL);
}
|
...
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#define NTHREADS 5
pthread_mutex_t mutex;
pthread_cond_t cond[NTHREADS];
int main(int argc, char** argv) {
int i;
int result;
pthread_attr_t attr;
pthread_t threads[NTHREADS];
int step[NTHREADS];
if ((result = pthread_mutex_init(&mutex, NULL)) != 0) {
/* Handle error condition */
}
for (i = 0; i< NTHREADS; i++) {
if ((result = pthread_cond_init(&cond[i], NULL)) != 0) {
/* Handle error condition */
}
}
if ((result = pthread_attr_init(&attr)) != 0) {
/* Handle error condition */
}
if ((result = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE)) != 0) {
/* Handle error condition */
}
/* Create threads */
for (i = 0; i < NTHREADS; i++) {
step[i] = i;
if ((result = pthread_create(&threads[i], &attr, run_step, (void *)step[i])) != 0) {
/* Handle error condition */
}
}
/* Wait for all threads to complete */
for (i = NTHREADS-1; i >= 0; i--) {
if ((result = pthread_join(threads[i], NULL)) != 0) {
/* Handle error condition */
}
}
if ((result = pthread_mutex_destroy(&mutex)) != 0) {
/* Handle error condition */
}
for (i = 0; i < NTHREADS; i++) {
if ((result = pthread_cond_destroy(&cond[i])) != 0) {
/* Handle error condition */
}
}
if ((result = pthread_attr_destroy(&attr)) != 0) {
/* Handle error condition */
}
pthread_exit(NULL);
}
void *run_step(void *t) {
static int timecurrent_step = 0;
int my_step = (int)t;
int result;
if ((result = pthread_mutex_lock(&mutex)) != 0) {
/* Handle error condition */
}
printf("Thread %d has the lock\n", my_step);
while (timecurrent_step != my_step) {
printf("Thread %d is sleeping...\n", my_step);
if ((result = pthread_cond_wait(&cond[my_step], &mutex)) != 0) {
/* Handle error condition */
}
printf("Thread %d woke up\n", my_step);
}
/* Do processing... */
printf("Thread %d is processing...\n", my_step);
timecurrent_step++;
/* Signal next step thread */
if ((my_step + 1) < NTHREADS) {
if ((result = pthread_cond_signal(&cond[my_step+1])) != 0) {
/* Handle error condition */
}
}
printf("Thread %d is exiting...\n", my_step);
if ((result = pthread_mutex_unlock(&mutex)) != 0) {
/* Handle error condition */
}
pthread_exit(NULL);
}
|
...
This rule is a translation from the Java rule THI04-J. Notify all waiting threads instead of a single thread.
Related Vulnerabilities
CON37-C. Do not use more than one mutex for concurrent waiting operations on a condition variable
Bibliography
| Wiki Markup |
|---|
\[[Open Group|AA. Bibliography#OpenGroup04]\] [pthread_cond_signal() pthread_cond_broadcast()|http://www.opengroup.org/onlinepubs/7990989775/xsh/pthread_cond_signal.html]\\ |
...