CON38-C. Signal (broadcast) all waiting threads instead of a single thread

When a given thread waits (pthread_cond_wait() or pthread_cond_timedwait()) on a condition variable, it can be awakened as result of a signal operation (pthread_cond_signal()). However, if multiple threads are waiting on the same condition variable, any of those threads can be picked up by the scheduler to be woken up (assuming that all threads have the same priority level and also that they have only one mutex associated with the condition variable CON37-C. Do not use more than one mutex for concurrent waiting operations on a condition variable).

This forces the user to create a predicate-testing-loop around the wait to guarantee that each thread only executes if its predicate test is true (recommendation on IEEE Std 1003.1 since 2001 release). As a consequence, if a given thread finds the predicate test to be false, it waits again, eventually resulting in a deadlock situation.

Therefore, the use of pthread_cond_signal() is safe only if the following conditions are met:

The condition variable is the same for each waiting thread;
All threads must perform the same set of operations after waking up. This means that any thread can be selected to wake up and resume for a single invocation of pthread_cond_signal();
Only one thread is required to wake upon receiving the signal.

The use of pthread_cond_signal() can also be safe in the following situation:

Each thread uses a unique condition variable;
Each condition variable is associated with the same mutex (lock).

The use of pthread_cond_broadcast() solves the problem since it wakes up all the threads associated with the respective condition variable, and since all (must) re-evaluate the predicate condition, one should find its test to be true, avoiding the deadlock situation.

Noncompliant Code Example (`pthread_cond_signal()`)

#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>

#define NTHREADS  10

pthread_mutex_t mutex;
pthread_cond_t cond;


void *run_step(void *t) {
  static int time = 0;
  int step = (int)t;
  int result;

  if ((result = pthread_mutex_lock(&mutex)) != 0) {
    /* Handle error condition */
  }

  printf("Thread %d has the lock\n", step);

  while (time != step) {
    printf("Thread %d is sleeping...\n", step);

    if ((result = pthread_cond_wait(&cond, &mutex)) != 0) {
      /* Handle error condition */
    }

    printf("Thread %d woke up\n", step);
  }

  /* Do processing... */
  printf("Thread %d is processing...\n", step);

  time++;

  /* Signal waiting tasks */
  if ((result = pthread_cond_signal(&cond)) != 0) {
    /* Handle error condition */
  }

  printf("Thread %d is exiting...\n", step);

  if ((result = pthread_mutex_unlock(&mutex)) != 0) {
    /* Handle error condition */
  }

  pthread_exit(NULL);
}


int main(int argc, char** argv) {
  int i;
  int result;
  pthread_attr_t attr;
  pthread_t threads[NTHREADS];
  int step[NTHREADS];

  if ((result = pthread_mutex_init(&mutex, NULL)) != 0) {
    /* Handle error condition */
  }
  if ((result = pthread_cond_init(&cond, NULL)) != 0) {
    /* Handle error condition */
  }
  if ((result = pthread_attr_init(&attr)) != 0) {
    /* Handle error condition */
  }
  if ((result = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE)) != 0) {
    /* Handle error condition */
  }

  /* Create threads */
  for (i=0; i<NTHREADS; i++) {
    step[i] = i;
    if ((result = pthread_create(&threads[i], &attr, run_step, (void *)step[i])) != 0) {
      /* Handle error condition */
    }
  }

  /* Wait for all threads to complete */
  for (i = NTHREADS-1; i >= 0; i--) {
    if ((result = pthread_join(threads[i], NULL)) != 0) {
      /* Handle error condition */
    }
  }

  if ((result = pthread_mutex_destroy(&mutex)) != 0) {
    /* Handle error condition */
  }
  if ((result = pthread_cond_destroy(&cond)) != 0) {
    /* Handle error condition */
  }
  if ((result = pthread_attr_destroy(&attr)) != 0) {
    /* Handle error condition */
  }

  pthread_exit(NULL);
}

Compliant Solution (`pthread_cond_broadcast()`)

This compliant solution uses the pthread_cond_broadcast() method to signal all waiting threads. Before await() returns, the current thread reacquires the lock associated with this condition. When the thread returns, it is guaranteed to hold this lock [API 2006] The thread that is ready can perform its task, while all the threads whose condition predicates are false resume waiting.

Only the run() method from the noncompliant code example is modified, as follows:

Compliant Solution (`pthread_cond_signal()` but with one condition variable per thread)

Risk Assessment

Signal a single thread instead of all waiting threads can pose a threat to the liveness property of the system.

Guideline	Severity	Likelihood	Remediation Cost	Priority	Level
CON38-C	low	unlikely	medium	P2	L3

Space shortcuts

Page tree

Noncompliant Code Example (`pthread_cond_signal()`)

Compliant Solution (`pthread_cond_broadcast()`)

Compliant Solution (`pthread_cond_signal()` but with one condition variable per thread)

Risk Assessment

References

Space shortcuts

Page tree

CON38-C. Signal (broadcast) all waiting threads instead of a single thread

Noncompliant Code Example (pthread_cond_signal())

Compliant Solution (pthread_cond_broadcast())

Compliant Solution (pthread_cond_signal() but with one condition variable per thread)

Risk Assessment

References

Noncompliant Code Example (`pthread_cond_signal()`)

Compliant Solution (`pthread_cond_broadcast()`)

Compliant Solution (`pthread_cond_signal()` but with one condition variable per thread)