[ Reported to the Debian BTS as report #140201. Please CC 140201@bugs.debian.org on replies. Log of report can be found at http://bugs.debian.org/140201 ] [implementation is the same as on the 3.2 branch] The function basic_string::_M_leak_hard() in basic_string.tcc is not thread-safe. The reference count is read with _M_is_shared() and then written with _M_set_leaked(), non-atomically. (This is only a bug if the string class is supposed to be thread-safe. I haven't found an explicit statement that it is, but most of the string operations are written to be thread-safe.) Release: 3.2.1 (Debian) (Debian unstable) Environment: System: Debian GNU/Linux (unstable) Architecture: i686 host: i386-linux Configured with: ../src/configure -v --enable-languages=c,c++,java,f77,proto,pascal,objc,ada --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-gxx-include-dir=/usr/include/c++/3.2 --enable-shared --with-system-zlib --enable-nls --without-included-gettext --enable-__cxa_atexit --enable-clocale=gnu --enable-java-gc=boehm --enable-objc-gc i386-linux Thread model: posix gcc version 3.2.2 20021212 (Debian prerelease)
State-Changed-From-To: open->analyzed State-Changed-Why: Can example code that demonstrates this problem be provided please? I'd like to add it to the thread testcase if possible. As a general rule, MT bugs always need a test case before a patch can be developed and a fix can be applied. thanks, benjamin
From: cwitty@newtonlabs.com (Carl R. Witty) To: bkoz@gcc.gnu.org Cc: 140201@bugs.debian.org, gcc-bugs@gcc.gnu.org, gcc-prs@gcc.gnu.org, cwitty@newtonlabs.com, gcc-gnats@gcc.gnu.org Subject: Re: libstdc++/9069: race condition in libstdc++3 (basic_string.tcc) Date: 12 Feb 2003 18:10:10 -0800 bkoz@gcc.gnu.org writes: > Synopsis: race condition in libstdc++3 (basic_string.tcc) > > State-Changed-From-To: open->analyzed > State-Changed-By: bkoz > State-Changed-When: Mon Jan 6 12:49:46 2003 > State-Changed-Why: > Can example code that demonstrates this problem be provided please? I'd like to add it to the thread testcase if possible. > > As a general rule, MT bugs always need a test case before a patch can be developed and a fix can be applied. > > thanks, > benjamin > > http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=9069 I never had a test case for this; I saw the problem by examining the source code. Carl Witty
From: Benjamin Kosnik <bkoz@redhat.com> To: cwitty@newtonlabs.com (Carl R. Witty) Cc: gcc-bugs@gcc.gnu.org, gcc-prs@gcc.gnu.org, cwitty@newtonlabs.com, gcc-gnats@gcc.gnu.org Subject: Re: libstdc++/9069: race condition in libstdc++3 (basic_string.tcc) Date: Wed, 12 Feb 2003 23:13:52 -0600 On 12 Feb 2003 18:10:10 -0800 cwitty@newtonlabs.com (Carl R. Witty) wrote: >I never had a test case for this; I saw the problem by examining the >source code. Unless you can prove a bug, I'll close this. -benjamin
From: "Christian Ehrhardt" <ehrhardt@mathematik.uni-ulm.de> To: Benjamin Kosnik <bkoz@redhat.com> Cc: "Carl R. Witty" <cwitty@newtonlabs.com>, gcc-bugs@gcc.gnu.org, gcc-prs@gcc.gnu.org, gcc-gnats@gcc.gnu.org Subject: Re: libstdc++/9069: race condition in libstdc++3 (basic_string.tcc) Date: Thu, 13 Feb 2003 10:35:13 +0100 On Wed, Feb 12, 2003 at 11:13:52PM -0600, Benjamin Kosnik wrote: > >I never had a test case for this; I saw the problem by examining the > >source code. > Unless you can prove a bug, I'll close this. Errm, we're talking about race conditions here, this is generally not something that can be proven (let alone disproven) with a testcase. regards Christian -- THAT'S ALL FOLKS!
This is a dup of bug 10350 which has more anylsis of the problem. *** This bug has been marked as a duplicate of 10350 ***