Both Mutex and CondVar signal PerThreadSem/Waiter after satisfying the wait condition,
as the result the waiting thread may return w/o waiting on the
PerThreadSem/Waiter at all. If the waiting thread then exits, it currently
destroys Waiter object. As the result Waiter::Post can be called on
already destroyed object.
PerThreadSem/Waiter must be type-stable after creation and must not be destroyed.
The futex-based implementation is the only one that is not affected by the bug
since there is effectively nothing to destroy (maybe only UBSan/ASan
could complain about calling methods on a destroyed object).
Here is the problematic sequence of events:
1: void Mutex::Block(PerThreadSynch *s) {
2: while (s->state.load(std::memory_order_acquire) == PerThreadSynch::kQueued) {
3: if (!DecrementSynchSem(this, s, s->waitp->timeout)) {
4: PerThreadSynch *Mutex::Wakeup(PerThreadSynch *w) {
5: ...
6: w->state.store(PerThreadSynch::kAvailable, std::memory_order_release);
7: IncrementSynchSem(this, w);
8: ...
9: }
Consider line 6 is executed, then line 2 observes kAvailable and
line 3 is not called. The thread executing Mutex::Block returns from
the method, acquires the mutex, releases the mutex, exits and destroys
PerThreadSem/Waiter.
Now Mutex::Wakeup resumes and executes line 7 on the destroyed object. Boom!
CondVar uses a similar pattern.
Moreover the semaphore-based Waiter implementation is not even destruction-safe
(the Waiter cannot be used to signal own destruction). So even if Mutex/CondVar
would always pair Waiter::Post with Waiter::Wait before destroying PerThreadSem/Waiter,
it would still be subject to use-after-free bug on the semaphore.
PiperOrigin-RevId: 449159939
Change-Id: I497134fa8b6ce1294a422827c5f0de0e897cea31
--
5bd06440e700fefd6eadd577d7d69c51f15c63e0 by Abseil Team <absl-team@google.com>:
Add if-guard to futex.h so that it doesn't fail to parse for unsupported platforms
PiperOrigin-RevId: 336880375
--
8b3d3bb4ad123fc9f648f0e397b2eddd88dc0c02 by Derek Mauro <dmauro@google.com>:
Fix race in AddressIsReadable file descriptors using stronger memory ordering
PiperOrigin-RevId: 336874423
--
1d8bf23747009cca29129b80c2793bc91443dd55 by Derek Mauro <dmauro@google.com>:
Avoid -Wundef warnings on ABSL_HAVE_THREAD_LOCAL
PiperOrigin-RevId: 336792406
--
562a480f029c600c1d3b1428da6a9b09e8952a74 by Derek Mauro <dmauro@google.com>:
Fix preprocessor condition for symbols __tsan_mutex_read_lock and
__tsan_mutex_try_lock
PiperOrigin-RevId: 336732571
GitOrigin-RevId: 5bd06440e700fefd6eadd577d7d69c51f15c63e0
Change-Id: Id9bb331baec74b9d80c7b228959a7739bc30e694
--
587e6db882749fa7faa12815e614afab04d218b9 by Derek Mauro <dmauro@google.com>:
Use attribute detection for other sanitizer related attributes
PiperOrigin-RevId: 324077073
--
3ee55e4935b4235516b1fcac3c55945e510f7afc by Evan Brown <ezb@google.com>:
Simplify CordRepExternal allocation/deallocation.
I think this can save some memory when `Releaser` is empty and when on platforms where alignof(CordRepExternal) < (default `::operator new` alignment).
We no longer need the API requirement that alignof(Releaser) <= (default `::operator new` alignment).
Also remove another static_assert from a TODO in cord_internal.h and fix some warnings about calling std::move on a forwarding reference.
PiperOrigin-RevId: 324053720
--
9fc78436565eb3b204d4aa425ee3773354392f45 by Derek Mauro <dmauro@google.com>:
Use auto-detected sanitizer attributes for ASAN, MSAN, and TSAN builds
PiperOrigin-RevId: 323831461
GitOrigin-RevId: 587e6db882749fa7faa12815e614afab04d218b9
Change-Id: Ie0e4a2846d7f66988a2d81a5e50721b62fdb3d6d
--
f012012ef78234a6a4585321b67d7b7c92ebc266 by Laramie Leavitt <lar@google.com>:
Slight restructuring of absl/random/internal randen implementation.
Convert round-keys.inc into randen_round_keys.cc file.
Consistently use a 128-bit pointer type for internal method parameters. This allows simpler pointer arithmetic in C++ & permits removal of some constants and casts.
Remove some redundancy in comments & constexpr variables. Specifically, all references to Randen algorithm parameters use RandenTraits; duplication in RandenSlow removed.
PiperOrigin-RevId: 312190313
--
dc8b42e054046741e9ed65335bfdface997c6063 by Abseil Team <absl-team@google.com>:
Internal change.
PiperOrigin-RevId: 312167304
--
f13d248fafaf206492c1362c3574031aea3abaf7 by Matthew Brown <matthewbr@google.com>:
Cleanup StrFormat extensions a little.
PiperOrigin-RevId: 312166336
--
9d9117589667afe2332bb7ad42bc967ca7c54502 by Derek Mauro <dmauro@google.com>:
Internal change
PiperOrigin-RevId: 312105213
--
9a12b9b3aa0e59b8ee6cf9408ed0029045543a9b by Abseil Team <absl-team@google.com>:
Complete IGNORE_TYPE macro renaming.
PiperOrigin-RevId: 311999699
--
64756f20d61021d999bd0d4c15e9ad3857382f57 by Gennadiy Rozental <rogeeff@google.com>:
Switch to fixed bytes specific default value.
This fixes the Abseil Flags for big endian platforms.
PiperOrigin-RevId: 311844448
--
bdbe6b5b29791dbc3816ada1828458b3010ff1e9 by Laramie Leavitt <lar@google.com>:
Change many distribution tests to use pcg_engine as a deterministic source of entropy.
It's reasonable to test that the BitGen itself has good entropy, however when testing the cross product of all random distributions x all the architecture variations x all submitted changes results in a large number of tests. In order to account for these failures while still using good entropy requires that our allowed sigma need to account for all of these independent tests.
Our current sigma values are too restrictive, and we see a lot of failures, so we have to either relax the sigma values or convert some of the statistical tests to use deterministic values.
This changelist does the latter.
PiperOrigin-RevId: 311840096
GitOrigin-RevId: f012012ef78234a6a4585321b67d7b7c92ebc266
Change-Id: Ic84886f38ff30d7d72c126e9b63c9a61eb729a1a
Abseil Team