From: Martin Sebor <msebor@redhat.com>
To: Szabolcs Nagy <szabolcs.nagy@arm.com>,
GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [PATCH] pthread_once hangs when init routine throws an exception [BZ #18435]
Date: Mon, 01 Jun 2015 19:47:00 -0000 [thread overview]
Message-ID: <556CA772.2060207@redhat.com> (raw)
In-Reply-To: <556C31DE.4020803@arm.com>
> i think this should be fixed in libstdc++ even if glibc guarantees
> that exceptions work from the pthread_once init function.
I'm not sure this is fixable in libstdc++ without giving up
interoperability with the rest of glibc (handling forks)
or without relying on glibc's implementation details, and
without breaking compatibility.
But this patch is a useful improvement to glibc irrespective
of libstdc++ since its pthread_once is already exception safe
on x86. Making it exception-safe on other targets allows more
mixed-language code to be portable.
Beyond portability, avoiding a deadlock also renders moot any
security concerns about using the API as a vector for denial
of service attacks.
>
> posix cannot give c++ exception safety guarantees.
> (even if the rationale has vague statements along those lines).
You're right that POSIX cannot really speak about exception
safety. But POSIX shouldn't (and doesn't) prevent programs
written in languages with exceptions from making use of
its APIs. pthread_once also isn't the only POSIX API that
interacts with exceptions. Atexit, bsearch, lsearch and
qsort are examples of others. In glibc, as far as I can
tell, they all work correctly in the presence of exceptions.
Looking ahead, as glibc implements C11 threads and as C++
adopts C11, making C11 call_once deal with exceptions
the same way C++ 11 std::call_once does will likely become
a (C++) requirement.
> so maybe libstdc++ should consider implementing locks and call_once
> with the correct semantics independent of libc (and then maybe it
> can get rid of the horrible gthr-posix.h weak reference hacks too).
I suspect implementing std::call_once independently of
glibc isn't possible without breaking compatibility (but
I'd have to study the spec and libstdc++ code to say for
certain).
Beyond call_once, C++ 11 encourages implementations to
provide a member function called native_handle() that
returns a reference to the underlying native object.
libstdc++ mutex (and other classes) expose this member
function to provide interoperability with pthreads. As
a result, reimplementing libstdc++ independently of libc
is impossible without losing such interoperability and
without breaking compatibility with existing code.
Martin
next prev parent reply other threads:[~2015-06-01 18:41 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <556B7F10.40209@redhat.com>
2015-06-01 8:39 ` Florian Weimer
2015-06-01 16:27 ` Martin Sebor
2015-06-02 9:53 ` Mike Frysinger
2015-06-04 21:12 ` Martin Sebor
2015-06-03 11:36 ` Torvald Riegel
2015-06-01 10:20 ` Szabolcs Nagy
2015-06-01 19:47 ` Martin Sebor [this message]
2015-06-03 11:07 ` Torvald Riegel
2015-06-03 11:11 ` Jonathan Wakely
2015-06-03 20:14 ` Rich Felker
2015-06-03 20:24 ` Martin Sebor
2015-06-03 23:49 ` Rich Felker
2015-06-04 1:47 ` Martin Sebor
2015-06-04 5:38 ` Rich Felker
2015-06-04 7:29 ` Martin Sebor
2015-06-08 11:41 ` Jonathan Wakely
2015-06-08 14:38 ` Szabolcs Nagy
2015-06-04 8:20 ` Torvald Riegel
2015-06-08 11:48 ` Jonathan Wakely
2015-06-08 16:01 ` Florian Weimer
2015-06-03 11:07 ` Torvald Riegel
2015-06-01 14:39 ` Andreas Schwab
2015-06-09 19:49 ` Martin Sebor
2015-06-15 22:14 ` Martin Sebor
2015-06-23 7:48 ` [PING 2] " Martin Sebor
[not found] ` <5593256B.5060402@redhat.com>
2015-07-01 0:06 ` [PING 3] " Rich Felker
2015-07-01 20:18 ` Martin Sebor
2015-07-01 21:27 ` Joseph Myers
2015-07-06 13:18 ` Szabolcs Nagy
2015-07-06 14:16 ` Martin Sebor
2015-07-06 14:58 ` Adhemerval Zanella
2015-07-06 16:33 ` Szabolcs Nagy
2015-07-06 17:09 ` Szabolcs Nagy
2015-07-08 11:00 ` Szabolcs Nagy
2015-07-08 16:09 ` Carlos O'Donell
2015-07-08 16:33 ` Torvald Riegel
2015-07-08 16:52 ` Szabolcs Nagy
2015-07-08 17:14 ` Carlos O'Donell
2021-03-02 16:43 ` Jakub Jelinek
2015-07-08 16:16 ` Carlos O'Donell
2015-07-08 21:28 ` Martin Sebor
2015-07-08 22:13 ` Szabolcs Nagy
2015-07-08 22:52 ` Martin Sebor
2015-07-08 23:42 ` Szabolcs Nagy
2015-07-09 4:46 ` Martin Sebor
2015-07-09 23:41 ` Martin Sebor
2021-03-03 12:52 Jakub Jelinek
2021-03-04 11:50 ` Florian Weimer
2021-03-04 13:00 ` Jakub Jelinek
2021-03-04 13:26 ` Florian Weimer
2021-03-04 14:14 ` Jakub Jelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=556CA772.2060207@redhat.com \
--to=msebor@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=szabolcs.nagy@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).