Re: [PATCH] libstdc++/112351 - deal with __gthread_once failure during locale init

[Richard Biener <rguenther@suse.de>]

On Mon, 6 Nov 2023, Jonathan Wakely wrote:

> On Mon, 6 Nov 2023 at 11:52, Richard Biener <rguenther@suse.de> wrote:
> >
> > The following makes the C++98 locale init path follow the way the
> > C++11 performs initialization.  This way we deal with pthread_once
> > failing, falling back to non-threadsafe initialization which, given we
> > initialize from the library, should be serialized by the dynamic
> > loader already.
> >
> > Bootstrapped and tested on x86_64-unknown-linux-gnu, OK for trunk?
> > And GCC 13 branch?
> >
> > Thanks,
> > Richard.
> >
> >         PR libstdc++/112351
> > libstdc++-v3/
> >         * src/c++98/locale.cc (locale::facet::_S_get_c_locale):
> >         Always perform non-threadsafe init when threadsafe init
> >         failed.
> > ---
> >  libstdc++-v3/src/c++98/locale.cc | 7 ++-----
> >  1 file changed, 2 insertions(+), 5 deletions(-)
> >
> > diff --git a/libstdc++-v3/src/c++98/locale.cc b/libstdc++-v3/src/c++98/locale.cc
> > index d308140bab7..e9bec1db3b6 100644
> > --- a/libstdc++-v3/src/c++98/locale.cc
> > +++ b/libstdc++-v3/src/c++98/locale.cc
> > @@ -216,12 +216,9 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
> >  #ifdef __GTHREADS
> >      if (__gthread_active_p())
> >        __gthread_once(&_S_once, _S_initialize_once);
> > -    else
> >  #endif
> > -      {
> > -       if (!_S_c_locale)
> > -         _S_initialize_once();
> > -      }
> > +    if (__builtin_expect (!_S_c_locale, 0))
> > +      _S_initialize_once();
> >      return _S_c_locale;
> >    }
> 
> 
> I think this has a problem, which is handled correctly in
> src/c++11/locale_init.cc by checking _S_classic inside the
> _S_initialize_once function.

We check _S_c_locale here (it's just a pointer) instead of in
_S_initialize_once (), so I think the code is equivalent, no?

> If the first call to __gthread_once does fail then _S_once will not be
> changed. We will fall through to calling _S_initialize_once directly
> (which is not thread-safe) and set _S_c_locale.
> 
> The next time we call _S_initialize, __gthread_once will try to run
> again, and because _S_once was not changed, it might call
> _S_initialize_once() again, which writes to _S_c_locale again
> (possibly causing a data race).

Ah, yeah, so in the C++11 path the check for !_S_classic in
locale::_S_initialize is redundant.  But good spot.

> I don't think the slightly different code in src/c++11/locale_init.cc
> is different in order to handle __gthread_once failing, I think it's
> different because the effects of locale::facet::_S_initialize_once()
> and locale::_S_initialize_once() are different. One is safe to call
> more than once, and the other isn't.
> 
> I don't think we need to care about __gthread_once failing at all, do
> we? There are no error conditions for pthread_once, it always returns
> 0 (previous POSIX revisions said it could return EINVAL for an
> uninitialized pthread_once_t but that can't happen here as it's
> correctly initialized in src/c++11/locale.cc). Is the concern that it
> can fail for non-posix thread models? (I didn't check if any of them
> can actually fail)

The concern is that there are actual products out that break with the
new I/O initialization in libstdc++ for GCC13+ because they have bugs.
It's easy enough to work around those by the proposed patch (plus
correction for the above issue).  I suppose the comment in
locale::_S_initialize_once holds as well for the C++98 path.

The failure mode of the product is that it overrides pthread_once
but does nothing (not even indicate failure) when its pthread_*
override mechanism isn't initialized yet.  With libstdc++ from GCC13
we now use pthread_once "too early" and fail to initialize the locale
object.

Adjusted patch below.

OK after another round of testing?

Thanks,
Richard.


From 4e3fa2f4426a5a10d189587b63e4d7298c347b01 Mon Sep 17 00:00:00 2001
From: Richard Biener <rguenther@suse.de>
Date: Mon, 6 Nov 2023 11:31:40 +0100
Subject: [PATCH] libstdc++/112351 - deal with __gthread_once failure during
 locale init
To: gcc-patches@gcc.gnu.org

The following makes the C++98 locale init path follow the way the
C++11 performs initialization.  This way we deal with pthread_once
failing, falling back to non-threadsafe initialization which, given we
initialize from the library, should be serialized by the dynamic
loader already.

	PR libstdc++/112351
libstdc++-v3/
	* src/c++98/locale.cc (locale::facet::_S_initialize_once):
	Check whether _S_c_locale is already initialized.
	(locale::facet::_S_get_c_locale): Always perform non-threadsafe
	init when threadsafe init failed.
---
 libstdc++-v3/src/c++98/locale.cc | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/libstdc++-v3/src/c++98/locale.cc b/libstdc++-v3/src/c++98/locale.cc
index d308140bab7..1ef0c394cd7 100644
--- a/libstdc++-v3/src/c++98/locale.cc
+++ b/libstdc++-v3/src/c++98/locale.cc
@@ -206,6 +206,12 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
   void
   locale::facet::_S_initialize_once()
   {
+    // Need to check this because we could get called once from
+    // _S_get_c_locale() when the program is single-threaded, and then again
+    // (via __gthread_once) when it's multi-threaded.
+    if (_S_c_locale)
+      return;
+
     // Initialize the underlying locale model.
     _S_create_c_locale(_S_c_locale, _S_c_name);
   }
@@ -216,12 +222,9 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
 #ifdef __GTHREADS
     if (__gthread_active_p())
       __gthread_once(&_S_once, _S_initialize_once);
-    else
 #endif
-      {
-	if (!_S_c_locale)
-	  _S_initialize_once();
-      }
+    if (__builtin_expect (!_S_c_locale, 0))
+      _S_initialize_once();
     return _S_c_locale;
   }
 
-- 
2.35.3