SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 14

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 38

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Localize CodeSonar crossreferences to C++ scope

...

The C++ Standard, [thread.mutex.class], paragraph 5 [ISO/IEC 14882-2014], states the following:

The behavior of a program is undefined if it destroys a mutex object owned by any thread or a thread terminates while owning a mutex object.

...

This compliant solution eliminates the race condition by extending the lifetime of the mutex:.

Code Block
bgColor#ccccff
langc
#include <mutex>
#include <thread>

const size_t maxThreads = 10;

void do_work(size_t i, std::mutex *pm) {
  std::lock_guard<std::mutex> lk(*pm);

  // Access data protected by the lock.
}

std::mutex m;

void start_threads() {
  std::thread threads[maxThreads];

  for (size_t i = 0; i < maxThreads; ++i) {
    threads[i] = std::thread(do_work, i, &m);
  }
}

...

This compliant solution eliminates the race condition by joining the threads before the mutex's destructor is invoked:.

Code Block
bgColor#ccccff
langc
#include <mutex>
#include <thread>

const size_t maxThreads = 10;

void do_work(size_t i, std::mutex *pm) {
  std::lock_guard<std::mutex> lk(*pm);

  // Access data protected by the lock.
}
void run_threads() {
  std::thread threads[maxThreads];
  std::mutex m;

  for (size_t i = 0; i < maxThreads; ++i) {
    threads[i] = std::thread(do_work, i, &m);
  }

  for (size_t i = 0; i < maxThreads; ++i) {
    threads[i].join();
  }
}

...

Destroying a mutex while it is locked may result in invalid control flow and data corruption.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CON50-CPP

Medium

Probable

High

P4

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page
CodeSonar_V
CodeSonar_V

CONCURRENCY.LOCALARG

Local Variable Passed to Thread

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF961, DF4962
Klocwork
Include Page
Klocwork_V
Klocwork_V
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-CON50-a

Do not destroy another thread's mutex

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: CON50-CPPChecks for destruction of locked mutex (rule partially covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

MITRE CWECWE-667, Improper Locking
SEI CERT C Coding StandardCON31-C. Do not destroy a mutex while it is locked

Bibliography

[ISO/IEC 14882-2014]Subclause 30.4.1, "Mutex Requirements"


...

Image Added Image Modified Image Removed  Image Modified