SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 18

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Deadlock: Out-of-Sequence Step Value

Time

Thread #
(my_step)

current_step

Action

0

3

0

Thread 3 executes the first time: the predicate is false -> wait()

1

2

0

Thread 2 executes the first time: the predicate is false -> wait()

2

4

0

Thread 4 executes the first time: the predicate is false -> wait()

3

0

0

Thread 0 executes the first time: the predicate is true -> currentStep++; notify_one()

4

1

1

Thread 1 executes the first time: the predicate is true -> currentStep++; notify_one()

5

3

2

Thread 3 wakes up (scheduler choice): the predicate is false -> wait()

6

Thread exhaustion! There are no more threads to run, and a conditional variable signal is needed to wake up the others.

This noncompliant code example violates the liveness property.

...

This compliant solution uses notify_all() to signal all waiting threads instead of a single random thread. Only the run_step() thread code from the noncompliant code example is modified, as modified.

Code Block
bgColor#ccccff
langc
#include <condition_variable>
#include <iostream>
#include <mutex>
#include <thread>

std::mutex mutex;
std::condition_variable cond;

void run_step(size_t myStep) {
  static size_t currentStep = 0;
  std::unique_lock<std::mutex> lk(mutex);

  std::cout << "Thread " << myStep << " has the lock" << std::endl;

  while (currentStep != myStep) {
    std::cout << "Thread " << myStep << " is sleeping..." << std::endl;
    cond.wait(lk);
    std::cout << "Thread " << myStep << " woke up" << std::endl;
  }

  // Do processing ...
  std::cout << "Thread " << myStep << " is processing..." << std::endl;
  currentStep++;

  // Signal ALL waiting tasks.
  cond.notify_all();

  std::cout << "Thread " << myStep << " is exiting..." << std::endl;
}
 
// ... main() unchanged ...

...

Failing to preserve the thread safety and liveness of a program when using condition variables can lead to indefinite blocking and denial of service (DoS).

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

CON55-CPP

Low

Unlikely

No

Medium

Yes

P2

L3


Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

CONCURRENCY.BADFUNC.CNDSIGNAL

Use of Condition Variable Signal

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++1778, C++1779
Klocwork
Include Page
Klocwork_V
Klocwork_V
CERT.CONC.UNSAFE_COND_VAR
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-CON55-a

Do not use the 'notify_one()' function when multiple threads are waiting on the same condition variable

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: CON55-CPP

Checks for multiple threads waiting for same condition variable (rule fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT Oracle Secure Coding Standard for JavaTHI02-J. Notify all waiting threads rather than a single thread

SEI CERT C Coding Standard

CON38-C. Preserve thread safety and liveness when using condition variables

cplusplusCON54-CPP. Wrap functions that can spuriously wake up in a loop

Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, pthread_cond_broadcast
XSH, System Interfaces, pthread_cond_signal
[Lea 2000]
 

...



...

Image Modified Image Modified Image Modified