[Spread-users] Race condition fix to Spread...

John Schultz jschultz at d-fusion.net
Thu Nov 13 15:51:26 EST 2003 

Hey guys,

I think we have a good solution to the file descriptor race condition in 
the Spread client library when you use multiple threads and multiple 
connections and don't strongly synchronize Spread operations.

This was the problem that Theo, I and others had a long email discussion 
about where there seems to be an almost inherent race condition with 
multi-threading and asynchronous opening/closing of file descriptors on 
unix type systems.

Just to recap, if one thread is about to perform a blocking operation on 
a file descriptor it is difficult for another thread to safely close the 
file descriptor.  The most common method is to simply close the file 
descriptor from another thread and expect that the first thread should 
break out of the call with an error.

This has two problems (1) it is not guaranteed that closing the fd this 
way will break the first thread out and (2) it introduces a race 
condition where the first thread might end up performing its operation 
on a different file descriptor (inode) that was opened just after the 
close call (because the file descriptor table is global and fd ids are 
reused).

The solution is fairly simple: change sp_disconnect so that it signals 
the server to close the socket on its end, but DOESN'T close it on the 
client's end.  A second call, sp_kill (or sp_close), actually closes the 
file descriptor on the client's end.  This solves our race condition as 
the blocking thread WILL break out with an error and then (with a little 
additional synchronization code) it can safely call sp_kill/sp_close.

To be completely correct some code (either Spread's or the app's) has to 
ensure that no threads will possibly be about to perform an op on the 
context/fd when the close call is executed.

I personally believe that the Spread library code should hide all of 
this synchronization, using the table method w/ eternally unique ids and 
locks like I talked about in our previous discussion, so that a new 
version of sp_disconnect could be called at any time and would be safe 
and would clean up everything as expected.  Even then, we should still 
export a sp_kill/sp_close for the fork() case below.

The multi-thread race condition discussion started here:
http://lists.spread.org/pipermail/spread-users/2003-June/001481.html

Another problem was playing nice with fork:
http://lists.spread.org/pipermail/spread-users/2002-October/001129.html

The basic problem being that mutexes might be locked in a child process 
with no owner thread running and the child process wants to get rid of 
the parent's contexts.

Spread should install pthread_atfork() handlers that would reinitialize 
all of its synchronization variables (mutexes, etc.).  (There probably 
should be a sp_init call that initializes the spread library)

Then the child process just uses sp_close/sp_kill function to clean up 
the library's context without signaling the server.

-- 
John Schultz
Co-Founder, Lead Engineer
D-Fusion, Inc. (http://www.d-fusion.net)
Phn: 443-838-2200 Fax: 707-885-1055

More information about the Spread-users mailing list