Concurrency bugs are the worst type, thinking about it I can't think of a harder to debug class of bugs. Kudos for finding the bug 5 years ago in linux flyk, and double kudos for relating this one back to the old bug. -Reza On Jun 1, 2011, at 11:53 AM, Jorge Arellano Cid <jcid@dillo.org> wrote:
On Wed, Jun 01, 2011 at 03:47:32PM +0000, corvid wrote:
How do you think that bug eluded detection for so many years? I was very surprised by it all...
I) Very special conditions are necessary to trigger the bug, so the code works for most cases, hiding the bug (e.g. the test case in fltk works).
It is a race condition where you need:
- Multiple file descriptors being watched. - Some of them being closed while others remain in activity. - The closing being in such a way that the fd with the higher number is closed before the others.
and on top of it there's also a semantic problem, which is very hard to spot while reviewing the code:
[in remove_fd():] ... if (n == _maxfd) _maxfd--; ...
It looks quite correct, but a callback may be pending in the queue, and if so, it will not be honoured.
-- Cheers Jorge.-
_______________________________________________ Dillo-dev mailing list Dillo-dev@dillo.org http://lists.auriga.wearlab.de/cgi-bin/mailman/listinfo/dillo-dev