Return-Path: 
 <issues-return-2830-apmail-stdcxx-issues-archive=stdcxx.apache.org@stdcxx.apache.org>
X-Original-To: apmail-stdcxx-issues-archive@minotaur.apache.org
Delivered-To: apmail-stdcxx-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 81297D6AD
	for <apmail-stdcxx-issues-archive@minotaur.apache.org>;
 Thu, 27 Sep 2012 00:13:07 +0000 (UTC)
Received: (qmail 85958 invoked by uid 500); 27 Sep 2012 00:13:07 -0000
Delivered-To: apmail-stdcxx-issues-archive@stdcxx.apache.org
Received: (qmail 85931 invoked by uid 500); 27 Sep 2012 00:13:07 -0000
Mailing-List: contact issues-help@stdcxx.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@stdcxx.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@stdcxx.apache.org>
List-Post: <mailto:issues@stdcxx.apache.org>
List-Id: <issues.stdcxx.apache.org>
Reply-To: dev@stdcxx.apache.org
Delivered-To: mailing list issues@stdcxx.apache.org
Received: (qmail 85920 invoked by uid 99); 27 Sep 2012 00:13:07 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Sep 2012 00:13:07 +0000
Date: Thu, 27 Sep 2012 11:13:07 +1100 (NCT)
From: "Liviu Nicoara (JIRA)" <jira@apache.org>
To: issues@stdcxx.apache.org
Message-ID: <2109293254.131442.1348704787449.JavaMail.jiratomcat@arcas>
In-Reply-To: <1743963598.131205.1348701068688.JavaMail.jiratomcat@arcas>
Subject: [jira] [Comment Edited] (STDCXX-1071) numpunct facet cache
 initialization is not thread -safe
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/STDCXX-1071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464295#comment-13464295 ] 

Liviu Nicoara edited comment on STDCXX-1071 at 9/27/12 11:11 AM:
-----------------------------------------------------------------

The file library-reduction.cpp is a reduction of the numpunct library code down to the essentials that still have the defect. The test case is intentionally verbose (180LOC) so that it still shows the organization of the library code. It exhibits the same failures as the original library code it has been extracted from. It takes two defines on the command line: 

1. NO_USE_STDCXX_LOCALES -- if defined it mimics the setting of the facet data from the system locales
2. NO_USE_NUMPUNCT_CACHE -- if set, it does perfect forwarding, i.e., it does not cache "locale data" in the facet

The runs, with SUNPro 5.12 on Linux, exhibit failures (renamed to t.cpp):

{noformat}
$ CC -O -mt t.cpp && ./a.out 
"t.cpp", line 113: Warning: String literal converted to char* in assignment.
1 Warning(s) detected.
CC: Warning: failed to detect system linker version, falling back to custom linker usage
16, 10000000
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x0000000000622b40 ***
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x00007f6654000920 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x78f85)[0x7f666c031f85]
/lib64/libc.so.6(cfree+0x73)[0x7f666c035d93]
...

$ CC -DNO_USE_STDCXX_LOCALES -O -mt t.cpp && ./a.out 
"t.cpp", line 113: Warning: String literal converted to char* in assignment.
1 Warning(s) detected.
CC: Warning: failed to detect system linker version, falling back to custom linker usage
16, 10000000
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x0000000000622b40 ***
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x00007fda600008b0 ***
======= Backtrace: =========
/lib64/libc.so.6======= Backtrace: =========
/lib64/libc.so.6(cfree+0x73)[0x7fda6c8f2d93]
/lib64/libc.so.6(+0x78f85)[0x7fda6c8eef85]
{noformat}

The reduced program did not fail in my runs with NO_USE_NUMPUNCT_CACHE defined.
                
      was (Author: nikkoara):
    The file library-reduction.cpp is a reduction of the numpunct library code down to the essentials that still have the defect. The test case is intentionally verbose (180LOC) so that it still shows the organization of the library code. It exhibits the same failures as the original library code it has been extracted from. It takes two defines on the command line: 

1. NO_USE_STDCXX_LOCALES -- if defined it mimics the setting of the facet data from the system locales
2. NO_USE_NUMPUNCT_CACHE -- if set, it does perfect forwarding, i.e., it does not cache "locale data" in the facet

The runs, with SUNPro 5.12 on Linux, exhibit failures (renamed to t.cpp):

{noformat}
$ CC -O -mt t.cpp && ./a.out 
"t.cpp", line 113: Warning: String literal converted to char* in assignment.
1 Warning(s) detected.
CC: Warning: failed to detect system linker version, falling back to custom linker usage
16, 10000000
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x0000000000622b40 ***
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x00007f6654000920 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x78f85)[0x7f666c031f85]
/lib64/libc.so.6(cfree+0x73)[0x7f666c035d93]
...
{noformat}

{noformat}
$ CC -DNO_USE_STDCXX_LOCALES -O -mt t.cpp && ./a.out 
"t.cpp", line 113: Warning: String literal converted to char* in assignment.
1 Warning(s) detected.
CC: Warning: failed to detect system linker version, falling back to custom linker usage
16, 10000000
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x0000000000622b40 ***
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x00007fda600008b0 ***
======= Backtrace: =========
/lib64/libc.so.6======= Backtrace: =========
/lib64/libc.so.6(cfree+0x73)[0x7fda6c8f2d93]
/lib64/libc.so.6(+0x78f85)[0x7fda6c8eef85]
<noformat>

The reduced program did not fail in my runs with NO_USE_NUMPUNCT_CACHE defined.
                  
> numpunct facet cache initialization is not thread -safe
> -------------------------------------------------------
>
>                 Key: STDCXX-1071
>                 URL: https://issues.apache.org/jira/browse/STDCXX-1071
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: 22. Localization, Thread Safety
>    Affects Versions: 4.2.1, 4.2.x, 4.3.x, 5.0.0
>         Environment: $ uname -a; CC -V
> Linux behemoth 2.6.37.6 #3 SMP Sat Apr 9 22:49:32 CDT 2011 x86_64 AMD Opteron(tm) Processor 6134 AuthenticAMD GNU/Linux
> CC: Sun C++ 5.12 Linux_i386 2011/11/16
>            Reporter: Liviu Nicoara
>            Priority: Critical
>              Labels: DCII, localization, numpunct, thread-safety
>             Fix For: 4.2.1, 4.2.x, 4.3.x, 5.0.0
>
>         Attachments: library-reduction.cpp, patch-4.2.x.diff, patch-4.3.x.diff, punct-mt.cpp
>
>   Original Estimate: 8h
>  Remaining Estimate: 8h
>
> The bug affects the initialization of the cached data in numpunct facet. The failing test is 22.locale.numpunct.cpp in certain builds: Linux with SUNPro 5.12, optimized, most likely to fail. It has been reported (see linked incidents) to fail on SPARC as well. It manifests in variate ways: sometimes as heap corruption, sometimes as access violations, etc. Test cases and library reduction programs to follow. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira