Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Risk of infinite loop when using weak_ptr on Windows

Jean-Jacques
Beginner
829 Views

From the disassembler view, it seems the implementation of weak_ptr::lock in Windows SGX SDK is similar to the Linux one :

__shared_weak_count*
__shared_weak_count::lock() _NOEXCEPT
{
    long object_owners = __libcpp_atomic_load(&__shared_owners_);
    while (object_owners != -1)
    {
        if (__libcpp_atomic_compare_exchange(&__shared_owners_,
                                             &object_owners,
                                             object_owners+1))
            return this;
    }
    return nullptr;
}

However the compare_exchange function ends up being this piece of code from include\libc++\support\win32\atomic.h :

template<class _Tp>
static inline bool __atomic_compare_exchange_strong_explicit(volatile _Tp *__val, volatile _Tp *__expected, _Tp __after, int, int)
{
    return _atomic_msvc_wrapper::FetchClass<sizeof(_Tp)>::compare_exchange<_Tp>(__val, *__expected, __after);
}

This implementation is incorrect, as it loses the feature that if the exchange doesn't happen, the current value of __val is written to __expected. As a result, if indeed there has been a change between the load on line 4 and the exchange on line 7, object_owners is not modified, and the loop continues, possibly forever (if the value doesn't come back to what it was).

This happens sometimes in our code, during shutdown, when many shared or weak pointers are released concurrently.

 

0 Kudos
1 Solution
Sahira_Intel
Moderator
763 Views

Hi,

This is a bug and the engineering team is working on fixing it.


Sincerely,

Sahira


View solution in original post

2 Replies
Sahira_Intel
Moderator
787 Views

Hi,

I have escalated this issue for further feedback and will let you know when I have more information.


Sincerely,

Sahira


Sahira_Intel
Moderator
764 Views

Hi,

This is a bug and the engineering team is working on fixing it.


Sincerely,

Sahira


Reply