Fix race condition in MessageFilter #538
Closed
Commits on Jul 1, 2022
-
Add stress test for MessageFilter
... revealing that propagating messages via a ROS callback queue is inherently unsafe. If the filter is going to be destroyed, a CBQueueCallback::call() might still be in action, locking the underlying Signal1's mutex_. This will cause as assertion failure during destruction of the mutex: boost::mutex::~mutex(): Assertion `!posix::pthread_mutex_destroy(&m)' failed.
-
When MessageFilter::signalMessage() is called asynchronouyls via a ROS callback queue, this call might still be in progress while another (holding Signal1::mutex_), while another thread might attempt to remove the MessageFilter. This results in a failed assertion as the MessageFilter destructor attempts to destroy a locked mutex. Here, by introducing another mutex in MessageFilter, we ensure that CBQueueCallback::call() is finished before destroying the MessageFilter.
-
-
Revert ros#144: Solve a bug that causes a deadlock in MessageFilter
PR ros#144 attempted to resolve a deadlock by postponing calls to callbacks. However, this has the drawback of using references to TransformableRequests - outside the protection by transformable_requests_mutex_. Thus, these requests might get deleted by another thread, resulting in segfaults: terminate called after throwing an instance of 'boost::wrapexcept<boost::lock_error>' what(): boost: mutex lock failed in pthread_mutex_lock: Invalid argument This reverts commit bfb8038.
-
Alternative implementation to resolve deadlock ros#91/ros#144
As pointed out in ros#144 the deadlock arises due to an inversion of locking order: - MessageFilter::add(), when removing the oldest message, locks: - MessageFilter::messages_mutex_ - BufferCore::transformable_requests_mutex_ (via cancelTransformableRequest()) - BufferCore::testTransformableRequests() locks: - transformable_requests_mutex_ - MessageFilter::message_mutex_ (via MessageFilter::transformable() callback) PR ros#144 attempted to resolve the issue by postponing callback calls. However, this has the drawback of using references to TransformableRequests - outside the protection by transformable_requests_mutex_. These requests might got deleted by another thread meanwhile! Here the deadlock is resolved in MessageFilter::add, cancelling the requests outside the messages_mutex_ protection.
-
Reduce probability of race condition with CBQueueCallback
While MessageFilter::clear() removes pending messages from the callback queue, there might be still callbacks active when attempting to remove the MessageFilter. Depending on what goes first, either the already destroyed mutex is tried to lock or a locked mutex is tried to destroy, both resulting in an assertion failure. This race condition cannot completely avoided. Using a shared mutex for all callers and moving the unique lock to the end of the destructor hopefully reduces the probability of such a race condition.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.