More heap corruption / allocator lock problems

Joel Sherrill joel.sherrill at
Sat Oct 11 15:48:04 UTC 2003

Till Straumann wrote:

> Hi all.
> Paranoia pays off.
> Today, (thanks to the paranoia check added to PR#504)
> I found one more place where a CORE_mutex (the allocator
> lock) is acquired from a dispatching-disabled code section:
> The task-variable destructor hook (used e.g. by the rtems_shell
> and 'libc userenv')!
> Since it is run as part of a user extension's delete
> hook/callback, the task variable destructor runs with
> dispatching disabled :-(
> Two solutions come to my mind:
> a) memory that is going to be released by a task-variable
>    destructor must be allocated from the workspace

I like this solution and it is where I was heading.  I was thinking of 
adding some
"name wrapper macros" that are like rtems_extension_malloc and 
which are specifically to be used ONLY from the task create and delete 

> b) free could be enhanced:
>    if 'free' is called while _Thread_Dispatch_disable_level > 0,
>    it sends its pointer argument to a special "gc" thread which
>    will eventually execute the real 'free'. The synchronization
>    mechanism *must* be nonblocking, of course, to avoid the
>    same kind of problem...
> While I feel that b) is 'hackish', it could certainly provide
> backwards compatibility...

Another simpler approach to this might be to have a list like you suggest
but check that it is non-empty on each malloc or free when 
is == 0.  It doesn't free memory as quickly as a gc thread would but it 
would get it into
the heap when it matters.

> -- Till

More information about the users mailing list