PR# 14517 Possible execution of `eif_thr_exit' and call to eif_access while GC in progress

Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2008/06/23
Class: Bug
Severity: Serious
Number: 14517
Release: 6.2.73753
Confidential: No
Status: Open
Responsible:
Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080421 Firefox/2.0.0.14 Solaris 10 on x86
Synopsis: Possible execution of `eif_thr_exit' and call to eif_access while GC in progress

Description
I'm tired today, so I might be wrong, but please consider the following
scenario which may demonstrate a threading bug.

Main thread calls `reclaim'.
One of its child threads is in a blocking C external routine, so its status
   is EIF_THREAD_BLOCKED (it has called `eif_exit_eiffel_code').
A second child thread is executing in some Eiffel code.
Main thread in `reclaim' calls `eif_terminate_all_other_threads'.  It
   synchronizes GC, locking eif_gc_mutex.  
Second child thread tries to create an object, which calls `emalloc_size'
   and needs to trigger_smart_gc_cycle.  It ends up waiting for 
   eif_gc_mutex.  Its status is EIF_THREAD_BLOCKED because it called
   EIF_ENTER_C in trigger_smart_gc_cycle.
Main thread finds both other threads are blocked, so eif_synchronize_gc
   call completes.
Main thread marks the two blocked threads as "gc stop requested", then
   calls eif_unsychronize_gc, then calls EIF_ENTER_C, which sets its
   status to EIF_THREAD_BLOCKED.
Second child thread wakes up, acquires eif_gc_mutex and proceeds to start
   a GC cycle, since both other threads are marked "blocked".
First child thread returns from blocking C external and calls
   `eif_enter_eiffel_code'.  It see that gc_stop_thread_request is set, so
   it calls eif_thr_exit.
Now first child thread status is EIF_THREAD_RUNNING but a GC cycle is in
   progress.  It has a parent thread, so it calls `eif_access' on
   eif_thr_context->current to get the offset of the "terminated" attribute.
First child thread evaluates `eif_access(eif_thr_context->current)', then
   second child thread moves the object it refers to.
First child thread stores into the old location of the object.
To Reproduce

										
Problem Report Interactions