From: Mark H Weaver <mhw@netris.org>
To: 31878@debbugs.gnu.org
Subject: bug#31878: Module autoloading is not thread safe
Date: Wed, 22 Aug 2018 19:22:27 -0400 [thread overview]
Message-ID: <878t4xdfag.fsf@netris.org> (raw)
In-Reply-To: <87h8m0uw3z.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 18 Jun 2018 14:17:52 +0200")
Hi Ludovic,
ludo@gnu.org (Ludovic Courtès) writes:
> ludo@gnu.org (Ludovic Courtès) skribis:
>
>> ludo@gnu.org (Ludovic Courtès) skribis:
>>
>>> I believe this comes from the fact that ‘autoloads-done’ and related
>>> alists in (ice-9 boot-9) are manipulated in a non-thread-safe fashion.
>>
>> Here’s a proposed fix for ‘stable-2.2’ as discussed on #guile, Andy:
>
> After further discussion on IRC, I pushed a variant of this patch as
> commit 761cf0fb8c364e885e4c6fced34563f8157c3b84.
There are problems with this fix, e.g. <https://bugs.gnu.org/32367>.
More generally, nearly arbitrary code can be run in the top-level
expressions of a module. It could launch other threads which try to
load modules, or even send messages to other existing threads asking
them to do work. In some cases, the body of the module might never
terminate. The entire main program might be run from there. I suspect
that's not unusual.
I can see another problem as well: while the module is in the process of
loading, the partially-loaded module is globally visible and accessible
to other threads. If I'm not mistaken, with this patch, there's nothing
preventing other threads from attempting to use the partially-loaded
module.
I thought about how to fix this thread-safety problem a long time ago,
and came up with a rough outline of a solution. The idea is that the
module should not be added to the global module table until the module
has finished loading. While the module is being loaded, it would be
made visible only to the loading thread, and to any other threads
spawned during the loading process, by adding the module to a local list
of modules-being-loaded referenced by a fluid variable. If any other
threads attempt to access the module, it would not be found in the
global module table, and thus trigger an auto-load, which would wait for
the lock to be released before proceeding.
What do you think?
Mark
next prev parent reply other threads:[~2018-08-22 23:22 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-18 9:43 bug#31878: Module autoloading is not thread safe Ludovic Courtès
2018-06-18 11:11 ` Ludovic Courtès
2018-06-18 12:17 ` Ludovic Courtès
2018-08-22 23:22 ` Mark H Weaver [this message]
2018-08-23 2:18 ` Mark H Weaver
2018-08-23 13:54 ` Ludovic Courtès
2018-08-23 19:40 ` Mark H Weaver
2018-08-24 8:45 ` Ludovic Courtès
2018-10-21 18:16 ` Mark H Weaver
2018-10-22 10:10 ` Ludovic Courtès
[not found] ` <876002dm18.fsf@netris.org>
2018-08-23 13:51 ` Ludovic Courtès
2022-04-04 11:47 ` Calvin Heim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878t4xdfag.fsf@netris.org \
--to=mhw@netris.org \
--cc=31878@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).