diff options
| author | antirez <antirez@gmail.com> | 2018-03-28 14:06:08 +0200 |
|---|---|---|
| committer | antirez <antirez@gmail.com> | 2018-03-28 14:11:04 +0200 |
| commit | 8ac7af1c5d4d06d6c165e35d67a3a6a70e5d98c3 (patch) | |
| tree | 83aa235ccdf77f6fe09ac6f83e944714b5358bd1 /src/ae.h | |
| parent | 674909f44284a44580e87a1cc8c25a6aa957eb22 (diff) | |
| download | redis-8ac7af1c5d4d06d6c165e35d67a3a6a70e5d98c3.tar.gz | |
Fix ae.c when a timer finalizerProc adds an event.
While this feature is not used by Redis, ae.c implements the ability for
a timer to call a finalizer callback when an timer event is deleted.
This feature was bugged since the start, and because it was never used
we never noticed a problem. However Anthony LaTorre was using the same
library in order to implement a different system: he found a bug that he
describes as follows, and which he fixed with the patch in this commit,
sent me by private email:
--- Anthony email ---
've found one bug in the current implementation of the timed events.
It's possible to lose track of a timed event if an event is added in
the finalizerProc of another event.
For example, suppose you start off with three timed events 1, 2, and
3. Then the linked list looks like:
3 -> 2 -> 1
Then, you run processTimeEvents and events 2 and 3 finish, so now the
list looks like:
-1 -> -1 -> 2
Now, on the next iteration of processTimeEvents it starts by deleting
the first event, and suppose this finalizerProc creates a new event,
so that the list looks like this:
4 -> -1 -> 2
On the next iteration of the while loop, when it gets to the second
event, the variable prev is still set to NULL, so that the head of the
event loop after the next event will be set to 2, i.e. after deleting
the next event the event loop will look like:
2
and the event with id 4 will be lost.
I've attached an example program to illustrate the issue. If you run
it you will see that it prints:
```
foo id = 0
spam!
```
But if you uncomment line 29 and run it again it won't print "spam!".
--- End of email ---
Test.c source code is as follows:
#include "ae.h"
#include <stdio.h>
aeEventLoop *el;
int foo(struct aeEventLoop *el, long long id, void *data)
{
printf("foo id = %lld\n", id);
return AE_NOMORE;
}
int spam(struct aeEventLoop *el, long long id, void *data)
{
printf("spam!\n");
return AE_NOMORE;
}
void bar(struct aeEventLoop *el, void *data)
{
aeCreateTimeEvent(el, 0, spam, NULL, NULL);
}
int main(int argc, char **argv)
{
el = aeCreateEventLoop(100);
//aeCreateTimeEvent(el, 0, foo, NULL, NULL);
aeCreateTimeEvent(el, 0, foo, NULL, bar);
aeMain(el);
return 0;
}
Anthony fixed the problem by using a linked list for the list of timers, and
sent me back this patch after he tested the code in production for some time.
The code looks sane to me, so committing it to Redis.
Diffstat (limited to 'src/ae.h')
| -rw-r--r-- | src/ae.h | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -83,6 +83,7 @@ typedef struct aeTimeEvent { aeTimeProc *timeProc; aeEventFinalizerProc *finalizerProc; void *clientData; + struct aeTimeEvent *prev; struct aeTimeEvent *next; } aeTimeEvent; |