> While if (functiona==NULL || functionb==NULL) { asssign functiona, > functionb } can be unsafe, I'd argue that if (functiona==NULL) { assign > functiona } followed by if (functionb) { assign functionb } is. >
We're implicitly assuming here that (thanks to alignment, etc.) each pointer can be accessed "atomically", which so far seems reasonable given the particular platform this code is for. However, the C11 memory model also allows the compiler to assume there's no write race, and it thus could, for example, use the same memory location to hold other temporary values, which could then be misinterpreted as the function pointer by concurrent threads. See http://static.usenix.org/event/hotpar11/tech/final_files/Boehm.pdf for ideas how this might break -- maybe not right now, but possibly with future compilers, possibly after this code has evolved a bit. (I'm not promising that it will actually break, but thread-safety analysis tools are likely to complain loudly. And at some point the code might actually fail spectacularly.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org