On Mon, Nov 8, 2010 at 12:13 AM, Martin Sustrik <[email protected]> wrote: > Hi Dhammika, >> >> zmq_init_t::finalise_initialization() sends attach command to the session. >> But session::process_attach() can delete this engine, while it's still >> in use in io_thread out_event() callback. >> >> > > Can you elaborate on how it can happen? There's engine->unplug() called > before sending the attach command which should disconnect the engine from > it's I/O thread. >
0 zmq::signaler_t::send() 1 zmq::ctx_t::send_command() 2 zmq::object_t::send_command() 3 zmq::object_t::send_term_req() 4 zmq::own_t::terminate() 5 zmq::zmq_init_t::finalise_initialisation() !-- session deletes the engine --! 6 zmq::zmq_init_t::read() 7 zmq::encoder_t::message_ready() 8 zmq::encoder_base_t<zmq::encoder_t>::get_data() 9 zmq::zmq_engine_t::out_event() 10 zmq::kqueue_t::loop() 11 zmq::kqueue_t::worker_routine() 12 zmq::thread_t::thread_routine() In step 9, IO thread is calling engine_t::out_event() callback, and the engine must be valid for the duration of this call. But in step 5, session thread receives the engine and deletes it. Don't you think there's a valid race here? engine->unplug() does detach the engine, but it only takes effect on callback return. Dhammika _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
