Re: [bug #33392] Multi-thread bug in NSObject retain and release

From: Jonathan Olson
Subject: Re: [bug #33392] Multi-thread bug in NSObject retain and release
Date: Wed, 25 May 2011 08:44:27 -0700


I don't have a small example.  The application is a relatively large 
multi-threaded app server which supports a couple hundred TCP/IP sockets.  This 
typically crashed about every 30-60 minutes.

For x86, the fix could use the xaddl instruction which is an atomic exchange 
and increment instruction.  Note that the other architectures (mips, powerpc, 
68k) defined in NSObject.m all share the same bug, so you should fix these also.

Possibly, you can use a recent version of gcc to generate the instruction 
sequence for each CPU.  For example, compiling the following program generates 
the following for x86.

#include <stdio.h>

main(int argc, char **argv)
    int lock = 0;
    int lock1 = __sync_fetch_and_add(&lock, 1);
    int lock2 = __sync_fetch_and_sub(&lock, 1);
    fprintf(stderr, "lock = %d %d %d\n", lock, lock1, lock2);
    return 0;

        pushq   %rbp
        movq    %rsp, %rbp
        subq    $16, %rsp
        movl    $0, -4(%rbp)
        leaq    -4(%rbp), %rax
        movl    $1, %ecx
        xaddl   %ecx, (%rax)
        movl    $-1, %r8d
        xaddl   %r8d, (%rax)
        movl    -4(%rbp), %edx
        movq    address@hidden(%rip), %rax
        movq    (%rax), %rdi
        leaq    LC0(%rip), %rsi
        xorl    %eax, %eax
        call    _fprintf
        xorl    %eax, %eax

On May 25, 2011, at 2:32 AM, Richard Frith-Macdonald wrote:

