Date: Thu, 27 Dec 2007 07:38:25 +0000 SDL-1.2
authorSam Lantinga <slouken@libsdl.org>
Fri, 28 Dec 2007 22:05:17 +0000
branchSDL-1.2
changeset 4105 84882a89ca50
parent 4104 e3945f84427f
child 4106 12bb6311fd5d
Date: Thu, 27 Dec 2007 07:38:25 +0000
From: John Bartholomew
Subject: [SDL] SDL Semaphore implementation broken on Windows?
Hi,

Over the past couple of days, I've been battling with SDL, SDL_Mixer and SMPEG to try to find an audio hang bug. I believe I've found the problem, which I think is a race condition inside SDL's semaphore implementation (at least the Windows implementation). The semaphore code uses Windows' built in semaphore functions, but it also maintains a separate count value. This count value is updated with bare increment and decrement operations in SemPost and SemWaitTimeout - no locking primitives to protect them.

In tracking down the apparent audio bug, I found that at some point a semaphore's count value was being decremented to -1, which is clearly not a valid value for it to take.

I'm still not certain exactly what sequence of operations is occuring for this to happen, but I believe that overall it's a race condition between a thread calling SemPost (which increments the count) and the thread on the other end calling SemWait (which decrements it).

I will try to make a test case to verify this, but I'm not sure if I'll be able to (threading errors being difficult to reproduce even in the best circumstances).

However, assuming this is the cause of my problems, there is a very
simple fix:
Windows provides InterlockedIncrement() and InterlockedDecrement()
functions to perform increments and decrements which are guaranteed to be atomic. So the fix is in thread/win32/SDL_syssem.c: replace occurrences of --sem->count with InterlockedDecrement(&sem->count); and replace occurrences of ++sem->count with InterlockedIncrement(&sem->count);

This is using SDL v1.2.12, built with VC++ 2008 Express, running on a
Core 2 duo processor.
src/thread/win32/SDL_syssem.c
--- a/src/thread/win32/SDL_syssem.c	Fri Dec 28 20:39:31 2007 +0000
+++ b/src/thread/win32/SDL_syssem.c	Fri Dec 28 22:05:17 2007 +0000
@@ -105,7 +105,7 @@
 	switch (WaitForSingleObject(sem->id, dwMilliseconds)) {
 #endif
 	    case WAIT_OBJECT_0:
-		--sem->count;
+		InterlockedDecrement(&sem->count);
 		retval = 0;
 		break;
 	    case WAIT_TIMEOUT:
@@ -150,13 +150,13 @@
 	 * immediately get destroyed by another thread which
 	 * is waiting for this semaphore.
 	 */
-	++sem->count;
+	InterlockedIncrement(&sem->count);
 #if defined(_WIN32_WCE) && (_WIN32_WCE < 300)
 	if ( ReleaseSemaphoreCE(sem->id, 1, NULL) == FALSE ) {
 #else
 	if ( ReleaseSemaphore(sem->id, 1, NULL) == FALSE ) {
 #endif
-		--sem->count;	/* restore */
+		InterlockedDecrement(&sem->count);	/* restore */
 		SDL_SetError("ReleaseSemaphore() failed");
 		return -1;
 	}