![Page 1: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/1.jpg)
15-410, S'201
“Paradise Lost”Feb. 7, 2020
Dave EckhardtDave Eckhardt
Brian RailingBrian Railing
L11a_Lost
15-410“What could possibly go wrong?”
![Page 2: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/2.jpg)
15-410, S'202
Outline
When to use When to use if()if() vs. vs. while()while()
![Page 3: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/3.jpg)
15-410, S'203
Consider the lowly worker thread
/* note: not a thrgrp_*() worker thread */voidworker(void *ignored){ workitem *work; while (work = find_work()) perform(work); thr_exit((void *) 0);}
![Page 4: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/4.jpg)
15-410, S'204
Consider the lowly worker thread
/* note: not a thrgrp_*() worker thread */voidworker(void *ignored){ workitem *work; while (work = find_work()) perform(work); thr_exit((void *) 0);}
But a funny thing happens...But a funny thing happens...
![Page 5: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/5.jpg)
15-410, S'205
What's Wrong With This Picture?
workitem *
find_work(void)
{
workitem *w;
mutex_lock(&m);
if (going_out_of_business)
w = (workitem *) 0;
else
w = (workitem *) dequeue(q);
mutex_unlock(&m);
return (w);
}
![Page 6: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/6.jpg)
15-410, S'206
Better?
mutex_lock(&m);
if (going_out_of_business) {
w = (workitem *) 0;
} else {
if (!(w = (workitem *) dequeue(q))) {
cond_wait(&new_work, &m);
w = (workitem *) dequeue(queue);
}
}
mutex_unlock(&m);
return (w);
![Page 7: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/7.jpg)
15-410, S'207
What We Hope For
find_work() queue_work()
mutex_lock(&m);
if (!..dequeue(..))
cond_wait(&new, &m);
mutex_lock(&m);
enqueue(..);
cond_signal(&new);
mutex_unlock(&m);
w = dequeue(..);
mutex_unlock(&m);
![Page 8: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/8.jpg)
15-410, S'208
What Went Wrong?
What went wrong?What went wrong?
![Page 9: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/9.jpg)
15-410, S'209
What Went Wrong?
What went wrong?What went wrong? Nothing!
![Page 10: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/10.jpg)
15-410, S'2010
What Went Wrong?
What went wrong?What went wrong? Nothing!
But what if there is But what if there is an evil third threadan evil third thread??
![Page 11: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/11.jpg)
15-410, S'2011
What About the “Evil Third Thread”?
mutex_lock(&m);
if (going_out_of_business) {
w = (workitem *) 0;
} else {
if (!(w = (workitem *) dequeue(q))) {
cond_wait(&new_work, &m);
w = (workitem *) dequeue(queue);
}
}
mutex_unlock(&m);
return (w);
![Page 12: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/12.jpg)
15-410, S'2012
Not Exactly What We Hope For
find_work() queue_work() find_work()lock(&m);
if (!..deq(..))
cwait(&new, &m);
lock(&m);
enqueue(...);
csignal(&new);
unlock(&m);
lock(&m);
if (!..deq(..))
unlock(&m);
w = deq(..); return(w);
unlock(&m);
return (0);
![Page 13: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/13.jpg)
15-410, S'2013
Have We Seen This Before?
What went wrong?What went wrong? Protected world state wasn't ready for us We blocked Somebody prepared the world for us to run We ran
We assumed nobody else had run We assumed the world state was still ready for us
When have we seen this “happiness revocation”?When have we seen this “happiness revocation”?
![Page 14: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/14.jpg)
15-410, S'2014
To “if()” Or Not To “if()”?
mutex_lock(&m);
if (going_out_of_business) {
w = (workitem *) 0;
} else {
while (!(w = (workitem *) dequeue(q)))
cond_wait(&new_work, &m);
}
mutex_unlock(&m);
return (w);
/* XXX still wrong! - rewrite after class */
![Page 15: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/15.jpg)
15-410, S'2015
Summary
if() vs. while()if() vs. while() If somebody can revoke your happiness, you'd better
check
![Page 16: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/16.jpg)
15-410, S'2016
Related Work
TOCTTOUTOCTTOU ?
![Page 17: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/17.jpg)
15-410, S'2017
Related Work
TOCTTOUTOCTTOU
“Toucan at Whipsnade Zoo”, William Warby, 2012-05-06, CC-BY
![Page 18: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/18.jpg)
15-410, S'2018
Related Work
TOCTTOUTOCTTOU “Time of Check to Time of Use”
A standard “bug class” Isn't that what we have here?
![Page 19: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/19.jpg)
15-410, S'2019
Related Work
TOCTTOUTOCTTOU “Time of Check to Time of Use”
A standard “bug class” Isn't that what we have here?
“Correct, but wrong”
![Page 20: Paradise Lost - Carnegie Mellon School of Computer Science410/lectures/L11a_Lost.pdf1 15-410, S'20 “Paradise Lost” Feb. 7, 2020 Dave Eckhardt Brian Railing L11a_Lost 15-410 “What](https://reader033.vdocuments.net/reader033/viewer/2022042305/5ed0f8121eb8fa0ac30a8f92/html5/thumbnails/20.jpg)
15-410, S'2020
Related Work
TOCTTOUTOCTTOU “Time of Check to Time of Use”
A standard “bug class” Isn't that what we have here?
“Correct, but wrong” Many people think TOCCTOU bugs are always security bugs Fundamentally, we expect the revoked condition to become
unrevoked again (soon!) Unlike the general case, this can be fixed in less than a line
of code!