CERT C++: CON54-CPP

Function that can spuriously wake up not wrapped in loop occurs when the following wait-on-condition functions are called from outside a loop:

Wait-on-condition functions pause the execution of the calling thread when a specified condition is met. The thread wakes up and resumes once another thread notifies it with cnd_broadcast() or an equivalent function. The wake-up notification can be spurious or malicious.

If a thread receives a spurious wake-up notification and the condition of the wait-on-condition function is not checked, the thread can wake up prematurely. The wake-up can cause unexpected control flow, indefinite blocking of other threads, or denial of service.

Wrap wait-on-condition functions that can wake up spuriously in a loop. The loop checks the wake-up condition after a possible spurious wake-up notification.

#include <stdio.h>
#include <stddef.h>
#include <thread>
#include <mutex>

#define THRESHOLD 100

std::mutex myMutex;
std::condition_variable cv;

void func(int input)
{
	std::unique_lock<std::mutex> lk(myMutex);
	// test condition to pause thread 
	if (input > THRESHOLD) {
	//pause current thread
		cv.wait(lk);//Noncompliant
	}
}

In this example, the thread uses std::condition_variable::wait to pause execution when input is greater than THRESHOLD. The paused thread can resume if another thread uses std::condition_variable::notify_all, which notifies all the threads. This notification causes the thread to wake up even if the pause condition is still true.

One possible correction is to wrap the call to std::condition_variable::wait in a while loop. The loop checks the pause condition after the thread receives a possible spurious wake-up notification.

#include <stdio.h>
#include <stddef.h>
#include <thread>
#include <mutex>

#define THRESHOLD 100

std::mutex myMutex;
std::condition_variable cv;

void func(int input)
{
	std::unique_lock<std::mutex> lk(myMutex);
	// test condition to pause thread 
	while (input > THRESHOLD) {
	//pause current thread
		cv.wait(lk);
	}
}

The std::condition_variable::wait function has an overload that accepts a lambda function as a second argument. The predicate of the Lambda function indicates when it is safe to stop waiting and proceed with the code execution. This overload of the std::condition_variable::wait function behaves as if it is implicitly wrapped in a loop. In this code, the functionstd::condition_variable::wait is invoked by using a Lambda function. Here, unwanted waking of the thread is prevented because the thread wakes up when the predicate of the Lambda function is true.

#include <stdio.h>
#include <stdio.h>
#include <stddef.h>
#include <thread>
#include <mutex>
#define THRESHOLD 100

std::mutex myMutex;
std::condition_variable cv;

void func(int input)
{
	std::unique_lock<std::mutex> lk(myMutex);
	cv.wait(lk,[&input]{ return !(input>THRESHOLD); });
	
}