CERT C: Rule POS50-C

Automatic or thread local variable escaping from a POSIX^® thread occurs when an automatic or thread local variable is passed by address from one POSIX thread to another without ensuring that the variable stays alive through the duration of the latter thread.

An automatic or thread local variable is allocated on the stack at the beginning of a thread and its lifetime extends till the end of the thread. The variable is not guaranteed to be alive when a different thread accesses it.

For instance, consider the start function of a POSIX thread with these lines:

int start_thread(pthread_t *tid) {
   int aVar = 0;
   if(thrd_success != pthread_create(tid, NULL, start_thread_child, &aVar) {
     //...
   }
}

The pthread_create function creates a child thread with start function start_thread_child and passes the address of the automatic variable aVarto this function. When this child thread accesses aVar, the parent thread might have completed execution and aVar is no longer on the stack. The access might result in reading unpredictable values.

When you pass a variable from one thread to another, make sure that the variable lifetime matches or exceeds the lifetime of both threads. You can achieve this synchronization in one of these ways:

These solutions require you to create a variable in nonlocal memory. Instead, you can use other solutions such as the shared keyword with OpenMP's threading interface that allows you to safely share local variables across threads.

#include <pthread.h>
#include <stdio.h>

void* create_child_thread(void *childVal) {
  int *res = (int *)childVal;
  printf("Result: %d\n", *res);
  return NULL;
}

void create_parent_thread(pthread_t *tid) {
  int parentVal = 1;
  int thrd_success;
  if ((thrd_success = pthread_create(tid, NULL, create_child_thread, &parentVal)) != 0) { //Noncompliant
    /* Handle error */
  }
}

int main(void) {
  pthread_t tid;
  int thrd_success;
  create_parent_thread(&tid);

  if ((thrd_success = thrd_join(tid, NULL)) != 0) {
    /* Handle error */
  }
  return 0;
}

In this example, the value parentVal is local to the parent thread that starts in main and continues into the function create_parent_thread. However, in the body of create_parent_thread, the address of this local variable is passed to a child thread (the thread with start routine create_child_thread). The parent thread might have completed execution and the variable parentVal might have gone out of scope when the child thread accesses this variable.

One possible correction is to declare the variable parentVal as static so that the variable is on the stack for the entire duration of the program.

#include <pthread.h>
#include <stdio.h>

void* create_child_thread(void *childVal) {
  int *res = (int *)childVal;
  printf("Result: %d\n", *res);
  return NULL;
}

void create_parent_thread(pthread_t *tid) {
  static int parentVal = 1;
  int thrd_success;
  if ((thrd_success = pthread_create(tid, NULL, create_child_thread, &parentVal)) != 0) {
    /* Handle error */
  }
}

int main(void) {
  pthread_t tid;
  int thrd_success;
  create_parent_thread(&tid);

  if ((thrd_success = thrd_join(tid, NULL)) != 0) {
    /* Handle error */
  }
  return 0;
}

One possible correction is to dynamically allocate storage for variables to be shared across threads and explicitly free the storage after the variable is no longer required.

#include <pthread.h>
#include <stlib.h>

void* create_child_thread(void *val) {
  int *res = (int *)val;
  printf("Result: %d\n", *res);
  free(res);
  return NULL;
}

void create_parent_thread(pthread_t *tid) {
  int *val;
  int thrd_success;
  
  val = malloc(sizeof(int));
  
  if(!val) {
      *val = 1;
      if ((thrd_success = pthread_create(tid, NULL, create_child_thread, val)) != 0) {
        /* Handle error */
      }
  }
}

int main(void) {
  pthread_t tid;
  int thrd_success;
  create_parent_thread(&tid);

  if ((thrd_success = thrd_join(tid, NULL)) != 0) {
    /* Handle error */
  }
  return 0;
}