| Location | Tool | Test ID | Function | Issue |
|---|---|---|---|---|
| /builddir/build/BUILD/Python-2.7.3/Python/pystate.c:269:13 | clang-analyzer | Dereference of null pointer (loaded from variable 'p')* | ||
| /builddir/build/BUILD/Python-2.7.3/Python/pystate.c:269:13 | clang-analyzer | Dereference of null pointer (loaded from variable 'p')* | ||
| /builddir/build/BUILD/Python-2.7.3/Python/pystate.c:283:13 | clang-analyzer | Access to field 'next' results in a dereference of a null pointer | ||
| /builddir/build/BUILD/Python-2.7.3/Python/pystate.c:283:13 | clang-analyzer | Access to field 'next' results in a dereference of a null pointer | ||
| /builddir/build/BUILD/Python-2.7.3/Python/pystate.c:635:5 | clang-analyzer | Access to field 'gilstate_counter' results in a dereference of a null pointer (loaded from variable 'tcur') | ||
| /builddir/build/BUILD/Python-2.7.3/Python/pystate.c:635:5 | clang-analyzer | Access to field 'gilstate_counter' results in a dereference of a null pointer (loaded from variable 'tcur') |
1 /* Thread and interpreter state structures and their interfaces */
2
3 #include "Python.h"
4
5 /* --------------------------------------------------------------------------
6 CAUTION
7
8 Always use malloc() and free() directly in this file. A number of these
9 functions are advertised as safe to call when the GIL isn't held, and in
10 a debug build Python redirects (e.g.) PyMem_NEW (etc) to Python's debugging
11 obmalloc functions. Those aren't thread-safe (they rely on the GIL to avoid
12 the expense of doing their own locking).
13 -------------------------------------------------------------------------- */
14
15 #ifdef HAVE_DLOPEN
16 #ifdef HAVE_DLFCN_H
17 #include <dlfcn.h>
18 #endif
19 #ifndef RTLD_LAZY
20 #define RTLD_LAZY 1
21 #endif
22 #endif
23
24
25 #ifdef WITH_THREAD
26 #include "pythread.h"
27 static PyThread_type_lock head_mutex = NULL; /* Protects interp->tstate_head */
28 #define HEAD_INIT() (void)(head_mutex || (head_mutex = PyThread_allocate_lock()))
29 #define HEAD_LOCK() PyThread_acquire_lock(head_mutex, WAIT_LOCK)
30 #define HEAD_UNLOCK() PyThread_release_lock(head_mutex)
31
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35
36 /* The single PyInterpreterState used by this process'
37 GILState implementation
38 */
39 static PyInterpreterState *autoInterpreterState = NULL;
40 static int autoTLSkey = 0;
41 #else
42 #define HEAD_INIT() /* Nothing */
43 #define HEAD_LOCK() /* Nothing */
44 #define HEAD_UNLOCK() /* Nothing */
45 #endif
46
47 static PyInterpreterState *interp_head = NULL;
48
49 PyThreadState *_PyThreadState_Current = NULL;
50 PyThreadFrameGetter _PyThreadState_GetFrame = NULL;
51
52 #ifdef WITH_THREAD
53 static void _PyGILState_NoteThreadState(PyThreadState* tstate);
54 #endif
55
56
57 PyInterpreterState *
58 PyInterpreterState_New(void)
59 {
60 PyInterpreterState *interp = (PyInterpreterState *)
61 malloc(sizeof(PyInterpreterState));
62
63 if (interp != NULL) {
64 HEAD_INIT();
65 #ifdef WITH_THREAD
66 if (head_mutex == NULL)
67 Py_FatalError("Can't initialize threads for interpreter");
68 #endif
69 interp->modules = NULL;
70 interp->modules_reloading = NULL;
71 interp->sysdict = NULL;
72 interp->builtins = NULL;
73 interp->tstate_head = NULL;
74 interp->codec_search_path = NULL;
75 interp->codec_search_cache = NULL;
76 interp->codec_error_registry = NULL;
77 #ifdef HAVE_DLOPEN
78 #ifdef RTLD_NOW
79 interp->dlopenflags = RTLD_NOW;
80 #else
81 interp->dlopenflags = RTLD_LAZY;
82 #endif
83 #endif
84 #ifdef WITH_TSC
85 interp->tscdump = 0;
86 #endif
87
88 HEAD_LOCK();
89 interp->next = interp_head;
90 interp_head = interp;
91 HEAD_UNLOCK();
92 }
93
94 return interp;
95 }
96
97
98 void
99 PyInterpreterState_Clear(PyInterpreterState *interp)
100 {
101 PyThreadState *p;
102 HEAD_LOCK();
103 for (p = interp->tstate_head; p != NULL; p = p->next)
104 PyThreadState_Clear(p);
105 HEAD_UNLOCK();
106 Py_CLEAR(interp->codec_search_path);
107 Py_CLEAR(interp->codec_search_cache);
108 Py_CLEAR(interp->codec_error_registry);
109 Py_CLEAR(interp->modules);
110 Py_CLEAR(interp->modules_reloading);
111 Py_CLEAR(interp->sysdict);
112 Py_CLEAR(interp->builtins);
113 }
114
115
116 static void
117 zapthreads(PyInterpreterState *interp)
118 {
119 PyThreadState *p;
120 /* No need to lock the mutex here because this should only happen
121 when the threads are all really dead (XXX famous last words). */
122 while ((p = interp->tstate_head) != NULL) {
123 PyThreadState_Delete(p);
124 }
125 }
126
127
128 void
129 PyInterpreterState_Delete(PyInterpreterState *interp)
130 {
131 PyInterpreterState **p;
132 zapthreads(interp);
133 HEAD_LOCK();
134 for (p = &interp_head; ; p = &(*p)->next) {
135 if (*p == NULL)
136 Py_FatalError(
137 "PyInterpreterState_Delete: invalid interp");
138 if (*p == interp)
139 break;
140 }
141 if (interp->tstate_head != NULL)
142 Py_FatalError("PyInterpreterState_Delete: remaining threads");
143 *p = interp->next;
144 HEAD_UNLOCK();
145 free(interp);
146 }
147
148
149 /* Default implementation for _PyThreadState_GetFrame */
150 static struct _frame *
151 threadstate_getframe(PyThreadState *self)
152 {
153 return self->frame;
154 }
155
156 static PyThreadState *
157 new_threadstate(PyInterpreterState *interp, int init)
158 {
159 PyThreadState *tstate = (PyThreadState *)malloc(sizeof(PyThreadState));
160
161 if (_PyThreadState_GetFrame == NULL)
162 _PyThreadState_GetFrame = threadstate_getframe;
163
164 if (tstate != NULL) {
165 tstate->interp = interp;
166
167 tstate->frame = NULL;
168 tstate->recursion_depth = 0;
169 tstate->tracing = 0;
170 tstate->use_tracing = 0;
171 tstate->tick_counter = 0;
172 tstate->gilstate_counter = 0;
173 tstate->async_exc = NULL;
174 #ifdef WITH_THREAD
175 tstate->thread_id = PyThread_get_thread_ident();
176 #else
177 tstate->thread_id = 0;
178 #endif
179
180 tstate->dict = NULL;
181
182 tstate->curexc_type = NULL;
183 tstate->curexc_value = NULL;
184 tstate->curexc_traceback = NULL;
185
186 tstate->exc_type = NULL;
187 tstate->exc_value = NULL;
188 tstate->exc_traceback = NULL;
189
190 tstate->c_profilefunc = NULL;
191 tstate->c_tracefunc = NULL;
192 tstate->c_profileobj = NULL;
193 tstate->c_traceobj = NULL;
194
195 if (init)
196 _PyThreadState_Init(tstate);
197
198 HEAD_LOCK();
199 tstate->next = interp->tstate_head;
200 interp->tstate_head = tstate;
201 HEAD_UNLOCK();
202 }
203
204 return tstate;
205 }
206
207 PyThreadState *
208 PyThreadState_New(PyInterpreterState *interp)
209 {
210 return new_threadstate(interp, 1);
211 }
212
213 PyThreadState *
214 _PyThreadState_Prealloc(PyInterpreterState *interp)
215 {
216 return new_threadstate(interp, 0);
217 }
218
219 void
220 _PyThreadState_Init(PyThreadState *tstate)
221 {
222 #ifdef WITH_THREAD
223 _PyGILState_NoteThreadState(tstate);
224 #endif
225 }
226
227 void
228 PyThreadState_Clear(PyThreadState *tstate)
229 {
230 if (Py_VerboseFlag && tstate->frame != NULL)
231 fprintf(stderr,
232 "PyThreadState_Clear: warning: thread still has a frame\n");
233
234 Py_CLEAR(tstate->frame);
235
236 Py_CLEAR(tstate->dict);
237 Py_CLEAR(tstate->async_exc);
238
239 Py_CLEAR(tstate->curexc_type);
240 Py_CLEAR(tstate->curexc_value);
241 Py_CLEAR(tstate->curexc_traceback);
242
243 Py_CLEAR(tstate->exc_type);
244 Py_CLEAR(tstate->exc_value);
245 Py_CLEAR(tstate->exc_traceback);
246
247 tstate->c_profilefunc = NULL;
248 tstate->c_tracefunc = NULL;
249 Py_CLEAR(tstate->c_profileobj);
250 Py_CLEAR(tstate->c_traceobj);
251 }
252
253
254 /* Common code for PyThreadState_Delete() and PyThreadState_DeleteCurrent() */
255 static void
256 tstate_delete_common(PyThreadState *tstate)
257 {
258 PyInterpreterState *interp;
259 PyThreadState **p;
260 PyThreadState *prev_p = NULL;
261 if (tstate == NULL)
262 Py_FatalError("PyThreadState_Delete: NULL tstate");
263 interp = tstate->interp;
264 if (interp == NULL)
265 Py_FatalError("PyThreadState_Delete: NULL interp");
266 HEAD_LOCK();
267 for (p = &interp->tstate_head; ; p = &(*p)->next) {
268 if (*p == NULL)
269 Py_FatalError(
Possibly related backtrace: aa344cb30e1b4296551dc7fef6e3f334b7a35222 MatchResult(frame_number=4, dist=1)
(emitted by clang-analyzer)TODO: a detailed trace is available in the data model (not yet rendered in this report)
Possibly related backtrace: aa344cb30e1b4296551dc7fef6e3f334b7a35222 MatchResult(frame_number=4, dist=1)
(emitted by clang-analyzer)TODO: a detailed trace is available in the data model (not yet rendered in this report)
270 "PyThreadState_Delete: invalid tstate");
271 if (*p == tstate)
272 break;
273 /* Sanity check. These states should never happen but if
274 * they do we must abort. Otherwise we'll end up spinning in
275 * in a tight loop with the lock held. A similar check is done
276 * in thread.c find_key(). */
277 if (*p == prev_p)
278 Py_FatalError(
279 "PyThreadState_Delete: small circular list(!)"
280 " and tstate not found.");
281 prev_p = *p;
282 if ((*p)->next == interp->tstate_head)
283 Py_FatalError(
(emitted by clang-analyzer)TODO: a detailed trace is available in the data model (not yet rendered in this report)
(emitted by clang-analyzer)TODO: a detailed trace is available in the data model (not yet rendered in this report)
284 "PyThreadState_Delete: circular list(!) and"
285 " tstate not found.");
286 }
287 *p = tstate->next;
288 HEAD_UNLOCK();
289 free(tstate);
290 }
291
292
293 void
294 PyThreadState_Delete(PyThreadState *tstate)
295 {
296 if (tstate == _PyThreadState_Current)
297 Py_FatalError("PyThreadState_Delete: tstate is still current");
298 tstate_delete_common(tstate);
299 #ifdef WITH_THREAD
300 if (autoInterpreterState && PyThread_get_key_value(autoTLSkey) == tstate)
301 PyThread_delete_key_value(autoTLSkey);
302 #endif /* WITH_THREAD */
303 }
304
305
306 #ifdef WITH_THREAD
307 void
308 PyThreadState_DeleteCurrent()
309 {
310 PyThreadState *tstate = _PyThreadState_Current;
311 if (tstate == NULL)
312 Py_FatalError(
313 "PyThreadState_DeleteCurrent: no current tstate");
314 _PyThreadState_Current = NULL;
315 tstate_delete_common(tstate);
316 if (autoInterpreterState && PyThread_get_key_value(autoTLSkey) == tstate)
317 PyThread_delete_key_value(autoTLSkey);
318 PyEval_ReleaseLock();
319 }
320 #endif /* WITH_THREAD */
321
322
323 PyThreadState *
324 PyThreadState_Get(void)
325 {
326 if (_PyThreadState_Current == NULL)
327 Py_FatalError("PyThreadState_Get: no current thread");
328
329 return _PyThreadState_Current;
330 }
331
332
333 PyThreadState *
334 PyThreadState_Swap(PyThreadState *newts)
335 {
336 PyThreadState *oldts = _PyThreadState_Current;
337
338 _PyThreadState_Current = newts;
339 /* It should not be possible for more than one thread state
340 to be used for a thread. Check this the best we can in debug
341 builds.
342 */
343 #if defined(Py_DEBUG) && defined(WITH_THREAD)
344 if (newts) {
345 /* This can be called from PyEval_RestoreThread(). Similar
346 to it, we need to ensure errno doesn't change.
347 */
348 int err = errno;
349 PyThreadState *check = PyGILState_GetThisThreadState();
350 if (check && check->interp == newts->interp && check != newts)
351 Py_FatalError("Invalid thread state for this thread");
352 errno = err;
353 }
354 #endif
355 return oldts;
356 }
357
358 /* An extension mechanism to store arbitrary additional per-thread state.
359 PyThreadState_GetDict() returns a dictionary that can be used to hold such
360 state; the caller should pick a unique key and store its state there. If
361 PyThreadState_GetDict() returns NULL, an exception has *not* been raised
362 and the caller should assume no per-thread state is available. */
363
364 PyObject *
365 PyThreadState_GetDict(void)
366 {
367 if (_PyThreadState_Current == NULL)
368 return NULL;
369
370 if (_PyThreadState_Current->dict == NULL) {
371 PyObject *d;
372 _PyThreadState_Current->dict = d = PyDict_New();
373 if (d == NULL)
374 PyErr_Clear();
375 }
376 return _PyThreadState_Current->dict;
377 }
378
379
380 /* Asynchronously raise an exception in a thread.
381 Requested by Just van Rossum and Alex Martelli.
382 To prevent naive misuse, you must write your own extension
383 to call this, or use ctypes. Must be called with the GIL held.
384 Returns the number of tstates modified (normally 1, but 0 if `id` didn't
385 match any known thread id). Can be called with exc=NULL to clear an
386 existing async exception. This raises no exceptions. */
387
388 int
389 PyThreadState_SetAsyncExc(long id, PyObject *exc) {
390 PyThreadState *tstate = PyThreadState_GET();
391 PyInterpreterState *interp = tstate->interp;
392 PyThreadState *p;
393
394 /* Although the GIL is held, a few C API functions can be called
395 * without the GIL held, and in particular some that create and
396 * destroy thread and interpreter states. Those can mutate the
397 * list of thread states we're traversing, so to prevent that we lock
398 * head_mutex for the duration.
399 */
400 HEAD_LOCK();
401 for (p = interp->tstate_head; p != NULL; p = p->next) {
402 if (p->thread_id == id) {
403 /* Tricky: we need to decref the current value
404 * (if any) in p->async_exc, but that can in turn
405 * allow arbitrary Python code to run, including
406 * perhaps calls to this function. To prevent
407 * deadlock, we need to release head_mutex before
408 * the decref.
409 */
410 PyObject *old_exc = p->async_exc;
411 Py_XINCREF(exc);
412 p->async_exc = exc;
413 HEAD_UNLOCK();
414 Py_XDECREF(old_exc);
415 return 1;
416 }
417 }
418 HEAD_UNLOCK();
419 return 0;
420 }
421
422
423 /* Routines for advanced debuggers, requested by David Beazley.
424 Don't use unless you know what you are doing! */
425
426 PyInterpreterState *
427 PyInterpreterState_Head(void)
428 {
429 return interp_head;
430 }
431
432 PyInterpreterState *
433 PyInterpreterState_Next(PyInterpreterState *interp) {
434 return interp->next;
435 }
436
437 PyThreadState *
438 PyInterpreterState_ThreadHead(PyInterpreterState *interp) {
439 return interp->tstate_head;
440 }
441
442 PyThreadState *
443 PyThreadState_Next(PyThreadState *tstate) {
444 return tstate->next;
445 }
446
447 /* The implementation of sys._current_frames(). This is intended to be
448 called with the GIL held, as it will be when called via
449 sys._current_frames(). It's possible it would work fine even without
450 the GIL held, but haven't thought enough about that.
451 */
452 PyObject *
453 _PyThread_CurrentFrames(void)
454 {
455 PyObject *result;
456 PyInterpreterState *i;
457
458 result = PyDict_New();
459 if (result == NULL)
460 return NULL;
461
462 /* for i in all interpreters:
463 * for t in all of i's thread states:
464 * if t's frame isn't NULL, map t's id to its frame
465 * Because these lists can mutate even when the GIL is held, we
466 * need to grab head_mutex for the duration.
467 */
468 HEAD_LOCK();
469 for (i = interp_head; i != NULL; i = i->next) {
470 PyThreadState *t;
471 for (t = i->tstate_head; t != NULL; t = t->next) {
472 PyObject *id;
473 int stat;
474 struct _frame *frame = t->frame;
475 if (frame == NULL)
476 continue;
477 id = PyInt_FromLong(t->thread_id);
478 if (id == NULL)
479 goto Fail;
480 stat = PyDict_SetItem(result, id, (PyObject *)frame);
481 Py_DECREF(id);
482 if (stat < 0)
483 goto Fail;
484 }
485 }
486 HEAD_UNLOCK();
487 return result;
488
489 Fail:
490 HEAD_UNLOCK();
491 Py_DECREF(result);
492 return NULL;
493 }
494
495 /* Python "auto thread state" API. */
496 #ifdef WITH_THREAD
497
498 /* Keep this as a static, as it is not reliable! It can only
499 ever be compared to the state for the *current* thread.
500 * If not equal, then it doesn't matter that the actual
501 value may change immediately after comparison, as it can't
502 possibly change to the current thread's state.
503 * If equal, then the current thread holds the lock, so the value can't
504 change until we yield the lock.
505 */
506 static int
507 PyThreadState_IsCurrent(PyThreadState *tstate)
508 {
509 /* Must be the tstate for this thread */
510 assert(PyGILState_GetThisThreadState()==tstate);
511 /* On Windows at least, simple reads and writes to 32 bit values
512 are atomic.
513 */
514 return tstate == _PyThreadState_Current;
515 }
516
517 /* Internal initialization/finalization functions called by
518 Py_Initialize/Py_Finalize
519 */
520 void
521 _PyGILState_Init(PyInterpreterState *i, PyThreadState *t)
522 {
523 assert(i && t); /* must init with valid states */
524 autoTLSkey = PyThread_create_key();
525 autoInterpreterState = i;
526 assert(PyThread_get_key_value(autoTLSkey) == NULL);
527 assert(t->gilstate_counter == 0);
528
529 _PyGILState_NoteThreadState(t);
530 }
531
532 void
533 _PyGILState_Fini(void)
534 {
535 PyThread_delete_key(autoTLSkey);
536 autoInterpreterState = NULL;
537 }
538
539 /* When a thread state is created for a thread by some mechanism other than
540 PyGILState_Ensure, it's important that the GILState machinery knows about
541 it so it doesn't try to create another thread state for the thread (this is
542 a better fix for SF bug #1010677 than the first one attempted).
543 */
544 static void
545 _PyGILState_NoteThreadState(PyThreadState* tstate)
546 {
547 /* If autoTLSkey isn't initialized, this must be the very first
548 threadstate created in Py_Initialize(). Don't do anything for now
549 (we'll be back here when _PyGILState_Init is called). */
550 if (!autoInterpreterState)
551 return;
552
553 /* Stick the thread state for this thread in thread local storage.
554
555 The only situation where you can legitimately have more than one
556 thread state for an OS level thread is when there are multiple
557 interpreters, when:
558
559 a) You shouldn't really be using the PyGILState_ APIs anyway,
560 and:
561
562 b) The slightly odd way PyThread_set_key_value works (see
563 comments by its implementation) means that the first thread
564 state created for that given OS level thread will "win",
565 which seems reasonable behaviour.
566 */
567 if (PyThread_set_key_value(autoTLSkey, (void *)tstate) < 0)
568 Py_FatalError("Couldn't create autoTLSkey mapping");
569
570 /* PyGILState_Release must not try to delete this thread state. */
571 tstate->gilstate_counter = 1;
572 }
573
574 /* The public functions */
575 PyThreadState *
576 PyGILState_GetThisThreadState(void)
577 {
578 if (autoInterpreterState == NULL)
579 return NULL;
580 return (PyThreadState *)PyThread_get_key_value(autoTLSkey);
581 }
582
583 PyGILState_STATE
584 PyGILState_Ensure(void)
585 {
586 int current;
587 PyThreadState *tcur;
588 /* Note that we do not auto-init Python here - apart from
589 potential races with 2 threads auto-initializing, pep-311
590 spells out other issues. Embedders are expected to have
591 called Py_Initialize() and usually PyEval_InitThreads().
592 */
593 assert(autoInterpreterState); /* Py_Initialize() hasn't been called! */
594 tcur = (PyThreadState *)PyThread_get_key_value(autoTLSkey);
595 if (tcur == NULL) {
596 /* Create a new thread state for this thread */
597 tcur = PyThreadState_New(autoInterpreterState);
598 if (tcur == NULL)
599 Py_FatalError("Couldn't create thread-state for new thread");
600 /* This is our thread state! We'll need to delete it in the
601 matching call to PyGILState_Release(). */
602 tcur->gilstate_counter = 0;
603 current = 0; /* new thread state is never current */
604 }
605 else
606 current = PyThreadState_IsCurrent(tcur);
607 if (current == 0)
608 PyEval_RestoreThread(tcur);
609 /* Update our counter in the thread-state - no need for locks:
610 - tcur will remain valid as we hold the GIL.
611 - the counter is safe as we are the only thread "allowed"
612 to modify this value
613 */
614 ++tcur->gilstate_counter;
615 return current ? PyGILState_LOCKED : PyGILState_UNLOCKED;
616 }
617
618 void
619 PyGILState_Release(PyGILState_STATE oldstate)
620 {
621 PyThreadState *tcur = (PyThreadState *)PyThread_get_key_value(
622 autoTLSkey);
623 if (tcur == NULL)
624 Py_FatalError("auto-releasing thread-state, "
625 "but no thread-state for this thread");
626 /* We must hold the GIL and have our thread state current */
627 /* XXX - remove the check - the assert should be fine,
628 but while this is very new (April 2003), the extra check
629 by release-only users can't hurt.
630 */
631 if (! PyThreadState_IsCurrent(tcur))
632 Py_FatalError("This thread state must be current when releasing");
633 assert(PyThreadState_IsCurrent(tcur));
634 --tcur->gilstate_counter;
635 assert(tcur->gilstate_counter >= 0); /* illegal counter value */
(emitted by clang-analyzer)TODO: a detailed trace is available in the data model (not yet rendered in this report)
(emitted by clang-analyzer)TODO: a detailed trace is available in the data model (not yet rendered in this report)
636
637 /* If we're going to destroy this thread-state, we must
638 * clear it while the GIL is held, as destructors may run.
639 */
640 if (tcur->gilstate_counter == 0) {
641 /* can't have been locked when we created it */
642 assert(oldstate == PyGILState_UNLOCKED);
643 PyThreadState_Clear(tcur);
644 /* Delete the thread-state. Note this releases the GIL too!
645 * It's vital that the GIL be held here, to avoid shutdown
646 * races; see bugs 225673 and 1061968 (that nasty bug has a
647 * habit of coming back).
648 */
649 PyThreadState_DeleteCurrent();
650 }
651 /* Release the lock if necessary */
652 else if (oldstate == PyGILState_UNLOCKED)
653 PyEval_SaveThread();
654 }
655
656 #ifdef __cplusplus
657 }
658 #endif
659
660 #endif /* WITH_THREAD */