summaryrefslogtreecommitdiffstats
path: root/docs/manual/developer/thread_safety.xml
blob: c3c0ca6255f4a82e0583486ed07e05dcd81ea5e2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<!-- $LastChangedRevision$ -->

<!--
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
 The ASF licenses this file to You under the Apache License, Version 2.0
 (the "License"); you may not use this file except in compliance with
 the License.  You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-->

<manualpage metafile="thread_safety.xml.meta">
<parentdocument href="./">Developer Documentation</parentdocument>

<title>Apache 2.0 Thread Safety Issues</title>

<summary>
    <p>When using any of the threaded mpms in Apache 2.0 it is important
    that every function called from Apache be thread safe.  When linking in 3rd
    party extensions it can be difficult to determine whether the resulting
    server will be thread safe.  Casual testing generally won't tell you this
    either as thread safety problems can lead to subtle race conditons that
    may only show up in certain conditions under heavy load.</p>
</summary>

<section id="variables"><title>Global and static variables</title>
    <p>When writing your module or when trying to determine if a module or
    3rd party library is thread safe there are some common things to keep in
    mind.</p>

    <p>First, you need to recognize that in a threaded model each individual
    thread has its own program counter, stack and registers.  Local variables
    live on the stack, so those are fine.  You need to watch out for any
    static or global variables.  This doesn't mean that you are absolutely not
    allowed to use static or global variables.  There are times when you
    actually want something to affect all threads, but generally you need to
    avoid using them if you want your code to be thread safe.</p>

    <p>In the case where you have a global variable that needs to be global and
    accessed by all threads, be very careful when you update it.  If, for
    example, it is an incrementing counter, you need to atomically increment
    it to avoid race conditions with other threads.  You do this using a mutex
    (mutual exclusion). Lock the mutex, read the current value, increment it
    and write it back and then unlock the mutex.  Any other thread that wants
    to modify the value has to first check the mutex and block until it is
    cleared.</p>

    <p>If you are using <a href="http://apr.apache.org/">APR</a>, have a look
    at the <code>apr_atomic_<var>*</var></code> functions and the
    <code>apr_thread_mutex_<var>*</var></code> functions.</p>
    <!-- [would probably be a good idea to add an example here] -->
</section>

<section id="errno"><title>errno</title>
    <p>This is a common global variable that holds the error number of the
    last error that occurred. If one thread calls a low-level function that
    sets errno and then another thread checks it, we are bleeding error
    numbers from one thread into another.  To solve this, make sure your
    module or library defines <code>_REENTRANT</code> or is compiled with
    <code>-D_REENTRANT</code>. This will make errno a per-thread variable
    and should hopefully be transparent to the code. It does this by doing
    something like this:</p>

    <example>
      #define errno (*(__errno_location()))
    </example>

    <p>which means that accessing errno will call
    <code>__errno_location()</code> which is provided by the libc. Setting
    <code>_REENTRANT</code> also forces redefinition of some other functions
    to their <code><var>*</var>_r</code> equivalents and sometimes changes
    the common <code>getc</code>/<code>putc</code> macros into safer function
    calls.  Check your libc documentation for specifics.  Instead of, or in
    addition to <code>_REENTRANT</code> the symbols that may affect this are
    <code>_POSIX_C_SOURCE</code>, <code>_THREAD_SAFE</code>,
    <code>_SVID_SOURCE</code>, and <code>_BSD_SOURCE</code>.</p>
</section>

<section id="functions"><title>Common standard troublesome functions</title>
    <p>Not only do things have to be thread safe, but they also have to be
    reentrant. <code>strtok()</code> is an obvious one. You call it the first
    time with your delimiter which it then remembers and on each subsequent
    call it returns the next token.  Obviously if multiple threads are
    calling it you will have a problem.  Most systems have a reentrant version
    of of the function called <code>strtok_r()</code> where you pass in an
    extra argument which contains an allocated <code>char *</code> which the
    function will use instead of its own static storage for maintaining
    the tokenizing state. If you are using <a href="http://apr.apache.org/"
    >APR</a> you can use <code>apr_strtok()</code>.</p>

    <p><code>crypt()</code> is another function that tends to not be reentrant,
    so if you run across calls to that function in a library, watch out. On
    some systems it is reentrant though, so it is not always a problem. If
    your system has <code>crypt_r()</code> chances are you should be using
    that, or if possible simply avoid the whole mess by using md5 instead.</p>
    <!-- [I don't see an apr_crypt() function.] -->
</section>

<section id="commonlibs"><title>Common 3rd Party Libraries</title>
    <p>The following is a list of common libraries that are used by 3rd party
    Apache modules.  You can check to see if your module is using a potentially
    unsafe library by using tools such as <code>ldd(1)</code> and
    <code>nm(1)</code>. For <a href="http://www.php.net/">PHP</a>, for example,
    try this:</p>

    <example>
      % ldd libphp4.so<br />
      libsablot.so.0 => /usr/local/lib/libsablot.so.0 (0x401f6000)<br />
      libexpat.so.0 => /usr/lib/libexpat.so.0 (0x402da000)<br />
      libsnmp.so.0 => /usr/lib/libsnmp.so.0 (0x402f9000)<br />
      libpdf.so.1 => /usr/local/lib/libpdf.so.1 (0x40353000)<br />
      libz.so.1 => /usr/lib/libz.so.1 (0x403e2000)<br />
      libpng.so.2 => /usr/lib/libpng.so.2 (0x403f0000)<br />
      libmysqlclient.so.11 => /usr/lib/libmysqlclient.so.11 (0x40411000)<br />
      libming.so => /usr/lib/libming.so (0x40449000)<br />
      libm.so.6 => /lib/libm.so.6 (0x40487000)<br />
      libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x404a8000)<br />
      libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x404e7000)<br />
      libcrypt.so.1 => /lib/libcrypt.so.1 (0x40505000)<br />
      libssl.so.2 => /lib/libssl.so.2 (0x40532000)<br />
      libcrypto.so.2 => /lib/libcrypto.so.2 (0x40560000)<br />
      libresolv.so.2 => /lib/libresolv.so.2 (0x40624000)<br />
      libdl.so.2 => /lib/libdl.so.2 (0x40634000)<br />
      libnsl.so.1 => /lib/libnsl.so.1 (0x40637000)<br />
      libc.so.6 => /lib/libc.so.6 (0x4064b000)<br />
      /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
    </example>

    <p>In addition to these libraries you will need to have a look at any
    libraries linked statically into the module. You can use <code>nm(1)</code>
    to look for individual symbols in the module.</p>
</section>

<section id="liblist"><title>Library List</title>
    <p>Please drop a note to <a
    href="http://httpd.apache.org/lists.html#http-dev">dev@httpd.apache.org</a>
    if you have additions or corrections to this list.</p>

    <table style="zebra" border="1">
    <tr><th>Library</th><th>Version</th><th>Thread Safe?</th><th>Notes</th></tr>
    <tr><td><a href="http://aspell.sourceforge.net/">ASpell/PSpell</a></td>
        <td> </td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.sleepycat.com/">Berkeley DB</a></td>
        <td>3.x, 4.x</td>
        <td>Yes</td>
        <td>Be careful about sharing a connection across threads.</td></tr>
    <tr><td><a href="http://sources.redhat.com/bzip2/index.html">bzip2</a></td>
        <td> </td>
        <td>Yes</td>
        <td>Both low-level and high-level APIs are thread-safe. However,
        high-level API requires thread-safe access to errno.</td></tr>
    <tr><td><a href="http://cr.yp.to/cdb.html">cdb</a></td>
        <td> </td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.washington.edu/imap/">C-Client</a></td>
        <td> </td>
        <td>Perhaps</td>
        <td>c-client uses <code>strtok()</code> and
        <code>gethostbyname()</code> which are not thread-safe on most C
        library implementations.  c-client's static data is meant to be shared
        across threads. If <code>strtok()</code> and
        <code>gethostbyname()</code> are thread-safe on your OS, c-client
        <em>may</em> be thread-safe.</td></tr>
    <tr><td><a href="http://www.ijg.org/files/">libcrypt</a></td>
        <td> </td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://expat.sourceforge.net/">Expat</a></td>
        <td> </td>
        <td>Yes</td>
        <td>Need a separate parser instance per thread</td></tr>
    <tr><td><a href="http://www.freetds.org/">FreeTDS</a></td>
        <td> </td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.freetype.org/">FreeType</a></td>
        <td> </td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.boutell.com/gd/">GD 1.8.x</a></td>
        <td> </td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.boutell.com/gd/">GD 2.0.x</a></td>
        <td> </td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.gnu.org/software/gdbm/gdbm.html">gdbm</a></td>
        <td> </td>
        <td>No</td>
        <td>Errors returned via a static <code>gdbm_error</code>
        variable</td></tr>
    <tr><td><a href="http://www.imagemagick.org/">ImageMagick</a></td>
        <td>5.2.2</td>
        <td>Yes</td>
        <td>ImageMagick docs claim it is thread safe since version 5.2.2 (see <a
        href="http://www.imagemagick.com/www/changelog.html"
        >Change log</a>).
        </td></tr>
    <tr><td><a href="http://www.enlightenment.org/p.php?p=about/efl&amp;l=en"
        >Imlib2</a></td>
        <td> </td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.ijg.org/files/">libjpeg</a></td>
        <td>v6b</td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://mysql.com">libmysqlclient</a></td>
        <td> </td>
        <td>Yes</td>
        <td>Use mysqlclient_r library variant to ensure thread-safety.  For
            more information, please read <a
            href="http://dev.mysql.com/doc/mysql/en/Threaded_clients.html"
            >http://dev.mysql.com/doc/mysql/en/Threaded_clients.html</a>.</td></tr>
    <tr><td><a href="http://www.opaque.net/ming/">Ming</a></td>
        <td>0.2a</td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://net-snmp.sourceforge.net/">Net-SNMP</a></td>
        <td>5.0.x</td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.openldap.org/">OpenLDAP</a></td>
        <td>2.1.x</td>
        <td>Yes</td>
        <td>Use <code>ldap_r</code> library variant to ensure
        thread-safety.</td></tr>
    <tr><td><a href="http://www.openssl.org/">OpenSSL</a></td>
        <td>0.9.6g</td>
        <td>Yes</td>
        <td>Requires proper usage of <code>CRYPTO_num_locks</code>,
        <code>CRYPTO_set_locking_callback</code>,
        <code>CRYPTO_set_id_callback</code></td></tr>
    <tr><td><a href="http://www.oracle.com/">liboci8 (Oracle 8+)</a></td>
        <td>8.x,9.x</td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://pdflib.com/">pdflib</a></td>
        <td>5.0.x</td>
        <td>Yes</td>
        <td>PDFLib docs claim it is thread safe; changes.txt indicates it
            has been partially thread-safe since V1.91: <a
            href="http://www.pdflib.com/products/pdflib-family/pdflib/"
            >http://www.pdflib.com/products/pdflib-family/pdflib/</a>.</td></tr>
    <tr><td><a href="http://www.libpng.org/pub/png/libpng.html">libpng</a></td>
        <td>1.0.x</td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a href="http://www.libpng.org/pub/png/libpng.html">libpng</a></td>
        <td>1.2.x</td>
        <td>?</td>
        <td> </td></tr>
    <tr><td><a
        href="http://www.postgresql.org/docs/8.4/static/libpq-threading.html"
        >libpq (PostgreSQL)</a></td>
        <td>8.x</td>
        <td>Yes</td>
        <td>Don't share connections across threads and watch out for
        <code>crypt()</code> calls</td></tr>
    <tr><td><a href="http://www.gingerall.com/charlie/ga/xml/p_sab.xml"
        >Sablotron</a></td>
        <td>0.95</td>
        <td>?</td>
        <td></td></tr>
    <tr><td><a href="http://www.gzip.org/zlib/">zlib</a></td>
        <td>1.1.4</td>
        <td>Yes</td>
        <td>Relies upon thread-safe zalloc and zfree functions  Default is to
        use libc's calloc/free which are thread-safe.</td></tr>
    </table>
</section>
</manualpage>