proc: fix threadCreate and kill race condition

[etiaro]

There's a race condition that allows a process to create thread during its termination, which will continue to run when the process should be already dead.

JIRA: RTOS-1079

Description

Motivation and Context

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Chore (refactoring, style fixes, git/CI config, submodule management, no code logic changes)

How Has This Been Tested?

• Already covered by automatic testing.
• New test added: (add PR link here).
• Tested by hand on: ia32

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing linter checks and tests passed.
• My changes generate no new compilation warnings for any of the targets.

Special treatment

• This PR needs additional PRs to work (list the PRs, preferably in merge-order).
• I will merge this PR by myself when appropriate.

[gemini-code-assist]

Summary of Changes

Hello @etiaro, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical race condition in the process and thread management system. Specifically, it fixes an issue where a process could create new threads during its termination phase, leading to these threads continuing to run even after the parent process should have been fully dead. The solution introduces a dead flag within the process_t structure to explicitly mark processes that are terminating. This flag is then checked during thread creation, preventing new threads from being scheduled if their parent process is already marked for termination, thus ensuring proper process lifecycle management and preventing resource leaks.

Highlights

• Process State Management: Introduced a new dead bitfield (1-bit unsigned integer) in the process_t structure to explicitly track if a process is in the process of terminating.
• Process Initialization: The newly added dead flag is initialized to 0 (indicating the process is not dead) when a new process is started via proc_start.
• Process Termination: The dead flag is set to 1 (indicating the process is dead/terminating) within the proc_kill function, signaling that the process is undergoing cleanup.
• Thread Creation Safety: Modified proc_threadCreate to check the dead flag of the parent process. If the process is marked as dead, any newly created thread is immediately set to THREAD_END state, preventing it from being scheduled and running.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a dead flag to the process_t struct and modifies proc_kill to set this flag. It also updates proc_threadCreate to check this flag and terminate threads of dead processes. The changes aim to fix a race condition where threads could be created in a process that is being terminated. The introduction of the dead flag and its usage in proc_threadCreate seem like a reasonable approach to address the race condition. However, the synchronization of the dead flag needs to be carefully considered to avoid data races.

[github-actions]

Unit Test Results

9 523 tests  ±0   8 931 ✅ ±0   52m 53s ⏱️ +32s
  583 suites ±0     592 💤 ±0 
    1 files   ±0       0 ❌ ±0 

Results for commit 2165087. ± Comparison against base commit 366a57e.

♻️ This comment has been updated with latest results.

[Darchiv]

I wonder if we can avoid an additional dead variable which introduces another parallel "state machine". Can we infer "deadness" from other information?

Also, this commit needs to be adjusted for addition of except parameter to proc_threadsDestroy()

[etiaro]

The new solution does not introduce any additional flags and handles the race, at least in all current code paths.