From dc0fc11ac30784c8ba0bf1faf192333973272aa4 Mon Sep 17 00:00:00 2001 From: HanetakaChou Date: Sun, 16 Mar 2025 16:55:10 +0100 Subject: [PATCH] Fix Race Condition --- .../btSequentialImpulseConstraintSolverMt.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/BulletDynamics/ConstraintSolver/btSequentialImpulseConstraintSolverMt.cpp b/src/BulletDynamics/ConstraintSolver/btSequentialImpulseConstraintSolverMt.cpp index 7aa9953bbf..a2cc26a381 100644 --- a/src/BulletDynamics/ConstraintSolver/btSequentialImpulseConstraintSolverMt.cpp +++ b/src/BulletDynamics/ConstraintSolver/btSequentialImpulseConstraintSolverMt.cpp @@ -334,17 +334,25 @@ int btSequentialImpulseConstraintSolverMt::getOrInitSolverBodyThreadsafe(btColli // to record the solverBodyId int uniqueId = body.getWorldArrayIndex(); const int INVALID_SOLVER_BODY_ID = -1; + m_kinematicBodyUniqueIdToSolverBodyTableMutex.lock(); if (m_kinematicBodyUniqueIdToSolverBodyTable.size() <= uniqueId) { - m_kinematicBodyUniqueIdToSolverBodyTableMutex.lock(); // now that we have the lock, check again if (m_kinematicBodyUniqueIdToSolverBodyTable.size() <= uniqueId) { m_kinematicBodyUniqueIdToSolverBodyTable.resize(uniqueId + 1, INVALID_SOLVER_BODY_ID); } - m_kinematicBodyUniqueIdToSolverBodyTableMutex.unlock(); } + // when another thread resizes the table, it will perform the following two steps: + // ANOTHER-1. allocate the new meomry block + // ANOTHER-2. copy the existing data from the old memory block to the new meomry block + // + // there can be such timeline: + // ANOTHER-1. another thread has allocated the new meomry block + // CURRENT. current thread is reading the **uninitialized** data from the new memory block + // ANOTHER-2. another thread will copy the existing data from the old memory block to the new meomry block, but this will not affect the uninitialized data read by the current thread solverBodyId = m_kinematicBodyUniqueIdToSolverBodyTable[uniqueId]; + m_kinematicBodyUniqueIdToSolverBodyTableMutex.unlock(); // if no table entry yet, if (INVALID_SOLVER_BODY_ID == solverBodyId) {