[Ns-developers] [ns-2.33] bug in wireless-phyExt.cc::PowerTimer::expire()
antoine.trux@nokia.com
antoine.trux at nokia.com
Tue Apr 29 01:37:24 PDT 2008
Hi,
I found a bug in the implementation of ./ns-2.33/mac/wireless-phyExt.cc::PowerTimer::expire():
This function is called from ./ns-2.33/common/timer-handler.cc::TimerHandler::handle():
void
TimerHandler::handle(Event *e)
{
if (status_ != TIMER_PENDING) // sanity check
abort();
status_ = TIMER_HANDLING;
expire(e);
// if it wasn't rescheduled, it's done
if (status_ == TIMER_HANDLING)
status_ = TIMER_IDLE;
}
In ./ns-2.33/common/timer-handler.h, class TimerHandler declares expire() as a pure virtual method, and its subclass PowerTimer implements it (in ./ns-2.33/mac/wireless-phyExt.cc) as follows:
void PowerTimer::expire(Event *e) {
[...]
delete this;
}
A consequence of this code is that after TimerHandler::handle() has called PowerTimer::expire(), the TimerHandler no longer exists. TimerHandler::handle(), however, goes on and accesses the instance variable `status_' of the TimerHandler after the call to expire().
According to the C++ Standard (§12.7.2), accessing an instance variable of a destroyed object "results in undefined behavior".
Antoine Trux
Nokia Research Center
More information about the Ns-developers
mailing list