[Ns-developers] [ns-2.33] bug in wireless-phyExt.cc::PowerTimer::expire()
Felix Schmidt-Eisenlohr
fschmidt at tm.uni-karlsruhe.de
Tue May 6 10:11:06 PDT 2008
Hi,
sorry for answering that late, but I was out and on vacation.
Thanks for the comment, is is definitely valid and we will resolve it!
As we got some more comments we will very soon provide a patch against
ns-2.33 that should resolve the issues brought to us in several very
helpful comments. When we have put it together it will sent to to the
list as well so that everyone could have a look at it before finally
releasing it.
Thanks and best regards,
Felix
--
Dipl.-Inform. Felix Schmidt-Eisenlohr
University of Karlsruhe (TH)
Institute of Telematics
Decentralized Systems and Network Services Research Group
Engesserstr. 6, D-76131 Karlsruhe, Germany
building 20.52, room 307
phone: +49 721 608 6626
fax: +49 721 608 6789
felix.schmidt-eisenlohr at kit.edu
http://dsn.tm.uka.de
antoine.trux at nokia.com schrieb:
> Hi,
>
> I found a bug in the implementation of
./ns-2.33/mac/wireless-phyExt.cc::PowerTimer::expire():
>
> This function is called from
./ns-2.33/common/timer-handler.cc::TimerHandler::handle():
>
> void
> TimerHandler::handle(Event *e)
> {
> if (status_ != TIMER_PENDING) // sanity check
> abort();
> status_ = TIMER_HANDLING;
> expire(e);
> // if it wasn't rescheduled, it's done
> if (status_ == TIMER_HANDLING)
> status_ = TIMER_IDLE;
> }
>
> In ./ns-2.33/common/timer-handler.h, class TimerHandler declares
expire() as a pure virtual method, and its subclass PowerTimer
implements it (in ./ns-2.33/mac/wireless-phyExt.cc) as follows:
>
> void PowerTimer::expire(Event *e) {
> [...]
> delete this;
> }
>
> A consequence of this code is that after TimerHandler::handle() has
called PowerTimer::expire(), the TimerHandler no longer exists.
TimerHandler::handle(), however, goes on and accesses the instance
variable `status_' of the TimerHandler after the call to expire().
>
> According to the C++ Standard (§12.7.2), accessing an instance
variable of a destroyed object "results in undefined behavior".
>
> Antoine Trux
> Nokia Research Center
>
>
More information about the Ns-developers
mailing list