From 1c2384cb3dfe854f03dd38fbf8a6d3e906462c15 Mon Sep 17 00:00:00 2001 From: Kaleb Barrett Date: Fri, 6 Nov 2020 16:56:15 -0600 Subject: [PATCH] Fix iteration over mutating list bug in VPI impl (#2588) Previously, in any given VPI callback, if the callback body registered the same callback, that registering would be processed in the currently executing call to the call*Cbs function. In the worse case, this could lead to an infinite loop. --- docs/CONTRIBUTORS | 1 + include/verilated_vpi.cpp | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/CONTRIBUTORS b/docs/CONTRIBUTORS index 15b7a2e5a..acca96c0d 100644 --- a/docs/CONTRIBUTORS +++ b/docs/CONTRIBUTORS @@ -33,6 +33,7 @@ John Coiner John Demme Josh Redford Julien Margetts +Kaleb Barrett Kanad Kanhere Kevin Kiningham Kuba Ober diff --git a/include/verilated_vpi.cpp b/include/verilated_vpi.cpp index 46d6d8707..931df8210 100644 --- a/include/verilated_vpi.cpp +++ b/include/verilated_vpi.cpp @@ -477,7 +477,8 @@ public: static bool callCbs(vluint32_t reason) VL_MT_UNSAFE_ONE { VpioCbList& cbObjList = s_s.m_cbObjLists[reason]; bool called = false; - for (auto it = cbObjList.begin(); it != cbObjList.end();) { + const auto end = cbObjList.end(); // prevent looping over newly added elements + for (auto it = cbObjList.begin(); it != end;) { if (VL_UNLIKELY(!*it)) { // Deleted earlier, cleanup it = cbObjList.erase(it); continue; @@ -495,7 +496,8 @@ public: bool called = false; typedef std::set VpioVarSet; VpioVarSet update; // set of objects to update after callbacks - for (auto it = cbObjList.begin(); it != cbObjList.end();) { + const auto end = cbObjList.end(); // prevent looping over newly added elements + for (auto it = cbObjList.begin(); it != end;) { if (VL_UNLIKELY(!*it)) { // Deleted earlier, cleanup it = cbObjList.erase(it); continue;